HAProxy 1.7
A brand new version of HAProxy gives Jolyon Brown an excuse to revisit one of his favourite open source projects.
With the HAProxy project recently releasing version 1.7 of its software, I wanted to take a little bit of space up in this month’s Administeria to shed a little bit of light on this milestone and to remind people how useful this package is. Readers might be bored with my anecdotes of how open source projects like this have liberated infrastructure development, but back in the day the kind of functionality given by HAProxy would only have come in the form of physical hardware—with an accompanying price tag containing multiple zeros. Don’t get me wrong— there are some brilliant hardware products out there from the likes of F5 and Citrix, but I think in a lot of circumstances HAProxy is more than capable of doing the job.
The project has a long history, with the first release being made available at the end of 2001. Since then there have been some long release cycles (versions 1.4 and 1.5 took several years each to come to fruition) but the project will still do a reasonable job of back-porting fixes back to these older versions. Version 1.4 still gets critical updates, although I haven’t seen anyone running anything older than 1.5.
If you haven’t heard of HAProxy until now. It’s a very capable, very fast and completely free (of course) load balancer and proxy server for TCP and HTTP traffic. The project claims that it’s now the defacto open source load balancer and it’s difficult to argue otherwise. It’s incredibly easy to install by either an OS package of your choice or quite often these days spun up as a container and HAProxy helps run some of the largest web properties in the world. I’ve personally had experience of using HAProxy with critical infrastructure where it performed really well (quite often being the most stable part of the platform). I’m a big fan, if that wasn’t already obvious.
As for the latest release, the project has claimed it’s the cleanest version they have ever produced, with many bug fixes delivered addressing issues with the 1.6 branch as well as changes to improve modularity and tidying up of code. Alas, direct HTTP/2 support was not included in this version (and is now earmarked for 1.8). New features include support for multiple certificates (choosing the best one according to the browser used by the client), OpenSSL 1.1.0 support and improvements around DNS and dynamic updates.
One of the things I like the most about HAProxy is the way to isolates itself in a chroot jail on startup and drops its privileges so it becomes unable to perform any filesystem access. This is for security purposes and the project claims not to have had any breaches of the software in over thirteen years. It can terminate, initiate and offload SSL/TLS, modify HTTP headers (brilliant for logging requests into an application), provide some protection against DDoS attacks, regulate traffic and perform content based switching.
HAProxy is brilliant at what might be considered its core function, which is to provide load balancing across a set of back-end services. It’s easy these days to be blasé about being able to drop servers in and out of a back-end pool, but if you’re deploying code to production services and taking a downtime hit (at antisocial hours) simply because you don’t have something like HAProxy fronting them then I urge you to take a look at it (I’m sure there will be many readers raising eyebrows at such prehistoric sounding setups—but believe me they do still exist).
Of course, the software provides a bunch of load balancing algorithms to suit different scenarios and session stickiness is handled in multiple ways as well. A ton of statistics are provided out of the system as it runs and logging can be modified in all kinds of ways ( HAProxy provide a handy binary called halog which can be used to assist with troubleshooting using the system logs). Finally, it’s possible to use Lua as a scripting engine to perform all kinds of complex tasks. Hopefully, I’ve sold HAProxy to you. It really is one of my favourite pieces of open source software.