Hacker News new | past | comments | ask | show | jobs | submit login

I was comparing HAproxy to Squid a while ago and could not figure out what's haproxy's advantage over squid? I ended up using Squid but still am very interested in HAproxy, would like to learn more about it.

Squid remains to be the only one that can deal with SSL proxying(yes it's kind of MITM, but it's needed sometimes), and it's also the real "pure" open source. HAproxy might be better fit for enterprises that need support?




HAProxy is a TCP/HTTP load balancer, so the entire perspective of the software (from configuration to feature emphasis) stems from that.

Squid is a caching HTTP proxy, which began with forward proxying but also supports reverse proxying. I wouldn't regard it as relevant to modern, dynamic architectures as HAProxy or Varnish (another caching-focused project).

There's no real difference in open source purity between any of these projects, unless you dislike the stewardship of a company. HAProxy has existed for a long time without such stewardship (as has Varnish). Indeed, Squid's lack of commercial backing might be a hint as to its current relevance.


Varnish is a good HTTP caching server, but with the rise of HTTPS and soon HTTP/2 I'm not sure it'll change since last time I heard its developers don't intend to support TLS at all.


I disagree, Poul-Henning Kamp's HTTPS/HTTP2 rant is well known, but he's not going to abandon the project. He has steered it to follow the unix ideals of doing one thing well. They (varnish) forked stud and bought it up to date as hitch [1] which covers TLS. At some point they will incorporate HTTP2 once the demand is there.

https://github.com/varnish/hitch


Poul-Henning Kamp's HTTPS/HTTP2 rant ->https://queue.acm.org/detail.cfm?id=2716278


Good read about Varnish and SSL(again). https://www.varnish-cache.org/docs/trunk/phk/ssl_again.html


Still true, but you can use HAProxy (or Pound, or...) to terminate TLS, and pass the TCP connection through to Varnish 4.1 using the PROXY protocol (so you get the client IP).


"pure" opensource doesn't exist: There is open source and there is closed source. HAProxy is open source, products developed by HAProxy Technologies are also open source for our customers!!!

on the other side, you have varnish plus and nginx plus which are closed source, which means their clients can't have access to the source code, they don't know what they run.


Just so you know, you don't need to sign your comments (with Baptiste). You may wish to review the guidelines on commenting here:

https://news.ycombinator.com/newsguidelines.html

"Please don't sign comments; they're already signed with your username. If other users want to learn more about you, they can click on it to see your profile."




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: