Knowledge Base
Welcome to HAProxy’s extensive and ever-expanding knowledge base. Created by a team of experts including HAProxy’s Core Development Team; it covers a wide range of topics to help you achieve maximum potential.
April/2022 – CVE-2022-22965: Spring4Shell Remote Code Execution Mitigation
Recently, a Remote Code Execution vulnerability was discovered in the Java Spring Core library. This vulnerability allows attackers to execute arbitrary code on affected systems. You can find more information on that vulnerability in the announcement on the Spring...
December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
This post will be updated over the next several days. Recently, a Remote Code Execution vulnerability was discovered in the Apache Log4J library. This vulnerability, which is tracked in CVE-2021-44228, dubbed Log4Shell, allows attackers to execute arbitrary code on...
Rate Limiting with the HAProxy Kubernetes Ingress Controller
Add IP-by-IP rate limiting to the HAProxy Kubernetes Ingress Controller. DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent...
September/2021 – CVE-2021-40346: Duplicate ‘Content-Length’ Header Fixed
If you are using HAProxy 2.0 or newer, it is important that you update to the latest version. A vulnerability was found that makes it possible for an attacker to bypass the check for a duplicate HTTP Content-Length header, permitting a request smuggling attack or a...
Load Balancing/Routing
Enable Sticky Sessions in HAProxy
HyperText Transfer Protocol (HTTP), the protocol that defines the language browsers use to communicate with web servers, is stateless, meaning that after you make a web request and a server sends back a response, no memory of that interaction remains. To make anything...
[On-Demand Webinar] Achieving Multi-Datacenter High Availability with HAProxy ALOHA and GSLB
HAProxy ALOHA is a load balancer that's ideal for companies in search of high performance and ease of use. It comes as either a hardware appliance or a virtual appliance and provides load balancing of TCP, UDP and HTTP traffic, DDoS protection, and active-active...
Use Your Load Balancer to Monitor Application Health
HAProxy and HAProxy Enterprise collect a vast amount of information about the health of your applications being load balanced. That data, which uses the Prometheus text-based format for metrics, is published to a web page hosted by the load balancer, and since many...
How Load Balancing Improves the Performance of Your Applications
Load balancing is an indispensable technique for improving a website's performance. I'll explain why. With Firefox's Web Developer Tools open, I visited a popular retailer's website to see how many HTTP requests my browser made when loading the site. In this case, I...
SSL
Announcing HAProxy Data Plane API 2.2
The HAProxy Data Plane API 2.2 lays the foundation for first-class service discovery and introduces native support for Consul. It also adds storage and file handling for SSL certificates, Map files, and SPOE configuration files. Watch our on-demand webinar "What’s New...
Route SSH Connections with HAProxy
Route SSH connections through HAProxy using the SSH ProxyCommand feature and SNI. Watch our on-demand webinar in French "How to Route SSH Connections with HAProxy". Did you know that you can proxy SSH connections through HAProxy and route based on hostname? The...
[On-demand Webinar] Achieving FIPS 140-2 Encryption Compliance with HAProxy Enterprise on Red Hat Enterprise Linux
Encryption is an important facet of cybersecurity. It involves scrambling messages so that they can not be read by unauthorized parties in order to protect private information, which is particularly important when sending data across an untrusted network or the...
Redirect HTTP to HTTPS with HAProxy
Use the HAProxy load balancer to redirect users from HTTP to HTTPS automatically. For decades, our lives have become increasingly dependent on sending and receiving data from across the Internet. Now, with more people working, studying, and hanging with friends...
Microservices
Consul Service Discovery for HAProxy
HAProxy with the HAProxy Data Plane API can integrate with Consul to enable service discovery for your load balancer configuration. Many Ops team professionals rank HAProxy as their favorite load balancer because it adds high availability, security and...
Power Your Consul Service Mesh with HAProxy
Many of you use HashiCorp Consul for service discovery. It makes connecting one backend application or service to another easy: Your Consul servers store a catalog of addresses to all of your services; when an application within the network wants to discover where a...
Circuit Breaking in HAProxy
With HAProxy, you can implement a circuit breaker to protect services from widespread failure. Martin Fowler, who is famous for being one of the Gang of Four authors who wrote Design Patterns: Elements of Reusable Object-Oriented Software, hosts a website where...
