www.haproxy.org Open in urlscan Pro
51.15.8.218  Public Scan

Submitted URL: https://haproxy.org/
Effective URL: https://www.haproxy.org/
Submission Tags: falconsandbox
Submission: On September 11 via api from US — Scanned from GB

Form analysis 0 forms found in the DOM

Text Content

HAPROXY


THE RELIABLE, HIGH PERFORMANCE TCP/HTTP LOAD BALANCER

  Mirror Sites: Master
  Language: English


--------------------------------------------------------------------------------


QUICK LINKS

Quick News
Recent News
Description
Performance
Reliability
Security
Documentation
Project on GitHub
Download sources / doc
Packages / Images / Distros
Live demo
They use it!
Enterprise Features
Third party extensions
Commercial Support
Contacts
External links
Discussions
Slack channel
Mailing list
Coding style
Open Issues
Known bugs

HATop: Ncurses Interface
Herald: load feedback agent
haproxystats: stats collection
Alpine-based Docker images
Debian-based Docker images
RHEL-based Docker images
Debian/Ubuntu packages



--------------------------------------------------------------------------------

Site served using:
   HTTP version: 2
   Transport: TLSv1.3+TCP
   Network: IPv4
Note: HTTP 2 & 3 require HTTPS Your computer is not IPv6-ready

--------------------------------------------------------------------------------

visitors online

--------------------------------------------------------------------------------

 
Thanks for your support !


--------------------------------------------------------------------------------








LATEST VERSIONS



BranchRelease dateEnd of lifeLatest versionChangelogLinks 3.1-dev ~2024-Q4
2025-Q4 (dev » stable) 3.1-dev7 2024/09/05 git / web / dir / announce 3.0
~2024-05-29 2029-Q2 (LTS) 3.0.4 2024/09/03 git / web / dir / announce / bugs 2.9
2023-12-05 2025-Q1 (stable) 2.9.10 2024/09/03 git / web / dir / announce / bugs
2.8 2023-05-31 2028-Q2 (LTS) 2.8.10 2024/06/14 git / web / dir / announce / bugs
2.7 2022-12-01 2024-Q1 (unmaintained) 2.7.12 2024/04/05 git / web / dir /
announce / bugs 2.6 2022-05-31 2027-Q2 (LTS) 2.6.18 2024/06/18 git / web / dir /
announce / bugs 2.5 2021-11-23 2023-Q1 (unmaintained) 2.5.14 2023/05/02 git /
web / dir / announce / bugs 2.4 2021-05-14 2026-Q2 (critical fixes only) 2.4.27
2024/06/18 git / web / dir / announce / bugs 2.3 2020-11-05 2022-Q1
(unmaintained) 2.3.21 2022/07/27 git / web / dir / announce / bugs 2.2
2020-07-07 2025-Q2 (critical fixes only) 2.2.33 2024/04/05 git / web / dir /
announce / bugs 2.1 2019-11-25 2021-Q1 (unmaintained) 2.1.12 2021/03/18 git /
web / dir / announce / bugs 2.0 2019-06-16 2024-Q2 (unmaintained) 2.0.35
2024/04/05 git / web / dir / announce / bugs 1.9 2018-12-19 2020-Q2
(unmaintained) 1.9.16 2020/07/31 git / web / dir / announce / bugs 1.8
2017-11-26 2022-Q4 (unmaintained) 1.8.31 2022/12/09 git / web / dir / announce /
bugs 1.7 2016-11-25 2021-Q4 (unmaintained) 1.7.14 2021/03/31 git / web / dir /
announce / bugs 1.6 2015-10-13 2020-Q4 (unmaintained) 1.6.16 2021/03/19 git /
web / dir / announce / bugs 1.5 2014-06-19 2020-01-10 (unmaintained) 1.5.19
2016/12/25 git / web / dir / announce / bugs 1.4 2010-02-26 2018-02-08
(unmaintained) 1.4.27 2016/03/14 git / web / dir / announce / bugs 1.3
2006-06-29 2016-03-14 (unmaintained) 1.3.28 2016/03/14 git / web / dir /
announce / bugs 1.2 2003-11-09 2011-08-06 (unmaintained) 1.2.18 2008-05-25 git /
web / dir 1.1 2002-03-10 2006-01-29 (unmaintained) 1.1.34 2006-01-29 git / web /
dir 1.0 2001-12-16 2001-12-30 (unmaintained) 1.0.2 2001-12-30 git / web / dir
Hide/Show unmaintained






