Tutorial: Deploy HAProxy Enterprise in an Amazon VPC
During this procedure, you will deploy a single HAProxy Enterprise load balancer in an Amazon Virtual Private Cloud (VPC) to load balance traffic to web applications.
This design does not include redundancy at the load balancing tier, but is useful for non-production workloads or applications that do not require extra redundancy that you would get by deploying two HAProxy Enterprise load balancers.
Prerequisites
Before getting started:
Set up an AWS account if you have not already
Read the Overview to learn about common deployment patterns
What you will accomplish
In this tutorial, you will:
Create an Amazon VPC with public and private subnets, and NAT gateways
Create the HAProxy Enterprise instance
Create an EC2 instance to act as a web server
Optionally, add a second HAProxy Enterprise instance and a Network Load Balancer
This tutorial should take approximately 30 minutes.
Create a VPC
The VPC will contain your load balancer on a public subnet, while your web servers will be on a private subnet accessible only through the load balancer.
To create the Amazon VPC:
Open the Amazon VPC console.
Click Create VPC.
-
On the Create VPC screen, choose the following values:
Field
Description
example value
Resources to create
Whether to create additional resources such as subnets and availability zones with your VPC.
VPC and more
Name tag
The name to attach to resources being created.
example
IPv4 CIDR block
The IP range to assign to the VPC.
10.0.0.0/16
IPv6 CIDR block
Whether to enable IPv6 addresses.
No IPv6 CIDR block
Tenancy
Whether to use single-tenant (default) or dedicated hardware for your VPC.
Default
Number of availability zones
Choose the number of availability zones for high availability.
2
Number of public subnets
We will deploy the HAProxy Enterprise server into one public subnet so that internet traffic can access it.
2
Number of private subnets
Create a private subnet for your web servers. Traffic will go through your load balancers to reach these servers.
2
NAT gateway
Create a NAT gateway so that servers in the private subnet can reach the internet for software updates.
1 per AZ
VPC endpoints
Whether to create an S3 Gateway.
None
Enable DNS hostnames
Whether to enable DNS hostnames for your public IP addresses.
checked
Enable DNS resolution
Whether to enable DNS resolution using the Amazon DNS server.
checked
For more information about VPCs, review AWS's Virtual Private Clouds documentation.
Launch the HAProxy Enterprise AMI
Create a web servers security group
Create a security group that will allow the HAProxy Enterprise load balancer to communicate with the web servers over ports 22 (SSH) and 80 (HTTP).
Open the Amazon EC2 console.
From the EC2 Dashboard, click Security Groups, then Create security group.
-
On the Create security group screen, set the following fields:
Field
Description
example value
Security group name
The name to assign to the security group.
webservers-security-group
Description
A description for the security group.
Security group rules for web servers
VPC
Choose the VPC ID from the VPC you created earlier.
vpc-0146c0c368ac64143
-
Add the following inbound rules:
Type
Source
Source value
HTTP
Custom
Choose the security group you assigned to the load balancer
SSH
Custom
Choose the security group you assigned to the load balancer
Click Create security group.
Launch a web server
For example purposes, create a web server that handles web requests. We will configure HAProxy Enterprise to route traffic to it.
-
From the EC2 Dashboard, click Launch instance.
Choose a server AMI, such as Amazon Linux.
Choose the SSH key pair used to connect to the EC2 instance.
Under Network settings, click Edit.
-
Set the following fields:
Field
Description
example value
VPC
Select the VPC you created.
vpc-0146c0c368ac64143
Subnet
Select one of the private subnets.
subnet-0700b54c5c1e471664
Auto-assign public IP
Whether to assign a public IP address to this instance.
Disable
Firewall
The web servers security group that you created.
Select existing security group, sg-0671c2f614fbf7d1e
Click Launch instance.
-
Connect to the web server via SSH.
Because the web server is on the private subnet, you will need to connect to it via the HAProxy Enterprise server, which is on the public subnet.
-
Copy your private SSH key to the HAProxy Enterprise server.
Copy your key to the server.
