Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Fedora 8

Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
Last edited 02/21/2008

This document describes how to set up a two-node load balancer in an active/passive configuration with HAProxy and heartbeat on Fedora 8. The load balancer acts between the user and two (or more) Apache web servers that hold the same content. The load balancer passes the requests to the web servers and it also checks their health. If one of them is down, all requests will automatically be redirected to the remaining web server(s). In addition to that, the two load balancer nodes monitor each other using heartbeat. If the master fails, the slave becomes the master - users won't notice any disruption of the service. HAProxy is session-aware - you can use it with any web application that makes use of sessions like forums, shopping carts, etc.

From the HAProxy web site: "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net."

This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.


1 Preparation

For this howto I set up four Fedora 8 systems (minimal installation without gui etc.) with the following configuration:


1.1 Load Balancer 1

Shared IP:


1.2 Load Balancer 2

Shared IP:


1.3 Web Server 1



1.4 Web Server 2



1.5 Overview

|  |
|    Shared IP    |
         |                      |
+--------+--------+    +--------+--------+
|  |    |  |
| Load Balancer 1 |    | Load Balancer 2 |
+--------+--------+    +--------+--------+

+--------+--------+    +--------+--------+
|  |    |  |
|  Web Server 1   |    |  Web Server 2   |
+-----------------+    +-----------------+



2.1 Firewall Configuration

In order that the webservers are accessible from outside you have to open the corresponding ports on both web servers.


Set HTTP & HTTPS as trusted service as shown on the screenshot below and save the settings.


2.2 Apache Configuration

HAProxy will work as a transparent proxy - so the user's IP address will be passed in the field "X-Forwarded-For" to the web servers. In order that the web servers will log the user's IP address and not the IP addresses of the load balancers we have to modify the log format within the apache configuration file on both web servers.

vi /etc/httpd/conf/httpd.conf

Search the Lines that begin with "LogFormat" ...

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


... and replace "%h" with "%{X-Forwarded-For}i". The content should look like this:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent


We'll configure HAProxy to check the web servers' health by continuously requesting the file "check.txt" from the web servers. To keep the logs small, we'll customize the first vhost on each web server (HAProxy will use the web servers' IP adresses to request the file - so the first vhost will answer the request) to ensure that the access to "check.txt" won't be logged. In this example the vhosts are configured in "/etc/httpd/conf.d/vhosts.conf".

Add the following line to the configuration of your first vhost ...

SetEnvIf Request_URI "^/check\.txt$" dontlog

... and add the exception (env=!dontlog) to the line for the CustomLog. For example, the configuration for the first vhost could look like this:


    DocumentRoot /var/www/haproxy
    SetEnvIf Request_URI "^/check\.txt$" dontlog
    LogLevel warn
    ErrorLog /var/log/httpd/vhost_error.log
    CustomLog /var/log/httpd/vhost_access.log combined env=!dontlog

Now we have to create the file "check.txt" (this file can be empty) within the document root of the first vhost.

touch /var/www/haproxy/check.txt

Afterwards the configuration of the web servers is completed - restart the web servers.

/etc/init.d/httpd restart

Share this page:

4 Comment(s)

Add comment


From: at: 2008-03-04 08:11:49

Small typo. In section 1.2 "load balancer 1" should be "load balancer2"

From: at: 2008-03-04 12:50:15

The typos were in step 3.4.2 & 3.4.3 - fixed.

From: Willy Tarreau at: 2010-11-03 23:19:30

One more reason to use keepalived instead of heartbeat for this specific purpose. It has the ability to check for the presence and responsiveness of the haproxy process and use that to weigh the priorities and choose which node to elect as the master. Also, the master-backup switching is seamless and extremely fast (only the IP address is enabled/disabled, no process is restarted). A failure is covered in just a few seconds. Heartbeat is for clusters, not for handling virtual addresses.


From: Mojah at: 2010-11-03 09:37:32

It remains to be said, that if the HAProxy service would fail, there would be no automatic failover. Heartbeat only covers the OS aspect (as in: the server is entirely unreachable). If the server is available, but HAProxy is not started, there would be no failover.