Haproxy Alternatives

Similar projects and alternatives to haproxy

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better haproxy alternative or higher similarity.

haproxy reviews and mentions

Posts with mentions or reviews of haproxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-11.
  • HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
    2 projects | news.ycombinator.com | 11 Oct 2023
    I wanted to try it out just now but hit a roadblock immediately - it cannot automatically obtain and maintain TLS certificates. You have to use an external client (e.g. acme.sh), set up a cron to check/renew them, and poke HAProxy to reload them if necessary. I'm way past doing this in 2023.

    https://www.haproxy.com/blog/haproxy-and-let-s-encrypt

    https://github.com/haproxy/haproxy/issues/1864

  • minexmr2.com updated to p2pool v3.1, monerod v0.18.2.0, and ready for Mar 18 p2pool (not monero) hardfork
    6 projects | /r/MoneroMining | 12 Mar 2023
    I turn on 1 relatively cheap cloud server to process DNS, https and stratum connections and route them via haproxy to one of N miner servers described above.
  • Update to haproxy 2.4.18 breaks WebDAV
    2 projects | /r/haproxy | 11 Dec 2022
  • HAProxy 2.7
    5 projects | news.ycombinator.com | 2 Dec 2022
    With the recent discussions about memory safe languages, HAProxy is still surprisingly written in C [0].

    [0]: https://github.com/haproxy/haproxy

  • 35M Hot Dogs: Benchmarking Caddy vs. Nginx
    11 projects | news.ycombinator.com | 16 Sep 2022
    It does not, because HAProxy does not perform any disk access at runtime and thus would be unable to persist the certificates anywhere. Disks accesses can be unpredictably slow and would block the entire thread which is not something you want when handling hundreds of thousands of requests per second.

    See this issue and especially the comment from Lukas Tribus: https://github.com/haproxy/haproxy/issues/1864

    Disclosure: Community contributor to HAProxy, I help maintain HAProxy's issue tracker.

  • The perils of the “real” client IP
    2 projects | news.ycombinator.com | 5 Mar 2022
    :+1: for the effort to document this, and coordinating the disclosure with the vendors. This mainly talks about rate-limiting bypass/DoS, but if XFF is also used for audit trail logging of IP addresses and/or IP-based access lists, then the security implications can be even more severe, with falsified audit logs and bypassed security controls.

    Setting up an application server behind a reverse proxy to use the "real" client IP is unfortunately very typically just a trial-and-error based process, with very little room for this kind of nuanced security-conciousness, because the configuration and exact behavior is all so non-standardized across different implementations of reverse-proxies and application servers... Typically users will just try different configuration settings until they find a combination that seems to work, and you would actually need to dig in with curl and tshark to understand the edge cases, because the documentation of the application-specific implementation is typically just one brief sentence...

    Getting XFF working correctly through a complicated HTTP stack with multiple layers of nginx/haproxy/apache proxies (yes, they have different non-overlapping feature sets), custom backends implementing custom XFF handling/forwarding, and jetty/spring backends upgraded across a major version bump that changed the implementation and configuration properties related to XFF handling was insanely difficult. And of course it broke when migrating from a F5 LB to an AWS ALB, because it behaved differently for that one edge-case for an important customer... highly recommended to just override the entire XFF header with a single value at the appropriate point in your stack, if at all possible.

    If just the naive leftmost-first vs rightmost-ish-with-configurable-list-of-trusted-upstream-proxies wasn't enough, then yeah, HAProxy does the thing where it adds a new 100% standards-compliant header continuation line [1] that maybe 1% of backend application developers have ever tested with. And trying to configure HAProxy to interpret the incoming XFF headers for logging/access-control ~is~/was even more weird [2].

    [1] https://github.com/haproxy/haproxy/issues/44

  • Ask HN: What are the best the publicly available FAMANG code repos?
    16 projects | news.ycombinator.com | 23 Aug 2021
  • A note from our sponsor - WorkOS
    workos.com | 13 Apr 2024
    The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Stats

Basic haproxy repo stats
16
4,411
9.9
7 days ago
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com