For example, Nginx doesn't have uri based load-balancing, you need to code it yourself.
We have tried to use Nginx as a load-balancer for 10Gbit infra, and we got problems with IOps as it was not splice + max speed of 3Gbit/s on Nginx server, while if you go with HAproxy you get 9.6Gbit/s for same amount of requests and files. From: William Lewis [mailto:[email protected]] On Behalf Of William Lewis Sent: vrijdag 1 februari 2013 13:50 To: shouldbe q931 Cc: Steven Acreman; [email protected] Subject: Re: Comparison to nginx I couldn't agree more, but I'm really in need of more concrete reasons for pushing back against this. On Feb 1, 2013, at 12:40 PM, shouldbe q931 <[email protected]> wrote: On Fri, Feb 1, 2013 at 11:22 AM, William Lewis <[email protected]> wrote: Hi Steve, Its not a question of replacing nginx with haproxy. The existing solution was dns round robin directly to application servers, that then proxy on to a different node if they didn't hold the required state (which is horrible) I've deployed haproxy in front of this setup but I'm now being asked to replace it again with nginx to harmonize with other infrastructure in the company, and I'm trying to understand what I might lose (other than my time and sanity) in doing that. Thanks Will On Feb 1, 2013, at 11:15 AM, Steven Acreman <[email protected]> wrote: Hi William, I'm not sure I'd change anything that wasn't causing me pain. If nginx is working nicely then there are probably other things that aren't that are more rewarding of attention. Are there any pain points that you currently have? Maybe haproxy could improve some of those. Thanks, Steven On 1 February 2013 11:09, William Lewis <[email protected]> wrote: Hi I'm looking for some advice in comparing haproxy to nginx. I've been happily using haproxy for all my load balancing needs for the past few years and in my opinion I think its great. I've recently been working to deploy it my latest role but am coming up against resistance from supporters of nginx which granted is already a technology widely used in the company but not one that I have any experience with. Below is the configuration I have developed for my requirements with haproxy, I was hoping that someone that is familiar with both technologies could comment on anything I will be losing if I indeed give in and use nginx instead. Comments on improvements to the haproxy configuration also welcomed. Thanks Will Lewis ------------- global daemon quiet maxconn 200000 pidfile /local/haproxy/haproxy.pid uid 60003 gid 1001 chroot /local/haproxy/run log 127.0.0.1 local0 log 127.0.0.1 local1 notice log-tag haproxy defaults log global balance roundrobin mode http monitor-uri /haproxy http-check send-state retries 3 timeout connect 6000 timeout client 1020000 timeout server 1020000 timeout http-request 6000 option abortonclose option forwardfor except 127.0.0.1 option http-pretend-keepalive option http-server-close option httplog option log-health-checks option log-separate-errors option redispatch option tcpka option splice-auto errorfile 200 /local/haproxy/errorfiles/200.http errorfile 400 /local/haproxy/errorfiles/400.http errorfile 403 /local/haproxy/errorfiles/403.http errorfile 408 /local/haproxy/errorfiles/408.http errorfile 500 /local/haproxy/errorfiles/500.http errorfile 502 /local/haproxy/errorfiles/502.http errorfile 503 /local/haproxy/errorfiles/503.http listen stats :7000 mode http stats uri / frontend external bind *:8081 bind *:8443 ssl crt /local/haproxy/certs/main.pem crt /local/haproxy/certs/ bind *:8444 ssl crt /local/haproxy/certs/partner.pem crt /local/haproxy/certs/ acl is_secure dst_port eq 8443 8444 maxconn 200000 # Capture User-Agent and X-Forward-For headers to the log capture request header User-agent len 45 capture request header X-Forwarded-For len 15 # Capture any 302 redirects to the log capture response header Location len 20 # Capture content length to the log capture response header Content-length len 9 compression algo gzip compression type text/cmd text/css text/csv text/html text/javascript text/plain text/vcard text/xml application/json application/x-www-form-urlencoded application/javascript application/x-javascript compression offload # Remove X-Proto header added from any external source reqidel ^X-Proto:.* # Presence of X-Proto: SSL header now genuinely indicates we have received communication on SSL reqadd X-Proto:\ SSL if is_secure # We keep track of connection rates and connection numbers stick-table type ip size 200k expire 2m store conn_rate(3s),conn_cur # And we do this per source address tcp-request connection track-sc1 src acl source_rate_abuser sc1_conn_rate gt 500 acl source_connections_abuser sc1_conn_cur gt 5000 use_backend be_sf-slow if source_rate_abuser || source_connections_abuser default_backend be_sf backend be_sf cookie srv-eu insert domain .example.com <http://example.com/> server srv_1 10.0.0.1:9081 <http://10.0.0.1:9081/> cookie b802 check inter 5000 maxconn 700 server srv_2 10.0.0.2:9081 <http://10.0.0.2:9081/> cookie b803 check inter 5000 maxconn 700 server srv_3 10.0.0.3:9081 <http://10.0.0.3:9081/> cookie b804 check inter 5000 maxconn 700 server srv_4 10.0.0.4:9081 <http://10.0.0.4:9081/> cookie b805 check inter 5000 maxconn 700 server srv_5 10.0.0.5:9081 <http://10.0.0.5:9081/> cookie b806 check inter 5000 maxconn 700 server srv_6 10.0.0.6:9081 <http://10.0.0.6:9081/> cookie b807 check inter 5000 maxconn 700 server srv_7 10.0.0.7:9081 <http://10.0.0.7:9081/> cookie b808 check inter 5000 maxconn 700 server srv_8 10.0.0.8:9081 <http://10.0.0.8:9081/> cookie b809 check inter 5000 maxconn 700 server srv_9 10.0.0.9:9081 <http://10.0.0.9:9081/> cookie b80a check inter 5000 maxconn 700 backend be_sf-slow cookie srv-eu insert domain .example.com <http://example.com/> server srv_1 10.0.0.1:9081 <http://10.0.0.1:9081/> cookie b802 check inter 5000 maxconn 100 server srv_2 10.0.0.2:9081 <http://10.0.0.2:9081/> cookie b803 check inter 5000 maxconn 100 server srv_3 10.0.0.3:9081 <http://10.0.0.3:9081/> cookie b804 check inter 5000 maxconn 100 server srv_4 10.0.0.4:9081 <http://10.0.0.4:9081/> cookie b805 check inter 5000 maxconn 100 server srv_5 10.0.0.5:9081 <http://10.0.0.5:9081/> cookie b806 check inter 5000 maxconn 100 server srv_6 10.0.0.6:9081 <http://10.0.0.6:9081/> cookie b807 check inter 5000 maxconn 100 server srv_7 10.0.0.7:9081 <http://10.0.0.7:9081/> cookie b808 check inter 5000 maxconn 100 server srv_8 10.0.0.8:9081 <http://10.0.0.8:9081/> cookie b809 check inter 5000 maxconn 100 server srv_9 10.0.0.9:9081 <http://10.0.0.9:9081/> cookie b80a check inter 5000 maxconn 100 I'd be very wary of "to harmonize with other infrastructure in the company" as to me that just sounds like "not used/invented here" syndrome. nginx, really good web server with reverse proxy HTTP capabilities and basic HTTP load balancing capabilities haproxy really good reverse proxy for, really good load balancer (for much more than just HTTP(S), also has built in stats engine and hot management of backends. I use nginx for several websites, most of them have HAProxy running in front of them (as a HA pair...)
