Installation

Install HAProxy Enterprise on Linux

On this page

Using HAProxy Fusion?

If you’re using HAProxy Fusion, then see the HAProxy Fusion - Nodes topic instead.

This section describes how to install HAProxy Enterprise on Linux.

Hardware recommendations Jump to heading

The hardware requirements for HAProxy Enterprise depend on the workload it needs to manage:

  • Only CPU and memory are taken into consideration.
  • Disk size depends on your operating system and the volume of logs you want to keep.
  • The indications below are for information only. Please contact us for assistance in sizing your servers.

Low-level workload

  • TCP or HTTP traffic
  • Up to 1000 conn/s
  • Very low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server. You need at least:

  • 1 CPU core
  • 1 G of RAM

Mid-level workload

  • TCP or HTTP traffic (including HTTP manipulation)
  • Up to 4000 conn/s
  • Low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server. You need at least:

  • 2 CPU cores
  • 1 G of RAM

High-level workload

  • TCP or HTTP traffic (including HTTP manipulation)
  • Up to 20000 conn/s
  • 10% of traffic ciphered (SSL) or compressed

This type of workload can be achieved by a bare metal server only. You need at least:

  • 2 CPU cores, as fast as possible
  • 4G of RAM
  • powerful network card

Supported operating systems Jump to heading

HAProxy Enterprise is distributed through the Operating System package manager for the following Linux distributions:

HAProxy Enterprise version Release date End of life Supported OS
3.0r1 Oct 2024 Feb 2029
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.6
  • Ubuntu 22.04, 24.04
Other HAProxy Enterprise versions
HAProxy Enterprise version Release date End of life Supported OS
3.0r1 Oct 2024 Feb 2029
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.6
  • Ubuntu 22.04, 24.04
2.9r1 May 2024 Feb 2025
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.5
  • Ubuntu 20.04, 22.04, 24.04
2.8r1 Oct 2023 Feb 2028
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.5
  • Ubuntu 20.04, 22.04
2.7r1 Feb 2023 Feb 2024
  • AlmaLinux 8, 9
  • Debian 11, 12
  • Oracle 8, 9
  • RHEL 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3, 15.4
  • Ubuntu 20.04, 22.04
2.6r1 Sep 2022 Feb 2027
  • AlmaLinux 8, 9
  • Debian 10, 11, 12
  • Oracle 7, 8, 9
  • RHEL 7, 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3, 15.4
  • Ubuntu 18.04, 20.04, 22.04
2.5r1 Feb 2022 Nov 2023
  • AlmaLinux 8, 9
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8, 9
  • RHEL 7, 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04, 22.04
2.4r1 Nov 2021 Feb 2026
  • AlmaLinux 8, 9
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8, 9
  • RHEL 7, 8, 9
  • Rocky Linux 8, 9
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04, 22.04
2.3r1 Feb 2021 Nov 2022
  • AlmaLinux 8
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8
  • RHEL 7, 8
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04
2.2r1 Nov 2020 Feb 2025
  • CentOS 7, 8
  • Debian 9, 10, 11
  • Oracle 7, 8
  • RHEL 7, 8
  • Rocky Linux 8
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04
2.1r1 Feb 2020 Nov 2021
  • CentOS 7, 8
  • Debian 9, 10
  • Oracle 7, 8
  • RHEL 7, 8
  • SUSE 15.0, 15.1
  • Ubuntu 18.04, 20.04
2.0r1 Nov 2019 Feb 2024
  • CentOS 7, 8
  • Debian 9, 10
  • Oracle 7, 8
  • RHEL 7, 8
  • SUSE 15.0, 15.1, 15.2, 15.3
  • Ubuntu 18.04, 20.04
1.9r1 Feb 2019 Nov 2020
  • CentOS 7
  • Debian 9
  • Oracle 7
  • RHEL 7
  • SUSE 15.0
  • Ubuntu 18.04
1.8r2 Nov 2018 Feb 2023
  • CentOS 7
  • Debian 9
  • Oracle 7
  • RHEL 7
  • Ubuntu 18.04

Installation Jump to heading

The following procedure adds package repositories and installs HAProxy Enterprise 3.0r1.

  1. Download the installer:

    nix
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh
    nix
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh

  2. Optional: To verify the integrity of the install script before installing, download the SHA hash to a local directory and use it to verify the install script’s checksum:

    nix
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh.sha512.asc
    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xCA2DF14657C5A207
    gpg --verify ./install_haproxy_enterprise.sh.sha512.asc
    nix
    wget https://www.haproxy.com/static/install_haproxy_enterprise.sh.sha512.asc
    gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xCA2DF14657C5A207
    gpg --verify ./install_haproxy_enterprise.sh.sha512.asc

    Check for the output Good signature.

  3. To install HAProxy Enterprise, run the following command, replacing <HAProxy Enterprise Key> with the key you were given when you registered (see HAProxy Enterprise license key). Register for a trial.

    nix
    sudo bash ./install_haproxy_enterprise.sh --version "3.0r1" --key "<HAProxy Enterprise key>"
    nix
    sudo bash ./install_haproxy_enterprise.sh --version "3.0r1" --key "<HAProxy Enterprise key>"

    To see other arguments, run ./install_haproxy_enterprise.sh --help.

  4. Enable and start the HAProxy Enterprise service:

    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb
    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb

    Messages may appear, stating that backend servers are not available. This condition is expected and occurs because the default configuration file contains stubs for backend servers. Later you will modify the configuration and replace the stubs with valid server addresses.

About package repositories Jump to heading

HAProxy Enterprise adds package repositories via the file haproxy-tech.list or haproxy-tech.repo. The table below describes these repositories.

Package repository Description
Common Contains the primary components for HAProxy Enterprise.
Plus Contains add-on modules that extend HAProxy Enterprise.
Extras Contains supporting software: SNMP, RHI, VRRP, etc.

Search for additional modules Jump to heading

The list of additional modules is also available by running the following commands:

nix
apt-cache search hapee-<VERSION>
apt-cache search hapee-extras
nix
apt-cache search hapee-<VERSION>
apt-cache search hapee-extras

Example for HAProxy Enterprise 3.0r1:

nix
apt-cache search hapee-3.0r1
apt-cache search hapee-extras
nix
apt-cache search hapee-3.0r1
apt-cache search hapee-extras
nix
yum search hapee-<VERSION>
yum search hapee-extras
nix
yum search hapee-<VERSION>
yum search hapee-extras

Example for HAProxy Enterprise 3.0r1:

nix
yum search hapee-3.0r1
yum search hapee-extras
nix
yum search hapee-3.0r1
yum search hapee-extras
nix
zypper search hapee-<VERSION>
zypper search hapee-extras
nix
zypper search hapee-<VERSION>
zypper search hapee-extras

Example for HAProxy Enterprise 3.0r1:

nix
zypper search hapee-3.0r1
zypper search hapee-extras
nix
zypper search hapee-3.0r1
zypper search hapee-extras

See other parts of this documentation for instructions on how to enable and configure each package.

Locate installed directories Jump to heading

Binaries and documentation

text
/opt/hapee-3.0/
  |-- bin
  |-- doc
  |-- modules
  |-- sbin
  |-- version
text
/opt/hapee-3.0/
  |-- bin
  |-- doc
  |-- modules
  |-- sbin
  |-- version

Configuration files

text
/etc/hapee-3.0/
  |-- hapee-lb.cfg
text
/etc/hapee-3.0/
  |-- hapee-lb.cfg

Init scripts

text
/etc/init.d/
	|-- hapee-3.0-lb
text
/etc/init.d/
	|-- hapee-3.0-lb

View module dependencies Jump to heading

Available since

  • HAProxy Enterprise 2.4r1

To view the module dependencies for your installed version of HAProxy Enterprise, you can use the hapee-lb-rdepends tool that is installed with HAProxy Enterprise. This tool is located at /opt/hapee-3.0/bin/hapee-lb-rdepends.

To use the tool:

  1. Run the hapee-lb executable with the -v option to identify the version and build of your HAProxy Enterprise installation.

    nix
    /opt/hapee-2.8/sbin/hapee-lb -v
    nix
    /opt/hapee-2.8/sbin/hapee-lb -v
    output
    text
    HAProxy version 2.8.0-1.0.0-310.418 2023/12/14 - https://haproxy.org/
    [...]
    output
    text
    HAProxy version 2.8.0-1.0.0-310.418 2023/12/14 - https://haproxy.org/
    [...]

    The version is the first part of the output after “HAProxy version”. In this example it is 2.8. The build is the numbers following the first dash (-). In this example it is 1.0.0-310.418.

  2. Run the hapee-lb-rdepends tool, providing the values for the parameters --version, --build, and --key as follows:

    • --version is the version you retrieved in the previous step. For this example, version 2.8 we will specify 2.8r1 as the version.
    • --build is the build you retrieved in the previous step
    • --key is your HAProxy Enterprise license key
    nix
    /opt/hapee-3.0/bin/hapee-lb-rdepends -v "2.8r1" --build "1.0.0-310.418" --key "<HAProxy Enterprise key>"
    nix
    /opt/hapee-3.0/bin/hapee-lb-rdepends -v "2.8r1" --build "1.0.0-310.418" --key "<HAProxy Enterprise key>"
    output
    text
    hapee-2.8r1-lb-fingerprint=1.0.0-342.6
    hapee-2.8r1-lb-wafadvanced=1.0.0-358.1
    hapee-2.8r1-lb-update=1.0.0-596.3
    hapee-2.8r1-lb-da-update=1.0.0-347.1
    hapee-2.8r1-lb-wafoffloader=1.0.0-279.0
    hapee-2.8r1-lb-send-metrics=1.0.0-438.1
    hapee-2.8r1-lb-wurfl=1.0.0-277.418
    hapee-2.8r1-lb-maxmind=1.0.0-443.2
    hapee-2.8r1-lb-wurfl-update=1.0.0-340.1
    hapee-2.8r1-lb-51d-update=1.0.0-469.1
    hapee-2.8r1-lb-antibot=1.0.0-343.11
    hapee-2.8r1-lb-da=1.0.0-280.418
    hapee-2.8r1-lb-modsecurity=1.0.0-312.0
    hapee-2.8r1-lb-htmldom=1.0.0-235.0
    hapee-2.8r1-lb-fingerprint-ssl=1.0.0-141.0
    hapee-2.8r1-lb-extensions=1.0.0-13.1
    hapee-2.8r1-lb-51d=1.0.0-283.418
    hapee-2.8r1-lb-netacuity=1.0.0-448.1
    output
    text
    hapee-2.8r1-lb-fingerprint=1.0.0-342.6
    hapee-2.8r1-lb-wafadvanced=1.0.0-358.1
    hapee-2.8r1-lb-update=1.0.0-596.3
    hapee-2.8r1-lb-da-update=1.0.0-347.1
    hapee-2.8r1-lb-wafoffloader=1.0.0-279.0
    hapee-2.8r1-lb-send-metrics=1.0.0-438.1
    hapee-2.8r1-lb-wurfl=1.0.0-277.418
    hapee-2.8r1-lb-maxmind=1.0.0-443.2
    hapee-2.8r1-lb-wurfl-update=1.0.0-340.1
    hapee-2.8r1-lb-51d-update=1.0.0-469.1
    hapee-2.8r1-lb-antibot=1.0.0-343.11
    hapee-2.8r1-lb-da=1.0.0-280.418
    hapee-2.8r1-lb-modsecurity=1.0.0-312.0
    hapee-2.8r1-lb-htmldom=1.0.0-235.0
    hapee-2.8r1-lb-fingerprint-ssl=1.0.0-141.0
    hapee-2.8r1-lb-extensions=1.0.0-13.1
    hapee-2.8r1-lb-51d=1.0.0-283.418
    hapee-2.8r1-lb-netacuity=1.0.0-448.1

    The dependencies for the specific version and build are listed.

There are some additional parameters you can provide for the hapee-lb-rdepends tool:

Option Description
--version VERSION HAProxy Enterprise major version (for example: 2.7r1)
--build BUILD HAProxy Enterprise build version (for example: 1.0.0-293.382)
--key KEY HAProxy Enterprise subscription key
--arch ARCH HAProxy Enterprise target architecture (default: amd64)
--distro DISTRO HAProxy Enterprise target OS distribution (default: try all supported)
--rpm When this option is provided, the output will be in RPM format, for example: hapee-2.8r1-lb-extensions-1.0.0-13.1 instead of in DEB format, for example: hapee-2.8r1-lb-extensions=1.0.0-13.1

Install HAProxy Enterprise manually Jump to heading

The following section gives detailed information on how to install HAProxy Enterprise 3.0r1 and its associated components manually on all supported Operating Systems.

Use this procedure if our installation script is not suited for your infrastructure or if you want to customize your installation.

  1. Update the repository cache and install required dependencies:

    nix
    sudo apt-get update
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent curl
    nix
    sudo apt-get update
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent curl

  2. Create a new file /etc/apt/sources.list.d/haproxy-tech.list if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered (see HAProxy Enterprise license key). Replace <CODENAME> with your operating system’s codename (for example, bullseye).

    haproxy-tech.list
    text
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-extras.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/debian-<CODENAME>/amd64/ <CODENAME> main
    haproxy-tech.list
    text
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/debian-<CODENAME>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-extras.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/debian-<CODENAME>/amd64/ <CODENAME> main

  3. The packages that HAProxy Technologies provides are signed. We encourage you to validate the fingerprints first before installing them onto your system.

    nix
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    nix
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    Then, compare the output of the following commands with the list of expected fingerprints below:

    With gpg versions < 2.1.16:

    nix
    gpg --with-fingerprint HAPEE-key-3.0r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc
    nix
    gpg --with-fingerprint HAPEE-key-3.0r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc

    With gpg versions > 2.1.16:

    nix
    gpg --import --import-options show-only HAPEE-key-3.0r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    nix
    gpg --import --import-options show-only HAPEE-key-3.0r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    output
    text
    # HAProxy Enterprise 3.0r1
    FC381713A1C783AC76EB2005CD6DD5ABF28C0C38
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
    output
    text
    # HAProxy Enterprise 3.0r1
    FC381713A1C783AC76EB2005CD6DD5ABF28C0C38
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6

    For the PGP fingerprints of older versions, see the chart here.

  4. Import the public keys:

    nix
    sudo mkdir -p /etc/apt/keyrings
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc" -o /etc/apt/keyrings/HAPEE-key-3.0r1.asc
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc" -o /etc/apt/keyrings/HAPEE-key-extras.asc
    nix
    sudo mkdir -p /etc/apt/keyrings
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc" -o /etc/apt/keyrings/HAPEE-key-3.0r1.asc
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc" -o /etc/apt/keyrings/HAPEE-key-extras.asc

  5. Update the repository cache:

    nix
    sudo apt-get update
    nix
    sudo apt-get update

  6. To install the load balancer, run:

    nix
    sudo apt-get install hapee-3.0r1-lb
    nix
    sudo apt-get install hapee-3.0r1-lb
    output
    text
    Reading package lists...
    Building dependency tree...
    Reading state information...
    The following additional packages will be installed:
    hapee-3.0r1-base hapee-3.0r1-libotc hapee-3.0r1-libotcpp libpcre2-posix2
    The following NEW packages will be installed:
    hapee-3.0r1-base hapee-3.0r1-lb hapee-3.0r1-libotc hapee-3.0r1-libotcpp
    libpcre2-posix2
    0 upgraded, 5 newly installed, 0 to remove and 25 not upgraded.
    Need to get 2907 kB of archives.
    After this operation, 18.7 MB of additional disk space will be used.
    Do you want to continue? [Y/n]
    output
    text
    Reading package lists...
    Building dependency tree...
    Reading state information...
    The following additional packages will be installed:
    hapee-3.0r1-base hapee-3.0r1-libotc hapee-3.0r1-libotcpp libpcre2-posix2
    The following NEW packages will be installed:
    hapee-3.0r1-base hapee-3.0r1-lb hapee-3.0r1-libotc hapee-3.0r1-libotcpp
    libpcre2-posix2
    0 upgraded, 5 newly installed, 0 to remove and 25 not upgraded.
    Need to get 2907 kB of archives.
    After this operation, 18.7 MB of additional disk space will be used.
    Do you want to continue? [Y/n]

  7. To start HAProxy Enterprise, run:

    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb
    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb

  8. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    nix
    sudo systemctl restart rsyslog
    nix
    sudo systemctl restart rsyslog

  1. Update the repository cache and install required dependencies:

    nix
    sudo apt-get update
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent curl
    nix
    sudo apt-get update
    sudo apt-get install --yes apt-transport-https dirmngr gnupg-agent curl

  2. Create a new file /etc/apt/sources.list.d/haproxy-tech.list if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered (see HAProxy Enterprise license key). Replace <VERSION> with your operating system version number (for example, 22.04). Replace <CODENAME> with your operating system’s codename (for example, jammy).

    haproxy-tech.list
    text
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-extras.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/ubuntu-<VERSION>/amd64/ <CODENAME> main
    haproxy-tech.list
    text
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-3.0r1.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/ubuntu-<VERSION>/amd64/ <CODENAME> main
    deb [arch=amd64 signed-by=/etc/apt/keyrings/HAPEE-key-extras.asc] https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/ubuntu-<VERSION>/amd64/ <CODENAME> main

  3. The packages that HAProxy Technologies provides are signed. We encourage you to validate the fingerprints first before installing them onto your system.

    nix
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    nix
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    Then, compare the output of the following commands with the list of expected fingerprints below:

    With gpg versions < 2.1.16:

    nix
    gpg --with-fingerprint HAPEE-key-3.0r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc
    nix
    gpg --with-fingerprint HAPEE-key-3.0r1.asc
    gpg --with-fingerprint HAPEE-key-extras.asc

    With gpg versions > 2.1.16:

    nix
    gpg --import --import-options show-only HAPEE-key-3.0r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    nix
    gpg --import --import-options show-only HAPEE-key-3.0r1.asc
    gpg --import --import-options show-only HAPEE-key-extras.asc
    output
    text
    # HAProxy Enterprise 3.0r1
    FC381713A1C783AC76EB2005CD6DD5ABF28C0C38
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
    output
    text
    # HAProxy Enterprise 3.0r1
    FC381713A1C783AC76EB2005CD6DD5ABF28C0C38
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6

    For the PGP fingerprints of older versions, see the chart here.

  4. Import the public keys:

    nix
    sudo mkdir -p /etc/apt/keyrings
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc" -o /etc/apt/keyrings/HAPEE-key-3.0r1.asc
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc" -o /etc/apt/keyrings/HAPEE-key-extras.asc
    nix
    sudo mkdir -p /etc/apt/keyrings
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc" -o /etc/apt/keyrings/HAPEE-key-3.0r1.asc
    sudo curl -s -L "https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc" -o /etc/apt/keyrings/HAPEE-key-extras.asc

  5. Update the repository cache:

    nix
    sudo apt-get update
    nix
    sudo apt-get update

  6. To install the load balancer, run:

    nix
    sudo apt-get install hapee-3.0r1-lb
    nix
    sudo apt-get install hapee-3.0r1-lb
    output
    text
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    	hapee-3.0r1-base openssl
    Suggested packages:
    	ca-certificates
    The following NEW packages will be installed:
    	hapee-3.0r1-base hapee-3.0r1-lb openssl
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    [...]
    output
    text
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    The following extra packages will be installed:
    	hapee-3.0r1-base openssl
    Suggested packages:
    	ca-certificates
    The following NEW packages will be installed:
    	hapee-3.0r1-base hapee-3.0r1-lb openssl
    0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    [...]

