When configuring HAProxy for growing web applications, we need to consider three key hardware aspects:
# Example HAProxy basic configuration snippet
global
maxconn 10000
nbproc 2
nbthread 2
cpu-map 1-2 0-1
defaults
timeout connect 5s
timeout client 30s
timeout server 30s
For small-to-medium traffic (up to 10K concurrent connections):
- Minimum: Dual-core modern CPU (Intel Xeon E3 or AMD EPYC 3000 series)
- Recommended: Quad-core CPU with 2.5GHz+ clock speed
- For SSL termination: Consider CPUs with AES-NI support
Memory requirements scale with concurrent connections:
# Memory estimation formula (per process): # Total RAM needed = (maxconn × (avg_request_size + avg_response_size)) + overhead # Example calculation for 10K connections: # (10000 × (2KB + 8KB)) + 100MB ≈ 110MB per process
For production environments, start with 4GB RAM and scale as needed.
HAProxy is memory-intensive but has minimal disk requirements:
- OS: 20GB SSD (SATA or NVMe)
- Logs: Additional storage based on retention policy
- No need for RAID for small deployments
Network throughput is critical for load balancers:
# Recommended NIC settings for Linux: ethtool -K eth0 tso off gso off gro off lro off echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf echo "net.ipv4.ip_local_port_range = 1024 65535" >> /etc/sysctl.conf sysctl -p
Recommended distributions with long-term support:
- Ubuntu LTS (22.04 or later)
- CentOS Stream/RHEL
- Debian Stable
All provide up-to-date HAProxy packages through their repositories.
Here's a complete example configuration for a medium traffic site:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 20000
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5s
timeout client 50s
timeout server 50s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
bind *:443 ssl crt /etc/ssl/private/example.com.pem
redirect scheme https if !{ ssl_fc }
acl host_app1 hdr(host) -i app1.example.com
acl host_app2 hdr(host) -i app2.example.com
use_backend app1_servers if host_app1
use_backend app2_servers if host_app2
backend app1_servers
balance roundrobin
server app1-1 10.0.1.1:80 check maxconn 100
server app1-2 10.0.1.2:80 check maxconn 100
backend app2_servers
balance leastconn
server app2-1 10.0.2.1:80 check maxconn 50
server app2-2 10.0.2.2:80 check maxconn 50
Essential monitoring metrics to watch:
- Session rate (scount/s)
- Queue size (qcur)
- Server response times (rtime)
- CPU usage per process
When these metrics consistently reach 70% of capacity, consider horizontal scaling.
When dealing with growing web applications that need to accommodate both dedicated server customers and cost-conscious users, HAProxy proves to be an excellent choice. The key is selecting hardware that can handle current loads while being future-proof for medium traffic growth (typically 10K-100K requests/minute).
For small-to-medium traffic:
- Minimum: 2-core modern CPU (Intel Xeon E3 or AMD EPYC 3000 series)
- Recommended: 4-8 core CPU with high clock speed (3.0GHz+)
- Why: HAProxy is single-threaded for connection handling but benefits from multiple cores for SSL/TLS and logging
# Check CPU utilization per core (Linux)
mpstat -P ALL 1 5
RAM requirements are primarily driven by:
- Concurrent connection count
- SSL/TLS session cache size
- Buffering requirements
Guidelines:
- 4GB for light loads (under 1K concurrent connections)
- 8-16GB for medium loads (1K-10K concurrent)
- Use huge pages for better performance:
sysctl vm.nr_hugepages=1024
Disk: SSD recommended (even small 50GB), mainly for OS and logging. Consider:
- Separate /var/log partition
- LVM for easy expansion
Network: At least 2x1Gbps NICs (bonded for redundancy), or 10Gbps for high traffic.
Recommended Linux distributions for HAProxy:
- Stability Focused: Debian Stable, RHEL/CentOS
- Recent Features: Ubuntu LTS, Alpine Linux (for containers)
Example installation on Ubuntu:
sudo apt update
sudo apt install -y haproxy=2.6.\*
sudo systemctl enable haproxy
Basic configuration for small/medium traffic:
global
log /dev/log local0
maxconn 10000
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
stats socket /run/haproxy/admin.sock mode 660 level admin
defaults
log global
mode http
option httplog
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
bind *:443 ssl crt /etc/ssl/private/example.com.pem
redirect scheme https code 301 if !{ ssl_fc }
acl host_dedicated hdr(host) -i dedicated.example.com
use_backend dedicated_servers if host_dedicated
default_backend shared_pool
backend dedicated_servers
balance leastconn
server srv1 192.168.1.10:80 check
server srv2 192.168.1.11:80 check
backend shared_pool
balance roundrobin
server srv3 192.168.1.20:80 check
server srv4 192.168.1.21:80 check
Essential metrics to watch:
- Session rate (
rate(60s)in stats) - Queue size
- Error counters
Performance tuning tips:
# Increase file descriptors
ulimit -n 100000
# Kernel tuning (add to /etc/sysctl.conf)
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 10240