haproxy
traefik
Our great sponsors
haproxy | traefik | |
---|---|---|
16 | 183 | |
4,445 | 47,726 | |
2.7% | 1.5% | |
9.9 | 9.2 | |
5 days ago | 6 days ago | |
C | Go | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
haproxy
-
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
I wanted to try it out just now but hit a roadblock immediately - it cannot automatically obtain and maintain TLS certificates. You have to use an external client (e.g. acme.sh), set up a cron to check/renew them, and poke HAProxy to reload them if necessary. I'm way past doing this in 2023.
https://www.haproxy.com/blog/haproxy-and-let-s-encrypt
https://github.com/haproxy/haproxy/issues/1864
-
Why Haproxy is not build with PROMEX by default (Linux / BSD)
For context I think this might be useful: https://github.com/haproxy/haproxy/blob/master/addons/promex/README
-
minexmr2.com updated to p2pool v3.1, monerod v0.18.2.0, and ready for Mar 18 p2pool (not monero) hardfork
I turn on 1 relatively cheap cloud server to process DNS, https and stratum connections and route them via haproxy to one of N miner servers described above.
-
HAProxy Security Update (CVE-2023-25725) - HTTP content smuggling attack
Full technical writeup here: https://github.com/haproxy/haproxy/commit/a8598a2eb11b6c989e81f0dbf10be361782e8d32
- Request smuggling in HAProxy via empty header name
- Enormous session rate
- Update to haproxy 2.4.18 breaks WebDAV
-
HAProxy 2.7
With the recent discussions about memory safe languages, HAProxy is still surprisingly written in C [0].
[0]: https://github.com/haproxy/haproxy
-
35M Hot Dogs: Benchmarking Caddy vs. Nginx
It does not, because HAProxy does not perform any disk access at runtime and thus would be unable to persist the certificates anywhere. Disks accesses can be unpredictably slow and would block the entire thread which is not something you want when handling hundreds of thousands of requests per second.
See this issue and especially the comment from Lukas Tribus: https://github.com/haproxy/haproxy/issues/1864
Disclosure: Community contributor to HAProxy, I help maintain HAProxy's issue tracker.
-
Guide to Adapting HAProxy to openGauss
Code link: https://github.com/haproxy/haproxy
traefik
-
How to securely reverse-proxy ASP.NET Core web apps
However, it's very unlikely that .NET developers will directly expose their Kestrel-based web apps to the internet. Typically, we use other popular web servers like Nginx, Traefik, and Caddy to act as a reverse-proxy in front of Kestrel for various reasons:
-
Deploying Web Apps with Caddy: A Beginner's Guide Caddy
Not as good though. Case in point: https://github.com/traefik/traefik/issues/5472#issuecomment-... (that's just from this morning)
I'm speak objectively here. Of course, any built-in auto HTTPS that works (more or less) is better than none. Traefik uses an ACME library that was originally written for Caddy. After the original author left that project, Traefik team started maintaining it. Caddy's users' requirements exceeded what the library was capable of, but unfortunately there was friction in getting it to achieve our requirements. So I ended up writing a new ACME client library in Go and, together with upgrades in CertMagic (Caddy's auto-TLS lib), Caddy has the more flexible, robust, and capable auto-HTTPS functionality.
That is to say, not all auto-HTTPS functionalities are the same.
-
Security Workshop Part 1 - Put up a gate
We'll use Traefik, an open source cloud native gateway that can plug into a Kubernetes cluster. It has the concept of "middleware" that can process API requests before passing them through to a backend. We can configuring a rate limit for all of our API endpoints by matching on the request path:
-
Install plugin in k8s cluster running in Kind
I did the same question here and here
- The Tailscale Universal Docker Mod
-
Set Default Config in traefik.toml and overwrite with specific container config
Sadly there is currently no way of doing so. https://github.com/traefik/traefik/issues/6999
- Istio moved to CNCF Graduation stage
-
Docker Services question
Traefik is another widely used system that has automatic configuration and offers support for more things like swarm/kubernetes/etc.
-
nginx alternatives
I have a webapp which I currently have deployed by running nginx in a container. Works as it should, however I am intersted in adding more observability to the webapp and found this reverse-proxy https://github.com/traefik/traefik which seems to expose some nice metrics which can be useful for observability.
-
Make traefik only accessible over tailscale
``` more details in this (github issue)[https://github.com/traefik/traefik/issues/5059]
What are some alternatives?
zstd - Zstandard - Fast real-time compression algorithm
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
ClickHouse - ClickHouse® is a free analytics DBMS for big data
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
3proxy - 3proxy - tiny free proxy server
ingress-nginx - Ingress-NGINX Controller for Kubernetes
Squid - Squid Web Proxy Cache
Jool - SIIT and NAT64 for Linux
envoy - Cloud-native high-performance edge/middle/service proxy
brotli - Brotli compression format
socks5-proxy-server - SOCKS5 proxy server