How to Configure HAProxy for Load Balancing Unix Domain Sockets: A Technical Guide


13 views

While many developers are familiar with HTTP load balancing in HAProxy, fewer know that HAProxy can also effectively balance Unix domain socket connections. This capability is particularly useful for local inter-process communication (IPC) between services running on the same host.

The configuration syntax is similar to standard server definitions, but uses the unix@ prefix:

backend socket_backend
    balance roundrobin
    server socket1 unix@/path/to/socket1.sock
    server socket2 unix@/path/to/socket2.sock
    server socket3 unix@/path/to/socket3.sock

You can specify additional parameters just like with regular TCP servers:

backend secure_socket_backend
    server secure_socket unix@/var/run/app.sock 
        check inter 5s
        rise 2
        fall 3
        maxconn 100

When using Unix sockets with HAProxy, consider these optimizations:

  • Set mode unix when dealing exclusively with sockets
  • Adjust maxconn appropriately for your workload
  • Monitor socket file permissions and ownership

Here's a complete example showing frontend and backend configuration:

global
    stats socket /var/run/haproxy.sock mode 660 level admin

frontend unix_frontend
    bind unix@/var/run/haproxy_frontend.sock
    default_backend socket_apps

backend socket_apps
    balance leastconn
    server app1 unix@/var/run/app1.sock check
    server app2 unix@/var/run/app2.sock check
    server app3 unix@/var/run/app3.sock check

Common issues and solutions:

  • Permission denied errors: Check socket file permissions and HAProxy user privileges
  • Connection failures: Verify the backend socket exists and is accepting connections
  • Performance bottlenecks: Monitor queue sizes and connection times

While HAProxy is widely known for TCP/HTTP load balancing, it also supports Unix domain sockets (UDS) as backend servers. This feature is particularly useful when you need to:

  • Reduce network stack overhead
  • Improve inter-process communication performance
  • Maintain security through filesystem permissions

Here's how to configure HAProxy to balance between Unix sockets:

frontend http-in
    bind *:80
    default_backend socket_backend

backend socket_backend
    balance roundrobin
    server thin1 /home/sam/Source/bla/tmp/sockets/thin1.sock check
    server thin2 /home/sam/Source/bla/tmp/sockets/thin2.sock check

HAProxy provides several socket-specific parameters:

backend socket_backend
    server thin1 /home/sam/Source/bla/tmp/sockets/thin1.sock \
        check inter 2s \
        maxconn 100 \
        uid 1000 \
        gid 1000 \
        mode 660

When using UDS with HAProxy:

  • Set appropriate filesystem permissions (uid/gid/mode)
  • Monitor connection counts as they're not limited by ports
  • Consider using abstract sockets (Linux only) for temporary connections

If connections fail:

  1. Verify socket file existence and permissions
  2. Check HAProxy error logs for "Connection refused" messages
  3. Ensure the backend application is listening on the socket
# Test socket connectivity manually
socat - UNIX-CONNECT:/path/to/socket.sock