HAProxy community

HAProxy as non-caching http reverse proxy for M2M integration

Hi Folks,

I’m looking for some advice from experienced HAProxy users in regards to my use case.

I have an a bunch of serverless application (ie Lambda functions) running on AWS cloud that needs to integrate with my customer’s backends. All backends are HTTP based being the majority of them SOAP or REST APIs and all of them require me to have static IP addresses to connect with them. So in order to fulfill this requirement I’m looking for a non-caching reverse proxy running on a EC2 instance, and I would like to hear if HAProxy would be an actual candidate for this task.

In particular I’m looking for the following features:

  • simple to configure
  • fast! The proxy will handle thousands of request per seconds from a small number of clients (my internal applications)
  • being able to present logs and stats on a per server/backend basis (ie per-domain or per server’s ip addresses allowing to have individual metrics for each customer backend)
  • able to run as docker containers
  • uses a dedicated DNS for name resolution or have a similar feature by itself. (Some of the backends domain names are not published in public DNS so I use a local dnsmasq to control name resolution)
  • A big plus would be the ability to as a SSL termination/gateway. Ie, I’d like to have my system calling the proxy as if it was the actual backend endpoint and have the proxy performing the request to the customer’s backend over HTTPS allowing me to log the URLs and also the full request/response for auditing and troubleshooting purposes.

What do you think. Would HAProxy be a good choice for this task?

Thanks in advance.

Eric

Hi,
Haproxy will tick most of these boxes. Configuration simplicity is a matter of personnal opinion I guess.
Other than that it is fast, has logs defined on a per backend basis, can run as docker container, can use DNS for name resolution on a per server basis if you’d like, and cherry on top it can terminate ssl on the frontend and encrypt traffic to the backend.