Automating HAProxy Load Balancer Deployment for a Web Application

This Task involves automating the deployment of HAProxy as a load balancer for a web application. It includes health checks, SSL termination, and high availability using Terraform, Ansible, and Docker. The implementation will be based on AWS infrastructure.

Task Overview

• Objective: Automate the setup of an HAProxy-based load balancer for a web application.
• Tools & Technologies: AWS, HAProxy, Ansible, Terraform, Docker, Nginx, Let's Encrypt (SSL), EC2, Security Groups.
• Key Features:
  • Automated HAProxy installation and configuration.
  • SSL termination using Let's Encrypt.
  • Load balancing between multiple web application servers.
  • Health checks for backend web servers.
  • Infrastructure provisioning via Terraform.
  • Configuration management via Ansible.

Architecture Diagram

Components:

• AWS Infrastructure:
  • EC2 instances for HAProxy Load Balancer.
  • EC2 instances for Web Servers.
  • Security Groups to allow HTTP, HTTPS, and SSH.
  • Route 53 (Optional) for custom domain configuration.
• Application Components:
  • HAProxy as Load Balancer.
  • Nginx-based Web Servers running a sample web application.

Implementation Steps

Step 1: Infrastructure Provisioning with Terraform

Terraform will be used to:

• Create EC2 instances (for HAProxy and Web Servers).
• Create Security Groups with necessary ports.
• Attach an Elastic IP to the HAProxy load balancer.

Terraform Code (main.tf)

provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "haproxy" {
  ami           = "ami-0abcdef1234567890"  # Replace with actual AMI
  instance_type = "t2.micro"
  key_name      = "my-key"  # Replace with your key pair

  security_groups = ["haproxy_sg"]

  tags = {
    Name = "HAProxy-LoadBalancer"
  }
}

resource "aws_instance" "web_server" {
  count         = 2
  ami           = "ami-0abcdef1234567890"
  instance_type = "t2.micro"
  key_name      = "my-key"

  security_groups = ["web_sg"]

  tags = {
    Name = "Web-Server-${count.index + 1}"
  }
}

    

Step 2: Configure Security Groups

• HAProxy Security Group: Allow 80 (HTTP), 443 (HTTPS), 22 (SSH).
• Web Server Security Group: Allow port 80 only from HAProxy.

Define security rules for HAProxy and Web Servers.

resource "aws_security_group" "haproxy_sg" {
  name        = "haproxy_sg"
  description = "Security group for HAProxy Load Balancer"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
   

Step 3: Deploy Web Servers with Ansible

Ansible will:

1. Install Nginx on web servers.
2. Deploy a simple web application.

Deploy a simple web application.

- name: Setup Web Servers
  hosts: web_servers
  become: yes
  tasks:
    - name: Install Nginx
      apt:
        name: nginx
        state: present

    - name: Deploy Web App
      copy:
        content: "
Welcome to the Load Balanced Web App
"
        dest: /var/www/html/index.html

    

Step 4: Deploy HAProxy with Ansible

Ansible will:

1. Install HAProxy.
2. Configure HAProxy to Load Balance between web servers.
3. Setup SSL termination using Let's Encrypt.

Ansible Playbook for HAProxy Setup

- name: Setup HAProxy Load Balancer
  hosts: haproxy
  become: yes
  tasks:
    - name: Install HAProxy
      apt:
        name: haproxy
        state: present

    - name: Configure HAProxy
      template:
        src: haproxy.cfg.j2
        dest: /etc/haproxy/haproxy.cfg
      notify:
        - Restart HAProxy

  handlers:
    - name: Restart HAProxy
      service:
        name: haproxy
        state: restarted

    

HAProxy Configuration (haproxy.cfg.j2)

frontend http_front
   bind *:80
   redirect scheme https if !{ ssl_fc }

frontend https_front
   bind *:443 ssl crt /etc/haproxy/certs/fullchain.pem
   default_backend web_servers

backend web_servers
   balance roundrobin
   server web1 192.168.1.10:80 check
   server web2 192.168.1.11:80 check

Step 5: Enable SSL with Let's Encrypt

To obtain an SSL certificate from Let's Encrypt, run:

sudo apt install certbot python3-certbot-haproxy
sudo certbot certonly --standalone -d example.com
    

Then, modify the HAProxy configuration:

bind *:443 ssl crt /etc/letsencrypt/live/example.com/fullchain.pem

Step 6: Automate Deployment

1. Run Terraform:

terraform init
terraform apply -auto-approve

4. Run Ansible Playbook:

ansible-playbook -i inventory haproxy.yml
ansible-playbook -i inventory web_servers.yml
    

Validation & Testing

1. Access HAProxy:

curl -I http://haproxy-loadbalancer-ip
curl -I https://haproxy-loadbalancer-ip

2. Check SSL Certificate:

openssl s_client -connect example.com:443

3. Verify Load Balancing:

Refresh the browser multiple times to ensure traffic is distributed across web servers.

Project Enhancements

• Implement HAProxy High Availability with Keepalived.
• Use Dockerized HAProxy instead of native installation.
• Deploy Prometheus & Grafana for monitoring.

Conclusion

This project provides an automated HAProxy Load Balancer setup for web applications using Terraform and Ansible. It ensures scalability, security, and high availability, making it ideal for production environments.