QUICK NEWS

Dec, 5th, 2023 : HAProxy 2.9.0 release



This release has received a lot of small changes that are difficult to
summarize. Most of them were aimed at improving performance and resource usage
in general (zero-copy forwarding, QUIC's smaller footprint for closed
connections, improved scalability), others focusing on better integration with
other components (support for the AWS-LC crypto library, QUIC OpenSSL
compatitility layer, PROXY protocol manipulation), ease of configuration (most
log-format tags now have an equivalent sample fetch, some converters support
variables in addition to integers, warnings about bad cpu-map or thread
settings), more reliability (log backends with checked servers, better
debugging), and a really cool new feature to play with, reverse-http. A lot more
details are explained on the
HAProxyTech's blog
, and the
mailing-list announcement
summarizes most of these at a higher level.

May, 31th, 2023 : HAProxy 2.8.0 release



During the development cycle of this new LTS release, behind the curtains the
focus was mostly set on all the stuff that can improve the reliability,
observability and troubleshooting in field, in a quest to further reduce the
number of problem reports. At the most visible layers, QUIC is now considered
production ready after having been running on this site for more than a year and
with no glitch since 2.7 was released; SSL got new improvements with a much
better LetsEncrypt integration, wolfSSL support and OCSP automatic updates;
RFC7239 ("forwarded") is supported both in processing and generation; listeners
can now span multiple thread groups, setting a new limit of 4096 threads (let's
hope we won't have to raise that one in the next two decades). For more details,
please have a look at the full article on
HAProxyTech's blog
and the
more synthetic mailing-list announcement
.

February, 14th, 2023 : CVE-2023-25725 fixed!



We've been notified of a vulnerability in HAProxy that can be exploited to build
some request smuggling attacks. It affects all currently supported branches, all
the details are
here on the mailing list announce
. Please make sure to update either to your latest distro package or to latest
version if you build from the sources (2.0.31, 2.2.29, 2.4.22, 2.5.12, 2.6.9,
2.7.3 or 2.8-dev4).

December, 1st, 2022 : HAProxy 2.7.0 release



HAProxy 2.7.0 is now released and available for download, opening the way to
2.8-dev. 2.7 provides traffic shaping, many QUIC improvements, eases the switch
to alternate SSL libraries, and improves user experience with everything related
to troubleshooting and issue reporting. Please see the
announnce
for more details and/or consult the
HAProxyTech blog article
for more details.

Older news...




DESCRIPTION

HAProxy is a free, very fast and reliable reverse-proxy offering high
availability, load balancing, and proxying for TCP and HTTP-based applications.
It is particularly suited for very high traffic web sites and powers a
significant portion of the world's most visited ones. Over the years it has
become the de-facto standard opensource load balancer, is now shipped with most
mainstream Linux distributions, and is often deployed by default in cloud
platforms. Since it does not advertise itself, we only know it's used when the
admins report it :-)

The HAProxy core team maintains multiple versions in parallel. Since version
1.8, two major version are emitted every year. The first digit usually indicates
a breaking change (config format etc) but in practice rarely changes. The second
digit indicates new features. Both constitute a branch. One extra number appears
after these digits to indicate the bug fix release.

The core team deploys a lot of efforts backporting fixes to older releases while
being extremely careful not to break anything. For this reason, it is really
important to stay up to date within one branch, i.e. having the highest possible
number on the last digits.

