HAProxy Reviews

Proxying the requests for our API to a number of back-ends. We are using it in Linux with Keepalived to ensure high availability.

It has allowed us to evenly distribute the load across a number of servers, and check their health and automatically react to errors. It also allows us to do graceful reloads, so not a single request is lost.

• Performance
• Stability
• Security
• Active health checks of back-end servers
• A lot of configuration options which let you deeply customize it.

It needs proper HTTP/2 support.

It serves as a fast front-end solution to our services.

Also, it uses the mobile detection module that I developed and maintain.

It improves our scalability and responsiveness services to meet our demanding customer requirements. We now have much better metrics regarding clients types.

• The Lua module to reach an increasing user base.
• HTTP/2 support
• Multi-thread support

Maybe HAProxy could be more modular. 

The SSL termination was a nice, useful addition.

Load-balancing between hosting sites, using Level 4 and Level 7 (with proxy-protocol, depending on the requirements).

It makes the hosting on multiple platforms/datacenters very easy, without having to worry about the high availability required by our customers.

The anti-DDOS PacketShield filtering solution (embedded in the physical appliances) as well as the BGP route injection are great features and heavily used.

The firmware upgrades are extremely easy, fast and convenient. You only have to upload it and reboot. It is as fast and easy to roll back to the previous version.

These features are really an advantage over a "homemade" solution.

The basic clustering is not usable in our very specific setup. The clustering is mainly a configuration replication and is great in a case of active-passive usage. In the case of an active-active (or with more than two nodes) where the configuration is not fully identical, it cannot be used as-is.

We did encounter some stability bugs, but all were ironed out diligently by support.

No scalability issues, ever.

Excellent so far. We have always been able to deal with any problem, quickly and efficiently.

We used something else a long time ago. The old solution wasn't addressing our needs.

Straightforward, but received some help for the migration.

Very good value for the money. One of the simplest licensing schemes in this category of products.

Test/lab virtual machines can be installed without a licence. They can't be used for performance testing but otherwise behave like production nodes.

We are mainly using HAProxy Community Edition on our own servers. We also use this solution depending on our needs, but maintenance and upgrades are more complicated.

Play a lot with the VM version. The product is powerful but some features are a bit hidden (read the HAProxy docs).

E2E load balancing of Layer 7 and Layer 4 applications.

Software defined load balancing allows us to dynamically adjust and codify routing decisions. This speeds up development.

Performance and SSL proxy/offloading capability. Compared to nginx it’s a lot cleaner and quicker.

Dynamic update API. More things should be possible to be configured during runtime.

We would like to see dynamic ACL and port update support. Our infrastructure relies on randomly allocated ports and this feature would allow us to update without restarting the process. The ACL add/update would help with some direct routing challenges that currently require us to work around them with a map and static back-ends.

No issues with stability.

No issues with scalability.

A+++. Super-quick to respond, and always on target with answers specific to the current issue.

We did use hardware loadbalancing, and still use nginx for some Layer 7 routing challenges. We switched because software defined loadbalancing allows us to dynamically adjust and codify routing decisions. This speeds up development.

The learning curve is small if one is familiar with routing/networking in general, but it takes some time to fully understand the impact of some configuration settings. The support for all major Linux distros makes running and testing a breeze though.

NTLM/F5 hardware, nginx.

Use it for some small, non-critical systems first, get comfy with the stats, and then scale out. Codify your configuration and keep it as simple as the requirements allow.

Our primary use case for this solution is to perform Layer 7 load balancing/reverse proxying of both our internal and external web applications.

We also use it for SSL offloading, and are beginning to utilize the basic Web Application Firewall functionality of it. 

HAProxy also performs VRRP, for redundancy, in case one of the servers were to go down.

I estimate that this product has saved our company hundreds, if not thousands, of dollars in possible downtime from previous load balancers. We make a lot of our money from online sales, so it is critical to have 99.9% uptime.

The ease of use of the configuration, and great documentation, are the most valuable features for us.

The VRRP redundancy is also a mission-critical feature that works seamlessly. I can bring down a server live with minimal downtime because of this.

The only area that I can see needing improvement is the management interface, since it is pretty much all through the CLI or configuration. However, HAProxy does have another product that we evaluated called ALOHA, which has a web front-end, but we found it did not meet our needs.

No stability issues. HAProxy Enterprise Edition has been rock solid. We have essentially had no downtime caused by our load balancers in the last 10 months, because they’ve worked so well. Previously, our load balancers caused us multiple hours per year in downtime. 

I am also able to make configuration changes during the day, in production, with no worries of problems and/or downtime occurring.

No scalability issues, but only because we do not deal with a lot of scale here. We simply rely on an active/passive configuration, so if a load balancer were to fail, we would have a backup instance ready to go.

The technical support has been, in one word, perfect. Every time I call, I’m on the phone with a representative within five minutes who is highly skilled and willing to help, whether in the case of critical issues or simple advice. They always make me feel like I can pick up the phone just to have a good conversation about a new feature, a bug, a "what if" scenario, or anything else.

We previously used Coyote Point load balancers, and then switched to Fortinet’s Application Delivery Controller, due to end-of-life on the Coyote Points. After a few months of major issues involving hours of downtime and slowness, we had to make a decision to move away from Fortinet. We chose HAProxy because of the open-source community behind it, and previous experience with it. We then decided to upgrade to the Enterprise Edition for the support they offer.

The initial setup was fairly straightforward. With a minimal configuration, you can get up and going quickly. However, it is very easy to modify the configuration to meet any requirements you may have, and reload in production with no downtime. The only complex part is having to maintain the base operating system, as HAProxy EE is simply a Linux package. The hardening of the operating system was done by myself since there is no appliance, like their ALOHA offering.

