{"id":9770,"date":"2021-07-25T10:31:34","date_gmt":"2021-07-25T07:31:34","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9770"},"modified":"2024-03-18T19:32:50","modified_gmt":"2024-03-18T16:32:50","slug":"install-haproxy-on-rocky-linux-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-haproxy-on-rocky-linux-8\/","title":{"rendered":"Install HAProxy on Rocky Linux 8"},"content":{"rendered":"\n<p>This guide will walk you through how to install HAProxy on Rocky Linux 8.&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.haproxy.org\/\" target=\"_blank\">HAProxy<\/a>&nbsp;is the current de-facto standard opensource load balancer. It offers high availability,&nbsp;load balancing and proxying for TCP and HTTP-based applications.<\/p>\n\n\n\n<p>While offering load balancing, HAProxy supports different algorithms for load balancing. Some of the commonly used ones include;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Roundrobin<\/strong>&nbsp;\u2013 This is the default algorithm and it enables HAProxy to select each server to serve requests in turns according to their weights.<\/li>\n\n\n\n<li><strong>leastconn<\/strong>&nbsp;\u2013 The server with the lowest number of connections receives the connections. It is recommended where very long sessions are expected, such as LDAP, SQL.<\/li>\n\n\n\n<li><strong>source<\/strong>&nbsp;\u2013 With this algorithm, the source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. If the hash result changes due to the number of running servers changing, many clients will be directed to a different server.<\/li>\n<\/ul>\n\n\n\n<p>Read more on HAProxy load balancing algorithms on the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.haproxy.org\/download\/2.1\/doc\/configuration.txt\" target=\"_blank\">documentation page<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing HAProxy on Rocky Linux 8<\/h2>\n\n\n\n<p>For the purposes of demonstrating how HAProxy basically operates, this guide uses uses three virtual machines;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>one running as HAProxy load balancer<\/li>\n\n\n\n<li>two others running web servers serving basic html pages.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Install HAProxy from the Source on Rocky Linux 8<\/h3>\n\n\n\n<p>AS of this writing, HAProxy 2.4.2 is the current stable LTS version as <a href=\"http:\/\/www.haproxy.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">HAProxy.org<\/a> page.<\/p>\n\n\n\n<p>The default Rocky Linux 8 repositories provides HAProxy 1.8;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf info haproxy<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nAvailable Packages\nName         : haproxy\n<strong>Version      : 1.8.27<\/strong>\nRelease      : 2.el8\nArchitecture : x86_64\nSize         : 1.4 M\nSource       : haproxy-1.8.27-2.el8.src.rpm\nRepository   : appstream\nSummary      : HAProxy reverse proxy for high availability environments\nURL          : http:\/\/www.haproxy.org\/\nLicense      : GPLv2+\n\n<\/code><\/pre>\n\n\n\n<p>In order to install the current stable release version of HAProxy, you need to build from the source then.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Install Required Build Tools<\/h4>\n\n\n\n<p>Thus, begin by installing the required build tools.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install gcc pcre-devel tar make openssl-devel readline-devel systemd-devel wget vim<\/code><\/pre>\n\n\n\n<p>Install LUA 5.3;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget https:\/\/www.lua.org\/ftp\/lua-5.3.5.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/tmp\/ &amp;&amp; tar xzf lua-5.3.5.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd lua-5.3.5 &amp;&amp; make linux install<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Create HAProxy system user<\/h4>\n\n\n\n<p>Run the command below to create HAProxy system user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>useradd -M -d \/var\/lib\/haproxy -s \/sbin\/nologin -r haproxy<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Download HAProxy Source Code<\/h4>\n\n\n\n<p>Navigate to <a href=\"http:\/\/www.haproxy.org\/download\/\" target=\"_blank\" rel=\"noreferrer noopener\">HAProxy downloads page<\/a> and grab HAProxy 2.4.2 source code. You can simply use the command below to download it.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wget http:\/\/www.haproxy.org\/download\/2.4\/src\/haproxy-2.4.2.tar.gz -P \/tmp<\/code><\/pre>\n\n\n\n<p>Extract the source code once the download is complete.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd \/tmp\/ &amp;&amp; tar xzf haproxy-2.4.2.tar.gz<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Install HAProxy<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cd haproxy-2.4.2<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_SYSTEMD=1<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo make install<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring HAProxy on&nbsp;Rocky Linux 8<\/h3>\n\n\n\n<p><strong><code>\/etc\/haproxy\/haproxy.cfg<\/code><\/strong>&nbsp;is the default HAProxy configuration file.<\/p>\n\n\n\n<p>However, the directory and the config file are not created when installation is done from the source.<\/p>\n\n\n\n<p>Hence, create the directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/haproxy\/<\/code><\/pre>\n\n\n\n<p>Below is a sample HAProxy default configuration file;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nglobal\n    log         127.0.0.1 local2\n    chroot      \/var\/lib\/haproxy\n    pidfile     \/var\/run\/haproxy.pid\n    maxconn     4000\n    user        haproxy\n    group       haproxy\n    daemon\n    stats socket \/var\/lib\/haproxy\/stats\n    ssl-default-bind-ciphers PROFILE=SYSTEM\n    ssl-default-server-ciphers PROFILE=SYSTEM\ndefaults\n    mode                    http\n    log                     global\n    option                  httplog\n    option                  dontlognull\n    option http-server-close\n    option forwardfor       except 127.0.0.0\/8\n    option                  redispatch\n    retries                 3\n    timeout http-request    10s\n    timeout queue           1m\n    timeout connect         10s\n    timeout client          1m\n    timeout server          1m\n    timeout http-keep-alive 10s\n    timeout check           10s\n    maxconn                 3000\nfrontend main\n    bind *:5000\n    acl url_static       path_beg       -i \/static \/images \/javascript \/stylesheets\n    acl url_static       path_end       -i .jpg .gif .png .css .js\n    use_backend static          if url_static\n    default_backend             app\nbackend static\n    balance     roundrobin\n    server      static 127.0.0.1:4331 check\nbackend app\n    balance     roundrobin\n    server  app1 127.0.0.1:5001 check\n    server  app2 127.0.0.1:5002 check\n    server  app3 127.0.0.1:5003 check\n    server  app4 127.0.0.1:5004 check\n<\/code><\/pre>\n\n\n\n<p>As you can see on the above configuration file, there are four HAProxy configuration sections;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The&nbsp;<em><code>global<\/code><\/em>&nbsp;settings which defines the parameters that apply to all servers running HAProxy<\/li>\n\n\n\n<li>The&nbsp;<em><code>default<\/code><\/em>&nbsp;settings section defines the parameters that apply to all proxy subsections in a configuration (<em><code>frontend<\/code><\/em>,&nbsp;<em><code>backend<\/code><\/em>, and&nbsp;<em><code>listen<\/code><\/em>).<\/li>\n\n\n\n<li>The&nbsp;<em><code>frontend<\/code><\/em>&nbsp;settings section defines the servers\u2019 listening sockets for client connection requests.&nbsp;<\/li>\n\n\n\n<li>The&nbsp;<em><code>backend<\/code><\/em>&nbsp;settings section defines the real server IP addresses as well as the load balancer scheduling algorithm.<\/li>\n\n\n\n<li>Sometimes, both&nbsp;<code>backend<\/code>&nbsp;and&nbsp;<code>frontend<\/code>&nbsp;can be combined under the&nbsp;<code>listen<\/code>&nbsp;section.<\/li>\n<\/ul>\n\n\n\n<p>Read more about these sections on&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.haproxy.com\/blog\/the-four-essential-sections-of-an-haproxy-configuration\/\" target=\"_blank\">HAProxy essential sections<\/a> or under <strong><code>doc\/configuration.txt<\/code><\/strong> under the source code directory.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Defining Global HAProxy Settings<\/h4>\n\n\n\n<p>In our configuration, here are our global settings as it.