Branches with an even number are called "LTS" (for "long term support") and area
maintained for 5 years after their release. During this time they will receive
fixes for bugs that are discovered after the release. These branches are aimed
at general users who seek extreme stability and do not want to qualify a new
version too often but still want to receive fixes.

Branches with an odd number are only called "stable", they're aimed at highly
skilled users who prefer to upgrade often to benefit from modern features, and
who are also able to roll back in case of problem. These versions are maintained
between 12 and 18 months. The duration is short and purposely not strict so that
the maintenance cycle is decided with users based on feedback, and so that these
versions do not end up in embedded products. It may happen that a few features
are backported to these version if there is some reasonable demand and the
operation is considered riskless enough.

Everyone used to dealing with production knows that it's difficult to upgrade
components in field when one has to plan and advertise upwards of any operation.
For this reason, the HAProxy core team doesn't insist on users to upgrade, will
not ask someone to switch to a new branch (unless they ask for a feature that is
part of that other branch), but will often ask the user to re-check with the
latest version of their branch before reporting a problem, because nobody likes
to troubleshoot a problem a second time. It's often suggested to use the
versions that come with the operating system when it follows the official
maintenance cycle, and depending on the expected level of stability or exposure,
some users may want to update as soon as an update is available while others may
prefer to wait a few weeks to a month to be sure the update is reliable enough
for them.

The currently supported versions are :

 * version 2.9 : reverse-http, log backends, zero-copy forwarding, memory usage
   reduction, increased bandwidth, better general scalability, AWS-LC support,
   QUIC openssl compat layer, PROXY protocol manipulation
 * version 2.8 : QUIC now prod ready, Lua-based mailers, OCSP auto updates,
   LetsEncrypt, wolfSSL support, RFC7239 "forwarded", listeners on more than 64
   threads, perf/usability/reliability/observability improvements
 * version 2.7 : Traffic shaping, QUIC improvements, thread groups, easier
   switch to alternate SSL libraries, improved debugging
 * version 2.6 : QUIC/HTTP3, OpenSSL 3.0, better usability, improved code
   accessibility and maintenance
 * version 2.5 : runtime server addition/removal, runtime CA/CRL updates, native
   HTTP client, simplified HTTPS logging, default TCP/HTTP rulesets, JWT
   validation, and more
 * version 2.4 : syslog and DNS over TCP, multi-threaded Lua, full sharing of
   idle conns, lower latency, server-side dynamic SSL update, Opentracing,
   WebSocket over H2, atomic maps, Vary support, new debugging tools, even more
   user-friendly CLI and configuration, lots of cleanups
 * version 2.3 : syslog forwarding, better idle conn management, improved
   balancing with large queues, simplified SSL managment, more stats metrics,
   stricter config checking by default, general performance improvements
 * version 2.2 : runtime certificate additions, improved idle connection
   management, logging over TCP, HTTP "return" directive, errorfile templates,
   TLSv1.2 by default, extensible health-checks
 * version 2.1 : improved I/Os and multi-threading, FastCGI, runtime certificate
   updates, HTX-only, improved debugging, removal of obsolete keywords
 * version 2.0 : gRPC, layer 7 retries, process manager, SSL peers, log load
   balancing/sampling, end-to-end TCP fast-open, automatic settings (maxconn,
   threads, HTTP reuse, pools), ...
 * version 1.9 : improved multi-threading, end-to-end HTTP/2, connection pools,
   queue priority control, stdout logging, ...
 * version 1.8 : multi-threading, HTTP/2, cache, on-the fly server
   addition/removal, seamless reloads, DNS SRV, hardware SSL engines, ...
 * version 1.7 : added server hot reconfiguration, content processing agents,
   multi-type certs, ...
 * version 1.6 : added DNS resolution support, HTTP connection multiplexing,
   full stick-table replication, stateless compression, ...
 * version 1.5 : added SSL, IPv6, keep-alive, DDoS protection, ...




