Installation

Install HAProxy Enterprise on Linux

This section describes how to install HAProxy Enterprise on Linux.

Hardware recommendations Jump to heading

The hardware requirements for HAProxy Enterprise depend on the workload it needs to manage:

  • Only CPU and memory are taken into consideration.
  • Disk size depends on your operating system and the volume of logs you want to keep.
  • The indications below are for information only. Please contact us for assistance in sizing your servers.

Low-level workload

  • TCP or HTTP traffic
  • Up to 1000 conn/s
  • Very low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server. You need at least:

  • 1 CPU core
  • 1 G of RAM

Mid-level workload

  • TCP or HTTP traffic (including HTTP manipulation)
  • Up to 4000 conn/s
  • Low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server. You need at least:

  • 2 CPU cores
  • 1 G of RAM

High-level workload

  • TCP or HTTP traffic (including HTTP manipulation)
  • Up to 20000 conn/s
  • 10% of traffic ciphered (SSL) or compressed

This type of workload can be achieved by a bare metal server only. You need at least:

  • 2 CPU cores, as fast as possible
  • 4G of RAM
  • powerful network card

Supported operating systems Jump to heading

HAProxy Enterprise is distributed through the Operating System package manager for the following Linux distributions:

HAProxy Enterprise version Release date End of life Supported OS
2.8r1 Oct 2023 Feb 2028
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • Photon OS 3.0
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.5
  • Ubuntu 20.04, 22.04
Other HAProxy Enterprise versions
HAProxy Enterprise version Release date End of life Supported OS
2.8r1 Oct 2023 Feb 2028
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • Photon OS 3.0
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.5
  • Ubuntu 20.04, 22.04
2.7r1 Feb 2023 Feb 2024
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • Photon OS 3.0
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3, 15.4
  • Ubuntu 20.04, 22.04
2.6r1 Sep 2022 Feb 2027
  • AlmaLinux 8, 9
  • Debian 10, 11, 12
  • Oracle 7, 8, 9
  • Photon OS 3.0
  • RHEL 7, 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3, 15.4
  • Ubuntu 18.04, 20.04, 22.04
2.5r1 Feb 2022 Nov 2023
  • AlmaLinux 8, 9
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8, 9
  • Photon OS 3.0
  • RHEL 7, 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04, 22.04
2.4r1 Nov 2021 Feb 2026
  • AlmaLinux 8, 9
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8, 9
  • Photon OS 3.0
  • RHEL 7, 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04, 22.04
2.3r1 Feb 2021 Nov 2022
  • AlmaLinux 8
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8
  • Photon OS 3.0
  • RHEL 7, 8
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04
2.2r1 Nov 2020 Feb 2025
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8
  • Photon OS 3.0
  • RHEL 7, 8
  • Rocky Linux 8
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04
2.1r1 Feb 2020 Nov 2021
  • CentOS 7, 8
  • Debian 9, 10
  • Oracle 7, 8
  • RHEL 7, 8
  • SUSE 15.0, 15.1
  • Ubuntu 18.04, 20.04
2.0r1 Nov 2019 Feb 2024
  • CentOS 7, 8
  • Debian 9, 10
  • Oracle 7, 8
  • RHEL 7, 8
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04
1.9r1 Feb 2019 Nov 2020
  • CentOS 7
  • Debian 9
  • Oracle 7
  • RHEL 7
  • SUSE 15.0
  • Ubuntu 18.04
1.8r2 Nov 2018 Feb 2023
  • CentOS 7
  • Debian 9
  • Oracle 7
  • RHEL 7
  • Ubuntu 18.04

Installation Jump to heading

The following procedure adds package repositories and installs HAProxy Enterprise 2.8r1.

  1. Download the installer:

    bash
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh
    bash
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh
  2. Optional: To verify the integrity of the install script before installing, download the SHA hash to a local directory and use it to verify the install script’s checksum:

    bash
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh.sha512.asc
    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xCA2DF14657C5A207
    gpg --verify ./install_haproxy_enterprise.sh.sha512.asc
    bash
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh.sha512.asc
    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xCA2DF14657C5A207
    gpg --verify ./install_haproxy_enterprise.sh.sha512.asc

    Check for the output Good signature.