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nglobal\n    log         127.0.0.1 local2\n    chroot      \/var\/lib\/haproxy\n    pidfile     \/var\/run\/haproxy.pid\n    maxconn     4000\n    user        haproxy\n    group       haproxy\n    daemon\n    stats socket \/var\/lib\/haproxy\/stats\n    ssl-default-bind-ciphers PROFILE=SYSTEM\n    ssl-default-server-ciphers PROFILE=SYSTEM\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Define HAProxy Default Settings<\/h4>\n\n\n\n<p>We use these defaults settings as is;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ndefaults\n    mode                    http\n    log                     global\n    option                  httplog\n    option                  dontlognull\n    option http-server-close\n    option forwardfor       except 127.0.0.0\/8\n    option                  redispatch\n    retries                 3\n    timeout http-request    10s\n    timeout queue           1m\n    timeout connect         10s\n    timeout client          1m\n    timeout server          1m\n    timeout http-keep-alive 10s\n    timeout check           10s\n    maxconn                 3000\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Defining HAProxy Frontend Settings<\/h4>\n\n\n\n<p>In this section, we will define how HAProxy is externally accessed to enable access to the backend servers. Since most options have been defined on defaults settings section, here is our frontend settings;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>frontend lb01\n    bind 192.168.60.19:80\n    default_backend kifaruapps<\/code><\/pre>\n\n\n\n<p>Where;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>bind<\/strong>&nbsp;defines an given IP address and port on which HAProxy listens on.<\/li>\n\n\n\n<li><code><strong>default_backend<\/strong><\/code>&nbsp;gives the name of a&nbsp;<code>backend<\/code>&nbsp;server to send traffic to.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Defining HAProxy Backend Settings<\/h4>\n\n\n\n<p>On Backend section, define the real backend server IP addresses as well as the load balancer scheduling algorithm.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>backend kifaruapps\n    balance roundrobin\n    server webapp01  192.168.60.21:8080 check\n    server webapp02  192.168.59.23:80 check<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>balance<\/strong>&nbsp;setting defines the roundrobin load balancer scheduling algorithm.<\/li>\n\n\n\n<li><strong>server<\/strong>&nbsp;setting specify the servers available in the back end.<\/li>\n\n\n\n<li><strong>check<\/strong>&nbsp;\u2013 enables health checks on the server. By default, a server is always considered available. If set, the server is available when accepting periodic TCP connections, to ensure that it is really able to serve requests.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Define HAProxy Listen Settings<\/h4>\n\n\n\n<p>You can optionally add the listen section to enable HAProxy statistics. HAProxy provides a dashboard called the&nbsp;<strong>HAProxy Stats page<\/strong>&nbsp;that displays the metrics related to the health of your servers, current request rates, response times, and more that gives a granular data on a per-frontend, backend, and server basis.<\/p>\n\n\n\n<p>The Stats page can be enabled as shown below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nlisten stats\n    bind  192.168.60.19:8088       # Bind stats to port 8088\n    log   global                    # Enable Logging\n    stats enable                    # enable statistics reports \n    stats hide-version              # Hide the version of HAProxy\n    stats refresh 30s               # HAProxy refresh time\n    stats show-node                 # Shows the hostname of the node\n    stats auth lbadmin:P@ssword     # Authentication for Stats page\n    stats uri \/lb_stats             # Statistics URL\n<\/code><\/pre>\n\n\n\n<p>Ensure that the stats port is allowed on firewall.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=8088\/tcp --permanent<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>Be sure to check SELinux logs just in case anything is not accessible.