  7. To start HAProxy Enterprise, run:

    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb
    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb

  8. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    nix
    sudo systemctl restart rsyslog
    nix
    sudo systemctl restart rsyslog

  1. Create a new file /etc/yum.repos.d/haproxy-tech.repo if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered (see HAProxy Enterprise license key). Replace <VERSION> with your operating system’s version number (for example, 8).

    haproxy-tech.repo
    ini
    [hapee-base]
    name=hapee-base
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
     
    [hapee-plus]
    name=hapee-plus
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
     
    [hapee-plus-extras]
    name=hapee-plus-extras
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
    haproxy-tech.repo
    ini
    [hapee-base]
    name=hapee-base
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
     
    [hapee-plus]
    name=hapee-plus
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1
     
    [hapee-plus-extras]
    name=hapee-plus-extras
    enabled=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/rhel-<VERSION>/$basearch/bin/
    gpgcheck=1

  2. The packages that HAProxy Technologies provides are signed. To install them, you first must import the public key.

    Run the following commands:

    nix
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    nix
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    We encourage you to validate the fingerprints first before installing them onto your system.

    nix
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc
    nix
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    wget https://pks.haproxy.com/linux/enterprise/HAPEE-key-extras.asc

    Then, compare the output of the following commands with the list of expected fingerprints below:

    With gpg versions < 2.1.16:

    nix
    gpg --keyid-format long --with-fingerprint HAPEE-key-3.0r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc
    nix
    gpg --keyid-format long --with-fingerprint HAPEE-key-3.0r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc

    With gpg versions > 2.1.16:

    nix
    gpg --import --import-options show-only HAPEE-key-3.0r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc
    nix
    gpg --import --import-options show-only HAPEE-key-3.0r1.asc
    gpg --keyid-format long --with-fingerprint HAPEE-key-extras.asc
    output
    text
    # HAProxy Enterprise 3.0r1
    FC381713A1C783AC76EB2005CD6DD5ABF28C0C38
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6
    output
    text
    # HAProxy Enterprise 3.0r1
    FC381713A1C783AC76EB2005CD6DD5ABF28C0C38
    # Extras
    77A66FDC5D4D779E9CB9D5809ABA76BB03A731D6

    For the PGP fingerprints of older versions, see the chart here.

  3. Update the repository cache:

    nix
    yum makecache
    nix
    yum makecache

  4. To install the load balancer, run:

    nix
    yum install -y hapee-3.0r1-lb
    nix
    yum install -y hapee-3.0r1-lb

    Output of a successful installation:

    output
    text
    [...]
    Running Transaction
    Installing : hapee-3.0r1-base-3.0r1.0-16.0.noarch      1/2
    Note: you should edit /etc/sysctl.conf for system tuning.
    Installing : hapee-3.0r1-lb-3.0r1.0-67.20.x86_64       2/2
    Verifying  : hapee-3.0r1-base-3.0r1.0-16.0.noarch      1/2
    Verifying  : hapee-3.0r1-lb-3.0r1.0-67.20.x86_64       2/2
    Installed:
    hapee-3.0r1-lb.x86_64 0:3.0r1.0-67.20
    Dependency Installed:
    hapee-3.0r1-base.noarch 0:3.0r1.0-16.0
    Complete!
    output
    text
    [...]
    Running Transaction
    Installing : hapee-3.0r1-base-3.0r1.0-16.0.noarch      1/2
    Note: you should edit /etc/sysctl.conf for system tuning.
    Installing : hapee-3.0r1-lb-3.0r1.0-67.20.x86_64       2/2
    Verifying  : hapee-3.0r1-base-3.0r1.0-16.0.noarch      1/2
    Verifying  : hapee-3.0r1-lb-3.0r1.0-67.20.x86_64       2/2
    Installed:
    hapee-3.0r1-lb.x86_64 0:3.0r1.0-67.20
    Dependency Installed:
    hapee-3.0r1-base.noarch 0:3.0r1.0-16.0
    Complete!

  5. To start HAProxy Enterprise, run:

    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb
    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb

  6. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    nix
    sudo systemctl restart rsyslog
    nix
    sudo systemctl restart rsyslog

  1. Create a new file /etc/zypp/repos.d/haproxy-tech.repo if it does not exist and add the contents below. Replace <HAProxy Enterprise Key> with the key you were given when you registered (see HAProxy Enterprise license key). Replace <VERSION> with your operating system’s version number (for example, 15.5).

    ini
    [hapee-base]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus-extras]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    ini
    [hapee-base]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-common/3.0r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/3.0r1/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0
    [hapee-plus-extras]
    name=HAProxy Enterprise Base
    enabled=1
    autorefresh=1
    baseurl=https://www.haproxy.com/download/hapee/key/<HAProxy Enterprise Key>-plus/extras/suse-<VERSION>/x86_64/bin/
    path=/
    type=rpm-md
    keeppackages=0

  2. Import the keys for the HAProxy Enterprise repositories.

    nix
    sudo rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc
    nix
    sudo rpm --import https://pks.haproxy.com/linux/enterprise/HAPEE-key-3.0r1.asc

  3. Update the repository cache:

    nix
    sudo zypper refresh
    nix
    sudo zypper refresh

    The operation may report that repositories are signed with unknown keys. When prompted whether to continue, enter yes.