The price is well worth it. HAProxy Enterprise Edition paid for itself within months, simply due to the resiliency it brings. It was a bit more expensive than we were originally interested in paying, but we are thankful we chose to go with HAProxy.

We did not evaluate any other options. We considered looking at Barracuda’s offerings, but after a few days of evaluating HAProxy, we decided that it would be the best fit for us.

I would rate this product a nine out of 10. I only took off one point because of the lack of a GUI, although in this case I would say that I prefer the CLI and configuration, which is primarily how we manage it. A GUI/web interface could be helpful for users who are not as experienced in the Linux shell.

Be sure you are familiar with the Linux command line and have networking knowledge. Specifically, VRRP is helpful to understand the high-availability aspect of it. The documentation is very helpful, so be sure to follow their given best practices and configuration tips.

In some environments we are handling millions of requests per minute in a high-availability HAProxy cluster. I don't know any other free software that can do that, from a performance perspective.

• Reliability. HAProxy is the most reliable product I have ever used.
• It is stable. Period. Will not fail unless you do something wrong.

These features are why I give it a 10 out of 10.

HAProxy running in multiple cores, for example one for HTTP and another for HTTPS, requires the use of "nbproc". So if nbproc = 2, you will have two processes of HAProxy running. However, the stats of HAProxy are not aggregated, meaning you don't really know the collective status in a single point of view. Each process has its own socket and it's up to you to aggregate them, and then your stats become less accurate.

Also, having multiple HAProxy nodes in High Availability mode requires the use of clustering software such as Pacemaker and Corosync which are very complex.

Yes, I have encountered issues, but they are always related to configuration, OS settings, network.

Yes, there have been issues with scalability, but that's because of other software configuration such as OS settings, network.

We don't use commercial support.

I used appliances such as Alteon (Radware) which are not as good and do not support all the features required in our environment.

Setting up an HAProxy is simple, however to run it in production you have to do a lot of tweaking.

There is no pricing for HAProxy. There are other HAProxy paid products (support/appliances) but we haven't used them so far.

Only lately, nginx has introduced an advanced "proxy" product. It is okay, but HAProxy is better in terms of performance and stability.

• Use the best hardware you can (CPU and memory).
• Don't log files locally, if possible.
• Use multi process only if you have to, and don't utilize the first core.

Carers ACT operates a Skype for Business based call centre, which requires the use of a load balancer and reverse proxy for HTTP traffic for the front-end pools. HAProxy is able to fulfill both of these requirements.

In addition to these basic functions outlined above, Carers ACT also requires high availability and ease of configuration. HAProxy fulfills these additional requirements through providing high availability through VRRP and configuration synchronisation.

One of the core services that Carers ACT provides carers within the ACT region is both an advisory and respite support telephone service. Carers use this service to be connected to services, access both advice and support, as well as accessing respite services to assist them in their caring role. The Carers ACT Skype for Business implementation is being progressively re-architected to remove single points of failure, of which the load balancing role was one.

Carers ACT is also exploring innovative approaches to delivering services to carers who are unable to physically attend events, such as live streaming and providing online face to face contact. These new approaches are likely to be supported by the Carers ACT Skype for Business infrastructure. The implementation of the HAProxy load balancing solution will allow Carers ACT to begin to deliver these new services.

Under a month.

No. Carers ACT deployed a pair of clustered ALOHA Load Balancers and were able to migrate from our existing load balancing solution in under a week.

No.

No. The implementation that Carers ACT undertook is focused on reliability over scalability. The throughput required is low, but reliability requirements are high.

From initial approach to the donation of licenses to Carers ACT was a short and a pleasant experience. HAProxy appear to have a solid customer service team who are able to escalate quickly and appropriately.

Carers ACT did not require technical support during our deployment.

Yes. As a non-profit charitable organisation, Carers ACT aims to reduce costs where possible to enable finances to be redirected to services for clients as far as possible. A reduction in overhead allows for an increase in value for our clients.

Carers ACT was facing a significant renewal cost for our existing load balancer solution, and approached HAProxy who generously offered a donation of this product for our use.

HAProxy is definitely a power-user tool. It is enormously scalable and flexible, but this can come at the cost of usability. For anything other than a simple topology, editing configuration files rather than using graphical tools will be required.

This, in itself, is not necessarily a bad thing, but rather for the scenarios that HAProxy excels, an administrator should have intimate knowledge of their environment and have undertaken appropriate planning. The ability to have very low-level access to configuration within each load balancer allows for configuration and deployments that could be limited by GUI configuration tools.

In-house.

Instant due to the donation of licensing from HAProxy.

Yes. HAProxy was chosen as it met our needs and because of the generous donation of an HA license pair by the HAProxy team.

I have found HAProxy's flexibility to be most valuable. HAProxy is highly customizable and will meet the business demands of most companies. It comes with plenty of load balancing algorithms and can act as a forward and reverse proxy.

HAProxy has assisted us with bringing legacy systems in compliance with third party security requirements.

The documentation is extremely detailed, but I think it could be restructured so it isn't so daunting for beginners.

We have been using HAProxy in production for four months.

None, so far.

None, so far.

None, so far.

The customer service is great. I haven't had to open many service requests, but for the few I have opened, support has always responded quickly.

Out of 1-10, a definite 10.

We currently use F5 load balancers for our environment and we hope to switch to HAProxy in the very near future.

Configuring our forward proxy was a little complex because it was my first time implementing such a solution. That being said, the people at HAProxy were more than willing to help me get the solution in place.

Not applicable.

Undetermined at this time.

Compared to solutions such as F5, Haproxy is much cheaper upfront and in yearly licensing fees.

We looked at NGINX and Squid.