<\/p>\n\n\n\n<p>Finally, this is how our HAProxy configuration file, <strong><code>\/etc\/haproxy\/haproxy.cfg<\/code><\/strong>, is like;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nglobal\n    log         127.0.0.1 local2\n    chroot      \/var\/lib\/haproxy\n    pidfile     \/var\/run\/haproxy.pid\n    maxconn     4000\n    user        haproxy\n    group       haproxy\n    daemon\n    stats socket \/var\/lib\/haproxy\/stats\n    ssl-default-bind-ciphers PROFILE=SYSTEM\n    ssl-default-server-ciphers PROFILE=SYSTEM\ndefaults\n    mode                    http\n    log                     global\n    option                  httplog\n    option                  dontlognull\n    option http-server-close\n    option forwardfor       except 127.0.0.0\/8\n    option                  redispatch\n    retries                 3\n    timeout http-request    10s\n    timeout queue           1m\n    timeout connect         10s\n    timeout client          1m\n    timeout server          1m\n    timeout http-keep-alive 10s\n    timeout check           10s\n    maxconn                 3000\nfrontend lb01\n    bind 192.168.60.19:80\n    default_backend kifarunixapps    \nbackend kifarunixapps\n    balance     roundrobin\n    server webapp01  192.168.60.21:8080 check\n    server webapp02  192.168.59.23:80 check\nlisten stats\n    bind  192.168.60.19:8088       # Bind stats to port 8088\n    stats enable                    # enable statistics reports  \n    stats hide-version              # Hide the version of HAProxy\n    stats refresh 30s               # HAProxy refresh time\n    stats show-node                 # Shows the hostname of the node\n    stats auth lbadmin:P@ssword     # Authentication for Stats page\n    stats uri \/lb_stats             # Statistics URL\n<\/code><\/pre>\n\n\n\n<p>Read more about the configuration options on HAProxy&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/cbonte.github.io\/haproxy-dconv\/2.0\/intro.html\" target=\"_blank\">documentation page<\/a>.<\/p>\n\n\n\n<p>Create HAProxy chroot directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/var\/lib\/haproxy\/<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Verify HAProxy Configuration<\/h4>\n\n\n\n<p>To check HAProxy config file for any syntax errors, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>haproxy -c -f \/etc\/haproxy\/haproxy.cfg<\/code><\/pre>\n\n\n\n<p>If all is well, you should get such an output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>Configuration file is valid<\/code><\/pre>\n\n\n\n<p>Open HAProxy port on firewall.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=80\/tcp --permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Running HAProxy on Rocky Linux 8<\/h4>\n\n\n\n<p>First off, you need to create HAProxy systemd configuration file.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/haproxy.service << 'EOL'\n[Unit]\nDescription=HAProxy Load Balancer\nAfter=network-online.target\nWants=network-online.target\n\n[Service]\nEnvironment=\"CONFIG=\/etc\/haproxy\/haproxy.cfg\" \"PIDFILE=\/run\/haproxy.pid\"\nEnvironmentFile=\/etc\/sysconfig\/haproxy\nExecStartPre=\/usr\/local\/sbin\/haproxy -f $CONFIG -c -q $OPTIONS\nExecStart=\/usr\/local\/sbin\/haproxy -Ws -f $CONFIG -p $PIDFILE $OPTIONS\nExecReload=\/usr\/local\/sbin\/haproxy -f $CONFIG -c -q $OPTIONS\nExecReload=\/bin\/kill -USR2 $MAINPID\nSuccessExitStatus=143\nKillMode=mixed\nType=notify\n\n[Install]\nWantedBy=multi-user.target\n\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo 'OPTIONS=\"-Ws\"' &gt; \/etc\/sysconfig\/haproxy<\/code><\/pre>\n\n\n\n<p>Reload systemd configurations;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<p>To start HAProxy to run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start haproxy<\/code><\/pre>\n\n\n\n<p>To enable it to run on boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable haproxy<\/code><\/pre>\n\n\n\n<p>Check the status of HAProxy.