Skip to main content

HAProxy

HAProxy is a high-availability TCP/HTTP load balancer and proxy used to distribute traffic and enhance reliability for web and application services (application delivery and traffic management).

  • Transmission Control Protocol (TCP) and Hypertext Transfer Protocol (HTTP) load balancing with health checking and high availability (application delivery)
  • Reverse proxy for web and application servers, including SSL/TLS termination (network security and traffic management)
  • Layer 4 and Layer 7 routing, request handling, and content switching (network and transport)
  • Traffic observability through logging, statistics, and runtime administration APIs (observability and operations)
  • Highly configurable with ACLs, maps, stick tables, and integration with HAProxy Enterprise and the HAProxy ecosystem (traffic policy and platform integration)

More About HAProxy

HAProxy is an open-source TCP/HTTP load balancer and proxy (application delivery and traffic management) designed to distribute client requests across multiple backend servers, maintain service availability, and support reliable operation for web and application platforms. It operates at both Layer 4 and Layer 7 of the Open Systems Interconnection (OSI) model, enabling connection-level and application-aware routing for HTTP and TCP workloads.

The core capability of HAProxy is load balancing (application delivery), where it distributes incoming traffic across a configured pool of backend servers using algorithms such as round-robin, least connections, or source-based hashing as documented by the project. It includes health checking (reliability engineering), which monitors backend servers and removes unresponsive instances from rotation, helping maintain service continuity when individual nodes fail or degrade.

HAProxy also functions as a reverse proxy (network security and traffic management), terminating client connections and forwarding requests to backends. It can handle SSL/TLS termination (network security), offloading cryptographic work from application servers and centralizing certificate management. At Layer 7, HAProxy supports HTTP routing and content switching (application routing), using request properties such as host headers, paths, or cookies to direct traffic to specific backends or service clusters.

Configuration in HAProxy is driven by a declarative configuration file (infrastructure configuration), where administrators define frontends, backends, listeners, access control lists (ACLs), and routing rules. Stick tables and session persistence (session management) allow HAProxy to maintain client affinity to particular servers based on cookies, IP addresses, or other keys. Maps and patterns (policy configuration) enable dynamic lookups for routing decisions or header manipulation based on external data files.

For operations and observability, HAProxy provides logging and metrics (observability), integration with standard syslog targets, and a statistics interface that exposes connection counts, error rates, and backend health. Runtime APIs and an administrative socket (operations control) permit live changes to certain aspects of configuration, such as server weights or enabling and disabling backends, without full restarts, which supports continuous operation in production environments.

In enterprise environments, HAProxy is adopted as a core load balancer and edge proxy (infrastructure and networking) in front of web applications, APIs, and microservices. It is deployed in active-passive or active-active topologies and can be combined with VRRP or similar mechanisms for high availability. The open-source project is complemented by HAProxy Enterprise and related products from HAProxy Technologies, which add modules, GUI-based management, and extended support, but all build on the same traffic management concepts.

From a directory and taxonomy perspective, HAProxy aligns with categories such as load balancers, reverse proxies, Application Programming Interface (API) and web traffic management, and application delivery controllers (ADCs). It interfaces with web servers, application servers, containers, and orchestrated platforms by acting as an ingress and distribution layer that applies routing logic, security policies, and connection handling at scale.