How-to: Basic HAProxy Active/Backup Example Configuration (keepalived) for CentOS/RHEL 6

I had an earlier post regarding a basic HAProxy install that will work fine if your site(s) can tolerate some down time should something happen to your server/instance running HAProxy. While this might be acceptable for a personal site, it quickly becomes unacceptable should your business rely on your site being up without interruption. Luckily for you, it’s relatively simple to configure an HA pair of HAProxy load balancers.

With an HA setup of load balancers, you can now safely patch and reboot your load balancers without worrying about down time affecting your site. It also provides just a little bit of extra resiliency should something go awry. What we’ll be using to enable this functionality is keepalived . keepalived will allow us to move a VIP (Virtual IP) between two HAProxy instances automatically when it detects the haproxy service as not in a running state.

keepalived requires that you designate one load balancer as the “master” and one as the “backup”. Explained simply, if the master node is available with the haproxy service running it will have the VIP address assigned to it even if the backup node is available as well. If the master node becomes unavailable, the VIP address will be moved to the backup node. I will be addressing keeping your configurations in sync in a future post, but for sanity’s sake you will want to come up with a solution to ensure your haproxy configs are in sync on both nodes.

Run the below on both nodes so that an application (HAProxy) can be set to listen on an IP that may not be present on the local system (which would be our floating VIP):

echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
sysctl -p

Install keepalived and HAProxy on both nodes as well as set to start on boot:

yum install keepalived haproxy -y && chkconfig haproxy on && chkconfig keepalived on

Place the below config on both servers in /etc/keepalived/keepalived.conf substituting the virtual_ipaddress for your VIP (note the priority line. The value should be 101 on your primary node and 100 on your backup node)

vi /etc/keepalived/keepalived.conf

vrrp_script chk_haproxy {
   script "killall -0 haproxy"   # verify the pid existance
   interval 2                    # check every 2 seconds
   weight 2                      # add 2 points of prio if OK

vrrp_instance VI_1 {
   interface eth0                # interface to monitor
   state MASTER
   virtual_router_id 51          # Assign one ID for this route
   priority 101                  # 101 on master, 100 on backup
   virtual_ipaddress {            # the virtual IP
   track_script {

Use the sample configuration for haproxy.conf provided here on both nodes. That article also explains what you need to change for authentication to the stats interface as well as health checks, etc so please be sure to read it in it’s entirety.

Start haproxy on both nodes:

service haproxy restart

Start keepalived on both nodes:

service keepalived restart

Test the configuration by stopping haproxy on the primary node and looking in /var/log/messages on both nodes to see the vip switch to the backup haproxy instance. You can see which server the VIP is currently on by checking the ouput of the following command for the IP you are using as your VIP:

ip addr show

ifconfig will *NOT* show the VIP address. That is expected and normal and you will have to use ip addr show.


  1. you can set it up so your vip is visible in ifconfig by adjusting the virtual_ipaddress line:

    virtual_ipaddress { dev eth1 label eth0:1 # the virtual IP

    This for example, will cause the ip to be visible as eth0:1

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.