Just today I deployed some haproxy acls to transparently partition traffic for new API features off of a customer's main legacy application onto a dedicated cluster of API machines. It still surprises me just how easy doing something like that is. The most difficult part of that process was remembering the business logic--to append a query string value that that API expected to see in the request for this part of the migration. This is completely unlike munging around Apache rewrites and hoping that you didn't leave off a 'L' and make it start looping, or forget to append the query string, stuff like that.
I think that if you work with anything web-facing, regardless of the scale, you'd be well served by learning even HAProxy's most basic features and building from there. You'd be astounded at how far you can get with even a basic configuration.
It's basically one of those tools you end up looking for problems for it to solve it's so elegant. I have my HAProxy hammer, and everything is a nail!
Cannot give Willy and team more kudos!
Combine that with a nice network and a tasty [EI]GP and be in pure web-serving bliss (of which I've only worked on two networks with that kind of design forethought, which is a shame).
I've also recently migrated one proxy from Traefik to HAProxy, previously I had two proxies, one with T and one with HAP, for different IP ingests, now it's one HAP. Though I don't have failover since the networking in LXC seems to dislike multiple interfaces on the same subnet and doesn't seem to like HAProxy trying to listen on specific interfaces either, that'll have to move to VMs. (I need separated frontends with separate IPs)
The easy part there is that I fully automated HAProxy deployment including certificates with ansible, so moving from container to VM will be a breeze.
Lastly, performance is amazing. I've never had HAProxy even hiccup, even when I got DDoS'd at some point HAProxy held up like a champ.
It might give you an insight how Istio et al are doing their magic through Envoy.
This is my first Tech-post, any comments are appreciated.
Thinking of using it for a new home based reverse proxy solution over HAProxy
> 192.168..122.3 Is this some new IP format I'm not aware of?
> acl evil path_beg /evil > acl evil path_beg /evil This is the same line twice to demonstrate a logical OR (I guess one is supposed to be path_end)
The configuration hassle with HAProxy however let me switch to nginx and traefik in the meantime...