Scaling Beyond the Box: High-Availability Load Balancing with HAProxy on CentOS 6
There is a specific kind of panic that sets in when `top` shows your load average hitting 50.0 and your Apache child processes are maxing out RAM. I’ve been there. Last winter, a client running a Magento store dropped a marketing campaign right before the holiday rush without warning us. The single server didn't just stall; it melted. We were seeing 502 errors and frustrated Norwegian customers bouncing to competitors.
The old school answer was "throw more hardware at it" or buy a $10,000 Cisco hardware load balancer. But we aren't banking institutions with bottomless budgets. We are pragmatic engineers. The correct answer in 2012 is software load balancing.
In this guide, we are going to architect a robust, redundant web layer using HAProxy 1.4. This isn't theoretical. This is the exact setup we use to push traffic across our infrastructure at CoolVDS.
The Architecture: Why HAProxy?
Nginx is fantastic at serving static files, but HAProxy is the surgeon's scalpel of traffic routing. It operates at TCP (Layer 4) or HTTP (Layer 7) modes, stripping SSL (if needed), handling keep-alives, and balancing loads based on actual server health, not just round-robin guessing.
Here is the scenario: You have two web servers (`web01`, `web02`) and you need a gateway that splits traffic between them. If `web01` dies (kernel panic, bad drive, acts of God), traffic seamlessly shifts to `web02`.
Pro Tip: Never run your Load Balancer on the same physical disk or oversold container as your web server. Resource contention (CPU Steal) on the balancer kills the whole cluster. This is why we insist on KVM virtualization at CoolVDS—you get the dedicated kernel resources you actually pay for.
Step 1: The Setup (CentOS 6.3)
We assume you have a fresh VPS node for the load balancer. Let's install HAProxy. It is available in the EPEL repository, which provides a more up-to-date version than base CentOS.
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
yum install haproxy
Before we touch the config, we need to enable the service to start at boot. We aren't amateurs; servers reboot.
chkconfig haproxy on
Step 2: Configuration for High Traffic
The default config is garbage for high-load production. We need to tweak it to handle thousands of connections and, crucially, Sticky Sessions. If you are running PHP applications (Magento, Drupal, WordPress), you need to ensure a user stays on the same backend server for their session duration, or their shopping cart will disappear.
Edit /etc/haproxy/haproxy.cfg:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4096
user haproxy
group haproxy
daemon
# Spread checks to avoid spiking load on backends simultaneously
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend main_http
bind *:80
default_backend app_servers
backend app_servers
balance roundrobin
# Sticky sessions based on cookie SERVERID
cookie SERVERID insert indirect nocache
# Health check: fetch index.php, expect 200 OK
option httpchk GET /index.php HTTP/1.1\r\nHost:\ www.yourdomain.com
# The backend servers
server web01 10.0.0.2:80 cookie A check inter 2000 rise 2 fall 3
server web02 10.0.0.3:80 cookie B check inter 2000 rise 2 fall 3
Breaking Down the Config
1. option httpchk: HAProxy won't just ping the port; it will request a file. If your Apache service hangs but the port is open, a simple TCP check would lie and say the server is fine. This HTTP check ensures the application is actually rendering.
2. cookie SERVERID: This injects a cookie into the browser. If a user lands on `web01`, they stay on `web01`. This is critical for session consistency in PHP.
3. maxconn: We cap connections to prevent the load balancer from exhausting RAM. On a standard 512MB CoolVDS instance, 4096 connections are handled comfortably.
Step 3: Kernel Tuning (Sysctl)
Linux defaults are designed for general purpose computing, not high-throughput routing. If you don't tune your sysctl, you will run out of ephemeral ports during a DDoS or a Slashdotting.
Edit /etc/sysctl.conf:
# Allow reuse of sockets in TIME_WAIT state
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# Increase the range of ephemeral ports
net.ipv4.ip_local_port_range = 1024 65023
# Protect against SYN flood
net.ipv4.tcp_syncookies = 1
Apply changes with sysctl -p. These settings are mandatory if you expect traffic spikes. Without `tcp_tw_recycle`, your server will spend all its time waiting for closed sockets to timeout rather than serving new Norwegian customers.
Monitoring with HAProxy Stats
Blindly running a cluster is suicide. HAProxy includes a built-in stats page. Add this to your haproxy.cfg:
listen stats *:1936
stats enable
stats uri /
stats hide-version
stats auth admin:SuperSecretPassword123
Now, navigate to http://your-loadbalancer-ip:1936/. You will see real-time health of your web nodes. Green is good. Red means you need to SSH in and fix something.
The Latency Factor: Why Location Matters
In our architecture, the Load Balancer is the front door. Every millisecond of latency here is added to every request. If your users are in Oslo or Bergen, hosting your load balancer in a cheap US datacenter adds 100ms+ round trip time (RTT) before the request even hits your web server.
This is also a matter of compliance. With the Datatilsynet (Norwegian Data Protection Authority) becoming stricter about where customer data is processed, keeping your infrastructure within European borders isn't just about speed—it's about legal safety. CoolVDS infrastructure sits directly on the backbone in Europe, ensuring that latency to NIX (Norwegian Internet Exchange) is negligible.
Summary Table: HAProxy vs. Hardware
| Feature | Hardware LB (F5/Cisco) | HAProxy on CoolVDS |
|---|---|---|
| Cost | $5,000+ | Starting at €10/mo |
| Flexibility | Proprietary OS | Open Source / Full Root Access |
| Scalability | Buy new hardware | Deploy new VPS in seconds |
| Throughput | 10Gbps+ | Limited only by CPU/NIC (1Gbps+) |
Conclusion
Load balancing is no longer a luxury for the Fortune 500. With HAProxy and a solid SSD-backed VPS, you can handle traffic spikes that would normally take down a dedicated server.
But remember: HAProxy is only as fast as the network it runs on. If your provider oversells bandwidth or uses spinning rust (HDD) for their host OS, your load balancer will bottleneck. Don't risk your reputation on subpar infrastructure.
Ready to scale? Spin up a CoolVDS instance with pure SSD storage today and configure your first cluster. Your uptime monitor will thank you.