Building notes, projects, and occasional rants

Proxy software

A small list of proxy software that I use, or that have crossed my radar.


A single stop solution for all your HTTP, HTTP/2, TCP proxy needs. This is my go-to software today, it covers 80% to 90% of my needs, in a single package with a common configuration language. Why run multiple services if a single one covers what you need… Also, wicked fast. I really avoid going to others unless there is a clear need for it.

The weakest point for nginx is that dynamic reconfiguration, specially of backend configurations, are only available with the paid version, nginx Plus. But you can get a long way there with a small sidecar process that listens to service discovery updates, rewrites nginx configuration files, and asks nginx to reload them.

nginx features that are rareley mentioned: you can upgrade the nginx version without downtime. I haven’t came across any other proxy software that does this. But admitelly I haven’t looked that hard either…

See also tengine, a nginx distribution originaly by Taobao.


haproxy is the grand daddy of reverse proxies. Very easy to setup, simpler than nginx. Has a nice built-in HTTP status interface.

At the moment, nginx does everything that I need that haproxy has, and I don’t need the extras that haproxy has that nginx lacks. If I already have nginx running it makes little sense to add another service. But if I just need plain TCP reverse proxy, then I prefer haproxy. It boild down to reducing the number of services I have to have running.


Another classic. If you have strong caching needs, Varnish is the software to use.

Used to be he most flexible software in terms of configuration due to the use of very complete request routing language, VCL. But recent releases of haproxy, with Lua support, and nginx (either with Lua support on the OpenResty version, or the new nginScript), you might have similar capabilities with the others.


My current favorite to replace nginx (although see traeffik below…): integration with Consul, Vault, PROXY Protocol Support for easier integration with Amazon load-balancers and haproxy, and traffic shapping for canary deployments.

See the full feature list.

My only concern is that there is mainly one commiter. This is true of multiple software projects I use (Redis comes to mind), but still, I tend to approach these situations with care.


Other software projects to look at someday:

  • traeffik: I really need to look into this one, looks awesome!
  • gobetween (excellent name…): a layer 4 reverse proxy, TCP, UDP and TCP with TLS. Consul integration, and much more;
  • linkerd: a CNF project, focused on creating a service mesh for micro-services integrations;
  • Kong: an API Gateway;
  • Caddy: HTTPS and HTTP/2 by default, with automatic integration with Lets Encrypt. Configuration looks very simple;
  • skipper: flexible HTTP router, easy to add filters that modify requests and responses;
  • gorouter: interesting use of NATS to manage the routing table…
  • seesaw: un-official Google product, frontend to Linux kernel LVS, including support for Direct Server Return.