  4. Install the load balancer:

    nix
    sudo zypper install -y hapee-<VERSION>-lb
    nix
    sudo zypper install -y hapee-<VERSION>-lb

    Example for HAProxy Enterprise 3.0r1:

    nix
    sudo zypper install -y hapee-3.0r1-lb
    nix
    sudo zypper install -y hapee-3.0r1-lb

    Example of installation output for openSUSE 15.5:

    output
    text
    Refreshing service 'Basesystem_Module_x86_64'.
    Refreshing service 'Containers_Module_x86_64'.
    Refreshing service 'Desktop_Applications_Module_x86_64'.
    Refreshing service 'Development_Tools_Module_x86_64'.
    Refreshing service 'Public_Cloud_Module_x86_64'.
    Refreshing service 'Python_3_Module_x86_64'.
    Refreshing service 'SUSE_Linux_Enterprise_Server_x86_64'.
    Refreshing service 'Server_Applications_Module_x86_64'.
    Refreshing service 'Web_and_Scripting_Module_x86_64'.
    Loading repository data...
    Reading installed packages...
    Resolving package dependencies...
    The following 7 NEW packages are going to be installed:
      hapee-3.0r1-base hapee-3.0r1-lb hapee-3.0r1-libotc hapee-3.0r1-libotcpp insserv-compat libpcre2-posix3 sysvinit-tools
    The following 4 packages have no support information from their vendor:
      hapee-3.0r1-base hapee-3.0r1-lb hapee-3.0r1-libotc hapee-3.0r1-libotcpp
    7 new packages to install.
    Overall download size: 7.4 MiB. Already cached: 0 B. After the operation, additional 33.3 MiB will be used.
    Backend:  classic_rpmtrans
    Continue? [y/n/v/...? shows all options] (y): y
    Retrieving: libpcre2-posix3-10.42-150600.1.26.x86_64 (SLE-Module-Basesystem15-SP6-Pool)                                                                         (1/7),  30.1 KiB
    Retrieving: libpcre2-posix3-10.42-150600.1.26.x86_64.rpm .....................................................................................................................[done]
    Retrieving: sysvinit-tools-2.99-1.1.x86_64 (SLE-Module-Basesystem15-SP6-Pool)                                                                                   (2/7), 132.3 KiB
    Retrieving: sysvinit-tools-2.99-1.1.x86_64.rpm ...............................................................................................................................[done]
    Retrieving: insserv-compat-0.1-4.6.1.noarch (SLE-Module-Basesystem15-SP6-Pool)                                                                                  (3/7),  15.0 KiB
    Retrieving: insserv-compat-0.1-4.6.1.noarch.rpm ..............................................................................................................................[done]
    Retrieving: hapee-3.0r1-base-1.0.0-110.0.noarch (HAProxy Enterprise Base)                                                                                       (4/7),  43.5 KiB
    Retrieving: hapee-3.0r1-base-1.0.0-110.0.suse-15.6.noarch.rpm ...................................................................................................[done (37.6 KiB/s)]
    Retrieving: hapee-3.0r1-libotcpp-1.0.0-15.2.x86_64 (HAProxy Enterprise Base)                                                                                    (5/7), 296.1 KiB
    Retrieving: hapee-3.0r1-libotcpp-1.0.0-15.2.suse-15.6.x86_64.rpm ................................................................................................[done (33.4 KiB/s)]
    Retrieving: hapee-3.0r1-libotc-1.0.0-21.15.x86_64 (HAProxy Enterprise Base)                                                                                     (6/7), 973.9 KiB
    Retrieving: hapee-3.0r1-libotc-1.0.0-21.15.suse-15.6.x86_64.rpm .................................................................................................[done (70.2 KiB/s)]
    Retrieving: hapee-3.0r1-lb-1.0.0-329.537.x86_64 (HAProxy Enterprise Base)                                                                                       (7/7),   6.0 MiB
    Retrieving: hapee-3.0r1-lb-1.0.0-329.537.suse-15.6.x86_64.rpm ....................................................................................................[done (1.7 MiB/s)]
    Checking for file conflicts: .................................................................................................................................................[done]
    (1/7) Installing: libpcre2-posix3-10.42-150600.1.26.x86_64 ...................................................................................................................[done]
    (2/7) Installing: sysvinit-tools-2.99-1.1.x86_64 .............................................................................................................................[done]
    (3/7) Installing: insserv-compat-0.1-4.6.1.noarch ............................................................................................................................[done]
        Note: you should edit /etc/sysctl.d/hapee-3.0.conf for system tuning.
    (4/7) Installing: hapee-3.0r1-base-1.0.0-110.0.noarch ........................................................................................................................[done]
    (5/7) Installing: hapee-3.0r1-libotcpp-1.0.0-15.2.x86_64 .....................................................................................................................[done]
    (6/7) Installing: hapee-3.0r1-libotc-1.0.0-21.15.x86_64 ......................................................................................................................[done]
