How to Install and Configure HAProxy on RHEL 9

Written by David Worthington on February 23, 2024

Share This Article


Jump to Tutorial

Short for High Availability Proxy, HAProxy is an open source and high-performance HTTP load balancer and proxying solution. It enhances website and application performance by distributing workloads across multiple backend web servers. This results in reduced response times, increased throughput, and high availability. 

Although HAProxy is free and open source, there is also a commercial option called HAProxy Enterprise. It includes a suite of add-ons, professional services, and 24/7 support.

Regardless of which version makes the most sense for your organization, HAProxy provides the following load balancing algorithms:

  • Round robin. Web traffic is sequentially distributed across each backend server, with each server assigned a unique number.
  • Least connections. Incoming requests are sent to the server with the least number of active connections. This comes in handy when you have a set of servers with varying processing capabilities.
  • Least time. Incoming requests are channeled to the server with the fastest response time.
  • Source IP hash. The algorithm uses a hash function to map incoming requests from client IPs to a backend server. For instance, requests from the same IP are routed to the same backend server.
  • Random with two choices. Two backend servers are selected randomly and requests are sent to either of them by employing the least connections algorithm.

In this guide, we will demonstrate how to install and configure HAProxy on RHEL 9.

Lab Setup

To demonstrate how HAProxy works, we have our lab environment setup as shown:

NodeHostnameIP address
Web Server 1web-server-01
Web Server 2web-server-02

Step 1: Configure Hostnames (All Nodes)

The first step is to configure the hostnames for all the nodes. Therefore, log into each of the nodes and run the following commands:

HAProxy Load Balancer

$ sudo hostnamectl set-hostname ha-proxy-rhel9
$ exec bash

Web Server 1

$ sudo hostnamectl set-hostname web-server-01
$ exec bash

Web Server 2

$ sudo hostnamectl set-hostname web-server-02
$ exec bash

Step 2: Configure /etc/hosts file (All Nodes)

Once the hostnames have been configured, the next step is to set up hostname resolution so that the three nodes can communicate seamlessly in the environment.

To do so, you need to configure the /etc/hosts file in each node.

$ sudo vim /etc/hosts

Next, add the following entries to the file:   ha-proxy-rhel9   web-server-01   web-server-02

Save the changes and exit the file. Ensure you can ping nodes from each node using the defined hostnames.

From the output, you can see that we’re able to ping the web servers from the HAProxy load balancer. You should get the same feedback when trying to ping the rest of the nodes from either of the web servers.

tutorial code

Step 3: Install HAProxy on RHEL 9 Load Balancer

Having configured the hostnames and hostname resolution for all the nodes, the next step is to install the HAProxy package on the load balancer node. 

First, update the system packages to their latest versions.

$ sudo dnf update

HAProxy is available from the default RHEL 9 repositories. To install it, run the following command:

$ sudo dnf install haproxy -y

tutorial code

Once installed, confirm the version installed as shown.

$ rpm -q

Alternatively, you can pass the -i option to provide more in-depth information about the package installed.

$ rpm -qi

The output provides a wealth of information including the name, version, release, architecture, and installation date among other details. From the output, you can see that we have installed HAProxy version 2.4.22.

tutorial code

Step 4: Configure HAProxy

Note: Consult with a cybersecurity professional to configure multilayer security for HAProxy. Topics should include API and web application security such as a Web Application Firewall (WAF), bot protection, or distributed denial of service protections. Access control, data protection, and system visibility are important considerations when deploying HAProxy. Other options are to pair HAProxy with pfSense and a content delivery network (CDN).

The next step is to configure HAProxy to serve requests to the backend web servers as expected. But first, make a backup copy of the HAProxy configuration file.

$ sudo cp /etc/haproxy/haproxy.cfg{,.orig}

We need to configure the following key sections:

  • Front-end settings to specify the sockets coming from client connections.
  • Back-end settings to specify the HAProxy server IP address and the load balancer algorithm.

