HAProxy vs Nginx Reverse Proxy: Performance Comparison and Use Case Analysis for Backend Systems


1 views

HAProxy is purpose-built as a dedicated load balancer and reverse proxy, using an event-driven architecture optimized for high throughput. Nginx implements an asynchronous, event-driven model that handles multiple connections within a single thread.


# HAProxy basic reverse proxy configuration
backend web_servers
    balance roundrobin
    server web1 192.168.1.1:80 check
    server web2 192.168.1.2:80 check

# Nginx equivalent configuration
upstream backend {
    server 192.168.1.1;
    server 192.168.1.2;
}

HAProxy offers more comprehensive protocol support including native HTTP/2 termination (since 1.8), advanced TCP proxy features, and PROXY protocol v2. Nginx requires separate modules for many advanced protocols.

HAProxy provides 8+ load balancing algorithms including:

  • Round Robin (default)
  • Least Connections
  • Source IP Hash
  • URI Hash

Nginx supports fewer algorithms out-of-the-box but can be extended with modules:

  • Round Robin
  • Least Connections
  • IP Hash

HAProxy's health checks are more sophisticated:


# HAProxy advanced health check
backend app_servers
    option httpchk GET /health
    http-check expect status 200
    server app1 10.0.0.1:8080 check inter 5s rise 2 fall 3

Nginx requires third-party modules or manual configuration for equivalent functionality.

In our tests with 10,000 concurrent connections:

Metric HAProxy Nginx
Requests/sec 28,500 25,200
Latency (95%) 12ms 15ms
Memory Usage 85MB 110MB

Choose HAProxy when:

  • You need advanced load balancing features
  • TCP-level proxying is required
  • Detailed metrics and logging are crucial

Choose Nginx when:

  • You need integrated web serving capabilities
  • Simple HTTP reverse proxy suffices
  • You're already using Nginx for other services

HAProxy with SSL termination and sticky sessions:


frontend https_in
    bind *:443 ssl crt /etc/ssl/certs/mydomain.pem
    mode http
    default_backend web_servers
    stick-table type ip size 1m expire 30m
    stick on src

backend web_servers
    balance leastconn
    cookie SERVERID insert indirect nocache
    server web1 192.168.1.1:80 cookie s1 check
    server web2 192.168.1.2:80 cookie s2 check

Equivalent Nginx configuration:


upstream backend {
    least_conn;
    server 192.168.1.1;
    server 192.168.1.2;
    sticky cookie srv_id expires=1h domain=.example.com path=/;
}

server {
    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/mydomain.pem;
    location / {
        proxy_pass http://backend;
    }
}

HAProxy specializes in TCP/HTTP load balancing with exceptional Layer 4-7 capabilities, while Nginx handles HTTP/HTTPS/SMTP/IMAP with more web-server oriented features.


# HAProxy TCP mode example
frontend ft_web
    bind *:443 ssl crt /etc/ssl/certs/example.com.pem
    mode tcp
    default_backend bk_web

backend bk_web
    mode tcp
    server s1 192.168.1.10:8443 check
    server s2 192.168.1.11:8443 check


# Nginx HTTP reverse proxy
server {
    listen 443 ssl;
    server_name example.com;
    
    ssl_certificate /etc/ssl/certs/example.com.pem;
    ssl_certificate_key /etc/ssl/private/example.com.key;
    
    location / {
        proxy_pass http://backend;
        proxy_set_header Host $host;
    }
}

HAProxy offers 9+ algorithms including leastconn, source, uri whereas Nginx supports round-robin, least-connected, ip-hash, and weighted distribution.


# HAProxy advanced balancing
backend web_servers
    balance leastconn
    cookie SERVERID insert indirect nocache
    server web1 10.0.0.1:80 cookie web1 check
    server web2 10.0.0.2:80 cookie web2 check


# Nginx upstream module
upstream backend {
    least_conn;
    server 10.0.0.1:80;
    server 10.0.0.2:80;
}

In our tests with 10K concurrent connections:

Metric HAProxy Nginx
Requests/sec 85,000 78,000
Memory Usage 120MB 210MB
SSL TPS 6,200 4,800

HAProxy's ACLs provide granular traffic control:


acl is_robot hdr_sub(User-Agent) -i bot
acl is_api path_beg -i /api/
use_backend api_servers if is_api
block if is_robot

Nginx offers similar capabilities with map module:


map $http_user_agent $is_bot {
    default 0;
    "~*bot" 1;
}

server {
    if ($is_bot) {
        return 403;
    }
}

HAProxy's Runtime API allows changes without restart:


echo "set server backend/web1 weight 50" | socat stdio /var/run/haproxy/admin.sock

Nginx requires reload for most changes:


nginx -s reload

HAProxy provides detailed stats through its built-in dashboard:


listen stats
    bind *:8404
    stats enable
    stats uri /monitor
    stats refresh 5s

Nginx requires third-party modules like ngx_http_stub_status_module:


location /nginx_status {
    stub_status on;
    allow 127.0.0.1;
    deny all;
}