  3. To install HAProxy Enterprise, run the following command, replacing <HAProxy Enterprise Key> with the key you were given when you registered. Register for a trial.

    bash
    sudo bash ./install_haproxy_enterprise.sh --version 2.8r1 --key <HAProxy Enterprise key>
    bash
    sudo bash ./install_haproxy_enterprise.sh --version 2.8r1 --key <HAProxy Enterprise key>
  4. Enable and start the HAProxy Enterprise service:

    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb

    Messages may appear, stating that backend servers are not available. This condition is expected and occurs because the default configuration file contains stubs for backend servers. Later you will modify the configuration and replace the stubs with valid server addresses.

About package repositories Jump to heading

HAProxy Enterprise adds package repositories via the file haproxy-tech.list or haproxy-tech.repo. The table below describes these repositories.

Package repository Description
Common Contains the primary components for HAProxy Enterprise.
Plus Contains add-on modules that extend HAProxy Enterprise.
Extras Contains supporting software: SNMP, RHI, VRRP, etc.

Search for additional modules Jump to heading

The list of additional modules is also available by running the following commands:

bash
apt-cache search hapee-2.8r1
apt-cache search hapee-extras
bash
apt-cache search hapee-2.8r1
apt-cache search hapee-extras
bash
yum search hapee-2.8r1
yum search hapee-extras
bash
yum search hapee-2.8r1
yum search hapee-extras
bash
zypper search hapee-2.8r1
zypper search hapee-extras
bash
zypper search hapee-2.8r1
zypper search hapee-extras

See other parts of this documentation for instructions on how to enable and configure each package.

Locate installed directories Jump to heading

Binaries and documentation

text
/opt/hapee-2.8/
|-- bin
|-- doc
|-- modules
|-- sbin
|-- version
text
/opt/hapee-2.8/
|-- bin
|-- doc
|-- modules
|-- sbin
|-- version

Configuration files

text
/etc/hapee-2.8/
|-- hapee-lb.cfg
text
/etc/hapee-2.8/
|-- hapee-lb.cfg

Init scripts

text
/etc/init.d/
|-- hapee-2.8-lb
text
/etc/init.d/
|-- hapee-2.8-lb

View library dependencies Jump to heading

Available since

  • HAProxy Enterprise 2.4r1

To view the library dependencies for your installed version of HAProxy Enterprise, you can use the hapee-lb-rdepends tool that is installed with HAProxy Enterprise. This tool is located at /opt/hapee-2.8/bin/hapee-lb-rdepends.

To use the tool:

  1. Run the hapee-lb executable with the -v option to identify the version and build of your HAProxy Enterprise installation.

    bash
    /opt/hapee-2.8/sbin/hapee-lb -v
    bash
    /opt/hapee-2.8/sbin/hapee-lb -v
    output
    bash
    HAProxy version 2.8.0-1.0.0-310.418 2023/12/14 - https://haproxy.org/
    [...]
    output
    bash
    HAProxy version 2.8.0-1.0.0-310.418 2023/12/14 - https://haproxy.org/
    [...]

    The version is the first part of the output after “HAProxy version”. In this example it is 2.8. The build is the numbers following the first dash (-). In this example it is 1.0.0-310.418.

  2. Run the hapee-lb-rdepends tool, providing the values for the parameters --version, --build, and --key as follows:

    • --version is the version you retrieved in the previous step. For this example, version 2.8 we will specify 2.8r1 as the version.
    • --build is the build you retrieved in the previous step
    • --key is your HAProxy Enterprise key
    bash
    /opt/hapee-2.8/bin/hapee-lb-rdepends -v 2.8r1 --build 1.0.0-310.418 --key [HAProxy Enterprise key]
    bash
    /opt/hapee-2.8/bin/hapee-lb-rdepends -v 2.8r1 --build 1.0.0-310.418 --key [HAProxy Enterprise key]
    output
    bash
    hapee-2.8r1-lb-fingerprint=1.0.0-342.6
    hapee-2.8r1-lb-wafadvanced=1.0.0-358.1
    hapee-2.8r1-lb-update=1.0.0-596.3
    hapee-2.8r1-lb-da-update=1.0.0-347.1
    hapee-2.8r1-lb-wafoffloader=1.0.0-279.0
    hapee-2.8r1-lb-send-metrics=1.0.0-438.1
    hapee-2.8r1-lb-wurfl=1.0.0-277.418
    hapee-2.8r1-lb-maxmind=1.0.0-443.2
    hapee-2.8r1-lb-wurfl-update=1.0.0-340.1
    hapee-2.8r1-lb-51d-update=1.0.0-469.1
    hapee-2.8r1-lb-antibot=1.0.0-343.11
    hapee-2.8r1-lb-da=1.0.0-280.418
    hapee-2.8r1-lb-modsecurity=1.0.0-312.0
    hapee-2.8r1-lb-htmldom=1.0.0-235.0
    hapee-2.8r1-lb-fingerprint-ssl=1.0.0-141.0
    hapee-2.8r1-lb-extensions=1.0.0-13.1
    hapee-2.8r1-lb-51d=1.0.0-283.418
    hapee-2.8r1-lb-netacuity=1.0.0-448.1
    output
    bash
    hapee-2.8r1-lb-fingerprint=1.0.0-342.6
    hapee-2.8r1-lb-wafadvanced=1.0.0-358.1
    hapee-2.8r1-lb-update=1.0.0-596.3
    hapee-2.8r1-lb-da-update=1.0.0-347.1
    hapee-2.8r1-lb-wafoffloader=1.0.0-279.0
    hapee-2.8r1-lb-send-metrics=1.0.0-438.1
    hapee-2.8r1-lb-wurfl=1.0.0-277.418
    hapee-2.8r1-lb-maxmind=1.0.0-443.2
    hapee-2.8r1-lb-wurfl-update=1.0.0-340.1
    hapee-2.8r1-lb-51d-update=1.0.0-469.1
    hapee-2.8r1-lb-antibot=1.0.0-343.11
    hapee-2.8r1-lb-da=1.0.0-280.418
    hapee-2.8r1-lb-modsecurity=1.0.0-312.0
    hapee-2.8r1-lb-htmldom=1.0.0-235.0
    hapee-2.8r1-lb-fingerprint-ssl=1.0.0-141.0
    hapee-2.8r1-lb-extensions=1.0.0-13.1
    hapee-2.8r1-lb-51d=1.0.0-283.418
    hapee-2.8r1-lb-netacuity=1.0.0-448.1

    The dependencies for the specific version and build are listed.

There are some additional parameters you can provide for the hapee-lb-rdepends tool:

Option Description
--version VERSION HAProxy Enterprise major version (for example: 2.7r1)
--build BUILD HAProxy Enterprise build version (for example: 1.0.0-293.382)
--key KEY HAProxy Enterprise subscription key
--arch ARCH HAProxy Enterprise target architecture (default: amd64)
--distro DISTRO HAProxy Enterprise target OS distribution (default: try all supported)
--rpm When this option is provided, the output will be in RPM format, for example: hapee-2.8r1-lb-extensions-1.0.0-13.1 instead of in DEB format, for example: hapee-2.8r1-lb-extensions=1.0.0-13.1

Install HAProxy Enterprise manually Jump to heading

The following section gives detailed information on how to install HAProxy Enterprise 2.8r1 and its associated components manually on all supported Operating Systems.

Use this procedure if our installation script is not suited for your infrastructure or if you want to customize your installation.

  1. Create a new file /etc/apt/sources.list.d/haproxy-tech.list if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered. Replace <CODENAME> with your operating system’s codename (for example, bookworm).

    haproxy-tech.list
    text
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/debian-<CODENAME>/amd64/ <CODENAME> main
    haproxy-tech.list
    text
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/debian-<CODENAME>/amd64/ <CODENAME> main
  2. Install required dependencies:

    bash
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent
    bash
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent
  3. The packages that HAProxy Technologies provides are signed. To install them, you first must import the public key.

    Run the following commands:

    bash
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc | sudo apt-key add -
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc | sudo apt-key add -
    bash
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc | sudo apt-key add -
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc | sudo apt-key add -

    We encourage you to validate the fingerprints first before installing them onto your system.

    bash
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    bash
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    Then, compare the output of the following commands with the list of expected fingerprints below:

    With gpg versions < 2.1.16:

    bash
    gpg --with-fingerprint HAPEE-key-2.8r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc
    bash
    gpg --with-fingerprint HAPEE-key-2.8r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc

    With gpg versions > 2.1.16:

    bash
    gpg --import --import-options show-only HAPEE-key-2.8r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    bash
    gpg --import --import-options show-only HAPEE-key-2.8r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    output
    bash
    # HAProxy Enterprise 2.8r1
    93B93EA2428B6024CB0EF242B6D7F7D0F0584A10
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
    output
    bash
    # HAProxy Enterprise 2.8r1
    93B93EA2428B6024CB0EF242B6D7F7D0F0584A10
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
  4. Update the repository cache:

    bash
    sudo apt-get update
    bash
    sudo apt-get update
  5. To install the load balancer, run:

    bash
    sudo apt-get install hapee-2.8r1-lb
    bash
    sudo apt-get install hapee-2.8r1-lb
    output
    bash
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    hapee-2.8r1-base openssl
    Suggested packages:
    ca-certificates
    The following NEW packages will be installed:
    hapee-2.8r1-base hapee-2.8r1-lb openssl
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    [...]
    output
    bash
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    hapee-2.8r1-base openssl
    Suggested packages:
    ca-certificates
    The following NEW packages will be installed:
    hapee-2.8r1-base hapee-2.8r1-lb openssl
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    [...]
  6. To start HAProxy Enterprise, run:

    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
  7. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    bash
    sudo systemctl restart rsyslog
    bash
    sudo systemctl restart rsyslog
  1. Create a new file /etc/apt/sources.list.d/haproxy-tech.list if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered. Replace <VERSION> with your operating system version number (for example, 22.04). Replace <CODENAME> with your operating system’s codename (for example, jammy).

    haproxy-tech.list
    text
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/ubuntu-<VERSION>/amd64/ <CODENAME> main
    haproxy-tech.list
    text
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/ubuntu-<VERSION>/amd64/ <CODENAME> main
  2. Install required dependencies:

    bash
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent
    bash
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent
  3. The packages that HAProxy Technologies provides are signed. To install them, you first must import the public key.

    Run the following commands:

    bash
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc | sudo apt-key add -
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc | sudo apt-key add -
    bash
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc | sudo apt-key add -
    wget -O - https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc | sudo apt-key add -

    We encourage you to validate the fingerprints first before installing them onto your system.

    bash
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    bash
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    Then, compare the output of the following commands with the list of expected fingerprints below:

    With gpg versions < 2.1.16:

    bash
    gpg --with-fingerprint HAPEE-key-2.8r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc
    bash
    gpg --with-fingerprint HAPEE-key-2.8r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc

    With gpg versions > 2.1.16:

    bash
    gpg --import --import-options show-only HAPEE-key-2.8r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    bash
    gpg --import --import-options show-only HAPEE-key-2.8r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    output
    bash
    # HAProxy Enterprise 2.8r1
    93B93EA2428B6024CB0EF242B6D7F7D0F0584A10
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
    output
    bash
    # HAProxy Enterprise 2.8r1
    93B93EA2428B6024CB0EF242B6D7F7D0F0584A10
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
  4. Update the repository cache:

    bash
    sudo apt-get update
    bash
    sudo apt-get update
  5. To install the load balancer, run:

    bash
    sudo apt-get install hapee-2.8r1-lb
    bash
    sudo apt-get install hapee-2.8r1-lb

    Output of a successful installation:

    output
    bash
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    hapee-2.8r1-base openssl
    Suggested packages:
    ca-certificates
    The following NEW packages will be installed:
    hapee-2.8r1-base hapee-2.8r1-lb openssl
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    [...]
    output
    bash
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    hapee-2.8r1-base openssl
    Suggested packages:
    ca-certificates
    The following NEW packages will be installed:
    hapee-2.8r1-base hapee-2.8r1-lb openssl
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    [...]
  6. To start HAProxy Enterprise, run:

    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
  7. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    bash
    sudo systemctl restart rsyslog
    bash
    sudo systemctl restart rsyslog
  1. Create a new file /etc/yum.repos.d/haproxy-tech.repo if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered. Replace <VERSION> with your operating system’s version number (for example, 8).

    haproxy-tech.repo
    ini
    [hapee-base]
    name=hapee-base
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
    [hapee-plus]
    name=hapee-plus
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
    [hapee-plus-extras]
    name=hapee-plus-extras
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
    haproxy-tech.repo
    ini
    [hapee-base]
    name=hapee-base
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
    [hapee-plus]
    name=hapee-plus
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
    [hapee-plus-extras]
    name=hapee-plus-extras
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
  2. The packages that HAProxy Technologies provides are signed. To install them, you first must import the public key.

    Run the following commands:

    bash
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    bash
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    We encourage you to validate the fingerprints first before installing them onto your system.

    bash
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    bash
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-2.8r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    Then, compare the output of the following commands with the list of expected fingerprints below:

    With gpg versions < 2.1.16:

    bash
    gpg --keyid-format long --with-fingerprint HAPEE-key-2.8r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc
    bash
    gpg --keyid-format long --with-fingerprint HAPEE-key-2.8r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc

    With gpg versions > 2.1.16:

    bash
    gpg --import --import-options show-only HAPEE-key-2.8r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc
    bash
    gpg --import --import-options show-only HAPEE-key-2.8r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc
    output
    bash
    # HAProxy Enterprise 2.8r1
    93B93EA2428B6024CB0EF242B6D7F7D0F0584A10
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
    output
    bash
    # HAProxy Enterprise 2.8r1
    93B93EA2428B6024CB0EF242B6D7F7D0F0584A10
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
  3. Update the repository cache:

    bash
    yum makecache
    bash
    yum makecache
  4. To install the load balancer, run:

    bash
    yum install -y hapee-2.8r1-lb
    bash
    yum install -y hapee-2.8r1-lb

    Output of a successful installation:

    output
    bash
    [...]
    Running Transaction
    Installing : hapee-2.8r1-base-2.8r1.0-16.0.noarch 1/2
    Note: you should edit /etc/sysctl.conf for system tuning.
    Installing : hapee-2.8r1-lb-2.8r1.0-67.20.x86_64 2/2
    Verifying : hapee-2.8r1-base-2.8r1.0-16.0.noarch 1/2
    Verifying : hapee-2.8r1-lb-2.8r1.0-67.20.x86_64 2/2
    Installed:
    hapee-2.8r1-lb.x86_64 0:2.8r1.0-67.20
    Dependency Installed:
    hapee-2.8r1-base.noarch 0:2.8r1.0-16.0
    Complete!
    output
    bash
    [...]
    Running Transaction
    Installing : hapee-2.8r1-base-2.8r1.0-16.0.noarch 1/2
    Note: you should edit /etc/sysctl.conf for system tuning.
    Installing : hapee-2.8r1-lb-2.8r1.0-67.20.x86_64 2/2
    Verifying : hapee-2.8r1-base-2.8r1.0-16.0.noarch 1/2
    Verifying : hapee-2.8r1-lb-2.8r1.0-67.20.x86_64 2/2
    Installed:
    hapee-2.8r1-lb.x86_64 0:2.8r1.0-67.20
    Dependency Installed:
    hapee-2.8r1-base.noarch 0:2.8r1.0-16.0
    Complete!
  5. To start HAProxy Enterprise, run:

    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
  6. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    bash
    sudo systemctl restart rsyslog
    bash
    sudo systemctl restart rsyslog
  1. Create a new file /etc/zypp/repos.d/haproxy-tech.repo if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered. Replace <VERSION> with your operating system’s version number (for example, 15).

    ini
    [hapee-base]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus-extras]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    ini
    [hapee-base]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/2.8r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/2.8r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus-extras]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
  2. Update the repository cache:

    bash
    zypper makecache
    bash
    zypper makecache
  3. To install the load balancer, run:

    bash
    zypper install -y hapee-2.8r1-lb
    bash
    zypper install -y hapee-2.8r1-lb

