Linux Commands

How to Configure HAProxy as a Reverse Proxy

When you have a web server, having a way to forward the client requests and the server’s response helps with distributing the traffic and enhances the security. A reverse proxy, such as HAProxy, acts as an intermediary between your web application and client devices when configured. That way, it receives the client requests and forwards them to the appropriate web server while receiving the server’s response and transmitting them to the clients. Configuring HAProxy on your server side to act as your reverse proxy is a straightforward process. This post has detailed the steps that you should take.

Why Use a Reverse Proxy?

Before discussing the steps to configure HAProxy as a reverse proxy, let’s quickly highlight why a reverse proxy works to your advantage. The following are the benefits that you get in using HAProxy as a reverse proxy:

  1. Load Balancing – Your web server can, at one point, have a case of many client requests that, if not well handled, may overload it which causes an unexpected downtime. However, configuring a reverse proxy ensures that the traffic gets distributed across the backend servers to ensure that no server gets overloaded with requests.
  2. Firewall and Security – The reverse proxy connects the client devices to the web server. Doing so reduces the risk of directly exposing our backend servers to the internet. That way, a malicious traffic can easily be filtered and blocked before it damages the servers.
  3. Better Caching – With a reverse proxy, you will notice the overall performance improvement as the load time will be reduced by caching the static content. Besides, you will achieve a better user experience.
  4. SSL/TLS Termination – With a reverse proxy, encrypting and decrypting the SSL/TLS connections becomes seamless, and your backend servers won’t have to shoulder this task, reducing their load.

How to Configure HAProxy as a Reverse Proxy

Having explained why a reverse proxy such as HAProxy is essential, let’s give the configuration steps to follow.

Step 1: Install HAProxy

You probably already have HAProxy installed on your system. If so, skip this step. However, for someone new to this, run the following command to install HAProxy:

$ sudo apt install haproxy

We have it already installed in our case.

Step 2: Edit the HAProxy Configuration File

HAProxy has a configuration file that you must access and edit to configure as your reverse proxy. Start by opening the config file using a text editor.

$ sudo nano /etc/haproxy/haproxy.cfg

Once it opens, note that it has basic configurations for the default and global sections. We must then create two more sections: frontend and backend. The frontend defines the interfaces that should receive the client requests, while the backend specifies the servers that will handle the traffic.

For this example, we configure the frontend to accept the client requests from ports 80 and 81. We then create a rule to distribute the traffic such that the connections from port 80 is routed to a specific server while those from port 81 goes to a different server. Our frontend section is as shown in the following:

Since we created two backend servers, backend2 and linux_backend, we must create the backend sections for both servers. We specify what IP to distribute the traffic to our “server1” and “server2” for each.

Once the configuration file is edited, save it and exit the file. Note that there are numerous ways to configure HAProxy depending on your needs. For our case, we create the web servers using the specified IP address to route our traffic. Change the IPs to match those of your web servers and which port you want to listen on.

Step 3: Verify the Validity

With HAProxy, there is a command that lets you verify whether your config file is valid. Run the following command and see what output you get:

$ sudo haproxy -c -f /etc/haproxy/haproxy.cfg

If you get a similar output, it confirms that your config file is valid. Otherwise, it will raise errors.

Step 4: Test the Reverse Proxy

Using a command like “curl”, you can send a traffic to your web server and see how it responds. For our case, we use Python3 to create the web servers.

Running the “curl” command confirms that our web server is listening to the specified port and that HAProxy has distributed the traffic to the specified server based on our configuration file.

You can also access your web server on a browser and confirm that the reverse proxy works.

Since we have two web servers that can be used depending on the port that is used by the client devices, let’s bind a different web server to a different port and see what happens.

The following output shows that HAProxy sent our traffic to the second backend server after detecting that the client request was sent via port 81, confirming that the traffic distribution is working as expected.

That’s how to configure HAProxy as a reverse proxy.

Conclusion

HAProxy is an excellent choice for a reverse proxy for your web server. Configuring it is straightforward. Only specify what port to listen for client requests and what rules to use for the load balancing. Then, add the backend servers to use and you will have your reverse proxy up and running. This post shared the steps to follow and demonstrated an example to ensure that you get comfortable with HAProxy.

About the author

Denis Kariuki

Denis is a Computer Scientist with a passion for Networking and Cyber Security. I love the terminal, and using Linux is a hobby. I am passionate about sharing tips and ideas about Linux and computing.