Load balancing ensures that incoming traffic is distributed across multiple cloud servers, improving performance, reliability, and fault tolerance. HAProxy is a widely-used, high-performance TCP/HTTP load balancer suitable for cloud environments.

This guide will cover:
✅ Installing HAProxy
✅ Configuring frontend and backend
✅ Health checks and failover
✅ SSL termination
✅ Cloud best practices

🔹 Step 1: Install HAProxy

Ubuntu / Debian:

sudo apt update
sudo apt install haproxy -y

RHEL / AlmaLinux / Fedora:

sudo dnf install haproxy -y
sudo systemctl enable haproxy --now

🔹 Step 2: Configure HAProxy

Edit the HAProxy configuration file:

sudo nano /etc/haproxy/haproxy.cfg

Example configuration:

global
    log /dev/log local0
    maxconn 2000
    daemon

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms

frontend http_front
    bind *:80
    default_backend web_servers

backend web_servers
    balance roundrobin
    server web1 192.168.1.101:80 check
    server web2 192.168.1.102:80 check

Explanation:

• frontend → Receives client requests

• backend → List of servers to forward traffic

• balance roundrobin → Distributes requests evenly

• check → Health checks for backend servers

🔹 Step 3: Enable and Start HAProxy 🚀

Ubuntu / Debian:

sudo systemctl enable haproxy --now
sudo systemctl status haproxy

RHEL / AlmaLinux / Fedora:

sudo systemctl enable haproxy --now
sudo systemctl status haproxy

✅ Test HAProxy by accessing the load balancer IP via a browser or curl.

🔹 Step 4: Add Health Checks & Failover 🔄

Health checks ensure that traffic is not sent to downed servers.

backend web_servers
    balance roundrobin
    option httpchk GET /health
    server web1 192.168.1.101:80 check
    server web2 192.168.1.102:80 check

• /health → Simple HTTP endpoint returning 200 OK if server is healthy.

🔹 Step 5: Enable SSL Termination 🔐

Generate SSL certificate or use Let’s Encrypt. Configure HAProxy frontend:

frontend https_front
    bind *:443 ssl crt /etc/ssl/certs/haproxy.pem
    default_backend web_servers

✅ Offloads SSL decryption from backend servers.

🌐 Best Practices

• Use cloud private IPs for backend servers to reduce latency.

• Monitor HAProxy logs:

tail -f /var/log/haproxy.log

• Combine with Keepalived for HA load balancer setup.

• Use roundrobin or leastconn depending on traffic type.

✅ Conclusion

By configuring HAProxy:

• Traffic is evenly distributed across multiple cloud servers

• Backend servers are automatically skipped if down

• Supports HTTP, TCP, SSL, and high-performance scaling

🚀 Essential for production-grade cloud deployments requiring reliability and fault tolerance.