Quick Summary: HAProxy (High Availability Proxy) is the industry-standard open-source load balancer and reverse proxy. It distributes incoming traffic across multiple backend servers, providing high availability, improved performance, and seamless scaling. HAProxy handles millions of connections per second and is used by companies like GitHub, Stack Overflow, and Instagram.
What Is Load Balancing?
Load balancing distributes incoming network traffic across multiple servers to ensure no single server bears too much load. This improves application availability (if one server fails, others handle traffic), performance (requests are spread evenly), and scalability (add servers to handle more traffic).
Installing HAProxy
- Debian/Ubuntu:
sudo apt install haproxy - RHEL/AlmaLinux:
sudo dnf install haproxy - Enable:
sudo systemctl enable --now haproxy - Verify:
haproxy -v
HAProxy Configuration Structure
| Section | Purpose |
|---|---|
global | Process-wide settings (logging, max connections, user) |
defaults | Default settings for all frontends/backends |
frontend | Defines how requests are received (bind address, port) |
backend | Defines the pool of servers that handle requests |
listen | Combines frontend and backend in one section |
Load Balancing Algorithms
| Algorithm | Description | Best For |
|---|---|---|
| roundrobin | Distributes requests evenly in order | Equal-capacity servers |
| leastconn | Sends to server with fewest connections | Long-lived connections |
| source | Hash client IP for sticky sessions | Session-dependent apps |
| uri | Hash request URI | Cache optimization |
| first | Fill first server before using next | Minimize active servers |
Health Checks
HAProxy continuously monitors backend server health:
- TCP check (default): Verifies port is open
- HTTP check: Sends HTTP request and checks response code
option httpchk GET /health— Check a specific health endpointhttp-check expect status 200— Expect specific responseinter 5s fall 3 rise 2— Check every 5s, mark down after 3 failures, up after 2 successes
SSL/TLS Termination
HAProxy can handle SSL termination, offloading encryption from backend servers:
- Bind with SSL:
bind *:443 ssl crt /etc/haproxy/certs/combined.pem - Redirect HTTP to HTTPS in frontend
- Backend communication can remain HTTP (faster, simpler)
Monitoring with Stats Page
Enable the built-in statistics dashboard:
- Add a
listen statssection on a dedicated port (e.g., 8404) - Set
stats enable,stats uri /stats, andstats auth admin:password - Access at
http://server:8404/statsfor real-time server and connection metrics
HAProxy vs NGINX (as Load Balancer)
| Feature | HAProxy | NGINX |
|---|---|---|
| Primary purpose | Load balancer/proxy | Web server + proxy |
| TCP load balancing | Excellent (native) | Available (stream module) |
| Health checks | Advanced (HTTP, TCP, custom) | Basic (HTTP/TCP) |
| Stats dashboard | Built-in, detailed | Requires stub_status + tools |
| Connection handling | Optimized for proxying | Optimized for serving + proxying |
| SSL termination | Excellent | Excellent |
Frequently Asked Questions
How many connections can HAProxy handle?
HAProxy can handle millions of concurrent connections and hundreds of thousands of requests per second on modern hardware. It is used by some of the highest-traffic websites in the world. Performance depends on CPU (for SSL) and memory (for connection tracking).
What is the difference between Layer 4 and Layer 7 load balancing?
Layer 4 (TCP) load balancing routes based on IP address and port — it does not inspect the content. Layer 7 (HTTP) load balancing can inspect HTTP headers, URLs, and cookies to make routing decisions. HAProxy supports both modes.
Do I need HAProxy if I use NGINX?
For simple load balancing, NGINX is sufficient. HAProxy excels when you need advanced health checking, detailed statistics, TCP load balancing, or extreme connection handling performance. Many architectures use HAProxy for load balancing and NGINX for web serving.