    Output of a successful installation:

    output
    bash
    [...]
    The following 3 NEW packages are going to be installed:
    hapee-2.8r1-base hapee-2.8r1-lb libpcreposix0
    3 new packages to install.
    Overall download size: 3.6 MiB. Already cached: 0 B. After the operation, additional 13.9 MiB will be used.
    Continue? [y/n/v/...? shows all options] (y): y
    Retrieving package hapee-2.8r1-base-1.0.0-91.0.noarch (1/3), 13.4 KiB ( 18.6 KiB unpacked)
    Retrieving: hapee-2.8r1-base-1.0.0-91.0.suse-15.0.noarch.rpm .........................................................................................................................................[done]
    Retrieving package libpcreposix0-8.41-lp151.5.67.x86_64 (2/3), 16.6 KiB ( 10.1 KiB unpacked)
    Retrieving: libpcreposix0-8.41-lp151.5.67.x86_64.rpm ....................................................................................................................................[done (19.0 KiB/s)]
    Retrieving package hapee-2.8r1-lb-1.0.0-217.640.x86_64 (3/3), 3.5 MiB ( 13.9 MiB unpacked)
    Retrieving: hapee-2.8r1-lb-1.0.0-217.640.suse-15.0.x86_64.rpm ............................................................................................................................[done (1.1 MiB/s)]
    Checking for file conflicts: .........................................................................................................................................................................[done]
    (1/3) Installing: hapee-2.8r1-base-1.0.0-91.0.noarch .................................................................................................................................................[done]
    Additional rpm output:
    Note: you should edit /etc/sysctl.d/hapee-2.8.conf for system tuning.
    (2/3) Installing: libpcreposix0-8.41-lp151.5.67.x86_64 ...............................................................................................................................................[done]
    (3/3) Installing: hapee-2.8r1-lb-1.0.0-217.640.x86_64 .........................................................................................[done]
    output
    bash
    [...]
    The following 3 NEW packages are going to be installed:
    hapee-2.8r1-base hapee-2.8r1-lb libpcreposix0
    3 new packages to install.
    Overall download size: 3.6 MiB. Already cached: 0 B. After the operation, additional 13.9 MiB will be used.
    Continue? [y/n/v/...? shows all options] (y): y
    Retrieving package hapee-2.8r1-base-1.0.0-91.0.noarch (1/3), 13.4 KiB ( 18.6 KiB unpacked)
    Retrieving: hapee-2.8r1-base-1.0.0-91.0.suse-15.0.noarch.rpm .........................................................................................................................................[done]
    Retrieving package libpcreposix0-8.41-lp151.5.67.x86_64 (2/3), 16.6 KiB ( 10.1 KiB unpacked)
    Retrieving: libpcreposix0-8.41-lp151.5.67.x86_64.rpm ....................................................................................................................................[done (19.0 KiB/s)]
    Retrieving package hapee-2.8r1-lb-1.0.0-217.640.x86_64 (3/3), 3.5 MiB ( 13.9 MiB unpacked)
    Retrieving: hapee-2.8r1-lb-1.0.0-217.640.suse-15.0.x86_64.rpm ............................................................................................................................[done (1.1 MiB/s)]
    Checking for file conflicts: .........................................................................................................................................................................[done]
    (1/3) Installing: hapee-2.8r1-base-1.0.0-91.0.noarch .................................................................................................................................................[done]
    Additional rpm output:
    Note: you should edit /etc/sysctl.d/hapee-2.8.conf for system tuning.
    (2/3) Installing: libpcreposix0-8.41-lp151.5.67.x86_64 ...............................................................................................................................................[done]
    (3/3) Installing: hapee-2.8r1-lb-1.0.0-217.640.x86_64 .........................................................................................[done]
  4. To start HAProxy Enterprise, run:

    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
    bash
    sudo systemctl enable hapee-2.8-lb
    sudo systemctl start hapee-2.8-lb
  5. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    bash
    sudo systemctl restart rsyslog
    bash
    sudo systemctl restart rsyslog

System tuning Jump to heading

To get the best performance for your particular environment, consider the following recommendations for tuning your system.

It is advisable to disable swap for performance reasons.

Enable SYSCTL features Jump to heading

In Linux, you can use the program sysctl to read and/or modify the attributes of the system kernel, including its maximum limits and security settings.