Accelerate Your APIs by Using the HAProxy Cache
HAProxy's cache helps boost API performance by serving saved messages to your users. The age of rendering most of a web page's contents on the server and then delivering it as a colossal HTML file is fading into the past. Modern web frameworks like Angular, React, and...
Performance
Autoscaling with the HAProxy Kubernetes Ingress Controller and KEDA
This blog post describes how to implement autoscaling of your application pods using KEDA and the HAProxy Kubernetes Ingress Controller. Since it was published, a new feature has been added to the ingress controller that lets you autoscale the number of ingress...
Protect Servers with HAProxy Connection Limits and Queues
HAProxy connection limits and queues can help protect your servers and boost throughput when load balancing heavy amounts of traffic. When you use HAProxy as an API gateway in front of your services, it has the ability to protect those servers from traffic...
Announcing HAProxy Kubernetes Ingress Controller 1.5
We've released version 1.5 of the HAProxy Kubernetes Ingress Controller. This version unlocks access to the raw HAProxy configuration language for power users to gain more control. You can also enable mutual TLS authentication between the ingress controller and...
HTTP Keep-Alive, Pipelining, Multiplexing and Connection Pooling
Persistent connections allow HAProxy to optimize resource usage, lower latency on both the client and server side, and support connection pooling. HTTP is a layer 7 protocol that's transmitted over a TCP connection. It works in a client-server model and follows...
Webinars
[On-Demand Webinar] Achieving Multi-Datacenter High Availability with HAProxy ALOHA and GSLB
HAProxy ALOHA is a load balancer that's ideal for companies in search of high performance and ease of use. It comes as either a hardware appliance or a virtual appliance and provides load balancing of TCP, UDP and HTTP traffic, DDoS protection, and active-active...
[On-Demand Webinar] What’s New in the HAProxy Data Plane API 2.5
The HAProxy Data Plane API enables you to configure your HAProxy load balancers programmatically. This latest release, version 2.5, expands coverage of existing HAProxy configuration directives, fixes bugs, and optimizes performance. During this on-demand webinar, you...
[On-Demand Webinar] HAProxy Skills Lab: Health Checking Servers
A common misconception is that load balancing is enough to achieve high availability. That is only true when you factor in one, very important feature: health checks! Health checks monitor your servers for issues. If a server loses connectivity or begins returning...
HAProxy 2.5 Feature Roundup
HAProxy 2.5 is now available! Join this session to learn about the changes. This version of HAProxy improves a number of features, including: full support for managing servers dynamically using the Runtime API SSL/TLS enhancements, including support for OpenSSL 3.0...
Basics
Enable Sticky Sessions in HAProxy
HyperText Transfer Protocol (HTTP), the protocol that defines the language browsers use to communicate with web servers, is stateless, meaning that after you make a web request and a server sends back a response, no memory of that interaction remains. To make anything...
How Load Balancing Improves the Performance of Your Applications
Load balancing is an indispensable technique for improving a website's performance. I'll explain why. With Firefox's Web Developer Tools open, I visited a popular retailer's website to see how many HTTP requests my browser made when loading the site. In this case, I...
[On-Demand Webinar] HAProxy Skills Lab: Health Checking Servers
A common misconception is that load balancing is enough to achieve high availability. That is only true when you factor in one, very important feature: health checks! Health checks monitor your servers for issues. If a server loses connectivity or begins returning...
What Is Load Balancing
Load balancing means splitting up network traffic so that you can distribute it evenly across a group of backend servers. For example, if you run two web servers, both hosting a copy of the same website, then you can balance the traffic across them, sending half to...
Benchmarking
HAProxy Forwards Over 2 Million HTTP Requests per Second on a Single Arm-based AWS Graviton2 Instance
For the first time, a software load balancer exceeds 2-million RPS on a single Arm instance. A few weeks ago, while I was working on an HAProxy issue related to thread locking contention, I found myself running some tests on a server with an 8-core, 16-thread...
Test Driving “Power of Two Random Choices” Load Balancing
The Power of Two Random Choices load-balancing algorithm has piqued some curiosity. In this blog post, we see how it stacks up against other modern-day algorithms available in HAProxy. Recently, I was asked twice about my opinion on supporting an algorithm known as...
Hypervisors Virtual Network Performance Comparison from a Virtualized Load Balancer Point of View
Introduction At HAProxy Technologies, we edit and sell a Load-Balancer appliance called ALOHA (stands for Application Layer Optimisation and High-Availability). A few month ago, we managed to make it run on the most common hypervisors available: VMWare (ESX, vsphere)...
Benchmarking SSL Performance
Introduction The story Recently, there has been some attacks against website which aimed to steal user identity. In order to protect their users, major website owners had to find a solution. Unfortunately, we know that sometimes, improving security means downgrading...
Random Tips
Serve Dynamic Custom Error Pages with HAProxy
Set up custom error pages in HAProxy to ensure consistent, branded messaging that supports any backend web stack. The memory is probably still fresh: You're shopping online at your favorite website, looking for something specific, you've got it narrowed down to two or...
[Conference Presentation] Dynamic Application Routing Over SSL with HAProxy Enterprise
Back in May, HAProxy Senior Systems Engineer Chad Lavoie presented at the OpenStack Summit Boston. Chad presented on using maps in HAProxy to dynamically route requests while securing your site with SSL combined with the use of the Update Module (included in HAProxy...
HAProxy and HTTP Errors 408 in Chrome
Lately, there was some discussions on HAProxy's mailing list about 408 errors printed in Chrome browsers. Origin of 408 errors 408 is the status code used by web servers or proxies when the client has not sent a whole HTTP request during a certain period of time. It...
Configure syslog-ng to Log Readable HTTP URL from HAProxy
These tips are provided by Exosec. Exosec provides a very good monitoring product called POM, based on Nagios with very strong value added such as very simple administration, application monitoring, etc... For some of their project, they use either HAProxy or the...
Observability
Use Your Load Balancer to Monitor Application Health
HAProxy and HAProxy Enterprise collect a vast amount of information about the health of your applications being load balanced. That data, which uses the Prometheus text-based format for metrics, is published to a web page hosted by the load balancer, and since many...
Visualize HAProxy Metrics with InfluxDB
HAProxy generates over a hundred metrics to give you a nearly real-time view of the state of your load balancers and the services they proxy, but to get the most from this data, you need a way to visualize it. InfluxData’s InfluxDB suite of applications takes...
Logging with the HAProxy Kubernetes Ingress Controller
The HAProxy Kubernetes Ingress Controller publishes two sets of logs: the ingress controller logs and the HAProxy access logs. After you install the HAProxy Kubernetes Ingress Controller, logging jumps to mind as one of the first features to configure. Logs...
Using HAProxy as an API Gateway, Part 4 [Metrics]
HAProxy publishes more than 100 metrics about the traffic flowing through it. When you use HAProxy as an API gateway, these give you insight into how clients are accessing your APIs. Several metrics come to mind as particularly useful, since they can help you...
DevOps
Announcing HAProxy Data Plane API 2.5
The focus of the 2.5 version was on expanding support for HAProxy configuration keywords, and that's where most of the effort during this release cycle was spent. We will continue doing that during the next couple of versions to gain complete feature parity with both...
[On-Demand Webinar] What’s New in the HAProxy Data Plane API 2.5
The HAProxy Data Plane API enables you to configure your HAProxy load balancers programmatically. This latest release, version 2.5, expands coverage of existing HAProxy configuration directives, fixes bugs, and optimizes performance. During this on-demand webinar, you...
Load Balance an Infinite Number of Servers And Never Reload HAProxy
Every load balancer you'll find on the market must deliver performance, reliability, scalability, and security, and do it better than its competitors. Each must solve complex programming challenges that address those needs—choices that will affect the direction of the...
Announcing HAProxy Data Plane API 2.4
Version 2.4 improves its e2e tests, revamps how logging in the HAProxy Data Plane API works, adds support for namespace filtering in Consul Service Discovery, improves runtime capabilities for maps and ACLs, adds server-template support and adds log_targets to global...
Kubernetes
Announcing HAProxy Kubernetes Ingress Controller 1.7
We’re proud to announce the release of version 1.7 of the HAProxy Kubernetes Ingress Controller! In this release, we added support for custom resource definitions that cover most of the configuration settings. Definitions are available for the global, defaults, and...
