Docs / Networking / How to Set Up a Reverse Proxy with HAProxy

How to Set Up a Reverse Proxy with HAProxy

By Admin · Mar 2, 2026 · Updated Apr 24, 2026 · 28 views · 2 min read

How to Set Up a Reverse Proxy with HAProxy

HAProxy is a high-performance, open-source load balancer and reverse proxy widely used for TCP and HTTP-based applications. Setting it up on your Breeze instance allows you to distribute traffic across multiple backend servers, terminate SSL, and improve application availability.

Installing HAProxy

On Ubuntu/Debian, install HAProxy from the official repositories:

sudo apt update
sudo apt install -y haproxy

On CentOS/RHEL:

sudo dnf install -y haproxy

Verify the installation:

haproxy -v

Basic Configuration

The main configuration file is /etc/haproxy/haproxy.cfg. Here is a complete reverse proxy setup:

global
    log /dev/log local0
    log /dev/log local1 notice
    maxconn 4096
    user haproxy
    group haproxy
    daemon
    stats socket /run/haproxy/admin.sock mode 660 level admin

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    option  forwardfor
    timeout connect 5s
    timeout client  30s
    timeout server  30s
    retries 3

frontend http_front
    bind *:80
    bind *:443 ssl crt /etc/haproxy/certs/site.pem
    redirect scheme https if !{ ssl_fc }
    default_backend web_servers

backend web_servers
    balance roundrobin
    option httpchk GET /health
    http-check expect status 200
    server web1 10.0.0.11:8080 check inter 5s fall 3 rise 2
    server web2 10.0.0.12:8080 check inter 5s fall 3 rise 2
    server web3 10.0.0.13:8080 check inter 5s fall 3 rise 2

SSL Termination

HAProxy expects a single PEM file containing both the certificate and private key. Create it by concatenating your certificate files:

sudo mkdir -p /etc/haproxy/certs
cat fullchain.pem privkey.pem | sudo tee /etc/haproxy/certs/site.pem
sudo chmod 600 /etc/haproxy/certs/site.pem

Enabling the Stats Dashboard

Add a statistics frontend to monitor backend health in real time:

listen stats
    bind *:8404
    stats enable
    stats uri /stats
    stats refresh 10s
    stats admin if LOCALHOST
    stats auth admin:SecurePassword123

Health Checks and Failover

The check keyword enables active health checking. The inter 5s parameter sets the check interval, fall 3 marks a server as down after three consecutive failures, and rise 2 requires two successful checks to mark it as up again. HAProxy will automatically stop routing traffic to unhealthy backends.

Validate and Start

Always validate your configuration before restarting:

sudo haproxy -c -f /etc/haproxy/haproxy.cfg
sudo systemctl enable --now haproxy
sudo systemctl reload haproxy

HAProxy provides zero-downtime reloads, making configuration changes seamless in production on your Breeze.

Was this article helpful?

Related Articles