When you install HAProxy Enterprise, some recommended sysctl settings are written to its configuration file. These sysctl settings are disabled by default.

  1. Open the configuration file /etc/sysctl.d/30-hapee-2.8.conf

  2. Enable the settings by un-commenting them (remove the prefixing hash sign).

  3. Reload the file using systemctl restart systemd-sysctl.

    text
    # Limit the per-socket default receive/send buffers to limit memory usage
    # when running with a lot of concurrent connections. Values are in bytes
    # and represent minimum, default and maximum. Defaults: 4096 87380 4194304
    #
    # net.ipv4.tcp_rmem = 4096 16060 262144
    # net.ipv4.tcp_wmem = 4096 16384 262144
    # Allow early reuse of a same source port for outgoing connections. It is
    # required above a few hundred connections per second. Defaults: 0
    #
    # net.ipv4.tcp_tw_reuse = 1
    # Extend the source port range for outgoing TCP connections. This limits early
    # port reuse and makes use of 64000 source ports. Defaults: 32768 61000
    #
    # net.ipv4.ip_local_port_range = 1024 65023
    # Increase the TCP SYN backlog size. This is generally required to support very
    # high connection rates as well as to resist SYN flood attacks. Setting it too
    # high will delay SYN cookie usage though. Defaults: 1024
    #
    # net.ipv4.tcp_max_syn_backlog = 60000
    # Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
    # of dead connections, though it will cause issues below 25-30 seconds. It is
    # preferable not to change it if possible. Default: 60
    #
    # net.ipv4.tcp_fin_timeout = 30
    # Limit the number of outgoing SYN-ACK retries. This value is a direct
    # amplification factor of SYN floods, so it is important to keep it reasonably
    # low. However, too low will prevent clients on lossy networks from connecting.
    # Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
    # it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
    #
    # net.ipv4.tcp_synack_retries = 3
    # Set this to one to allow local processes to bind to an IP which is not yet
    # present on the system. This is typically what happens with a shared VRRP
    # address, where you want both primary and backup to be started even though the
    # IP is not yet present. Always leave it to 1. Default: 0
    #
    # net.ipv4.ip_nonlocal_bind = 1
    # Serves as a higher bound for all of the system's SYN backlogs. Put it at
    # least as high as tcp_max_syn_backlog, otherwise clients may experience
    # difficulties to connect at high rates or under SYN attacks. Default: 128
    #
    # net.core.somaxconn = 60000
    text
    # Limit the per-socket default receive/send buffers to limit memory usage
    # when running with a lot of concurrent connections. Values are in bytes
    # and represent minimum, default and maximum. Defaults: 4096 87380 4194304
    #
    # net.ipv4.tcp_rmem = 4096 16060 262144
    # net.ipv4.tcp_wmem = 4096 16384 262144
    # Allow early reuse of a same source port for outgoing connections. It is
    # required above a few hundred connections per second. Defaults: 0
    #
    # net.ipv4.tcp_tw_reuse = 1
    # Extend the source port range for outgoing TCP connections. This limits early
    # port reuse and makes use of 64000 source ports. Defaults: 32768 61000
    #
    # net.ipv4.ip_local_port_range = 1024 65023
    # Increase the TCP SYN backlog size. This is generally required to support very
    # high connection rates as well as to resist SYN flood attacks. Setting it too
    # high will delay SYN cookie usage though. Defaults: 1024
    #
    # net.ipv4.tcp_max_syn_backlog = 60000
    # Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
    # of dead connections, though it will cause issues below 25-30 seconds. It is
    # preferable not to change it if possible. Default: 60
    #
    # net.ipv4.tcp_fin_timeout = 30
    # Limit the number of outgoing SYN-ACK retries. This value is a direct
    # amplification factor of SYN floods, so it is important to keep it reasonably
    # low. However, too low will prevent clients on lossy networks from connecting.
    # Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
    # it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
    #
    # net.ipv4.tcp_synack_retries = 3
    # Set this to one to allow local processes to bind to an IP which is not yet
    # present on the system. This is typically what happens with a shared VRRP
    # address, where you want both primary and backup to be started even though the
    # IP is not yet present. Always leave it to 1. Default: 0
    #
    # net.ipv4.ip_nonlocal_bind = 1
    # Serves as a higher bound for all of the system's SYN backlogs. Put it at
    # least as high as tcp_max_syn_backlog, otherwise clients may experience
    # difficulties to connect at high rates or under SYN attacks. Default: 128
    #
    # net.core.somaxconn = 60000

Replace HAProxy (Community edition) Jump to heading

This section shows you how to upgrade an active/passive or active/active cluster that is running HAProxy Community edition into one that runs HAProxy Enterprise.

The process consists of several phases:

  1. Install HAProxy Enterprise on both nodes and check their configuration
  2. Remove one node from the cluster, stop HAProxy, and then start HAProxy Enterprise
  3. Repeat on the other node

The sections below describe this process in more detail.

  1. Install HAProxy Enterprise on both nodes according to instructions in the Installation guide, but do not start it.

  2. Copy the existing HAProxy configuration file to the HAProxy Enterprise directory:

    bash
    cp /etc/hapee-2.8/haproxy.conf /etc/hapee-2.8/hapee-lb.cfg
    bash
    cp /etc/hapee-2.8/haproxy.conf /etc/hapee-2.8/hapee-lb.cfg
  3. Verify that the configuration is valid by running the command below. The -c argument tells HAProxy Enterprise to check the configuration only, but not start it.

    bash
    /opt/hapee-2.8/sbin/hapee-lb -c -f /etc/hapee-2.8/hapee-lb.cfg
    bash
    /opt/hapee-2.8/sbin/hapee-lb -c -f /etc/hapee-2.8/hapee-lb.cfg
    output
    bash
    Configuration file is valid
    output
    bash
    Configuration file is valid
    • The message Configuration file is valid means that everything is fine.
    • Errors/warnings that appear in the console explain the problems encountered.
    • Once the configuration is valid, you can proceed.
    • If you have multiple configuration files in your application, be sure to check them all in the correct order.
  4. Identify which node you want to upgrade first. If you are running an active/standby cluster, look in the file /etc/keepalived/keepalived.conf to find the node with the lower priority value to work on first. This will be the standby node. Verify that it doesn’t have any traffic first.

    If you are running an active/active cluster, retract the announcements for the node you are working on, and announce it again when you finish the configuration. This depends on the tool you use. Commonly, running service quagga stop retracts the announcements, and service quagga start announces them again.

  5. Stop HAProxy Community:

    bash
    sudo systemctl stop haproxy
    bash
    sudo systemctl stop haproxy
  6. Start HAProxy Enterprise:

    bash
    sudo systemctl start hapee-2.8-lb
    bash
    sudo systemctl start hapee-2.8-lb
  7. Verify that everything works.

    • Tail the logs to see any warnings/errors from the startup:

      bash
      tail /var/log/syslog
      bash
      tail /var/log/syslog
    • Run wget -O /dev/null localhost and ensure that you get a successful response. You may need to customize this depending on the IP addresses and ports that HAProxy Enterprise listens on. This is an optional, practical test.

  8. Edit /etc/keepalived/keepalived.conf to make the standby node the primary.

  9. We recommend that you pause here for half an hour or so. If unforeseen problems arise, it is easier to swap it back and contact HAProxy Technologies support for assistance.

  10. Repeat on the other node to complete the transition.

The following are tasks that you might want to carry out once you are running HAProxy Enterprise:

  • Switch from using Keepalived to using the HAProxy Enterprise VRRP package or switch Quagga to using the hapee-extras-route package and the HAProxy Enterprise Route Health Injection package.

    • This is optional, but our versions contain patches, and we can help you better with clustering support if you switch.
    • Also, hapee-extras-route allows you to use Route Health Injection (hapee-extras-rhi). Most versions of keepalived and hapee-extras-vrrp work together if you copied the configurations.
    • BGP/RHI can be more complicated, depending on the announcement daemons that you use; but they are compatible after you configure them.
  • Add HAProxy Enterprise modules to your configuration (such as Update, JS challenges, reCAPTCHA, and the WAF modules).

  • Send your configuration to the Support team for a general review; wewill be happy to look it over and give you any general feedback or potential improvements if you wish.

If this page was useful, please, Leave the feedback.