How To Configure A High Available Load-balancer With HAProxy And Keepalived

This tutorial explains how to set up a two-node load balancer with HAProxy and keepalived on CentOS 7. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content.  If one of them is down, all requests will automatically be redirected to the remaining backend server. which means the users will not notice any disruption of the service.

For configuring HA-Load balanceer, You need 2 virtual/physical servers for the load-balancers and 2 virtual/physical servers to load-balance. In addition to the 4 IP addresses needed by the servers themselves, a fifth virtual IP address (VIP) is necessary. The two load-balancers and the VIP need to be in the same network segment.

Piranha has been replaced in RHEL7/CENTOS 7 with HAProxy and keepalived. So, HAProxy will be used as load-balancing software, keepalived as high availability solution and apache as software to load-balance.

Host details:

  • Load Balencer 1: haproxy1, IP:
  • Load Balencer 2: haproxy2, IP:
  • Web Server 1:     httpd1,     IP:
  • Web Server 2:     httpd2,     IP:

We also need a virtual IP address that floats between haproxy1 and haproxy2 : vip, IP:

Here is the addressing schema chosen to write into the /etc/hosts file of each server vip haproxy1 haproxy2 httpd1 httpd2

Here’s a little diagram that shows our setup:

    shared IP=
|                       |                     |                    |
+–+–+              +–+–+         +—-+—-+       +—-+—-+
| haproxy1 |        | haproxy2 |     |  httpd1  |        |  httpd2  |
+—–+               +—–+           +———+         +———+
haproxy           haproxy           2 web servers (Apache)
keepalived        keepalived

HAProxy installation

On the haproxy1/haproxy2 servers, execute the following instructions:

Install the HAProxy package:

yum install -y haproxy

Open /etc/haproxy/haproxy.cfg file using your favourite editor, Mine is vi, replace the line “frontend  main *:5000″ with “frontend  main *:80″ and comment out the line “use_backend static if url_static”.

Go to the end of the same file, remove the lines starting with “server app” and replace them with the following lines:

server httpd1 check
server httpd2 check

Activate at boot and start the HAProxy service:

systemctl enable haproxy
systemctl start haproxy

Open /etc/firewalld/services/haproxy.xml file and paste the following lines:

<?xml version="1.0" encoding="utf-8"?>
<description>HAProxy load-balancer</description>
<port protocol="tcp" port="80"/>

Next we need to assign correct SELinux context and file permissions to the haproxy.xml file:

cd /etc/firewalld/services
restorecon haproxy.xml
chmod 640 haproxy.xml

Update the firewall configuration:

firewall-cmd --permanent --add-service=haproxy
firewall-cmd --reload

Keepalived installation

Next, We need to install keepalived on haproxy1 and haproxy2

Install the keepalived package:

yum install -y keepalived

Create a new /etc/keepalived/keepalived.conf file and paste the following lines:

vrrp_script chk_haproxy {
  script "killall -0 haproxy" # check the haproxy process
  interval 2 # every 2 seconds
  weight 2 # add 2 points if OK

vrrp_instance VI_1 {
  interface eth0 # interface to monitor
  state MASTER # MASTER on haproxy1, BACKUP on haproxy2
  virtual_router_id 51
  priority 101 # 101 on haproxy1, 100 on haproxy2
  virtual_ipaddress { # virtual ip address 
  track_script {

Issue following commands to Enable keepalived service on system boot up:

systemctl enable keepalived
systemctl start keepalived

Next, we need to Check the presence of the VIP on the haproxy1 server:

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:f7:2a:a9 brd ff:ff:ff:ff:ff:ff
inet brd scope global eth0
valid_lft forever preferred_lft forever
inet scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fef7:2aa9/64 scope link
valid_lft forever preferred_lft forever

Apache installation

On the httpd1/httpd2 servers, follow Install LAMP Server (Apache, MariaDB, PHP) On CentOS/RHEL/Scientific Linux 7  to install apache.

Create a file called index.html in the /var/www/html directory on the httpd1 server and paste the following line:

Test httpd1

Do the same operation on the httpd2 server but replace “httpd1″ with “httpd2″ in the index.html file.

From another server, test the configuration:

yum install -y elinks


See you next time!!

  • djegsi


    How do you get HTTPS instead of HTTP ?