Install and configure HAProxy, as a Consul load balencer on CentOS 7

Introduction

In a previous post we configured a 3 node Consul cluster for service discovery and as a key vaule store. In this post we will be setting up a HAProxy front end, to distribute HTTPS traffic amongst the 3 consul servers to distribute load.

This blog post assumes you have a CentOS 7 deployed server sitting in the same network as your consul servers, and with that we’re ready to go.

Start by installing HAProxy and vim (or your prefered text editor)

yum install haproxy vim

Next, we’ll configure the haproxy.cfg file

vim /etc/haproxy/haproxy.cfg

Paste the following:

# Global settings
#---------------------------------------------------------------------
global
maxconn 20000
log /dev/log local0 debug
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
user haproxy
group haproxy
daemon
ssl-server-verify none
# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------

defaults
    mode http
    log global
    option httplog
    option dontlognull
    option forwardfor except 127.0.0.0/8
    retries 3
    timeout http-request 10s
    timeout queue 1m
    timeout connect 10s
    timeout client 10s
    timeout server 10s
    timeout http-keep-alive 10s
    timeout check 10s
    maxconn 20000

listen stats
bind :9000
mode http
stats enable
stats uri /

frontend consul-ssl
    bind *:443 ssl crt /etc/ssl/certs/haproxy2.pem
    reqadd X-Forwarded-Proto:\ https
    default_backend consul

backend consul
    balance roundrobin
    redirect scheme https if !{ ssl_fc }
    server server1 192.168.1.10:8501 check ssl verify none
    server server2 192.168.1.11:8501 check ssl verify none
    server server3 192.168.1.12:8501 check ssl verify none

Make sure you replace the server IP addresses above for your servers and IPs.

With that, your should be good to go. You’ll be able to acess the HAProxy stats at the IP address of your HAProxy box on port 9000, and your consul cluster web front end on port 443 / https