[nickramirez]

What open-source NGINX lacks that open-source HAProxy has:

* ACL rules with full support for logical if statements [1]

* active health checks

* end-to-end HTTP/2 [2]

* Robust logging or a dashboard with metrics

* The ability to read env variables

* session stickiness

* DNS service discovery [3]

These are just things I'm aware of, there could be a lot more.

HAProxy has shown itself to perform better for certain users such as Booking.com [4]

[1] https://www.nginx.com/resources/wiki/start/topics/depth/ifis... [2] https://trac.nginx.org/nginx/ticket/923 [3] https://danielparker.me/haproxy/nginx/comparison/nginx-vs-ha... [4] https://events.static.linuxfound.org/sites/events/files/slid...

[platform]

WRT > end-to-end HTTP/2 [2]

I think this is supported.

We are using NGINX with its core Stream module to receive HTTP/2 encrypted traffic, and loadbalance it (with random or least_conn) algorithms -- to each of our backends.

Traffic stays encrypted end-to-end, and it remains HTTP/2 (because the Stream module works at TCP level, not http so it does not care http/2 or http/1 is used).

It seems that in the ticket [2] that you mentioned, the commenter at the end is asking exactly for this. And that works well.

It is called often 'pass-through proxy'. The article here explains how to set it up

https://serversforhackers.com/c/tcp-load-balancing-with-ngin...

We loose information about the Web-browser's IP address at our backend. For for privacy-enforcement reasons, we actually do not want to have it at our terminating points (our backend apis). And also, if we ever need it -- I thin this can be enabled with the proxy protocol.

[wtarreau]

Thus it's just a plain TCP proxy and cannot route the traffic intelligently (based on Host or path) nor cache it. Following the same principle it could be said that haproxy has been supporting end-to-end H2 since version 1.0 long before H2 even existed!

With haproxy you can combine any set of H1/H2 on any side (protocol translation). It can even dynamically choose H1 or H2 depending on the negotiated ALPN the server presents, just like a browser does!

[nickramirez]

HAProxy can proxy HTTP/2 at Layer 4 or at Layer 7, to get all the HTTP message data and perform routing based on that, etc.

[platform]

Thx. Yes, NGNIX will not be able to balance HTTP/2 traffic based on HTTP headers. But HAProxy 2.0 can.

In our case, we are not un-encrypting at the load balancer, so we cannot see the HTTP headers anyway. Instead we use NGINX to load-balance based on TCP-level info.

[mattupstate]

Environment variables can be used in Nginx if you compile with Lua support or use the pre-built OpenResty distro.

[paulddraper]

Also

* Admin socket for live server adds/removes

* Full header manipulation without compiling extra modules

Broadly speaking, HAProxy is a more fully-featured choice for a HTTP/TCP/UDP load balancer.

However, it is not a web server, as it lack file serving and caching abilities.

[crankylinuxuser]

> * ACL rules with full support for logical if statements [1]

That is a terrifying "feature".

Turing completeness is not a feature. That "feature" allows complete emulation of other computation types.. Including an infinite ways of doing something wrong or bad.

[nine_k]

AFAIR first-order logic is not Turing-complete.