What is HAProxy — High-Performance TCP/HTTP Load Balancer?

The reliable, open-source load balancer that runs the internet — L4/L7, HTTP/2, HTTP/3, and TLS 1.3, with millisecond reloads.

Is HAProxy — High-Performance TCP/HTTP Load Balancer free to use?

Yes. HAProxy — High-Performance TCP/HTTP Load Balancer is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install HAProxy — High-Performance TCP/HTTP Load Balancer?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

HAProxy — High-Performance TCP/HTTP Load Balancer

Introduction

HAProxy (High Availability Proxy) has routed traffic for Instagram, Reddit, and GitHub for over 20 years. It is the reference open-source layer-4 and layer-7 load balancer, known for sub-millisecond decision latency, thousands of concurrent TLS terminations per core, and single-digit-second config reloads.

What HAProxy Does

Balances TCP, HTTP/1.1, HTTP/2, HTTP/3 (QUIC), and gRPC traffic.
Terminates TLS 1.3 with SNI, ALPN, OCSP stapling, and client cert auth.
Does health checks with dozens of probe types (TCP, HTTP, MySQL, Redis, LDAP).
Implements rate limiting, denylists, and bot protection via stick tables.
Exports metrics to Prometheus, a runtime CLI, and a built-in stats dashboard.

Architecture Overview

HAProxy is a single-process, event-driven C program using epoll (Linux) or kqueue. Workers share nothing by default; since 2.4 they support multi-thread mode with per-CPU pinning. Traffic flows frontend → ACL engine → backend → server, with Lua and SPOE plug-ins for custom logic. Stats and stick tables are memory-resident for microsecond lookups.

Self-Hosting & Configuration

Distro packages cover Debian, RHEL, Alpine; official Docker image tracks stable + LTS.
haproxy -c -f haproxy.cfg validates config before a reload.
socat /var/run/haproxy.sock gives you a live admin console — drain, disable, stats.
Enable hitless reloads with expose-fd listeners for zero dropped connections.
Data Plane API lets CI/CD push config via REST instead of file edits.

Key Features

Hitless reloads keep sockets open during config changes.
Runtime API edits ACLs, maps, and server weights without restart.
Built-in WAF-lite via Lua + SPOE (ModSecurity integration available).
Transparent mode preserves client source IP end-to-end.
Runs on one core at hundreds of thousands of RPS; scales vertically with threads.

Comparison with Similar Tools

NGINX — web server first, LB second; easier config but fewer LB primitives.
Envoy — modern service-mesh proxy, richer APIs, more memory per connection.
Traefik — dynamic config from Docker/K8s labels, simpler, lower throughput.
LVS/IPVS — kernel L4 LB, blazing fast, no L7 features.
Cloud ELB/ALB — managed but vendor-locked and pricier at scale.

FAQ

Q: HAProxy vs NGINX? A: For pure load balancing HAProxy is usually faster and more observable; NGINX wins when you also serve static files or PHP.

Q: HTTP/3 support? A: Yes, QUIC + HTTP/3 are stable since HAProxy 2.6.

Q: Kubernetes ingress? A: Use the official HAProxy Ingress Controller or HAProxy Kubernetes Ingress Operator.

Q: License? A: GPLv2 with enterprise support available from HAProxy Technologies.

HAProxy — High-Performance TCP/HTTP Load Balancer

Introduction

What HAProxy Does

Architecture Overview

Self-Hosting & Configuration

Key Features

Comparison with Similar Tools

FAQ

Sources

Discussion

Related Assets

Grafana Tempo — Massively Scalable Distributed Tracing Backend

k3d — Run K3s Kubernetes Clusters Inside Docker

OpenTelemetry Collector — Vendor-Neutral Telemetry Pipeline