Haproxy

Haproxy

HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency.

What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a Lua interpreter for custom request handling and routing logic, and exposes a runtime socket control plane that accepts text commands to modify server states, weights, ACLs, and maps without restarting the process. A shared-memory stick-table engine maintains session state and counters that can be synchronized across peer instances, while the ACL-based decision tree evaluates named conditions to branch traffic through a rule chain of actions.

The platform provides comprehensive traffic management capabilities including load balancing with configurable algorithms, HTTP header and content rewriting, session persistence, rate limiting, and bandwidth controls. It handles SSL/TLS termination with automatic certificate management via the ACME protocol, and supports Kubernetes ingress and gateway traffic control using standard Gateway API and Ingress API rules. Observability features include customizable log formats, remote log forwarding, request tracing, and real-time system metrics monitoring.

HAProxy offers multiple interfaces for runtime configuration management, including a REST API for programmatic load balancer configuration, interactive CLI sessions over Unix sockets, and in-memory map editing without configuration reloads.

Features

Load Balancers - Distributes incoming TCP and HTTP traffic across multiple backend servers using configurable algorithms for high availability.

ACL-Based Routing Trees - Implements an ACL-based decision tree that evaluates conditions to route, block, or redirect traffic.

Configuration Hot-Reloading - Modifies load balancer configuration in memory at runtime without requiring a service restart.

Declarative Configuration Files - Uses a declarative configuration file parsed at startup to define all load-balancing rules and behavior.

Kubernetes Traffic Controllers - Directs HTTP and TCP traffic to Kubernetes services using Gateway API and Ingress API rules.

SSL Termination Proxies - Decrypts incoming HTTPS traffic at the proxy, offloading encryption work from backend servers.

Runtime Configurations - Modifies load balancer settings, server states, and routing rules on-the-fly through a REST API, CLI socket, or in-memory updates.

Advanced Traffic Routing - Inspects, rewrites, and redirects HTTP headers, URIs, payloads, and protocol versions based on configurable rules.

Dual-Mode Proxy Architectures - Operates in both TCP and HTTP modes, adding protocol parsing and rule evaluation in HTTP mode.

HTTP Proxies - An open-source proxy that distributes TCP and HTTP traffic across multiple backend servers for high availability.

Runtime Configuration Managers - Modifies load balancer in-memory configuration on the fly, eliminating the need for a full reload.

TLS Termination - Decrypts incoming HTTPS traffic at the proxy so backend servers receive plain HTTP.

Socket-Based Configuration - Modifies load balancer behavior on-the-fly through a UNIX or TCP socket without restarting the service.

Runtime Control Sockets - Exposes a runtime socket that accepts text commands to modify server states and routing without restarting.

Runtime Socket Configuration Managers - Modifies load balancer behavior on-the-fly through a UNIX or TCP socket without restarting the service.

Access Control Lists - Defines named conditions based on extracted data to allow, deny, or redirect traffic at various processing stages.

SSL/TLS Certificate Management - Decrypts incoming HTTPS traffic at the proxy and automates TLS certificate lifecycle management via the ACME protocol.

Event-Driven I/O - Uses an event-driven, single-threaded reactor with non-blocking I/O to handle tens of thousands of connections.

Server Health Monitoring - Periodically checks backend servers via TCP, HTTP, or custom scripts and automatically removes unhealthy ones.

HTTP Request Handling - Inspects HTTP method, URI, and headers to decide which backend server handles each request.

HTTP Header Manipulators - Reads, adds, removes, or rewrites any HTTP header in requests and responses based on rules.

Monitoring and Health - Tracks server health through custom checks, logs structured events, and exposes real-time metrics.

Lua Scripting - Embeds and executes Lua code within the proxy to implement custom request handling and routing.

Connection Limit Managers - Restricts concurrent connections per backend server to prevent overload.

Proxy Phase Timeouts - Defines separate timeouts for each proxy phase to control idle connection closure.

Kernel-Level Data Splicing - Transfers data between client and server connections directly at the kernel level to reduce memory usage and latency.

Request Path Rewriters - Modifies URIs, paths, query strings, and response bodies on the fly using pattern-based rules.

REST APIs - Exposes a REST API for managing load balancer settings programmatically.

Ingress Controllers - Routes HTTP and TCP traffic to Kubernetes services using standard Gateway API and Ingress API rules.

Load Balancing Algorithms - Selects backend servers using algorithms like round-robin, least connections, or hash-based methods.

Bandwidth Management - Sets a global cap on the total incoming or outgoing bandwidth that a frontend can consume.

Custom Load Balancers - Adds new functionality to the load balancer by writing and executing Lua scripts within its runtime.

Hostname Resolvers - Periodically queries DNS servers to update backend server IP addresses without requiring a configuration reload.

Protocol Translation Proxies - Translates between HTTP/1.1 and HTTP/2 so clients and servers using different versions can communicate.

Host Header Rewriting - Changes the Host header value to match the expected backend application domain.

REST API Configuration Managers - Manages load balancer configuration and routing rules programmatically through a RESTful HTTP API.

REST API Configurations - Provides a REST API for programmatic load balancer configuration without manual file editing.

Runtime Weight Adjustments - Adjusts load-balancing weights of backend servers at runtime via agent check or CLI.

HTTP Keep-Alive Connections - Reuses TCP connections for multiple HTTP request-response pairs to reduce latency and server load.

PROXY Protocol Forwarders - Preserves original client IP and connection metadata when forwarding traffic to backend servers.

Stick Table Peering - Synchronizes stick-table data between multiple HAProxy instances to maintain session state during failover.

TCP Stream Interception - Inspects and rewrites raw TCP stream data at the content level using connection, session, or content rules.

Geolocation Routing - Routes traffic to region-specific backends based on client source IP geolocation.

Embedded Scripting Extensions - Embeds a Lua interpreter for custom request handling, routing logic, and content generation within the proxy.

Embedded Scripting Runtimes - Extends proxy functionality by embedding and executing Lua scripts for custom request handling and routing.

TLS Certificate Management - Uses the ACME protocol to obtain and renew TLS certificates from a certificate authority automatically.

Client Session Persistence - Persists client requests to the same backend server using cookies, table entries, or session identifiers.

Kernel-Level Data Splicing - Transfers data between sockets at the kernel level using splice() to minimize memory usage and latency.

Custom Log Formatting - Constructs log lines from static text and dynamic sample fetches for precise analysis.

Custom Scripting Engines - Runs Lua scripts within the load balancer to add custom logic and behavior.

Event Logging - Outputs detailed, customizable log lines for each connection or HTTP transaction.

Rate Limiting - Limits the number of requests a client can make in a given time window to protect backends.

Stick Table Engines - Maintains session state and counters in a lock-free shared memory region synchronized across peer instances.

Session Draining - Marks a server as draining so it stops receiving new connections but finishes serving existing ones.

Server Management - Enables or disables individual backend servers in real time for maintenance or outage management.

Interactive CLI Sessions - Runs persistent command-line sessions over a UNIX socket to execute multiple runtime commands sequentially.

Account Statistics Monitoring - Tracks real-time metrics and forwards logs to a Syslog server for observability.

Request Correlation - Adds a unique request identifier header to correlate logs and backend traces.

Request Tracing - Logs detailed step-by-step request processing through filters and rules for debugging.

Custom Health Check Sequences - Sends a sequence of TCP or HTTP commands and evaluates responses to determine backend server health.

TCP/UDP Log Ingestion - Sends structured log messages to remote collectors over TCP or UDP transport.

Client Device Detection - Identifies client device model, operating system, and browser using 51Degrees or WURFL data files.

HTTP Redirects - Responds to plain HTTP requests with a redirect to the equivalent HTTPS URL to enforce encrypted communication.

Response Compression - Compresses response bodies with gzip or other algorithms to reduce bandwidth usage.

API Gateways - High-performance TCP/HTTP load balancer.

haproxyhaproxy

Features

Star history