Knowledge Base
Welcome to HAProxy’s extensive and ever-expanding knowledge base. Created by a team of experts including HAProxy’s Core Development Team; it covers a wide range of topics to help you achieve maximum potential.
Bot Protection with HAProxy
HAProxy is a high-performance load balancer that provides advanced defense capabilities for detecting and protecting against malicious bot traffic to your website. Combining its unique ACL, map, and stick table systems with its powerful configuration language allows...
Application-Layer DDoS Attack Protection with HAProxy
HAProxy’s high-performance security capabilities are utilized as a key line of defense by many of the world’s top enterprises. Application-layer DDoS attacks are aimed at overwhelming an application with requests or connections, and in this post we will show you how...
Using HAProxy with the Proxy Protocol to Better Secure Your Database
The Proxy protocol is a widely used invention of our CTO at HAProxy Technologies, Willy Tarreau, to solve the problem of TCP connection parameters being lost when relaying TCP connections through proxies. Its primary purpose is to chain proxies and reverse-proxies...
What is a Slow POST Attack and How to Turn HAProxy into your First Line of Defense?
One of the biggest security challenges that companies face in today's modern climate is the POST attack. Unlike a more traditional "Denial-of-Service" attack, POST attacks target a servers logical resources - making them particularly powerful when executed. What is a...
Load Balancing/Routing
HAProxy 1.9.2 Adds gRPC Support
HAProxy provides end-to-end proxying of HTTP/2 traffic. Use HAProxy to route, secure, and observe gRPC traffic over HTTP/2. Read on to learn more. HAProxy 1.9 introduced the Native HTTP Representation (HTX). Not only does this allow you to use HTTP/2 end-to-end, it...
Serving ECC and RSA Certificates on Same IP with HAProxy
ECC and RSA certificates and HTTPS To keep this practical, we will not go into theory of ECC or RSA certificates. Let's just mention that ECC certificates can provide as much security as RSA with much lower key size, meaning much lower computation requirements on the...
HAProxy’s Load-Balancing Algorithm for Static Content Delivery with Varnish
HAProxy's load-balancing algorithms HAProxy supports many load-balancing algorithms which may be used in many different type of cases. That said, cache servers, which deliver most of the time the static content from your web applications, may require some specific...
Microsoft Remote Desktop Services (RDS) Load-Balancing
Microsoft Remote Desktop services (RDS) Remote Desktop Services, formerly Terminal Services, is a technology from Microsoft that allows users to access remotely to a session-based desktop, virtual machine-based desktop or applications hosted in a datacenter from their...
SSL
Let’s Encrypt (ACMEv2) for HAProxy
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE). HAPEE comes bundled with Lua support in a precompiled binary conveniently distributed using your Linux...
TLS 1.3 and 0-RTT in HAProxy
Transport Layer Security (TLS) is a cryptographic protocol that enables secure communications over a computer network. It has been in widespread use on the Internet for various services, such as e-commerce, web browsing, and instant messaging. TLS has also been made...
SSL Client Certificate Information in HTTP Headers and Logs
HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing was missing in the article,...
SSL Offloading Impact on Web Applications
SSL Offloading Nowadays, it is common (and convenient) to use the Load-Balancer SSL capabilities to cypher/uncypher traffic from clients to the web application platform. Performing SSL at the Load-Balancer Layer is called "SSL offloading", because you offload this...
Microservices
HAProxy 1.9.2 Adds gRPC Support
HAProxy provides end-to-end proxying of HTTP/2 traffic. Use HAProxy to route, secure, and observe gRPC traffic over HTTP/2. Read on to learn more. HAProxy 1.9 introduced the Native HTTP Representation (HTX). Not only does this allow you to use HTTP/2 end-to-end, it...
Building a Service Mesh with HAProxy and Consul
HashiCorp added a service mesh feature to Consul, its service-discovery and distributed storage tool. In this post, you'll see how HAProxy is the perfect fit as a data plane for this architecture. HAProxy is no stranger to the service mesh scene. Its high performance,...
Using HAProxy as an API Gateway, Part 1 [Introduction]
An API gateway handles load balancing, security, rate limiting, monitoring, and other cross-cutting concerns for API services. Read on to learn how HAProxy Enterprise excels as an API gateway. “Danger! Avalanche Area” is a sign you’ll see when you drive through some...
