HAProxy Enterprise Documentation 2.4r1

Tutorial: Deploy HAProxy Enterprise in an Amazon VPC

During this procedure, you will deploy a single HAProxy Enterprise load balancer in an Amazon Virtual Private Cloud (VPC) to load balance traffic to web applications.

This design does not include redundancy at the load balancing tier, but is useful for non-production workloads or applications that do not require extra redundancy that you would get by deploying two HAProxy Enterprise load balancers.

Prerequisites

Before getting started:

What you will accomplish

In this tutorial, you will:

  • Create an Amazon VPC with public and private subnets, and NAT gateways

  • Create the HAProxy Enterprise instance

  • Create an EC2 instance to act as a web server

  • Optionally, add a second HAProxy Enterprise instance and a Network Load Balancer

This tutorial should take approximately 30 minutes.

Create a VPC

The VPC will contain your load balancer on a public subnet, while your web servers will be on a private subnet accessible only through the load balancer.

To create the Amazon VPC:

  1. Open the Amazon VPC console.

  2. Click Create VPC.

  3. On the Create VPC screen, choose the following values:

    Field

    Description

    example value

    Resources to create

    Whether to create additional resources such as subnets and availability zones with your VPC.

    VPC and more

    Name tag

    The name to attach to resources being created.

    example

    IPv4 CIDR block

    The IP range to assign to the VPC.

    10.0.0.0/16

    IPv6 CIDR block

    Whether to enable IPv6 addresses.

    No IPv6 CIDR block

    Tenancy

    Whether to use single-tenant (default) or dedicated hardware for your VPC.

    Default

    Number of availability zones

    Choose the number of availability zones for high availability.

    2

    Number of public subnets

    We will deploy the HAProxy Enterprise server into one public subnet so that internet traffic can access it.

    2

    Number of private subnets

    Create a private subnet for your web servers. Traffic will go through your load balancers to reach these servers.

    2

    NAT gateway

    Create a NAT gateway so that servers in the private subnet can reach the internet for software updates.

    1 per AZ

    VPC endpoints

    Whether to create an S3 Gateway.

    None

    Enable DNS hostnames

    Whether to enable DNS hostnames for your public IP addresses.

    checked

    Enable DNS resolution

    Whether to enable DNS resolution using the Amazon DNS server.

    checked

    For more information about VPCs, review AWS's Virtual Private Clouds documentation.

Launch the HAProxy Enterprise AMI

  1. Launch the HAProxy Enterprise AMI and connect to the instance.

Create a web servers security group

Create a security group that will allow the HAProxy Enterprise load balancer to communicate with the web servers over ports 22 (SSH) and 80 (HTTP).

  1. Open the Amazon EC2 console.

  2. From the EC2 Dashboard, click Security Groups, then Create security group.

  3. On the Create security group screen, set the following fields:

    Field

    Description

    example value

    Security group name

    The name to assign to the security group.

    webservers-security-group

    Description

    A description for the security group.

    Security group rules for web servers

    VPC

    Choose the VPC ID from the VPC you created earlier.

    vpc-0146c0c368ac64143

  4. Add the following inbound rules:

    Type

    Source

    Source value

    HTTP

    Custom

    Choose the security group you assigned to the load balancer

    SSH

    Custom

    Choose the security group you assigned to the load balancer

  5. Click Create security group.

Launch a web server

For example purposes, create a web server that handles web requests. We will configure HAProxy Enterprise to route traffic to it.

  1. From the EC2 Dashboard, click Launch instance.

    Choose a server AMI, such as Amazon Linux.

  2. Choose the SSH key pair used to connect to the EC2 instance.

  3. Under Network settings, click Edit.

  4. Set the following fields:

    Field

    Description

    example value

    VPC

    Select the VPC you created.

    vpc-0146c0c368ac64143

    Subnet

    Select one of the private subnets.

    subnet-0700b54c5c1e471664

    Auto-assign public IP

    Whether to assign a public IP address to this instance.

    Disable

    Firewall

    The web servers security group that you created.

    Select existing security group, sg-0671c2f614fbf7d1e

  5. Click Launch instance.

  6. Connect to the web server via SSH.

    1. Because the web server is on the private subnet, you will need to connect to it via the HAProxy Enterprise server, which is on the public subnet.

    2. Copy your private SSH key to the HAProxy Enterprise server.

      Copy your key to the server.

      $ scp -i my-private-key.pem ./my-private-key.pem ubuntu@35.181.155.36:~/
    3. Connect to the HAProxy Enterprise server through its public IP address.

    4. If necessary, change the permissions of your private key that has been copied to the HAProxy Enterprise server:

      Change permissions on the file.

      $ chmod 600 my-private-key.pem
    5. Connect to the web server through its private IP address.

      SSH to the web server from the HAProxy Enterprise server.

      $ ssh -i ~/my-private-key.pem ec2-user@10.0.148.139
    6. Install the NGINX web server.

      On Amazon Linux, use these commands to install the NGINX web server.

      $ sudo amazon-linux-extras install nginx1
      $ sudo systemctl enable nginx
      $ sudo systemctl start nginx

Add the web server to the HAProxy Enterprise configuration

To register the web server with the load balancer:

  1. Connect to the HAProxy Enterprise instance through its public IP address.

  2. Edit the file /etc/hapee-2.4/hapee-lb.cfg.

  3. Change the backend be_app section to include the private IP address of your web server.

    backend be_app
      balance            roundrobin
      server app1        10.0.148.139:80 check
  4. Save the file.

  5. Reload the HAProxy Enterprise configuration:

    $ sudo systemctl reload hapee-2.4-lb
  6. When browsing to the public IP address of the HAProxy Enterprise load balancer, you should see the web server's web page.

Optional: Deploy a second HAProxy Enterprise instance

You can achieve high availability for your load balancing tier by adding a second HAProxy Enterprise instance. Each subnet in a VPC resides in an availability zone. By launching HAProxy Enterprise instances in separate subnets, you gain protection from failure of a zone.

During this procedure, you will create an Amazon Network Load Balancer (NLB) to route traffic to both HAProxy Enterprise instances, doubling your load balancer capacity.

To create a second load balancer:

  1. Repeat the steps in the Launch the HAProxy Enterprise AMI procedure, but assign the second instance to the other public subnet. Use the security group you already created for the first instance.

  2. Copy the load balancer configuration, /etc/hapee-2.4/hapee-lb.cfg, to the new load balancer and reload the hapee-2.4-lb service.

  3. Create a target group that the AWS NLB will use to send traffic to your HAProxy Enterprise instances:

    1. Open the Amazon EC2 console.

    2. From the EC2 Dashboard, click Target groups under Load Balancing, then Create target group.

    3. On the Specify group details screen, set the following fields:

      Field

      Description

      example value

      Target type

      Choose how AWS NLB determines which instances to route traffic to.

      Instances

      Target group name

      A name for the group of HAProxy Enterprise instances being targeted.

      load-balancers

      Protocol

      The protocol by which the HAProxy Enterprise instances listen for incoming traffic.

      TCP

      Port

      The TCP port at which the HAProxy Enterprise instances listen for incoming traffic.

      80

      VPC

      The VPC where you created your HAProxy Enterprise instances.

      vpc-0146c0c368ac64143

      Health check protocol

      The protocol by which the AWS NLB will send periodic health check probes.

      TCP

    4. Click Next.

    5. On the Register targets screen, select the HAProxy Enterprise instances to include in the target group. Then click Include as pending below.

    6. Click Create target group.

  4. Create an AWS NLB to route traffic to both HAProxy Enterprise instances:

    1. From the EC2 Dashboard, click Load Balancers, then Create load balancer.

    2. Choose to create a Network Load Balancer.

    3. On the Create Network Load Balancer screen, set the following fields:

      Field

      Description

      example value

      Load balancer name

      A name for the AWS NLB

      my-nlb

      Scheme

      Whether the Network Load Balancer will be internet facing.

      Internet-facing

      IP address type

      Whether your subnet uses IPv4 and IPv6 addresses, or only IPv4.

      IPv4

      VPC

      Choose the VPC where you launched your HAProxy Enterprise instances.

      vpc-0146c0c368ac64143

      Mappings

      Select the availability zones of your targets. Since you launched HAProxy Enterprise instances in both availability zones, select both. Then choose the public subnets.

      us-east-2a, us-east-2b

      Lisenter

      Choose the protocol and port at which the AWS NLB will receive traffic. Set the Default action to the target group you created before.

      TCP / 80

    4. Click Create load balancer.

      Once the AWS NLB has been provisioned, you will be able to reach your web application at the new DNS name shown in the AWS NLB load balancer's details.


Next up

Get support for HAProxy Enterprise in AWS