Front-End Settings

For the front-end settings, navigate to the ‘# Front load balancer’ section and ensure you have the following lines of code. For the ‘bind’ directive, specify the HAProxy IP address.

# Front load balancer

frontend load_balancer
    option http-server-close
    option forwardfor
    stats uri /haproxy?stats

default_backend   webservers


Review settings to redirect non HTTPS traffic to HTTPS to protect privacy and for safety and security.

Back-End Settings

For back-end settings, we will specify ‘roundrobin’ as the load balancing algorithm. Be sure to also specify the back-end servers as shown alongside their hostnames and IP addresses.

backend webservers
    mode        http
    balance     roundrobin

    option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost
    server  web-server-01  check
    server  web-server-02  check

Statistics Settings (Optional)

If you wish to display the load balancer statistics on a web browser, consider adding the following block of code in the configuration below.

listen stats
    bind      # Bind stats to port 80
    log   global             # Enable Logging
    stats enable             # enable statistics reports 
    stats hide-version       # Hide the version of HAProxy
    stats refresh 30s        # HAProxy refresh time
    stats show-node          # Shows the hostname of the node
    stats auth admin:P@ss!#   # Authentication for Stats page
    stats uri /stats     # Statistics URL

Save the changes and exit the configuration file. 

Step 5: Configure SELinux

Next up, you need to set SELinux to permissive mode to allow access to HTTP traffic. To do so, follow the commands shown.

$ sudo setenforce 0

$ sudo sed -i ‘s/SELINUX=enforcing/SELINUX=permissive/g’ /etc/selinux/config

Step 6: Configure Rsyslog

On modern Linux distributions, Rsyslog is a utility that provides support for logging. It’s a new and modern way of collecting and centralizing logs generated by various services.

To keep tabs on HAProxy’s performance, it’s recommended that you configure log files that will store logs generated by HAProxy.

So, access the Rsyslog configuration file.

$ sudo vim /etc/rsyslog.conf

Add the following lines: 

local2.=info     /var/log/haproxy-access.log

local2.notice    /var/log/haproxy-info.log

Save the changes and exit the configuration file. 

Step 7: Start and Enable HAProxy

Once all the changes are done, start and enable the HAProxy daemon.

$ sudo systemctl start haproxy

$ sudo systemctl enable haproxy

Step 8: Install Apache HTTP Web Server on Web Servers

The next step is to configure the backend web servers. To do so, log into each of the servers and install the Apache HTTP web server.

$ sudo dnf update

$ sudo dnf install httpd -y

Once installed, create a test website for each web server which will help simulate the round robin load balancing algorithm.

To do so, edit the ‘index.html’ file.

$ sudo vim  /var/www/html/index.html

Insert the following lines of code:

For Web-server-01

<!DOCTYPE html>
      <h1>Web Server 01 Serving your requests 😊</h1>

For Web-server-02

<!DOCTYPE html>
      <h1>Web Server 01 Serving your requests 😊</h1>

Save the changes and exit.

Step 9: Test the HAProxy Load Balancer

With all configurations in place, let’s now put the HAProxy load balancer to test and see if the round robin algorithm is properly configured. You should be able to receive traffic from both backend web servers.

So, access the HAProxy web address:


On the first attempt, you should see the webpage from either of the web servers. In our case, we received web traffic from the first web server.

tutorial screenshot

When you reload or refresh the webpage, you should get a response from the second web server.

tutorial screenshot

In addition, you can view statistics using the following URL:


An authentication pop-up will appear. Provide the username and password specified in the ‘Statistics’ section in Step 4 and click ‘Sign in’.

tutorial screenshot

You will see the HAProxy statistics report page on your browser.

tutorial screenshot

Final Thoughts

In this guide, we have demonstrated how to install HAProxy on RHEL 9. The HAProxy load balancer plays a crucial role in managing network traffic. It helps minimize downtime by intelligently channeling web traffic to the available nodes until the fault nodes are rectified and become available to serve requests. 

If you’d like to develop more RHEL 9 skills, check out the following tutorials:

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter