HAProxy Enterprise Basic - Red Hat Enterprise Linux 9 AMI

My main use case for HAProxy  is for my project, which focuses on full high availability. I use HAProxy  for load balancing between my two apps while connecting to Keepalived. HAProxy is very helpful for myself and my team, utilized primarily for load balancing as it is powerful for that purpose.

The best feature that HAProxy offers is load balancing, as the ability to balance both transport TCP and application HTTP or HTTPS layers gives much flexibility. SSL termination is also essential, handling SSL efficiently as HAProxy supports dynamic certificate storage. Moreover, health check functionality is significant, as HAProxy constantly checks backend servers to ensure they are healthy and pulls them out of rotation if not, preventing server traffic issues.

One of the biggest wins with HAProxy has been SSL termination, as before using HAProxy, I had to install and renew SSL certificates on each backend server individually, which was time-consuming and error-prone. By moving all SSL termination to the load balancer, I now manage certificates in a single place, and I can also utilize Let's Encrypt with HAProxy's built-in ACME support, making renewal automatic. For example, we had a small cluster of app servers for a client project where each server served the same domain. Originally, every server had its own cert, leading to issues when scaling up or replacing instances, but after offloading SSL to HAProxy, the backend servers only need to communicate via plain HTTP, while HAProxy handles all the TLS handshakes.

HAProxy is already a robust solution, but there are a few areas for potential improvement, especially regarding configuration complexity. The configuration syntax is powerful yet can become overwhelming for newcomers; a more beginner-friendly interface or a native GUI without relying on third-party tools would ease the onboarding process. Built-in observability could be enhanced; while HAProxy features great logging and stats, utilizing Grafana , Prometheus, or external tools for in-depth insights is still necessary. Native service discovery could be improved; although dynamic scaling works, it generally requires DNS or runtime API scripting. More features in the Community Edition would be beneficial, as the Enterprise version contains advanced security, WAF , and bot protection that would be advantageous for smaller teams if included in the community build.

Another area that could see improvement is documentation and onboarding resources. HAProxy's documentation is very detailed but can feel dense for newcomers, and finding practical, step-by-step examples often requires sifting through mailing lists, GitHub  issues, or blog posts. More modernized guide tutorials and real-world playbooks would simplify getting started for beginners, so enhancing technical improvements to make HAProxy more approachable through better docs and a stronger community ecosystem would significantly assist in broader adoption.

Additionally, an important area for improvement is tighter integration with cloud ecosystems, particularly AWS . Native AWS  service discovery would be advantageous; currently, one usually relies on DNS or external scripts to register new EC2  instances in HAProxy, but direct hooks into AWS Auto Scaling  Groups, ECS, or EKS would facilitate automatic joining and leaving of instances without added glue code. Furthermore, direct integration with AWS Certificate Manager  or Secrets Manager could reduce manual steps surrounding SSL, TLS, and backend credentials management. Enhancing cloud-native integration, especially with AWS services, could significantly strengthen HAProxy's plug-and-play appeal in cloud environments.

I have been using HAProxy for maybe two or three months, as I just explored HAProxy and the configuration.

In my experience, HAProxy is remarkably stable; we haven't encountered crashes or unexpected downtime. Once running, it simply continues to operate without issues, and any downtime we've faced was linked only to planned upgrades or configuration changes, not the software itself. This reliability serves as a key reason for our choice, providing us with confidence even when faced with heavy traffic.

From my experience, HAProxy's scalability is excellent; as our traffic expands, it handles load increases effortlessly.

Our interaction has primarily been with community resources rather than the official support team. Since we are utilizing the open-source edition, community forums, mailing lists, and GitHub  have been invaluable, with typically someone having encountered the same problems we faced. We haven't needed to submit a ticket to HAProxy Technologies' support team, but based on feedback I've seen, they are responsive and knowledgeable. For now, the combination of the open-source community and documentation has sufficed in resolving our issues, so I would rate community support as strong, but if guaranteed SLAs or direct assistance are required, then enterprise support would be the go-to option.

Before adopting HAProxy, we relied on NGINX  as our primary reverse proxy and load balancer. NGINX  served our basic use cases adequately, but we faced challenges as our traffic increased. The first challenge was flexibility; HAProxy offered more advanced load-balancing algorithms and health checks than we configured in NGINX. Next, dynamic configuration was a concern, as reloading config in NGINX led to occasional connection drops. HAProxy's hitless reloads and runtime API represented a notable improvement. Lastly, in heavy traffic tests, HAProxy demonstrated superior performance when handling concurrent connections, yielding lower latency and higher throughput in our setup. The shift wasn't due to any deficiencies in NGINX—it's still a solid option—but HAProxy simply aligned better with our scaling and reliability requirements as our infrastructure evolved.

Since adopting HAProxy, we've seen some remarkable improvements backed by numbers, particularly in downtime reduction. Before using HAProxy, we experienced small outages almost monthly due to backend servers going offline during cert renewals, but after centralizing load balancing and SSL management in HAProxy, those incidents have dropped to near zero with our uptime becoming consistent. Our average response time during peak load dropped by about 20 percent with connection pooling and Keepalived.

We've definitely seen a clear return on investment from using HAProxy, even while sticking with the open-source edition. Time savings have been significant; previously, SSL cert renewals across multiple servers took a couple of hours each quarter. With centralized SSL termination and automated renewals now in place, that time requirement has dropped to nearly zero hours, translating to dozens of hours saved per year. Operational efficiency has improved; we no longer have staff consistently monitoring backend servers during deployment or scaling events, as HAProxy's health checks and hitless reloads allow us to push changes with minimal manual intervention. This has freed up our operations team for higher-value work. Lastly, improved uptime stands out, with our uptime statistics rising from around 98% to consistently above 99.900, meaning reduced SLA penalties while keeping our clients happier.

Our experience with pricing, setup costs, and licensing has been quite straightforward. Since we use the open-source edition, there are no licensing fees, with the main cost being the infrastructure running on EC2  instances in AWS, which helps maintain low expenses. Regarding the setup cost, the primary investment centers on time and expertise; while HAProxy is incredibly powerful, the initial setup requires a bit of a learning curve. However, once the configuration templates are established, adding new applications or backends becomes easy. We haven't opted for HAProxy Enterprise yet, so there are no licensing complexities. In summary, using the open-source version incurs low financial costs but requires an upfront effort to set up, resulting in an overall cost-effective experience.

We evaluated a few other options before deciding on HAProxy. The primary alternatives were AWS ELB and Application Load Balancer; while they are convenient and integrated, they are also less flexible and their costs add up when compared to operating HAProxy on our own instances.

My advice for others considering HAProxy is to not be dissuaded by its learning curve; it's wise to start with a simple load-balancing setup and gradually incorporate advanced features such as ACLs, SSL termination, or rate limiting as confidence grows. Additionally, leveraging community resources and example configurations can save substantial time. Furthermore, if you're managing mission-critical workloads, it may be worthwhile to contemplate whether HAProxy Enterprise could provide the additional support and features desired. My guidance is to initially keep things simple, rely on documentation or the community, and expand into the more powerful features once the foundational stability is established. I rate HAProxy 9 out of 10.

We use the solution for load balancing.

The solution's implementation and troubleshooting are not easy. The solution's dashboards and reports could be improved.

I have been using HAProxy for 12 years.

We didn’t face any issues with the solution’s stability.

I rate the solution’s stability an eight out of ten.

HAProxy is a very good solution for small and medium sized businesses.

I rate the solution’s scalability an eight out of ten.

Since HAProxy is an open-source product, we did not receive support. However, there are some sites where we can receive support, and that support is not good.

Neutral

The solution’s initial setup is not easy.

HAProxy is an open-source solution.

F5 is HAProxy's main competitor in the market. If its implementation, dashboard, and reporting are improved, HAProxy could be better than F5.

If your team knows the product well, integrating HAProxy with IT workflow is easy. Otherwise, it is not easy. I would recommend the solution to other users.

Overall, I rate the solution a seven out of ten.

I use the tool mostly for small and quick load-balancing tasks. Additionally, I integrate it with Docker because the integration is quite fine.

What I like best about the product is its simplicity and speed. When you need to set up a load balancer quickly, HAProxy offers options like sticky sessions and round-robin. It's also fast to configure, including adding SSL for security. While it may have fewer options than other solutions like F5, HAProxy gets the job done for basic load-balancing tasks. 

The reliability features of HAProxy were particularly useful in a scenario where I needed to test load balancing between two Tomcats. Since these domains were inaccessible, I set up a third Docker with HAProxy, which had access to the Tomcat domains. I then configured HAProxy to handle the load balancing. This setup allowed the client to interact with HAProxy. 

The solution's integration with other elements is easy. 

Improving the documentation with multiple examples and scenarios would be beneficial. Most users encounter similar situations, so having a variety of scenarios readily available on the tool's website would be helpful. For instance, if I were part of the HAProxy team, I'd create a webpage with different scenarios and provide files for each scenario. This way, users wouldn't have to start from scratch every time. 

I have been using the product for six years. 

I rate the tool's stability a nine out of ten. 

I've only deployed a single instance and focused on monitoring it. 

I haven't had direct experience with their technical support team. Whenever I encounter issues, I usually turn to Stack Overflow. I've found that other users often have similar problems, and I can usually find solutions there.

The tool is open-source. 

I rate the overall product an eight out of ten. It is good and famous. 

The solution is used for high availability. We use it for the backend to distribute the load.

We needed a simple proxy system that is open source. HAProxy was the most used tool for any issues that we ran into. We did not want to use something that was not used much so that we could fix the issues that came up.

The solution is effective in managing our traffic. The integrations work fine. It's a load balancer. There's no need for complex integration. We hit it, and it balances the load in the servers that we assigned to it.

The product has the basic foundations of any load-balancing product. It is simple and basic. The product does not have any new technologies.

I have been using the solution for a few years.

The tool seems very stable. I have not heard of the infrastructure team having any issues with it.

The tool is scalable. We have everything we need.

The product is open source.

There are better tools, but the product does the job well. All my colleagues know the tool and have used it. I recommend the product to others. Companies that have complex environments must not choose HAProxy. Overall, I rate the solution a seven out of ten.

I use the solution in my company for TCP streams. I have not used the product for web servers like Apache and NGINX. I have used the product for SMTP and SMPP protocols. I also used the tool for email services and POP3 servers. HAProxy handles the area where traffic has to be forwarded from one port to another very well.

HAProxy is very weak in the logging and monitoring part and requires improvement.

In the future, the tool should have additional modules for different purposes.

I have experience with HAProxy.

HAProxy's TCP load balancer is excellent and super stable.

I have not had the opportunity to use this scalability feature of the product, but I know that it depends on the machine or the hardware on which the tool is loaded. I would say that it is a scalable product since it is a software-based solution.

I can speak about the services being used on the product since there is no user interaction required with HAProxy. I can say that my company uses more than 50 services on HAProxy.

I use DNS Made Easy.

If a Linux user who is fairly good with Linux products takes care of HAProxy's installation part, it can be done easily.

It is possible to deploy the product within one to three hours with a fair amount of knowledge.

The product's deployment process is straightforward, as it can be easily managed with the help of HAProxy's document, which is available on its website. Users should be familiar with some Linux commands.

The solution is deployed on the cloud and on-premises models.

HAProxy is similar to engine NGINX, especially if you have a small company since you need only one or two people to take care of the deployment process. If you have a big enterprise, five to ten people are required to take care of the deployment phase.

HAProxy is preferable when the company wants a load balancer to manage the traffic and doesn't want to spend on a high-end load balancer. The product helps save costs for the company.

I use the open-source version of the product. I don't have experience with the licensed version of the solution.

I have used load balancing on the TCP layer. I have not used the product for areas like HTTP and HTTPS. I have not used the product for web or API applications. I have only used the product for the TCP part.

HAProxy improved our company's applications' availability. I had a use case in my company where we had to connect to one of my voice servers from a back-end proxy for which I had used HAProxy. HAProxy helped me when I had to distribute the traffic between all the voice servers from a single application in my company.

HAProxy's most valuable feature for network traffic management stems from the functionalities attached to the area revolving around TCP load balancers since it has helped me achieve excellent results.

To those who plan to use the product, I would say that they need to consider including the HTTP proxy part product, similar to the offerings made by NGINX. The product's potential users can introduce a lot of modules, which can help HAProxy when compared with NGINX.

I did not face any challenges with the integration capabilities of the product. My organizational objectives were achievable with HAProxy.

Considering the tool's TCP part, I rate the overall tool a seven out of ten.