⚠️ SECURITY NOTICE (February 2026)
CVE-2026-26080 & CVE-2026-26081: QUIC parsing vulnerabilities (DoS). Fixed in versions 3.0.12, 3.1.14, 3.2.12, 3.3.3+. Update immediately if using QUIC.
HAProxy (High Availability Proxy) is a powerful, open-source software used for load balancing, reverse proxying, and high availability of network services. It is primarily designed for applications that require reliability, scalability, and high performance, including web applications and TCP services.
- Current stable: HAProxy 3.3.4 (2026-02-19)
- LTS versions: 3.2.13 (maintained until 2030-Q2), 3.0.17 (maintained until 2029-Q2)
- Previous LTS: 2.8.18 (maintained until 2028-Q2)
- QUIC backend support (experimental) for HTTP/3 load balancing
- KTLS integration for zero-copy TLS data transfer
- TLS Encrypted Client Hello (ECH) support for enhanced privacy
- Persistent stats across reloads
- Automatic CPU binding policies matching hardware topology
- Improved ACME support with automatic certificate generation and DNS-01 challenge
- Enhanced live troubleshooting capabilities
- Reduced locking in stick-tables and peers for better performance
- Default load balancing algorithm switched to “random(2)” for better scalability
- L4/L7 load balancing and reverse proxy.
- High availability and failover setups.
- High-traffic web and API gateways.
HAProxy provides load balancing and proxy capabilities:
- Load Balancing: Distributes traffic across multiple backend servers using various algorithms (round-robin, least connections, random, etc.)
- High Availability: Monitors server health and removes unhealthy servers from the pool
- SSL/TLS Termination: Handles encryption/decryption to reduce backend server overhead
- Advanced Health Checks: Sophisticated server monitoring with customizable checks
- Session Persistence: Ensures consistent routing for user sessions
- Traffic Management: Complex routing based on URL paths, headers, and other criteria
- Security: Rate limiting, IP filtering, and protection against common attacks
- Monitoring: Detailed logging and statistics for performance tracking
- Protocol Support: HTTP/1.1, HTTP/2, experimental HTTP/3, TCP, gRPC, WebSocket
- Dynamic Configuration: Runtime updates without service restarts
For detailed feature information and configuration examples, see the HAProxy Configuration page.
- Web Traffic Load Balancing: Distribute web traffic across multiple backend servers
- Database Load Balancing: Improve performance and availability of database clusters (MySQL, PostgreSQL, etc.)
- Microservices: Act as a gateway for service-to-service communication in microservice architectures
- SSL Offloading: Handle SSL/TLS encryption to reduce backend server overhead
- API Gateway: Route to multiple API endpoints with traffic policies
- WebSocket Load Balancing: Manage long-lived WebSocket connections
For detailed information about HAProxy configuration components and setup, see the HAProxy Configuration page.
For detailed configuration examples and best practices, see the HAProxy Configuration page.
For information on high availability configurations with HAProxy, see the HAProxy Configuration page.
¶ Monitoring and Metrics
HAProxy provides monitoring capabilities essential for DevOps operations:
- Statistics page: Access real-time metrics via a web interface
- Prometheus endpoint: Native Prometheus metrics export (if compiled with support)
- Runtime API: Query and modify configuration at runtime
- Performance counters: Track connections, requests, response times, and error rates
For detailed monitoring and metrics configuration, see the HAProxy Configuration page.
- C (96.3%)
- Additional: C++, Shell, Makefile, Lua, Python
- ✅ Actively maintained - Recent release (Feb 2026)
- ✅ Official Docker image -
haproxy (Docker Official Image)
- 🔧 QUIC/HTTP/3 support - Experimental in 3.3+
- ⚠️ Security notice - CVE-2026-26080/81 (QUIC DoS) - update if using QUIC
- 📦 Repository available - Debian/Ubuntu, RHEL/CentOS, official HAProxy repo
- 🏢 Commercial support - HAProxy Technologies
¶ History and References