$ scp -i my-private-key.pem ./my-private-key.pem ubuntu@35.181.155.36:~/
Connect to the HAProxy Enterprise server through its public IP address.
-
If necessary, change the permissions of your private key that has been copied to the HAProxy Enterprise server:
Change permissions on the file.
$ chmod 600 my-private-key.pem
-
Connect to the web server through its private IP address.
SSH to the web server from the HAProxy Enterprise server.
$ ssh -i ~/my-private-key.pem ec2-user@10.0.148.139
-
Install the NGINX web server.
On Amazon Linux, use these commands to install the NGINX web server.
$ sudo amazon-linux-extras install nginx1 $ sudo systemctl enable nginx $ sudo systemctl start nginx
Add the web server to the HAProxy Enterprise configuration
To register the web server with the load balancer:
Connect to the HAProxy Enterprise instance through its public IP address.
Edit the file
/etc/hapee-2.4/hapee-lb.cfg
.-
Change the
backend be_app
section to include the private IP address of your web server.backend be_app balance roundrobin server app1 10.0.148.139:80 check
Save the file.
-
Reload the HAProxy Enterprise configuration:
$ sudo systemctl reload hapee-2.4-lb
When browsing to the public IP address of the HAProxy Enterprise load balancer, you should see the web server's web page.
Optional: Deploy a second HAProxy Enterprise instance
You can achieve high availability for your load balancing tier by adding a second HAProxy Enterprise instance. Each subnet in a VPC resides in an availability zone. By launching HAProxy Enterprise instances in separate subnets, you gain protection from failure of a zone.
During this procedure, you will create an Amazon Network Load Balancer (NLB) to route traffic to both HAProxy Enterprise instances, doubling your load balancer capacity.
To create a second load balancer:
Repeat the steps in the Launch the HAProxy Enterprise AMI procedure, but assign the second instance to the other public subnet. Use the security group you already created for the first instance.
Copy the load balancer configuration,
/etc/hapee-2.4/hapee-lb.cfg
, to the new load balancer and reload thehapee-2.4-lb
service.-
Create a target group that the AWS NLB will use to send traffic to your HAProxy Enterprise instances:
Open the Amazon EC2 console.
From the EC2 Dashboard, click Target groups under Load Balancing, then Create target group.
-
On the Specify group details screen, set the following fields:
Field
Description
example value
Target type
Choose how AWS NLB determines which instances to route traffic to.
Instances
Target group name
A name for the group of HAProxy Enterprise instances being targeted.
load-balancers
Protocol
The protocol by which the HAProxy Enterprise instances listen for incoming traffic.
TCP
Port
The TCP port at which the HAProxy Enterprise instances listen for incoming traffic.
80
VPC
The VPC where you created your HAProxy Enterprise instances.
vpc-0146c0c368ac64143
Health check protocol
The protocol by which the AWS NLB will send periodic health check probes.
TCP
Click Next.
On the Register targets screen, select the HAProxy Enterprise instances to include in the target group. Then click Include as pending below.
Click Create target group.
-
Create an AWS NLB to route traffic to both HAProxy Enterprise instances:
From the EC2 Dashboard, click Load Balancers, then Create load balancer.
Choose to create a Network Load Balancer.
-
On the Create Network Load Balancer screen, set the following fields:
Field
Description
example value
Load balancer name
A name for the AWS NLB
my-nlb
Scheme
Whether the Network Load Balancer will be internet facing.
Internet-facing
IP address type
Whether your subnet uses IPv4 and IPv6 addresses, or only IPv4.
IPv4
VPC
Choose the VPC where you launched your HAProxy Enterprise instances.
vpc-0146c0c368ac64143
Mappings
Select the availability zones of your targets. Since you launched HAProxy Enterprise instances in both availability zones, select both. Then choose the public subnets.
us-east-2a, us-east-2b
Lisenter
Choose the protocol and port at which the AWS NLB will receive traffic. Set the Default action to the target group you created before.
TCP / 80
-
Click Create load balancer.
Once the AWS NLB has been provisioned, you will be able to reach your web application at the new DNS name shown in the AWS NLB load balancer's details.
Next up
Get support for HAProxy Enterprise in AWS