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status haproxy<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf haproxy.service - HAProxy Load Balancer\n   Loaded: loaded (\/etc\/systemd\/system\/haproxy.service; disabled; vendor preset: disabled)\n   Active: active (running) since Sun 2021-07-25 09:57:36 EAT; 4s ago\n  Process: 39550 ExecStartPre=\/usr\/local\/sbin\/haproxy -f $CONFIG -c -q $OPTIONS (code=exited, status=0\/SUCCESS)\n Main PID: 39552 (haproxy)\n    Tasks: 2 (limit: 4938)\n   Memory: 3.6M\n   CGroup: \/system.slice\/haproxy.service\n           \u251c\u250039552 \/usr\/local\/sbin\/haproxy -Ws -f \/etc\/haproxy\/haproxy.cfg -p \/run\/haproxy.pid -Ws\n           \u2514\u250039555 \/usr\/local\/sbin\/haproxy -Ws -f \/etc\/haproxy\/haproxy.cfg -p \/run\/haproxy.pid -Ws\n\nJul 25 09:57:36 localhost.localdomain systemd[1]: haproxy.service: Succeeded.\nJul 25 09:57:36 localhost.localdomain systemd[1]: Stopped HAProxy Load Balancer.\nJul 25 09:57:36 localhost.localdomain systemd[1]: Starting HAProxy Load Balancer...\nJul 25 09:57:36 localhost.localdomain systemd[1]: Started HAProxy Load Balancer.\nJul 25 09:57:36 localhost.localdomain haproxy[39552]: [NOTICE]   (39552) : New worker #1 (39555) forked\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure HAProxy Logging on Rocky Linux 8<\/h3>\n\n\n\n<p>To configure HAProxy standard logging, edit&nbsp;<strong>\/etc\/rsyslog.conf<\/strong>&nbsp;and enable UDP syslog reception on port 514 by removing comments (<strong>#<\/strong>) on the lines,&nbsp;<strong>#module(load=\u201dimudp\u201d)<\/strong>&nbsp;and&nbsp;<strong>#input(type=\u201dimudp\u201d port=\u201d514\u2033)<\/strong>&nbsp;as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i '\/=\"imudp\"\/s\/^#\/\/g' \/etc\/rsyslog.conf<\/code><\/pre>\n\n\n\n<p>Next, disable logging of private authentication messages sent to&nbsp;<strong>local2<\/strong>&nbsp;facility, (<strong>local2.none<\/strong>) on&nbsp;<strong>\/var\/log\/messages<\/strong>&nbsp;and enable logging on&nbsp;<strong>\/var\/log\/haproxy.log<\/strong>&nbsp;as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i 's\/*.info;mail.none;authpriv.none;cron.none\/*.info;mail.none;authpriv.none;cron.none;local2.none\/' \/etc\/rsyslog.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'local2.*  \/var\/log\/haproxy.log' &gt;&gt; \/etc\/rsyslog.conf<\/code><\/pre>\n\n\n\n<p>Save the configuration file and run the command below to check for any errors.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rsyslogd -N1<\/code><\/pre>\n\n\n\n<p>Next, restart Rsyslog and HAProxy<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart rsyslog haproxy<\/code><\/pre>\n\n\n\n<p>You should now be able to have HAProxy logs on&nbsp;<code>\/var\/log\/haproxy.log<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>tail -f \/var\/log\/haproxy.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Apache X-Forwarded-For Logging on Backend Servers<\/h3>\n\n\n\n<p>Since we have configured HAProxy to add HTTP header \u201cX-Forwarded-For\u201d to all requests sent to the backend server (<strong>option forwardfor<\/strong>), you can configure logging for the same on the backend server. This ensures the IP address of the requesting client is captured instead of the HAProxy load balancer.<\/p>\n\n\n\n<p>Configs can be;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\/etc\/httpd\/conf\/httpd.conf<\/li>\n\n\n\n<li>\/etc\/apache2\/apache2.conf<\/li>\n<\/ul>\n\n\n\n<p>Therefore, login to the backend servers and configure Apache to log X-Forwarded-For headers. The default line we are changing is;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\nLogFormat \"%h %l %u %t \\\"%r\\\" %&gt;s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined\nLogFormat \"%h %l %u %t \\\"%r\\\" %&gt;s %b\" common\n...<\/code><\/pre>\n\n\n\n<p>Hence, edit this line such that it looks like;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n<strong>LogFormat \"\\\"%{X-Forwarded-For}i\\\" %l %u %t \\\"%r\\\" %&gt;s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\"\" combined<\/strong>\nLogFormat \"%h %l %u %t \\\"%r\\\" %&gt;s %b\" common\n...<\/code><\/pre>\n\n\n\n<p>Save the file and run Apache configuration file syntax check command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>apachectl configtest<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>Syntax OK<\/code><\/pre>\n\n\n\n<p>Restart Apache<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart httpd<\/code><\/pre>\n\n\n\n<p>or<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart apache2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Testing HAProxy Load Balancer on Rocky Linux 8<\/h2>\n\n\n\n<p>To verify that HAProxy is able to load balance the http requests, navigate to browser and access HAProxy using either the hostname or IP address.