    (7/7) Installing: hapee-3.0r1-lb-1.0.0-329.537.x86_64 ........................................................................................................................[done]
    output
    text
    Refreshing service 'Basesystem_Module_x86_64'.
    Refreshing service 'Containers_Module_x86_64'.
    Refreshing service 'Desktop_Applications_Module_x86_64'.
    Refreshing service 'Development_Tools_Module_x86_64'.
    Refreshing service 'Public_Cloud_Module_x86_64'.
    Refreshing service 'Python_3_Module_x86_64'.
    Refreshing service 'SUSE_Linux_Enterprise_Server_x86_64'.
    Refreshing service 'Server_Applications_Module_x86_64'.
    Refreshing service 'Web_and_Scripting_Module_x86_64'.
    Loading repository data...
    Reading installed packages...
    Resolving package dependencies...
    The following 7 NEW packages are going to be installed:
      hapee-3.0r1-base hapee-3.0r1-lb hapee-3.0r1-libotc hapee-3.0r1-libotcpp insserv-compat libpcre2-posix3 sysvinit-tools
    The following 4 packages have no support information from their vendor:
      hapee-3.0r1-base hapee-3.0r1-lb hapee-3.0r1-libotc hapee-3.0r1-libotcpp
    7 new packages to install.
    Overall download size: 7.4 MiB. Already cached: 0 B. After the operation, additional 33.3 MiB will be used.
    Backend:  classic_rpmtrans
    Continue? [y/n/v/...? shows all options] (y): y
    Retrieving: libpcre2-posix3-10.42-150600.1.26.x86_64 (SLE-Module-Basesystem15-SP6-Pool)                                                                         (1/7),  30.1 KiB
    Retrieving: libpcre2-posix3-10.42-150600.1.26.x86_64.rpm .....................................................................................................................[done]
    Retrieving: sysvinit-tools-2.99-1.1.x86_64 (SLE-Module-Basesystem15-SP6-Pool)                                                                                   (2/7), 132.3 KiB
    Retrieving: sysvinit-tools-2.99-1.1.x86_64.rpm ...............................................................................................................................[done]
    Retrieving: insserv-compat-0.1-4.6.1.noarch (SLE-Module-Basesystem15-SP6-Pool)                                                                                  (3/7),  15.0 KiB
    Retrieving: insserv-compat-0.1-4.6.1.noarch.rpm ..............................................................................................................................[done]
    Retrieving: hapee-3.0r1-base-1.0.0-110.0.noarch (HAProxy Enterprise Base)                                                                                       (4/7),  43.5 KiB
    Retrieving: hapee-3.0r1-base-1.0.0-110.0.suse-15.6.noarch.rpm ...................................................................................................[done (37.6 KiB/s)]
    Retrieving: hapee-3.0r1-libotcpp-1.0.0-15.2.x86_64 (HAProxy Enterprise Base)                                                                                    (5/7), 296.1 KiB
    Retrieving: hapee-3.0r1-libotcpp-1.0.0-15.2.suse-15.6.x86_64.rpm ................................................................................................[done (33.4 KiB/s)]
    Retrieving: hapee-3.0r1-libotc-1.0.0-21.15.x86_64 (HAProxy Enterprise Base)                                                                                     (6/7), 973.9 KiB
    Retrieving: hapee-3.0r1-libotc-1.0.0-21.15.suse-15.6.x86_64.rpm .................................................................................................[done (70.2 KiB/s)]
    Retrieving: hapee-3.0r1-lb-1.0.0-329.537.x86_64 (HAProxy Enterprise Base)                                                                                       (7/7),   6.0 MiB
    Retrieving: hapee-3.0r1-lb-1.0.0-329.537.suse-15.6.x86_64.rpm ....................................................................................................[done (1.7 MiB/s)]
    Checking for file conflicts: .................................................................................................................................................[done]
    (1/7) Installing: libpcre2-posix3-10.42-150600.1.26.x86_64 ...................................................................................................................[done]
    (2/7) Installing: sysvinit-tools-2.99-1.1.x86_64 .............................................................................................................................[done]
    (3/7) Installing: insserv-compat-0.1-4.6.1.noarch ............................................................................................................................[done]
        Note: you should edit /etc/sysctl.d/hapee-3.0.conf for system tuning.
    (4/7) Installing: hapee-3.0r1-base-1.0.0-110.0.noarch ........................................................................................................................[done]
    (5/7) Installing: hapee-3.0r1-libotcpp-1.0.0-15.2.x86_64 .....................................................................................................................[done]
    (6/7) Installing: hapee-3.0r1-libotc-1.0.0-21.15.x86_64 ......................................................................................................................[done]
    (7/7) Installing: hapee-3.0r1-lb-1.0.0-329.537.x86_64 ........................................................................................................................[done]