HAProxy and Consul with DNS for Service Discovery
In this blog post we will show you a zero-touch method for integrating HAProxy with Consul by using DNS for service discovery available in HAProxy 1.8. HAProxy is the most widely used software load balancer in the world, well known for being extremely fast and...
Performance
HAProxy 1.9.2 Adds gRPC Support
HAProxy provides end-to-end proxying of HTTP/2 traffic. Use HAProxy to route, secure, and observe gRPC traffic over HTTP/2. Read on to learn more. HAProxy 1.9 introduced the Native HTTP Representation (HTX). Not only does this allow you to use HTTP/2 end-to-end, it...
Multithreading in HAProxy
There are two possible ways to have HAProxy run on multiple CPU cores: By using the multiprocess model, where HAProxy automatically starts a number of separate system processes (method available since HAProxy version 1.1.7) By using the multithreading model, where...
Webinars
[On-Demand Webinar] Introduction to HAProxy Stick Tables
HTTP requests are stateless by design. So how do you "remember" clients so that you can persist them to a server? Or how do you recognize when a client's behavior seems malicious? HAProxy Enterprise provides a unique feature for capturing and storing client activity...
[On-Demand Webinar] Introduction to HAProxy ACLs: Building Rules for Dynamically Routing Requests, Redirecting Users and Blocking Malicious Traffic
As requests stream into your HAProxy Enterprise load balancer, adding rules to route them to the right place, redirect them to other pages, or outright deny them is what puts you in control of your traffic. Access Control Lists (ACLs) give you this power and they are...
[On Demand Webinar] What’s New in HAProxy Enterprise 1.8r1
HAProxy Enterprise 1.8r1 contains a number of powerful improvements in performance and application acceleration, significant improvements in dynamic capabilities for cloud and microservices environments, and an enterprise suite of add-ons that help enterprises manage...
[On Demand Webinar] DDoS Attack and Bot Protection with HAProxy Enterprise: Defending Your Application Against Ever-increasing Threats
We read about DDoS attacks and bot threats causing companies millions in lost revenues and battered reputations almost every day. By leveraging an extremely efficient and innovative design, including extensive ACL and Stick Table tracking systems, HAProxy Enterprise...
Basics
The Four Essential Sections of an HAProxy Configuration
An HAProxy configuration file guides the behavior of your HAProxy load balancer. In this post, we demonstrate its four most essential sections. There are four essential sections to an HAProxy configuration file. They are global, defaults, frontend, and backend. These...
Introduction to HAProxy Maps
An HAProxy map file stores key-value pairs and is the starting point for some inventive behavior including dynamic rate limiting and blue-green deployments. Dictionaries. Maps. Hashes. Associative arrays. Can you imagine life without these wonderful key-value data...
Introduction to HAProxy Stick Tables
HTTP requests are stateless by design. However, this raises some questions regarding how to track user activities, including malicious ones, across requests so that you can collect metrics, block users, and make other decisions based on state. The only way to track...
Introduction to HAProxy ACLs
An HAProxy ACL lets you define custom rules for blocking malicious requests, choosing backends, redirecting to HTTPS and using cached objects. See The Webinar: Introduction to HAProxy ACLs: Building Rules for Dynamically Routing Requests, Redirecting Users and...
Benchmarking
Hypervisors Virtual Network Performance Comparison from a Virtualized Load Balancer Point of View
Introduction At HAProxy Technologies, we edit and sell a Load-Balancer appliance called ALOHA (stands for Application Layer Optimisation and High-Availability). A few month ago, we managed to make it run on the most common hypervisors available: VMWare (ESX, vsphere)...
Benchmarking SSL Performance
Introduction The story Recently, there has been some attacks against website which aimed to steal user identity. In order to protect their users, major website owners had to find a solution. Unfortunately, we know that sometimes, improving security means downgrading...
Random Tips
[Conference Presentation] Dynamic Application Routing Over SSL with HAProxy Enterprise Edition
Back in May, HAProxy Senior Systems Engineer Chad Lavoie presented at the OpenStack Summit Boston. Chad presented on using maps in HAProxy to dynamically route requests while securing your site with SSL combined with the use of the Update Module (included in HAProxy...
HAProxy and HTTP Errors 408 in Chrome
Lately, there was some discussions on HAProxy's mailing list about 408 errors printed in Chrome browsers. Origin of 408 errors 408 is the status code used by web servers or proxies when the client has not sent a whole HTTP request during a certain period of time. It...
Configure syslog-ng to Log Readable HTTP URL from HAProxy
This tips is provided by Exosec. Exosec provides a very good monitoring product called POM, based on Nagios with very strong value added such as very simple administration, application monitoring, etc... For some of their project, they use either HAProxy or the ALOHA...
HAProxy and gzip Compression
Synopsis Compression is a Technic to reduce object size to reduce delivery delay for objects over HTTP protocol. Until now, HAProxy did not include such feature. But the guys at HAProxy Technologies worked hard on it (mainly David Du Colombier and @wlallemand)....
Observability
Binary Health Check with HAProxy 1.5: PHP-fpm/fastcgi Probe Example
Application layer health checking Health checking is the ability to probe a server to ensure the service is up and running. This is one of the root feature of any load-balancer. One can probe servers and services at different layer of the OSI model: * ARP check (not...
HAProxy Advanced Redis Health Check
Introduction Redis is an opensource nosql database working on a key/value model. One interesting feature in Redis is that it is able to write data to disk as well as a master can synchronize many slaves. HAProxy can load-balance Redis servers with no issues at all....
DevOps
Building a Service Mesh with HAProxy and Consul
HashiCorp added a service mesh feature to Consul, its service-discovery and distributed storage tool. In this post, you'll see how HAProxy is the perfect fit as a data plane for this architecture. HAProxy is no stranger to the service mesh scene. Its high performance,...
Hitless Reloads with HAProxy – HOWTO
Our R&D department published a well-received blog post titled “Truly Seamless Reloads with HAProxy – No More Hacks!”. In it, we explained why some established connections could be dropped during reloads under high utilization, and how the problem has been solved in...
Dynamic Configuration with the HAProxy Runtime API
In this blog post, you'll learn how to dynamically configure HAProxy using the Runtime API. To learn more about the HAProxy configuration, see our blog post The Four Essential Sections of an HAProxy Configuration. Over the past 15 years, HAProxy has become well known...
Truly Seamless Reloads with HAProxy – No More Hacks!
Summary HAProxy Technologies' R&D has released a patchset to enable seamless reloads of HAProxy without dropping packets in the process. The patchset has already been merged into the HAProxy 1.8 development branch and will soon be backported to HAProxy Enterprise...
Kubernetes
HAProxy Ingress Controller for Kubernetes
Cloud-based applications have seen a great uptake in recent years, and that is especially true for microservices-based apps and related orchestration frameworks. These types of applications create needs for load balancing in new contexts, and here at HAProxy...
Service Discovery
HAProxy and Consul with DNS for Service Discovery
In this blog post we will show you a zero-touch method for integrating HAProxy with Consul by using DNS for service discovery available in HAProxy 1.8. HAProxy is the most widely used software load balancer in the world, well known for being extremely fast and...
DNS for Service Discovery in HAProxy
HAProxy Technologies’ R&D has released a patchset that allows DNS to be utilized for service discovery in HAProxy. The patchset has already been merged into the HAProxy 1.8 development branch and will soon be backported to HAProxy Enterprise 1.7r2. HAProxy is a...
Cloud
HAProxy on AWS: Best Practices Part 2
Placing HAProxy at the edge of your AWS infrastructure is possible without involving Elastic Load Balancing (ELB). In this article, we’ll discuss how. This blog post is part of a series. See Part 1 here. There is such a thing as too many layers. There’s a restaurant...
HAProxy on AWS: Best Practices Part 1
This blog post is part of our AWS Best Practices series. See Part 2 here. There has been a constant stream of interest in running high-availability HAProxy configurations on Amazon. There are a few different approaches possible, and this is the first in a series of...
LUA
Let’s Encrypt (ACMEv2) for HAProxy
HAProxy Technologies is proud to announce the availability of an integrated Let’s Encrypt ACMEv2 Lua client for HAProxy and HAProxy Enterprise (HAPEE). HAPEE comes bundled with Lua support in a precompiled binary conveniently distributed using your Linux...
HAProxy 1.6-Dev1 and LUA
HAProxy 1.6-dev1 Yesterday, Willy has released HAProxy 1.6-dev1: ANNOUNCE HAProxy 1.6-dev1. This version contains many new features and core improvements. Amongst the new features, one is LUA, contributed by Thierry (HAProxy Technologies developer). NOTE: We invite...
Need More Assistance?
Contact the authoritative experts on HAProxy who will assist you in finding the solution that best fits your needs for deployment, scale, and security.