What are the features provided by HAProxy ?

Basic features provided by HAProxy
Proxying

• Protect server against any client-side attack
• Listen to multiple IP address/ports

SSL

• Certificate-based client authentication
• Multi-hosting with no limit on sites count
• Support for wildcard certificates

Monitoring

• focuses a lot on availability, Servers state is continuously monitored
• Various check methods are available : TCP connect, HTTP request, SMTP hello, SSL hello, LDAP, SQL, Redis, send/expect scripts, all with/without SSL

High availability

• Ensure the best global service continuity
• Only valid servers are used
• Backup servers are automatically used when active servers are down. Replace them so that sessions are not lost when possible.
• Support for a graceful shutdown without affecting any connection
• Return a global failed status for a farm when too many servers are down.

Load balancing

• offers a complete set of load balancing features
• 9 LB algorithms are supported including :
• round-robin (for short connections, pick each server in turn)
• leastconn (for long connections, pick the least recently used of the servers with the lowest connection count)
• source (for SSL farms or terminal server farms, the server directly depends on the client's source address)
• uri (for HTTP caches, the server directly depends on the HTTP URI)
• hdr (the server directly depends on the contents of a specific HTTP header field)
• first (for short-lived virtual machines, all connections are packed on the smallest possible subset of servers so that unused ones can be powered down)
• All algorithms support per-server weights
• Dynamic weights are supported for round-robin, leastconn and consistent hashing where server weights is modified on the fly from the CLI or even by an agent running on the server
• Slow-start is supported in case of dynamic weight which allows a server to progressively take the traffic

Stickiness
Application load balancing would be useless without stickiness.

• It ensures to maintain a visitor on the same server even across various events such as server addition/removal, down/up cycles
• Stickiness info can be individually matched and learned from different places if desired.
• For example a JSESSIONID may be matched both in a cookie and in the URL.
• Stickiness information can come from anything that can be seen within a request or response, including source address, TCP payload offset and length, HTTTP query string elements, header field values, cookies, and so on...
• Stick-tables are replicated between all nodes in a multi-master fashion
• Possible to decide not to stick to certain servers, such as backup servers, so that when the nominal server comes back, it automatically takes the load back.
• The server may decide to change or clean the stickiness cookie on logout, so that leaving visitors are automatically unbound from the server
• Multiple server entries may share the same stickiness keys so that stickiness is not lost in multi-path environments when one path goes down

Maps

• Maps are a powerful type of converter consisting in loading a two-columns file into memory at boot time, then looking up each input sample from the first column and either returning the corresponding pattern on the second column if the entry was found, or returning a default value.

ACLs and conditions

• Most operations in HAProxy can be made conditional.
• Conditions are built by combining multiple ACLs using logic operators (AND/OR/NOT).

Content switching

• Content-based switching is the principle is that a connection or request arrives on a frontend, then the information carried with this request or connection are processed, and at this point it is possible to write ACLs-based conditions making use of these information to decide what backend will process the request.

Formated strings

• Possible to manipulate character strings, such as logs, redirects, header additions, and so on.
• This provides a powerful way to build header contents or to customize log lines.

HTTP rewriting and redirection

• Requests / response headers can be adjusted to make the LB appear as the origin server and to fix hardcoded information.
• This comes with changing the path in requests (which is strongly advised against), modifying Host header field, modifying the Location response header field for redirects, modifying the path and domain attribute for cookies, and so on.
• Sometimes LB have to intercept some requests and respond with a redirect to a new target URL.
  (Rewriting makes the client and the server see different things while Redirects ask the client to visit the new URL so that it sees the same location as the server.)

Server protection

• Protect servers against overloading and attacks.
• HAProxy contains buffers to store requests and responses, and that by only sending a request to a server when it's complete and by reading the whole response very quickly from the local network, the server side connection is used for a very short time and this preserves server resources as much as possible.
• When a protocol violation or attack is detected, there are various options to respond to the user, such as returning the common "HTTP 400 bad request", closing the connection with a TCP reset, faking an error after a long delay ("tarpit") to confuse the attacker.

 

Logging

• Very detailed logs, with millisecond accuracy and the exact connection accept time that can be searched in firewalls logs.
• Detailed logs containing everything needed for troubleshooting, such as source IP address and port, frontend, backend, server, timers (request receipt duration, queue duration, connection setup time, response headers time, data transfer time), global process state, connection counts, queue status, retries count, detailed stickiness actions and disconnect reasons
  Header captures with a safe output encoding.

 

Statistics

• provides a web-based statistics reporting interface with authentication, security levels and scopes.
• Possible to provide each hosted customer with his own page showing only his own instances.