Configuring HAproxy as Loadbalancer


HAproxy IP -

webserver node1 -

webserver node2 -

HAProxy is included in the package management systems of most Linux distributions,use the below command to install haproxy in Ubuntu 16.04 LTS

sudo apt-get install haproxy

Below is the HAproxy config file (configuration file at /etc/haproxy/haproxy.cfg)which we used in this setup

    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy

    # Default SSL material locations
    ca-base /etc/ssl/certs
     crt-base /etc/ssl/private
    tune.ssl.default-dh-param 2048
    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    # An alternative list with additional directives can be obtained from
    ssl-default-bind-options no-sslv3

    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

listen filecloud-http
    mode http
    redirect scheme https if !{ ssl_fc }

listen filecloud
    bind ssl crt /etc/ssl/private/cloud.pem
    mode http
   balance roundrobin
    option http-server-close
    timeout http-keep-alive 3000
   option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    reqadd X-Forwarded-Proto:\ https
    server node1 check
    server node2 check

listen stats
    bind ssl crt /etc/ssl/private/cloud.pem
    stats enable
    stats uri /
    stats hide-version
    stats auth filecloud:password!@

The above configuration is tweaked to use properly with SSL installed also.

You will need to import the SSL cerificate to a pem file in the below order and will have to specify the path as in the sample haproxy,cfg above

cat certificate.crt intermediates.crt private.key > cloud.pem

Configuring webserver to log public IP addresses behind a load balancer

Install mod_remoteip on all the webserver nodes.

sudo a2enmod remoteip

 Activate the configuration by restarting Apache2.

sudo service apache2 restart

Edit the Apache configuration located at /etc/apache2/apache2.conf for Ubuntu as follows:

sudo vim /etc/apache2/apache2.conf

Add this line to the configuration file.

RemoteIPHeader X-Forwarded-For

Find the matching section that begins with LogFormat. Change this line:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

To this: (Replace %h with %a in the configuration file)

LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

To apply the changes, save the configuration file and then restart Apache2 on your Ubuntu instance.

sudo systemctl restart apache2.service

Verify that the client IP is getting logged using this command on your Ubuntu instance and make a request from another instance: