Difference 1
Both can now support http/tcp/udp load balancing . Nginx uses a programming language-like configuration and uses a document structure to represent the configuration relationship, which seems clearer. Haproxy's configuration is a bit like network equipment, definitions and references, sometimes To figure out a logic, you need to read it up and down.
nginx is a multi-process master-worker, each process is single-threaded, and multi-core CPUs can be fully utilized; haproxy is multi-threaded, and a single process can achieve ultra-high performance. Although haproxy can also be multi-process, most online information thinks that multi-process is enabled. It cannot improve performance, and it is not recommended to run multiple processes.
Even though the performance of nginx as a reverse proxy is slightly lower than that of haproxy, the actual performance of both is super high. I pressure tested nginx on Alibaba Cloud 1c1g cloud host. The http performance can reach at least 2000qps. After turning on https, the performance is about 550 times . Handshake/s. Performance issues are almost nothing to worry about.
Their respective characteristics are as follows:
nginx:
- Using curly braces, hierarchical configuration file structure
- In addition to the built-in map and if statements that can implement simple logic, it natively supports js/perl scripts and unofficially supports lua.
- In addition to load balancing, you can also do static web servers and cache servers (Haproxy cannot)
- Modular, compiled on demand, because it is modular, there are many third-party extension modules available.
- The open source version only has basic functions. For more functions, you need to use third-party modules or spend money to buy the official extended version of nginx plus.
haproxy:
- Definition and reference, imperative configuration structure
- Supports acl, but does not support other scripting languages (someone in the comments said it can now be supported)
- Load balancing performance is better than nginx
- There is a status statistics page
- Official support for session retention, health check, etc. (not included in nginx open source version)
- The basic function coverage is better than the nginx open source version, but it is not easy to expand and lacks third-party resources.
Difference 2
Nginx and Haproxy actually have different positioning. Nginx is positioned as a server, and Haproxy is positioned as a load balancer.
Nginx can support the load balance function through various plugin modules, and its performance is not much weaker than haproxy, so some people always compare the two things. In fact, Apache can also be used as a load balancer through related modules, but the performance is much worse, so no one uses it. Of course, Nginx's LB function is now its main pillar function.
I see that many answers have misunderstandings about haproxy multi-process. Here is a special mention. Haproxy has long supported the multi-process model, but it is not the Worker Master structure of Nginx, but an equal multi-process structure. It also supports the REUSE PORT option, so in Here Nginx and Haproxy are the same for multi-core utilization and there is no essential difference.
Haproxy has added a multi-threaded mode since 1.8 . Now it also recommends this model, which can better utilize multi-cores on some platforms. And Nginx has never had a multi-threading model. And it doesn’t look like the community is going to support it.
In fact, Nginx has server-based functions that Haproxy does not have. It is difficult for Haproxy to respond to an ordinary HTTP request like an ordinary Web server, and it is impossible to do so without large-scale modification of the source code. Haproxy is designed around the forwarding model, and the entire process revolves around how to quickly forward a request or reply to the other end. It does not accept requests and respond like a server.
However, as a pure LB, Nginx, especially for Web LoadBalancer, does not have as detailed functions as haproxy. Haproxy supports a wide range of ACL objects. In many cases, complex functions can be completed without script assistance. However, Nginx's slightly more complex LoadBalance function requires the use of scripts, so the performance will be much worse.
From a functional perspective, Nginx actually has more functions than Haproxy (of course not all are free), because its development community and positioning direction are larger and broader than Haproxy. There are many more solutions on Nginx. For example, WAF and haproxy do not have better native solutions. Including the recent support for Service Mesh, it is difficult for haproxy to keep up.
But the basic functions, including HTTP2, TLS 1.3, Script, SSL/TLS offload, ocsp, and SNI preload, are actually supported by the latest version of haproxy, even earlier than Nginx (HTTP2 is later, but it is also supported now). In addition, regarding hardware SSL offload support, it is mainly supported by the OpenSSL engine, so this is similar to everyone. As long as it is compatible with the latest OpenSSL, there will be no problem.
The advantage of Haproxy is actually that its forwarding performance is slightly higher. Because Haproxy pursues the forward process of zero copy, the code tends to be optimized at this point. However, this advantage has now been wiped out by the wide range of TLS/SSL applications. Compared with the time saved by 0 copy, encryption and decryption consume the vast majority of performance, so haproxy basically has no advantage in the current widespread SSL environment. Unless you want to use pure HTTP and also want to use the more complex Load Balance function based on HTTP headers, then Haproxy is a good choice. Otherwise, if it is just pure LB, LVS performance is actually higher, after all, it is in the Kernel.
From a code level, Nginx's structured code and modularity are much better than Haproxy. Haproxy code modularization has always been a big problem. The internal structure is not modular enough and secondary development is difficult. It has only improved recently in 1.9, but there are still many internal trick hacks and confusing FLAGs. Compared with the thorough modularization of Nginx, you can easily change or implement related functions by developing your own modules, which haproxy does not have.
From the perspective of the development community, Nginx is much better than Haproxy. Although Haproxy has a longer community history, it has always been tepid. There have always been very few contributors due to the strict control of the original author. In addition, there is no module development function. So it has never attracted many developers. The problem is that version updates are slow and new features supported are slow. The development of HTTP2 relies entirely on the original author, so the support progress is seriously delayed.
This article seems to have turned into a complaint about haproxy, but because I come into contact with these two things too much at work, and I am doing in-depth secondary development, I think I still have a certain understanding of them. From the current point of view, if haproxy cannot be more open to recruit more contributors and cannot completely modify the architecture to support module development, it will not be able to compare with NGINX.
In addition, the advantage of Haproxy is that the functions of the free version are more affordable than the free version of Nginx. It is indeed a benefit for small and poor sites.
Reposted to Compare Nginx and HAProxy, what are the advantages and disadvantages of each? - Know almost