<\/p>\n\n\n\n<p>Since it is using the&nbsp;<strong><code>roundrobin<\/code><\/strong>&nbsp;algorithm, when you refresh the page, you should be able to get content from both backend servers served.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1146\" height=\"277\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/web001.png\" alt=\"\" class=\"wp-image-9817\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/web001.png?v=1627197721 1146w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/web001-768x186.png?v=1627197721 768w\" sizes=\"(max-width: 1146px) 100vw, 1146px\" \/><\/figure><\/div>\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1066\" height=\"257\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/web002.png\" alt=\"\" class=\"wp-image-9818\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/web002.png?v=1627197745 1066w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/web002-768x185.png?v=1627197745 768w\" sizes=\"(max-width: 1066px) 100vw, 1066px\" \/><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Checking HAProxy Statistics<\/h3>\n\n\n\n<p>To check the statistics of your frontend and backend servers, simply navigate to stats url defined on the listen section;&nbsp;<strong>http:\/\/server-IP_OR_hostname:8088\/lb_stats<\/strong>. Set the appropriate URL.<\/p>\n\n\n\n<p>When prompted, authentication using the credentials defined by the&nbsp;<code>stats auth<\/code>&nbsp;on the&nbsp;<strong>listen section<\/strong>, in this demo, <strong>lbadmin:P@ssword<\/strong>, for username and password.<\/p>\n\n\n\n<p>HAProxy statistics<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1900\" height=\"625\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/haproxy-stats.png\" alt=\"\" class=\"wp-image-9819\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/haproxy-stats.png?v=1627197990 1900w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/haproxy-stats-768x253.png?v=1627197990 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/07\/haproxy-stats-1536x505.png?v=1627197990 1536w\" sizes=\"(max-width: 1900px) 100vw, 1900px\" \/><\/figure>\n\n\n\n<p>That marks the end of our guide on how to installing HAProxy on Rocky Linux 8.<\/p>\n\n\n\n<p>Read more on <a href=\"http:\/\/www.haproxy.org\/#docs\" target=\"_blank\" rel=\"noreferrer noopener\">HAProxy Documentations<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Related Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-highly-available-haproxy-with-keepalived-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Highly Available HAProxy with Keepalived on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-haproxy-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup HAProxy on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-haproxy-on-centos-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup HAProxy on CentOS 8<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide will walk you through how to install HAProxy on Rocky Linux 8.&nbsp;HAProxy&nbsp;is the current de-facto standard opensource load balancer. It offers high availability,&nbsp;load<\/p>\n","protected":false},"author":1,"featured_media":9820,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,1032,92],"tags":[3891,1033,3892,3889,1667,3890],"class_list":["post-9770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-haproxy","category-load-balancers","tag-configure-haproxy-rocky-linux","tag-haproxy","tag-haproxy-load-balancer","tag-install-haproxy-rocky-linux","tag-load-balance-haproxy","tag-rocky-linux-haproxy","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9770"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9770"}],"version-history":[{"count":4,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9770\/revisions"}],"predecessor-version":[{"id":21717,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9770\/revisions\/21717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9820"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}