Initial vault setup
This commit is contained in:
@@ -0,0 +1,163 @@
|
||||
---
|
||||
title: HAProxy
|
||||
created: 2026-06-06
|
||||
updated: 2026-06-06
|
||||
type: app
|
||||
tags: [catalogue, reverse-proxy, load-balancer, c, enterprise]
|
||||
confidence: high
|
||||
contested: false
|
||||
sources: [https://selfh.st/apps/?tag=Reverse+Proxy, https://www.haproxy.org/]
|
||||
---
|
||||
# 🚦 HAProxy
|
||||
|
||||
> **Le load balancer open-source de référence**, utilisé par des géants (GitHub, Reddit, Twitter). Performances extrêmes, fiabilité industrielle.
|
||||
|
||||
## 📋 Informations Générales
|
||||
|
||||
| Champ | Valeur |
|
||||
| :--- | :--- |
|
||||
| **Site web** | [haproxy.org](https://www.haproxy.org/) |
|
||||
| **GitHub** | [git.haproxy.org](https://git.haproxy.org/) |
|
||||
| **License** | Custom (gratuit, source-available) |
|
||||
| **Langage** | C |
|
||||
| **Étoiles GitHub** | 7k ⭐ (mirror) |
|
||||
| **Dernière MAJ** | 2026-06-05 |
|
||||
| **Catégorie** | [[cat-reverse-proxy|Reverse Proxy]], Load Balancer |
|
||||
|
||||
## 📝 Description
|
||||
|
||||
**HAProxy** (High Availability Proxy) est un **load balancer TCP/HTTP ultra-performant** utilisé en production par des milliers d'entreprises. Caractéristiques :
|
||||
|
||||
- ✅ **Performance** : peut gérer des centaines de milliers de connexions simultanées
|
||||
- ✅ **Load balancing** : round-robin, least-conn, IP-hash, weighted, etc.
|
||||
- ✅ **Health checks** : détection des backends down
|
||||
- ✅ **SSL/TLS termination** avec SNI
|
||||
- ✅ **Sticky sessions** (affinité de session)
|
||||
- ✅ **Rate limiting**
|
||||
- ✅ **Logging** détaillé
|
||||
- ✅ **Stats page** (dashboard web)
|
||||
- ✅ **HA** : active-passive, active-active
|
||||
|
||||
**Public cible** : **production critique**, gros volumes, entreprises.
|
||||
|
||||
**Inconvénient** : **configuration verbeuse** (fichier de config de plusieurs centaines de lignes possibles). Pas de GUI native.
|
||||
|
||||
## 🚀 Installation
|
||||
|
||||
### Option 1 : Docker Compose
|
||||
|
||||
```yaml
|
||||
# docker-compose.yml
|
||||
version: '3.8'
|
||||
services:
|
||||
haproxy:
|
||||
image: haproxy:3.0
|
||||
container_name: haproxy
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "8404:8404" # Stats page
|
||||
volumes:
|
||||
- ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
|
||||
```
|
||||
|
||||
### Option 2 : Fichier de configuration
|
||||
|
||||
```cfg
|
||||
# haproxy.cfg
|
||||
global
|
||||
maxconn 50000
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode http
|
||||
option httplog
|
||||
option dontlognull
|
||||
timeout connect 5000
|
||||
timeout client 50000
|
||||
timeout server 50000
|
||||
|
||||
# Stats dashboard
|
||||
frontend stats
|
||||
bind *:8404
|
||||
stats enable
|
||||
stats uri /stats
|
||||
stats refresh 10s
|
||||
|
||||
# Frontend HTTP (redirige vers HTTPS)
|
||||
frontend http-in
|
||||
bind *:80
|
||||
redirect scheme https code 301
|
||||
|
||||
# Frontend HTTPS
|
||||
frontend https-in
|
||||
bind *:443 ssl crt /etc/ssl/certs/example.com.pem
|
||||
default_backend app_servers
|
||||
|
||||
# Backend
|
||||
backend app_servers
|
||||
balance roundrobin
|
||||
option httpchk GET /health
|
||||
server app1 10.0.0.10:8080 check
|
||||
server app2 10.0.0.11:8080 check
|
||||
server app3 10.0.0.12:8080 check
|
||||
```
|
||||
|
||||
## ⚙️ Configuration Initiale
|
||||
|
||||
1. **Écrire le fichier de config** (`haproxy.cfg`)
|
||||
2. **Lancer le conteneur** avec le volume
|
||||
3. **Accéder aux stats** : `http://IP:8404/stats`
|
||||
4. **Reload** : `docker exec haproxy haproxy -c -f /usr/local/etc/haproxy.cfg` pour valider la config, puis `kill -HUP 1` pour reload
|
||||
|
||||
## 🔄 Alternatives
|
||||
|
||||
### Open Source
|
||||
- [[app-traefik]] — Plus simple, cloud-native
|
||||
- [[app-caddy]] — Plus simple, HTTPS auto
|
||||
- **Nginx** (standalone, pas NPM) — Très versatile
|
||||
- **Envoy** (utilisé par Istio)
|
||||
|
||||
### Comparaison HAProxy vs Traefik
|
||||
|
||||
| Critère | HAProxy | Traefik |
|
||||
| :--- | :--- | :--- |
|
||||
| Performance brute | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ |
|
||||
| Load balancing | ✅ Avancé | ✅ Basique |
|
||||
| Auto-discovery | ❌ | ✅ |
|
||||
| Config | Fichier statique | Dynamique |
|
||||
| GUI | Stats only | Dashboard |
|
||||
| SSL/TLS | ✅ | ✅ |
|
||||
| Cible | Production critique | Cloud-native stacks |
|
||||
|
||||
**Verdict** : HAProxy pour les **environnements exigeants** (millions de connexions). Traefik pour la **simplicité au quotidien**.
|
||||
|
||||
### Propriétaires (ce que HAProxy remplace)
|
||||
- **F5 BIG-IP** (50k$+)
|
||||
- **Citrix ADC** (NetScaler)
|
||||
- **AWS ALB** (en partie)
|
||||
- **Cloudflare Load Balancing**
|
||||
|
||||
## 🔐 Sécurité
|
||||
|
||||
- **SSL/TLS moderne** (TLS 1.3, SNI)
|
||||
- **Rate limiting** par IP
|
||||
- **Connection limits**
|
||||
- **ACLs** puissantes
|
||||
- **Header rewriting**
|
||||
|
||||
## 📚 Ressources
|
||||
|
||||
- [Documentation officielle](http://docs.haproxy.org/)
|
||||
- [Configuration reference](https://www.haproxy.org/#docs)
|
||||
- [HAProxy Enterprise](https://www.haproxy.com/) (version commerciale)
|
||||
|
||||
## Pages Liées
|
||||
- [[cat-reverse-proxy]] — Catégorie Reverse Proxy
|
||||
- [[app-traefik]] — Concurrent
|
||||
- [[load-balancing]] — Concepts
|
||||
- [[haute-disponibilite]] — HA
|
||||
- [[comparatif-reverse-proxy]] — Comparaison
|
||||
Reference in New Issue
Block a user