Configuring HAproxy as Loadbalancer


HAproxy IP -

webserver node1 -

webserver node2 -

HAProxy is included in the package management systems of most Linux distributions. Use the below command to install haproxy in RHEL 9.2.

yum update -y 
yum install haproxy -y

Below is the HAproxy config file (/etc/haproxy/haproxy.cfg)which we used in this setup:


  log local2
  chroot /var/lib/haproxy 
  pidfile /var/run/ 
  maxconn 4000 
  user haproxy 
  group haproxy 
  stats socket /var/lib/haproxy/stats 
  ssl-default-bind-ciphers PROFILE=SYSTEM 
  ssl-default-server-ciphers PROFILE=SYSTEM 

  mode http 
  log global 
  option httplog 
  option dontlognull 
  option http-server-close 
  option forwardfor except 
  option redispatch 
  retries 3 
  timeout http-request 10s 
  timeout queue 1m 
  timeout connect 10s 
  timeout client 1m
  timeout server 1m 
  timeout http-keep-alive 10s 
  timeout check 10s 
  maxconn 3000 

frontend filecloud-http 
  redirect scheme https if !{ ssl_fc } 
  default_backend webservers 

frontend filecloud-https 
  bind ssl crt /etc/ssl/private/cloud3.pem 
  option http-server-close 

  option forwardfor 
   stats uri /haproxy?stats 
   http-request set-header X-Forwarded-Port %[dst_port] 
   http-request add-header X-Forwarded-Proto https if { ssl_fc } 
   default_backend webservers 

frontend stats 
  bind ssl crt /etc/ssl/private/cloud3.pem 
  stats enable 
  stats uri / 
  stats hide-version 
  stats auth filecloud:password!@ 

backend webservers 
  balance roundrobin 
  mode http 
  stats enable 
  server webserver01 check 
  server webserver02 check

The above configuration is tweaked for use with SSL installed.

Import the SSL certificate to a pem file, and specify the path as in the sample haproxy.cfg above

cat certificate.crt intermediates.crt private.key > cloud3.pem

Configuring webserver to log public IP addresses behind a load balancer

The mod_remoteip is already enabled by default in RHEL.

  1. Edit the Apache configuration located at /etc/httpd/conf/httpd.conf for RHEL as follows:

    vi /etc/httpd/conf/httpd.conf
  2. Add this line to the configuration file.

    RemoteIPHeader X-Forwarded-For
  3. Find the matching section that begins with LogFormat. Change this line:

    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

    to this: (Replace %h with %a in the configuration file)

    LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

  4. To apply the changes, save the configuration file, and then restart Apache on your RHEL instance.

    systemctl restart httpd  
  5. Verify that the client IP is getting logged using this command on your RHEL instance and make a request from another instance.