PERFORMANCE

As shown in this test run on AWS ARM-based Graviton2, HAProxy scales very well
with threads and was shown to be able to reach 2 million requests/s over SSL and
100 Gbps for forwarded traffic.

This is made possible thanks to its event-driven architecture that allows to
react extremely quickly to I/O events, its parallelism on SMP machines provided
by light multi-threading, a task scheduler that permanently composes between
low-latency and high throughput, and generally speaking a permanent quest of
resource savings at every single architecture layer. These efforts tend to cost
a bit in development time but are immediately valued by users who are able to
reduce their number of machines upgrade after upgrade. For the vast majority of
common loads, the HAProxy process is simply not noticed, which tends to make its
users forget it, sometimes resulting in questions regarding extremely old
versions.

Please consult this section for more information on the architecture details and
some performance test results.




RELIABILITY - KEEPING HIGH-TRAFFIC SITES ONLINE SINCE 2002

HAProxy is first known for being extremely robust. The core team developers tend
to be irritated by certain bugs they fix, but this is because their job is to
see them all. Most users report having never ever faced any single crash and
claim that HAProxy is the most solid part of their infrastructure. Finding
machines with HAProxy processes being up for more than 3 years is not
exceptional at all!

All this is not an accident, though. A lot of efforts are made in that
direction, to provide excellent observability on what is happening, and an
amazing number of protections against bad behaviors. HAProxy is built with many
checks for unacceptable situations (impossible conditions, endless loops, etc)
that in other products might result in service outages or data corruption, but
in HAProxy will immediately result in a crash with a dump of the problem. This
rigor pays off since most users have never faced such an issue, thanks to the
few who faced them and provided useful reports allowing to fix the problem
early.

The development process also encourages quality, with a long term maintenance
cycle: versions are maintained for 5 years by the same developers who code the
new features. This encourages them to write high quality code and commit
messages that correspond to the highest standards. A regression testing suite is
used and run along development by all developers and before merging code, as
well as after on a wide variety of platforms thanks to the continuous
integration (CI) system.

The principle of "eating one's dog's food" applies here as well: haproxy.org
runs on the latest development release. This usually helps spot a bug or two per
major version before it hits a release. But in addition it maintains a permanent
pressure on the development team to release something they're confident in.

The program having been designed from its early age to be extremely conservative
on resource usage, a significant number of settings are calculated at startup
time and enforce many limits on number of sockets, connections, streams etc,
guaranteeing that any processing that was started will complete.




SECURITY - HARDENED BY DEFAULT

Security is a very important concern when deploying a software load balancer,
because it runs at the edge and takes all the dirty traffic. It is possible to
harden the OS, to limit the number of open ports and accessible services, but
the load balancer itself stays exposed. The unified and non-fantasist coding
style aims at avoiding common traps when writing or reviewing code. Some high
standards are sought when it comes to dealing with unvalidated data.
Non-portable functions and those having unreliable behaviors are avoided or
replaced. Input data gets sanitized very early in the lower layers. Resource
usage is carefully controlled. Dangling pointers are forbidden in the code via
careful release functions. These standards already help eliminate a great deal
of uncertainty in the code itself.

Since zero-bug is not reasonable, the product embarks a number of defensive
measures, such as chroot, privilege drops, fork prevention, strict protocol
validation, checks for impossible states and detailed traces in case of
violation detection, etc. All these usually result in an attempt to exploit a
real bug in a failure or possibly a crash. These measures have to be purposely
disabled by the user using sufficiently evocative commands so that the reason
for doing so has to be regularly questioned.




COMPLETE DOWNLOAD MATRIX

Here you will find a quick access to downloadable contents by type and version.
Just click on the desired format to access the content in that format.



dev3.02.92.82.72.62.52.42.32.22.12.01.91.81.71.61.51.41.31.21.11.0 Git
repository Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web
Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web
Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web Git / Web Latest
snapshot tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz
/ Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz /
Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz /
Log tar.gz / Log tar.gz tar.gz - Latest release tar.gz / Log tar.gz / Log tar.gz
/ Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz /
Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz /
Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz / Log tar.gz /
Log - Browsable dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir
Dir Dir Dir Dir Dir Dir Dir Known bugs Web Web Web Web Web Web Web Web Web Web
Web Web Web Web Web Web Web Web Web Web Web Web Starter guide html / txt html /
txt html / txt html / txt html / txt html / txt html / txt html / txt html / txt
html / txt html / txt html / txt html / txt html / txt html / txt html / txt - -
- - - - Configuration manual html / txt html / txt html / txt html / txt html /
txt html / txt html / txt html / txt html / txt html / txt html / txt html / txt
html / txt html / txt html / txt html / txt html / txt html / txt txt txt txt
txt Management guide html / txt html / txt html / txt html / txt html / txt html
/ txt html / txt html / txt html / txt html / txt html / txt html / txt html /
txt html / txt html / txt html / txt - - - - - - Lua ref. manual html html html
html html html html html html html html html html html html html - - - - - - Lua
arch. guide html / txt html / txt html / txt html / txt html / txt html / txt
html / txt html / txt html / txt html / txt html / txt html / txt html / txt
html / txt html / txt html / txt Browsable doc Dir Dir Dir Dir Dir Dir Dir Dir
Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir Dir



Please note that official docs are the pure-text ones and directly come from the
project, except for the Lua reference manual that is maintained by Thierry
Fournier. The HTML versions are direct translations from the text version
automatically performed by Cyril Bonté's excellent documentation converter,
dconv. A TeX-oriented variant able to produce PDFs was also created by Pavel
Lang for versions 1.4 and 1.5 but it is not maintained anymore.




COMMERCIAL SUPPORT AND AVAILABILITY

If you think you don't have the time and skills to setup and maintain a free
load balancer, or if you're seeking for commercial support to satisfy your
customers or your boss, you have the following options :

    
 1. contact HAProxy Technologies to hire some professional services or subscribe
    a support contract ;
 2. install HAProxy Enterprise Edition (HAPEE), which is a long-term maintained
    HAProxy package accompanied by a well-polished collection of software,
    scripts, configuration files and documentation which significantly
    simplifies the setup and maintenance of a completely operational solution ;
    it is particularly suited to Cloud environments where deployments must be
    fast.
 3. try an ALOHA appliance (hardware or virtual), which will even save you from
    having to worry about the system, hardware and from managing a Unix-like
    system.

I also find it important to credit Loadbalancer.org. I am not affiliated with
them at all but like us, they have contributed a fair amount of time and money
to the project to add new features and they help users on the mailing list, so I
have some respect for what they do. They're a UK-based company and their load
balancer also employs HAProxy, though it is somewhat different from the ALOHA.




CONTACTS

Feel free to contact us for any questions or comments :


   
 * mailing-list : haproxy@formilux.org
   Read the list archives on mail-archive
   Read the list pre-2009 archives on Marc.info
   
   Subscribe to the list : haproxy+subscribe@formilux.org
   Unsubscribe from the list : haproxy+unsubscribe@formilux.org
 * HAProxy site in HTTPS (needed for HTTP/3 and HTTP/2) :
   https://www.haproxy.org/
 * Willy' main site : http://1wt.eu/
 * e-mail : w@1wt.eu

Some people regularly ask if it is possible to send donations, so I have set up
a Paypal account for this. Click here if you want to donate.

An IRC channel for HAProxy has been opened on Libera.Chat:


irc://irc.libera.chat/%23haproxy

A Slack Workspace for HAProxy exists as well:

https://slack.haproxy.org/



--------------------------------------------------------------------------------