Installing and configuring HAProxy

To configure and install HAProxy, the user account must have superuser rights.

It is not recommended to install the HAProxy load balancer on the same server hosting the application because HAProxy and Kaspersky Web Traffic Security use the same port (1344) for interaction with other LAN servers.

To install and configure HAProxy:

Open access to port 1344. To do so, on the node with role Control, run the following commands depending on the utilized operating system:
- CentOS or Red Hat Enterprise Linux:
  firewall-cmd --add-port=1344/tcp --permanent
  
  firewall-cmd --reload
- Ubuntu:
  ufw allow 1344
- Debian:
  apt-get install iptables-persistent
  
  iptables -A INPUT -p tcp --dport 1344 -j ACCEPT
On the server that you want to use for ICAP balancing, install the HAProxy package. To do so, run one of the following commands depending on the utilized operating system:
- CentOS or Red Hat Enterprise Linux:
  yum install haproxy
- SUSE Linux Enterprise Server:
  zypper install haproxy
- Ubuntu and Debian:
  apt-get install haproxy
On the server that you want to use for ICAP balancing, add the following blocks of settings to the /etc/haproxy/haproxy.cfg file:
frontend ICAP

bind 0.0.0.0:1344

mode tcp

default_backend icap_pool

backend icap_pool

balance <balancing scheme, roundrobin is recommended>

mode tcp

server <name of ICAP server 1> <IP address of cluster node>:<ICAP server port> check

server <name of ICAP server 2> <IP address of cluster node>:<ICAP server port> check

server <name of ICAP server 3> <IP address of cluster node>:<ICAP server port> check
On the server that you want to use for ICAP balancing, restart the HAProxy service. To do so, execute the command:
service haproxy restart

The HAProxy load balancer will be configured.

Page top