  5. To start HAProxy Enterprise, run:

    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb
    nix
    sudo systemctl enable hapee-3.0-lb
    sudo systemctl start hapee-3.0-lb

  6. If you have installed Rsyslog, restart it now to begin collecting HAProxy Enterprise logs:

    nix
    sudo systemctl restart rsyslog
    nix
    sudo systemctl restart rsyslog

System tuning Jump to heading

To get the best performance for your particular environment, consider the following recommendations for tuning your system.

It is advisable to disable swap for performance reasons.

Enable SYSCTL features Jump to heading

In Linux, you can use the program sysctl to read and/or modify the attributes of the system kernel, including its maximum limits and security settings.

When you install HAProxy Enterprise, some recommended sysctl settings are written to its configuration file. These sysctl settings are disabled by default.

  1. Open the configuration file /etc/sysctl.d/30-hapee-3.0.conf

  2. Enable the settings by un-commenting them (remove the prefixing hash sign).

  3. Reload the file using systemctl restart systemd-sysctl.

    text
    # Limit the per-socket default receive/send buffers to limit memory usage
    # when running with a lot of concurrent connections. Values are in bytes
    # and represent minimum, default and maximum. Defaults: 4096 87380 4194304
    #
    # net.ipv4.tcp_rmem            = 4096 16060 262144
    # net.ipv4.tcp_wmem            = 4096 16384 262144
    # Allow early reuse of a same source port for outgoing connections. It is
    # required above a few hundred connections per second. Defaults: 0
    #
    # net.ipv4.tcp_tw_reuse        = 1
    # Extend the source port range for outgoing TCP connections. This limits early
    # port reuse and makes use of 64000 source ports. Defaults: 32768 61000
    #
    # net.ipv4.ip_local_port_range = 1024 65023
    # Increase the TCP SYN backlog size. This is generally required to support very
    # high connection rates as well as to resist SYN flood attacks. Setting it too
    # high will delay SYN cookie usage though. Defaults: 1024
    #
    # net.ipv4.tcp_max_syn_backlog = 60000
    # Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
    # of dead connections, though it will cause issues below 25-30 seconds. It is
    # preferable not to change it if possible. Default: 60
    #
    # net.ipv4.tcp_fin_timeout     = 30
    # Limit the number of outgoing SYN-ACK retries. This value is a direct
    # amplification factor of SYN floods, so it is important to keep it reasonably
    # low. However, too low will prevent clients on lossy networks from connecting.
    # Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
    # it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
    #
    # net.ipv4.tcp_synack_retries  = 3
    # Set this to one to allow local processes to bind to an IP which is not yet
    # present on the system. This is typically what happens with a shared VRRP
    # address, where you want both primary and backup to be started even though the
    # IP is not yet present. Always leave it to 1. Default: 0
    #
    # net.ipv4.ip_nonlocal_bind    = 1
    # Serves as a higher bound for all of the system's SYN backlogs. Put it at
    # least as high as tcp_max_syn_backlog, otherwise clients may experience
    # difficulties to connect at high rates or under SYN attacks. Default: 128
    #
    # net.core.somaxconn           = 60000
    text
    # Limit the per-socket default receive/send buffers to limit memory usage
    # when running with a lot of concurrent connections. Values are in bytes
    # and represent minimum, default and maximum. Defaults: 4096 87380 4194304
    #
    # net.ipv4.tcp_rmem            = 4096 16060 262144
    # net.ipv4.tcp_wmem            = 4096 16384 262144
    # Allow early reuse of a same source port for outgoing connections. It is
    # required above a few hundred connections per second. Defaults: 0
    #
    # net.ipv4.tcp_tw_reuse        = 1
    # Extend the source port range for outgoing TCP connections. This limits early
    # port reuse and makes use of 64000 source ports. Defaults: 32768 61000
    #
    # net.ipv4.ip_local_port_range = 1024 65023
    # Increase the TCP SYN backlog size. This is generally required to support very
    # high connection rates as well as to resist SYN flood attacks. Setting it too
    # high will delay SYN cookie usage though. Defaults: 1024
    #
    # net.ipv4.tcp_max_syn_backlog = 60000
    # Timeout in seconds for the TCP FIN_WAIT state. Lowering it speeds up release
    # of dead connections, though it will cause issues below 25-30 seconds. It is
    # preferable not to change it if possible. Default: 60
    #
    # net.ipv4.tcp_fin_timeout     = 30
    # Limit the number of outgoing SYN-ACK retries. This value is a direct
    # amplification factor of SYN floods, so it is important to keep it reasonably
    # low. However, too low will prevent clients on lossy networks from connecting.
    # Using 3 as a default value gives good results (4 SYN-ACK total) and lowering
    # it to 1 under SYN flood attack can save a lot of bandwidth. Default: 5
    #
    # net.ipv4.tcp_synack_retries  = 3
    # Set this to one to allow local processes to bind to an IP which is not yet
    # present on the system. This is typically what happens with a shared VRRP
    # address, where you want both primary and backup to be started even though the
    # IP is not yet present. Always leave it to 1. Default: 0
    #
    # net.ipv4.ip_nonlocal_bind    = 1
    # Serves as a higher bound for all of the system's SYN backlogs. Put it at
    # least as high as tcp_max_syn_backlog, otherwise clients may experience
    # difficulties to connect at high rates or under SYN attacks. Default: 128
    #
    # net.core.somaxconn           = 60000

Do you have any suggestions on how we can improve the content of this page?

Previous page Install the VM image Next page Migration
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences