I've always used Nginx as a proxy, but I've seen HAProxy mentioned, what are some of the benefits of using HAProxy over nginx as a proxy or load balancer?

Thoughts on HAProxy vs. Envoy, or as the data plane for a service mesh?

PSA: if you are building your own HAProxy binaries, 2.0 replaces the confusing linux `TARGET`s (`linux2628` and the like) with a single target "`linux-glibc`", that name may be even more confusing, as that's the target you need to build HAProxy even if you are using musl instead of glibc.

This is a list of nearly every feature I've ever wanted from haproxy. Truly wonderful work!

The conversation in this thread has made me wonder after reading it if anyone uses Apache2 as their webserver anymore.

Edit: seems many still do! I thought it was dying slowly as php popularity was going down.

Proper Layer 7 retrying is huge. I’ve been waiting for this for a while.

Is the v1 config backwards compatible with this? I can't see it mentioned anywhere so assume you can just upgrade in place?

Now that HaProxy uses HTX internally to quickly represent header flags, I wish they'd add that to their "Proxy Protocol". Back in the day, Apache/Tomcat used AJP to transmit parsed HTTP state to backend servers to avoid the re-parsing overhead.

email version of the announcement: https://www.mail-archive.com/haproxy@formilux.org/msg34215.h...

Some months ago I decided to move every little things running on some VPS to docker (so I could move those apps at will and have apps with incompatible dependencies running on the same VPS).

I looked into Haproxy, set a bunch of rules and fall into static IP management hell. Then I tried Traefik mainly because of the HTTPS auto-renewal feature but the ability to tag docker containers with DNS regex (so traefik knows how to reverse proxy traffic) is a god send.

Is there something like that in HaProxy 2.0 (HTTPS auto-renewal and container tagging) ?

If I were to use it as a k8s ingress, how would I do OCSP stapling? nginx does that for you, but with haproxy you've always had to hack something together to add a .ocsp file (which has to exist at startup) and reload externally.

I also see no option for client certificate auth or TLS versions and cipher suites in the repo.

I guess it's still better to handle TLS outside of haproxy.

Are there any programmble http proxy servers? I write a fair bit of VM/container control software and often need to map URLs to specific entities on the network dynamically. Never found a good programmable proxy with routing table API and always had to hand roll.

Such a great project! I was a squid guy, then nginx and now since nginx stopped getting new features due to the commercial edition I am switching. Thank you developers for this amazing work!

Does it have proper support for HTTP/2.0?

Last I checked, only Nginx really did it right.

Can HA proxy serve static files like nginx?

Does it still need the gross security violation of a C compiler on your vulnerable edge nodes?

Sounds like HAProxy 2.0 is Envoy. I would personally (and do) just use Envoy, as everyone else is already using it and the bugs they've found have been fixed.