HAProxy installation under Debian Etch (compiling from sources)

HAProxy is an excellent load balancer which performs extremely well. This page explains how to install HAProxy since this is one of the recommended versions on the ”HAProxy Mailing List”:

Server response time discrepancy

Also, it has been recommended on that thread to use one of the following kernels:

  • 2.6.22
  • 2.6.25
  • 2.6.18

Installation Steps

First, install some required tools/packages:

apt-get update
apt-get install build-essential make libpcre3 libpcre3-dev

If you want to stick to one of the recommended kernels, at the time this how-to was written, Debian Etch standard apt-get repositories include the kernel 2.6.18, which could be installed (optional):

apt-get install linux-kernel-headers

Then you should reboot after, to start using this new kernel.

If you want to find out which kernel you are using, you may want to run this:

uname -rs

The output should be something like this:

Linux 2.6.18-6-686

Now, you should configure syslog daemon to listen following this document:

Configuring syslog to receive messages from the network (aka listen)

Check the HAProxy’s README file, and make sure:

To build haproxy, you will need :

  • GNU make. Neither Solaris nor OpenBSD’s make work with this makefile. However, specific Makefiles for BSD and OSX are provided.
  • GCC between 2.91 and 4.3. Others may work, but not tested.
  • GNU ld

Proceed with the compilation as follows (note that I have used TARGET, CPU and USE_PCRE. These options need to be double checked on the readme file, it is very clear):

cd /opt/
wget http://haproxy.1wt.eu/download/1.3/src/haproxy-
tar zxvf haproxy-

# Double check your options on the readme file first!!!!
# http://sysbible.org/att/HAProxy-1.3.15_README.txt
cd /opt/haproxy-
make TARGET=linux26 CPU=i686 USE_PCRE=1
make install

ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

Now you should be ready to go:


HA-Proxy version 2008/06/21
Copyright 2000-2008 Willy Tarreau

Usage : haproxy -f  [ -vdVD ] [ -n  ] [ -N  ]
        [ -p
 ] [ -m  ]
        -v displays version ; -vv shows known build options.
        -d enters debug mode ; -db only disables background mode.
        -V enters verbose mode (disables quiet mode)
        -D goes daemon ; implies -q
        -q quiet mode : don't display messages
        -c check mode : only check config file and exit
        -n sets the maximum total # of connections (2000)
        -m limits the usable amount of memory (in MB)
        -N sets the default, per-proxy maximum # of connections (2000)
        -p writes pids of all children to this file
        -de disables epoll() usage even when available
        -ds disables speculative epoll() usage even when available
        -dp disables poll() usage even when available
        -sf/-st [pid ]* finishes/terminates old pids. Must be last arguments.
haproxy -vv

HA-Proxy version 2008/06/21
Copyright 2000-2008 Willy Tarreau

Build options :
  TARGET  = linux26
  CPU     = i686
  CC      = gcc
  CFLAGS  = -O2 -march=i686 -g

Granting MySQL Permissions


    -> identified by 'PASSWORD' [with grant option];
mysql> flush privileges;


    -> TO 'exampleuser'@'' IDENTIFIED BY 'secret';
Query OK, 0 rows affected (0.07 sec)
mysql> GRANT ALL PRIVILEGES on exampledb.* TO 'exampleuser'@'' 
Query OK, 0 rows affected (0.06 sec)


  • WITH GRANT OPTION should only be added when really needed; this privilege allows a user to grant to others (more info).
  • The location from where a user can connect (i.e. ‘username’@’server’) can be also a network if specified asĀ  ‘username’@’10.120.%.%’

See Also

Name based virtual hosting

It is possible (using HTTP/1.1) to have several websites served on the same IP address and port and still differentiate them based on the host name.

This should be done at the web server configuration level.

Microsoft IIS

IIS uses the so called “Host Headers”. It is straightforward to set up, you may want to look into these articles:0


More complex and versatile, you should check: Apache’s Name-based Virtual Host Support.

Forcing Perl to install CPAN packages via HTTP (i.e. avoiding FTP)

If you are behind a firewall and your FTP connectivity with the external world is just restricted you might get frustrated with Perl’s automatic way of installing packages (via CPAN) because it uses FTP protocol by default.


Edit your CPAN settings file (probably /etc/perl/CPAN/Config.pm) and change the line:

'urllist' => [],

it should look like this:

'urllist' => [q[http://www.perl.com/CPAN]],

After that you should be able to install automatically CPAN modules using http protocol instead of ftp.

See Also

Installing unrar package under Debian Linux

What we need to do is install this package (at least for Debian 4.0 Etch. You may find for your appropriate version here). Since it belongs to Debian’s non-free section you need to make sure you have non-free enabled on your apt sources.

You may test that everything will be smooth by invoking the install command with the “simulate” switch (-s):

apt-get update
apt-get -s install unrar

Building Dependency Tree... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 82 not upgraded.
Inst unrar (1:3.5.2-0.1 Debian:3.1r7/oldstable)
Conf unrar (1:3.5.2-0.1 Debian:3.1r7/oldstable)

It actually looks OK; there are no dependency problems and the upgrade is minimal (this package does not require to install many others). I then proceed with the “real” thing:

apt-get install unrar

Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 82 not upgraded.
Need to get 87.9kB of archives.
After unpacking 221kB of additional disk space will be used.
Get:1 http://mirror.aarnet.edu.au oldstable/non-free unrar 1:3.5.2-0.1 [87.9kB]
Fetched 87.9kB in 1s (53.2kB/s)
Selecting previously deselected package unrar.
(Reading database ... 47406 files and directories currently installed.)
Unpacking unrar (from .../unrar_1%3a3.5.2-0.1_i386.deb) ...
Setting up unrar (3.5.2-0.1) ...

Unrar command line usage under Debian Linux

The command usage is:

Usage:     unrar  - -  

  e             Extract files to current directory
  l[t,b]        List archive [technical, bare]
  p             Print file to stdout
  t             Test archive files
  v[t,b]        Verbosely list archive [technical,bare]
  x             Extract files with full path

  -             Stop switches scanning
  ad            Append archive name to destination path
  ap      Set path inside archive
  av-           Disable authenticity verification check
  c-            Disable comments show
  cfg-          Disable read configuration
  cl            Convert names to lower case
  cu            Convert names to upper case
  dh            Open shared files
  ep            Exclude paths from names
  ep3           Expand paths to full including the drive letter
  f             Freshen files
  id[c,d,p,q]   Disable messages
  ierr          Send all messages to stderr
  inul          Disable all messages
  kb            Keep broken extracted files
  n       Include only specified file
  n@            Read file names to include from stdin
  n@      Include files in specified list file
  o+            Overwrite existing files
  o-            Do not overwrite existing files
  ow            Save or restore file owner and group
  p[password]   Set password
  p-            Do not query password
  r             Recurse subdirectories
  ta      Process files modified after  in YYYYMMDDHHMMSS format
  tb      Process files modified before  in YYYYMMDDHHMMSS format
  tn      Process files newer than 
  to      Process files older than 
  ts[N]  Save or restore file time (modification, creation, access)
  u             Update files
  v             List all volumes
  ver[n]        File version control
  vp            Pause before each volume
  x       Exclude specified file
  x@            Read file names to exclude from stdin
  x@      Exclude files in specified list file
  y             Assume Yes on all queries

See Also

Configuring syslog to receive messages from the network (aka listen)

It is sometimes needed to have a syslog server configured in such a way that is able to listen to the network and log information send through it. By default, this is usually turned off.

All we need to do is run syslog with the option ‘-r’. If we look at syslogd’s man page:

-r This option will enable the facility to receive message from the network using an internet domain socket with the syslog service (see services(5)). The default is to not receive any messages from the network. This option is introduced in version 1.3 of the sysklogd package. Please note that the default behavior is the opposite of how older versions behave, so you might have to turn this on.

An easy way to check if your syslogd (aka syslog daemon) is running with this option enabled is:

ps aux | grep syslogd | grep -v grep

The output should be something like this (some columns have been truncated to fit the page):

root _truncated_ /sbin/syslogd -r -m0

The latest columns state how the syslogd has been started. In this case, it has been started using the options ‘-r’ and ‘-m0’:

/sbin/syslogd -r -m0

How to do the necessary changes

Under Debian Linux, you would need to edit syslogd init script (usually: /etc/init.d/sysklogd) and add the following lines:

# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
SYSLOGD="-r -m0"

NOTE.- You might want to add -m0 option as well (optional), which disables the automatic syslog timestamp (i.e. a regular mark that is written into the log regularly).

The file should look something like this:

#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.



test -x $binpath || exit 0

test ! -r /etc/default/syslogd || . /etc/default/syslogd

# Options for start/restart the daemons
#   For remote UDP logging use SYSLOGD="-r"
SYSLOGD="-r -m0"

    if [ ! -e /dev/xconsole ]; then
        mknod -m 640 /dev/xconsole p
        chmod 0640 /dev/xconsole
    chown root:adm /dev/xconsole


After this, you should restart the daemon:

/etc/init.d/sysklogd restart
Restarting system log daemon: syslogd.

And now you should have your syslog daemon listening (you should check again):

ps aux | grep syslogd | grep -v grep

root _truncated_ /sbin/syslogd -r -m0