Install and Configure Pound as Apache HTTP Load balancer on Ubuntu 16.04

Last Updated:

In this guide, we are going to learn how to install and configure Pound as an Apache http /https requests load balancer on Ubuntu 16.04.

So what exactly is Pound and how does it work?

Pound is an open source reverse-proxy as well as load balancing server platform. It accepts requests from HTTP/HTTPS clients and distributes them to one or more back-end Web servers. The HTTPS requests are decrypted and passed to the back-end servers as plain HTTP. If more than one back-end server is defined, Pound chooses one of them randomly, based on defined priorities. By default, Pound keeps track of sessions established between clients and back-end servers.

The functionality of Pound can be simply illustrated in the figure below.


Our deployment architecture will be like as shown in the figure above with:
– Pound Server IP:
– websrv01 IP:
– websrv01 IP:

Install Apache web server on all the servers, frontend (pound) and the back-end servers. After installing, start it and if firewall is running allow it through the firewall.

On debian based

apt-get install -y apache2
systemctl start apache2
ufw allow Apache

If you are using other distros for your backend servers, use the relevant package managers to install Apache.

Installing Pound

Pound is available on Ubuntu repositories and can be installed easily with a package manager.

apt-get install -y pound

Configuring Pound HTTP load balancing

The configuration file for pound is /etc/pound/pound.cfg. In order for pound to function properly, three objects have to defined in its configuration file.

  • Listeners: Listeners define how Pound receives requests from the clients (browsers). Two types of listener may be defined: regular HTTP listener and HTTPS (HTTP over SSL/TLS) listeners. At the very least a listener must define the address and port to listen on, with additional requirements for HTTPS listeners.
  • Services: Aservice defines of how the requests are answered. The services may be defined within a listener or at the top level (global).
    When a request is received Pound attempts to match them to each service in turn, starting with the service defined in the listener itself and, if needed, continuing with the  services defined at the global level.
  • Back-ends: The back-ends are the actual servers for the content requested. By itself, Pound supplies no responses – all contents must be received from a “real” web server. The back-end defines how the server should be contacted. Three types of back-ends may be defined:a regular backend which receives requests and returns responses, a redirect back-end in which case Pound will respond with a redirect response, without accessing any back-end at all, or an emergency back-end which will be used only if all other back-ends are fail.  The connection between Pound and the back-ends is always via HTTP, regardless of the actual protocol used between Pound and the client.

Edit the pound configuration and make the changes as follows.

vim /etc/pound/pound.cfg

Within the configuration file, set the logging level to 3, common log format for Apache and specify the log facility.

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        3

# Add this line to specify log facility
LogFacility     local1

Define the listening address for the front-end Pound server abd the Back-end web servers,

## redirect all requests on port 80 ("ListenHTTP") to the local webserver (see "Service" below):
        Port    80
        ## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
#       xHTTP           0 # Comment out this line
# If you are going to load balance https traffic uncomment the following lines
#        Address
#        Port    443
#        Cert    "/etc/ssl/pound.pem"

        Address # websrv01 back-end IP address
        Port    80         # Listening port for back-end websrv01
        Priority 5         # Priority of this backend

       Address # IP address for second web-server backend
       Port    80
       Priority 5

Save the configuration file and set pound to start on boot by editing the /etc/default/pound configuration file and changing the value of startup option from 0 to 1. After that restart pound.

sed -i 's/^startup=0/startup=1/' /etc/default/pound
systemctl restart pound

Since we have configured pound to forward all the requests to port 80 to the backend servers, let us configure apache on Pound server to listen on an alternative port, say 8080. Usually pound listens on port 8080 by default.

Edit the /etc/apache2/ports.conf configuration file and change the Listening port for apache.

vim /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

#Listen 80
Listen 8080

Edit the virtualhost default configuration file, /etc/apache2/sites-enabled/000-default.conf and substitute port 80 with 8080.

vim /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:8080>

Save the configuration file and restart apache.

systemctl restart apache2

Configure Logging for Pound

For Rsyslog to log events from pound, edit the /etc/rsyslog.d/50-default.conf  conf file and add the highlighted lines below.

vim /etc/rsyslog.d/50-default.conf
6 # First some standard log files. Log by facility.
7 #
8 auth,authpriv.* /var/log/auth.log
9 *.*;auth,authpriv.none;local1.none -/var/log/syslog
10 local1.* /var/log/pound.log
11 #cron.* /var/log/cron.log

Restart Rsyslog to effect the changes

systemctl restart rsyslog

Create a sample web content on the backend web servers. For example

vim /var/www/html/index.html
<!DOCTYPE html>
<h1><center>This is served from websrv01 backend web server.</center></h1>

Do the same for the second backend web server.

<!DOCTYPE html>
<h1><center>This is served from websrv02 backend web server.</center></h1>

Configure Apache on Backend servers to log requests for X-Forwarded-For, that is the original agent which sent the request.
If your backend server is CentOS, edit the configuration file /etc/httpd/conf/httpd.conf  as follows.

vim /etc/httpd/conf/httpd.conf
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# Comment the line below and edit it to look line the last line
# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "\"%{X-Forwarded-For}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

If your backend server is an Ubuntu system, proceed as follows.

Enable remoteip module

a2enmod remoteip

Then Edit the /etc/apache2/apache2.conf configuration file and replace the contents of line 206 to 207 with the following lines.

vim /etc/apache2/apache2.conf
203 # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
204 # Use mod_remoteip instead.
205 #
206 RemoteIPHeader X-Forwarded-For
207 RemoteIPInternalProxy
208 LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
209 LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

After making the above changes. restart Apache

# systemctl restart httpd
# systemctl restart apache2

Now visit http://<pound-server-ip>, and refresh the page continuously.
You will notice that the home page continuously changes on every request.


And that is all it takes to get Pound HTTP(S) load balancer up and running.


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

2 thoughts on “Install and Configure Pound as Apache HTTP Load balancer on Ubuntu 16.04”

  1. Thanks for the thorough explanation! I’m actually using FreeBSD but the same principles apply.

    Also note that the module logio_module must be enabled as well, or the %O directive will not work (maybe Ubuntu has it by default; unfortunately I run nginx on the Ubuntu boxes and therefore are clueless about Apache’s configuration over there).


Leave a Comment