Anybody know why companies like cloudflare use nginx versus haproxy as their public facing infrastructure (https://github.com/cloudflare/sslconfig) ?

It always seems to me as if haproxy was the superior tool with worse UX/configurability than nginx.

Cloudflare is (among other things) a CDN/cache. haproxy does not cache.

It does now !

I wouldn't use it. Use the right tool for the right job.

Nginx is good at caching but Varnish is often better.

HAProxy is far better suited to providing load-balanced HA. Regarding this article, this API makes is ideal to dynamically-reconfigure HAproxy, adding and removing servers on-the-fly, which is super-useful in production.

Only at the most minimal layer, meant for favicon.ico requests and the like. They are explicit about not becoming a cache or web server.

Nginx has widely used modules, business logic can be run in the same worker process with proxy. And it is easy to find enough developers to develop a relatively complex business support system based on nginx module system.

Haproxy itself is efficient as a proxy, however, developing a business system requires a lot of interaction between proxy and the business control processes.

Probably just timing. Nginx had support for things like ssl termination, http/2 earlier than haproxy.

I'm not sure why companies with a budget would use it, but if you want health-checks without paying, you use HAProxy. nginx excludes this for the open source version. Which really makes me unhappy. But so it goes.

I use both in my applications. nginx for reverse proxy on my python boxes and HAProxy to manage all of them.

nginx has more development activity. Eg, nginx has had http/2 support for a couple of years, HAProxy has for a couple of days. HAProxy is excellent - even it's stats module costs a couple of thousand bucks for a proprietary module per instance on nginx - but nginx seems to move faster.

    $ echo "help<command></command>" | socat stdio /var/run/hapee-lb.sock
    $ echo "help<command></command>" | socat stdio tcp4-connect:127.0.0.1:9999

Seems a bit weird, there's no XML anywhere else. Wonder if it's a markup issue on the page.

It has been changed now

It is useful to be able to add/delete ACLs without restart.

Wish we could modify settings such as "use_backend", "backend" and "server" the same way.

Maybe there is a workaround.

You can change the server settings using the "set server" command, but I think it is not possible yet to change use_backend.

Note I mean individual server settings for each backend in the backend section.

I’m not sure I understand well: is the api only accessible from socket ? It can’t be piloted from another container/vm/vps/whatever one use ?

Or did I misread this ?

It's accessible via TCP as well as unix sockets, so accessible from anywhere.

Great ! Thank you for your answer.