HAProxy Kubernetes Ingress Controller Reaches 10 Million Community Downloads
It's almost wild how two years have passed already since we first announced the HAProxy Ingress Controller for Kubernetes. Note that this project is different from the jcmoraisjr/haproxy-ingress HAProxy ingress controller project on GitHub. Our project is also an...
Rate Limiting with the HAProxy Kubernetes Ingress Controller
Add IP-by-IP rate limiting to the HAProxy Kubernetes Ingress Controller. DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent...
[On-Demand Webinar] Run the HAProxy Kubernetes Ingress Controller in External Mode
If you prefer to watch the French version of this webinar, register here. Traditionally, connecting clients to services in Kubernetes has required multiple layers of proxies. For example, an external load balancer will route traffic to your nodes. Then, kube-proxy...
Service Discovery
[On-Demand Webinar] What’s New in the HAProxy Data Plane API 2.3
The HAProxy Data Plane API enables remote, dynamic configuration of your HAProxy load balancers. Version 2.3 of the API adds: service discovery for AWS EC2 instances and Auto Scaling groups, the ability to view, add, and remove HAProxy ACLs, support for forwarding API...
Consul Service Discovery for HAProxy
HAProxy with the HAProxy Data Plane API can integrate with Consul to enable service discovery for your load balancer configuration. Many Ops team professionals rank HAProxy as their favorite load balancer because it adds high availability, security and...
Announcing HAProxy Data Plane API 2.3
The HAProxy Data Plane API 2.3 expands its service discovery mechanisms and introduces native support for discovering AWS EC2 instances and auto-scaling groups. It also adds a new configuration file that supports HCL and YAML, an Inotify configuration watcher, and...
Power Your Consul Service Mesh with HAProxy
Many of you use HashiCorp Consul for service discovery. It makes connecting one backend application or service to another easy: Your Consul servers store a catalog of addresses to all of your services; when an application within the network wants to discover where a...
Cloud
AWS EC2 Service Discovery with HAProxy
AWS Auto Scaling groups are a powerful tool for creating scaling plans for your application. They let you dynamically create a group of EC2 instances that will maintain a consistent and predictable level of service. HAProxy's Data Plane API adds a cloud-native method...
HAProxy Enterprise Offers SAML-based Single Sign-on
HAProxy Enterprise handles SAML single sign-on for your applications and integrates with identity providers like Azure Active Directory. Single sign-on (SSO) is such a familiar convenience for companies that it's easy to forget how powerful it is. When employees...
Building Blocks of a Modern Proxy
A major outcome of IT/Ops evolution is realizing the importance of a reverse proxy, such as HAProxy, in achieving modern application delivery. This is the first post in a series about HAProxy's role in building a modern systems architecture that relies on cloud-native...
[On-Demand Webinar] HAProxy Data Plane API: True Dynamic Configuration Management
Integrating HAProxy into automation tools, continuous-delivery pipelines, and service meshes just got a lot easier. We’ve introduced a new REST API that you can use to configure HAProxy fully at runtime and it’s called the Data Plane API. Tune into this webinar to...
LUA
Enabling CORS in HAProxy
The HAProxy Cross-Origin Resource Sharing (CORS) Lua module streamlines adding CORS to your APIs. What is CORS? Read on to learn more. It doesn't matter whether you're using Angular, React, Vue, or simple, vanilla JavaScript. You're guaranteed to need to fetch or...
5 Ways to Extend HAProxy with Lua
Use Lua to add fetches, converters, actions, services and tasks to HAProxy. Did you know that HAProxy embeds the Lua scripting language, which you can use to add new functionality? HAProxy features an extremely powerful and flexible configuration language and gives...
Let’s Encrypt (ACMEv2) for HAProxy
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE). HAProxy Enterprise comes bundled with Lua support in a precompiled binary conveniently distributed using your Linux...
HAProxy 1.6-Dev1 and LUA
HAProxy 1.6-dev1 Yesterday, Willy has released HAProxy 1.6-dev1: ANNOUNCE HAProxy 1.6-dev1. This version contains many new features and core improvements. Amongst the new features, one is LUA, contributed by Thierry (HAProxy Technologies developer). NOTE: We invite...
Need More Assistance?
Contact the authoritative experts on HAProxy who will assist you in finding the solution that best fits your needs for deployment, scale, and security.
