docker.recipes

HAProxy Load Balancer

intermediate

High-performance TCP/HTTP load balancer.

Overview

HAProxy is a mature, battle-tested load balancer that has been the cornerstone of high-availability infrastructure since 2000. Originally developed by Willy Tarreau, HAProxy excels at distributing incoming requests across multiple backend servers while providing advanced health checking, SSL termination, and traffic routing capabilities. Unlike application-specific load balancers, HAProxy operates at both Layer 4 (TCP) and Layer 7 (HTTP), making it incredibly versatile for everything from database connection pooling to HTTP request routing. This Docker implementation leverages HAProxy 2.8 on Alpine Linux, providing enterprise-grade load balancing capabilities in a lightweight container that consumes minimal resources while delivering maximum performance. The configuration exposes standard HTTP/HTTPS ports along with HAProxy's built-in statistics dashboard, enabling real-time monitoring of backend server health and traffic distribution patterns. System administrators managing high-traffic applications, database clusters, or microservices architectures will find this setup particularly valuable for its low-latency performance and granular traffic control capabilities. HAProxy's stick tables enable session persistence, while its sophisticated ACL system allows for complex routing decisions based on headers, URLs, or client characteristics, making it superior to simpler reverse proxies when advanced traffic management is required.

Key Features

  • Layer 4 TCP and Layer 7 HTTP load balancing with multiple algorithms including round-robin, least connections, and source IP hashing
  • Advanced health checking with customizable HTTP, TCP, and MySQL health check methods
  • SSL/TLS termination with SNI support and certificate management for HTTPS traffic
  • Built-in statistics dashboard accessible on port 8404 for real-time monitoring of backend servers
  • Session persistence using stick tables and cookie insertion for stateful applications
  • Advanced ACLs for traffic routing based on headers, URLs, source IPs, and custom conditions
  • Zero-downtime configuration reloads using HUP signal without dropping existing connections
  • Rate limiting and connection queuing to protect backend servers from traffic spikes

Common Use Cases

  • 1High-traffic web applications requiring distribution across multiple backend web servers
  • 2Database connection pooling and load balancing for PostgreSQL or MySQL clusters
  • 3API gateway functionality for microservices with path-based routing and health monitoring
  • 4SSL termination proxy to offload encryption processing from backend application servers
  • 5Blue-green deployments with traffic switching between different application versions
  • 6Geographic or datacenter-based traffic routing using HAProxy's advanced ACL capabilities
  • 7Legacy application modernization by adding load balancing without code changes

Prerequisites

  • Minimum 256MB RAM recommended for production workloads (64MB minimum for testing)
  • Valid HAProxy configuration file at ./haproxy/haproxy.cfg with frontend and backend sections defined
  • Backend servers accessible from the HAProxy container network with health check endpoints
  • Ports 80, 443, and 8404 available on the host system for HTTP, HTTPS, and statistics dashboard
  • Understanding of HAProxy configuration syntax including frontend, backend, and listen sections
  • SSL certificates properly mounted if HTTPS termination is required

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  haproxy: 
3    image: haproxy:2.8-alpine
4    container_name: haproxy
5    restart: unless-stopped
6    volumes: 
7      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
8    ports: 
9      - "80:80"
10      - "443:443"
11      - "8404:8404"
12    networks: 
13      - haproxy-network
14
15networks: 
16  haproxy-network: 
17    driver: bridge

.env Template

.env
1# HAProxy stats
2HAPROXY_STATS_USER=admin
3HAPROXY_STATS_PASSWORD=changeme

Usage Notes

  1. 1Docs: https://www.haproxy.com/documentation/
  2. 2Create haproxy/haproxy.cfg with frontend/backend sections before starting
  3. 3Stats dashboard at http://localhost:8404/stats (enable in config)
  4. 4Check config: docker exec haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
  5. 5Reload without downtime: docker kill -s HUP haproxy
  6. 6Health checks: option httpchk GET /health in backend section

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  haproxy:
5    image: haproxy:2.8-alpine
6    container_name: haproxy
7    restart: unless-stopped
8    volumes:
9      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
10    ports:
11      - "80:80"
12      - "443:443"
13      - "8404:8404"
14    networks:
15      - haproxy-network
16
17networks:
18  haproxy-network:
19    driver: bridge
20EOF
21
22# 2. Create the .env file
23cat > .env << 'EOF'
24# HAProxy stats
25HAPROXY_STATS_USER=admin
26HAPROXY_STATS_PASSWORD=changeme
27EOF
28
29# 3. Start the services
30docker compose up -d
31
32# 4. View logs
33docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/haproxy/run | bash

Troubleshooting

  • 503 Service Unavailable errors: Check backend server health status in stats dashboard at :8404/stats and verify backend servers are running and accessible
  • Configuration validation fails: Run 'docker exec haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg' to check syntax errors in haproxy.cfg
  • Stats dashboard not accessible: Ensure 'stats enable' and 'stats uri /stats' are configured in the frontend or dedicated stats section
  • SSL certificate errors: Verify certificate files are properly mounted and accessible, and check HAProxy logs for SSL handshake failures
  • Backend servers showing as DOWN: Confirm health check URLs return HTTP 200 status and backend servers are listening on configured ports
  • High CPU usage during traffic spikes: Increase 'maxconn' values and consider enabling connection queuing with 'maxqueue' parameter

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

haproxy

Tags

#haproxy#load-balancer#tcp#http

Category

Web Servers & Reverse Proxies

Related Recipes

Ad Space