Overview
HAProxy Enterprise enables modern application delivery at any scale and in any environment, including on AWS. Fast and efficient load balancing improves application performance and reliability (2 million RPS on a single Arm-based AWS Graviton2 instance). Multi-layered security protects applications against DoS, bots, abuse, and layer 7 application attacks. Observability features enable fast issue resolution, pro-active prevention, and informed capacity planning.
Simple to deploy and administer, with flexible service discovery, RESTful Data Plane API, single sign-on (SSO), zero downtime reloads, automatic dynamic updates of ACL/Map files, SSL/TLS certificate automation (including Let's Encrypt integration and OCSP stapling), device detection and geolocation databases.
HAProxy Enterprise on AWS is compatible with HAProxy Fusion for centralized management, monitoring, and automation, including support for AWS Auto Scaling groups, Route 53, and CloudWatch. This combination simplifies the management and observability of your load balancing and WAF layers at scale.
Highlights
- Load balancing: Fast and reliable, high availability, wide protocol support, choice of algorithms, and complex routing logic.
- Security: Multi-layered defense for apps and APIs with SSL/TLS, bot management and crawler validation, rate limiting, and web application firewall (WAF).
- Observability: Advanced logging, Prometheus integration, SNMP, end-to-end request timing, OpenTracing.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Free trial
- ...
Dimension | Cost/hour |
|---|---|
c5.xlarge Recommended | $0.35 |
t3.micro | $0.35 |
m1.large | $0.35 |
c6in.metal | $0.35 |
i7i.metal-48xl | $0.35 |
i3.2xlarge | $0.35 |
m6i.xlarge | $0.35 |
m6idn.2xlarge | $0.35 |
m8i-flex.4xlarge | $0.35 |
x2iedn.xlarge | $0.35 |
Vendor refund policy
We do not refund hourly usage or annual subscription.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Launching AMI: Deploy the HAProxy Enterprise AMI using the instance size of your choice. We recommend choosing an instance with at least 2 CPUs and with at least 8 GB RAM. Select the instance size, agree to the subscription terms, and follow the AMI configuration instructions.
Connecting to Instance: Once the AMI has been launched and fully booted (instance is being shown as healthy) you can connect to it using the SSH key pair that you selected while launching the instance.
Use the following command to connect to the instance depending upon the operating system that you selected. Please make note of the instance IP and connect either through private IP (from bastion host) or through public IP (EIP):
Ubuntu: ssh -i <private key> ubuntu@<ec2 IP> Red Hat Enterprise Linux: ssh -i <private key> ec2-user@<ec2 IP>
Starting and Managing the service: The HAProxy Enterprise service will automatically run upon initialization. You can manage the process using systemctl.
To view the process status run systemctl status hapee-3.3-lb
Quick Start Guide: https://www.haproxy.com/amazon-quickstart-guide/ Complete Documentation: https://www.haproxy.com/documentation/hapee/
Resources
Vendor resources
Support
Vendor support
9am - 6pm | Critical Issue Target Response Time: 8 hrs | Email and Web | Prompt Maintenance and Updates. We are available at contact@haproxy.com if you require 24x7 support, significantly shorter SLAs, and consultative support. Please activate your support license at https://www.haproxy.com/amazon-support-activation or contact us at contact@haproxy.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Standard contract
Customer reviews
Centralized monitoring has improved efficiency and provides faster responses to application issues
What is our primary use case?
My main use case for HAProxy is to load balance my applications and for Layer 4 of the OSI model.
I use HAProxy on GitLab to make commits on SSGador parts, and I have some Zabbix and Wazuh agents to monitor my applications.
What is most valuable?
The best feature HAProxy offers in my experience is its TCP functionality, as I don't use it for HTTPS because I use Traefik for that purpose. I use only the TCP protocol with HAProxy and not the HTTPS protocol.
HAProxy has positively impacted my organization because all of my applications are now centralized in one point, so I can manage it from my load balancer machine. I'm using a virtual machine on AWS , and it's very useful because I can now determine if one agent on Wazuh or Zabbix is out of range. This allows for better control and quicker responses to issues if the system goes down for an extended period, improving efficiency.
What needs improvement?
For the limited use that I have of HAProxy, I don't have any points to improve. I think I need more time with this tool, or perhaps I simply don't have areas that need to get better. I don't have additional thoughts about needed improvements, even if it's something small or just an idea for the future.
For how long have I used the solution?
I have been working in my current field for about eight months.
What was our ROI?
In terms of specific outcomes, I have seen approximately twenty dollars in cost savings because I was planning to use a load balancer from AWS . HAProxy is really useful and faster because I can see if the system or the agent on Wazuh or Zabbix goes down, which is truly helpful.
What other advice do I have?
The output of HAProxy is good, with a lot of information. It's a really good work tool. I don't have much to discuss about the output other than that it provides excellent information, allowing me to centralize all of the components that I have. It's really important because I can manage my applications more efficiently.
My advice to others looking into using HAProxy is to look at the documentation, which is really good, and to search for some use cases because they may find more benefits and improve their use of the tool better than I have now. I really recommend HAProxy to another IT business partner to use it. It's a really good tool, and if you use it well, you will gain a lot of benefits from it. I gave HAProxy a rating of ten out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Handles high traffic efficiently and simplifies complex routing with rule-based logic
What is our primary use case?
My main use case for HAProxy is to serve web pages, call backend applications, and serve customer queries. On HAProxy , we have different rules to accept user requests and redirect them to either Nginx in the backend for proxy pass or reverse proxy, or we give it to the Tomcat application, a Tomcat Java application, to serve the request and give the response back to the customer.
Regarding how those rules work, for example, let's talk about serving static content. We have a rule, such as /static or some node URLs. Based on that, we give the request to Nginx to serve the static content. Static content is hosted on the local server or maybe some S3 bucket. Similarly, if there's a Java application URL for various purposes, such as reporting, transactions, payments, or order booking, all those requests, based on whatever rules we have, go to the backend Tomcat application where we've configured multiple servers for high availability. We have also kept HAProxy in the backend to the application load balancer, so we can manage multiple HAProxy servers with a single application load balancer and from there manage multiple Tomcat Java application servers, multiple Node servers, or multiple static content Nginx servers.
What is most valuable?
The best features HAProxy offers include the reverse proxy feature, which I find to be the best. The second is that the rules and templates are very easy to understand, read, and write. Another great feature is that HAProxy supports SSL, the certificates and all for multiple domains. This is also great and while it is available in other web servers, HAProxy includes it here, which is useful. The simplicity of the rules is another advantage which I mentioned earlier, and the logging of HAProxy has in-depth printing that can be very useful. We can pass those logs later for our analytics purpose.
Regarding logging, we log the X-Forwarded-For IP, the original client IP from where the request lands to HAProxy so that we can see which IP is hitting how many requests with what action or what URL. This helps us identify potential spamming attacks or scraping on our platform. We parse all these logs or forward them to a centralized logging server so that the other team can review and take action. For example, we can block it in our firewall or web application firewall, or we can implement rate limiting based on this logging analysis. As for the rules, we can mention multiple domains' configurations with actions or rules and redirect them to any backend server, whether it is a Java application, Next.js application, or any Node application. This way, they will be served better.
What needs improvement?
I think HAProxy is good as it stands now, but I believe there could be improvements. gRPC has recently been implemented, which is great, along with TLS 1.2 and 1.3 support, and HTTP 2.0 is also available. However, I'm unsure about the benchmark of those HTTP 2.0 requests on HAProxy. If there were any other protocol with better performance than HTTP 2.0, or perhaps mTLS and other similar features, including that in HAProxy would be really great.
For improvements, I think that during setup and configuration, the steps provided are neat and clear. Anyone can easily install and configure it. There are many kernel tuning parameters also available, which is great. For specific improvement, in terms of logging, I think printing the full object of the request may help, or if there's a way to reference two requests, it would be beneficial to find a complete session history from a logged-in customer, as it would help analyze customer and user analytics.
For how long have I used the solution?
HAProxy is something we started using somewhere in 2013, almost 12 years back.
What do I think about the stability of the solution?
HAProxy has helped with performance and uptime. Before HAProxy, we had Apache web servers. The performance of HAProxy is awesome; I would say it's far better. We have reduced a lot of servers, replacing them with one or two HAProxy servers which deliver better performance, accuracy, and an almost 100% success rate with requests coming from customers or other sources, and there are no loopholes, disconnects, or gaps in the entire data flow.
What do I think about the scalability of the solution?
HAProxy's scalability is excellent. We have multiple HAProxy servers, and we've achieved load balancing based on CPU utilization, CPU load average, and memory. We manage an automatic load balancing feature where we add HAProxy servers dynamically behind the application load balancer to handle more traffic. At low peak levels, we remove HAProxy servers after completing in-flight requests, managing our scalability efficiently.
How are customer service and support?
So far, we haven't needed to reach out for customer support for HAProxy. We have utilized all the features provided without requiring assistance.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were previously using Apache web servers before implementing HAProxy, and we switched because Apache gave us many issues with customer user queries. It would time out, slow responses, and even throttle requests in a heavily loaded environment. We haven't seen those issues with HAProxy. HAProxy performs well with proper CPU utilization and maintains great accuracy with a high success rate.
Before choosing HAProxy, we evaluated other options. When we experienced challenges with Apache web servers, we considered whether to go with HAProxy or Nginx, but we chose HAProxy due to the benchmark results with our rule sets showing it winning in most cases. That's why we have been using HAProxy in production for the last 12 to 13 years.
How was the initial setup?
In terms of my setup of HAProxy, we have the open-source HAProxy latest 3.0 on Linux, Amazon Linux OS server. By the way, we have multiple HAProxy servers. We follow the standard configuration on the Linux platform along with high tuning parameters and kernel tuning parameters so that it can serve multiple connections parallelly without any connection overhead or taking much resources. We do a lot of kernel tuning parameters for HAProxy to serve with better performance, fast, and accurate.
What was our ROI?
I can share one use case in terms of ROI related to money and time saved. We had multiple Linux servers for Apache web servers, which we replaced with a few HAProxy servers. This resulted in a drastic decrease in costs and, at the same time, the accuracy of the hits coming on HAProxy was almost around 100% or 99.99%. This was not the case with the other web servers in our heavily loaded environment.
What's my experience with pricing, setup cost, and licensing?
I find the pricing, setup costs, and licensing for HAProxy to be acceptable. The setup cost is fine since we understand the logic and concepts behind it. We should explore how licenses can be further improved, but I believe the offerings of HAProxy are really good, and I don't see any concerns or challenges regarding pricing.
What other advice do I have?
For the backend configuration, there are a lot of features provided by HAProxy, including multiple connections and timeout settings.
HAProxy has positively impacted our organization as we serve many domains. We use rules to serve our B2B domains, which include numerous B2B websites served through HAProxy based on requests and other requirements. All these B2B platforms handle regular order bookings, payments, different analytics, and MIS reports, among many other activities. It's one of the best; we don't use any other web server apart from HAProxy.
My advice for others considering using HAProxy is that it should be based on their specific requirements and challenges within their environment. I recommend conducting benchmarking and testing in their staging or performance testing environments. HAProxy is one of the best web servers known for its drastic scalability, performance, and accuracy, as mentioned earlier. I also suggest focusing on the simplicity of use and debugging, making HAProxy a favorable option.
I think HAProxy is good, and I can see that many new versions are being released. There is a proper release mechanism or SDLC life cycle for HAProxy versions, which is commendable. Overall, I believe in using it as it is. I would rate this solution a 10 out of 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Handles massive connection surges while minimizing latency and reducing operational overhead
What is our primary use case?
HAProxy serves as an application load balancer that facilitates communication between applications and microservices. We operate an ad-serving platform that receives a high volume of requests to our front-facing application, and depending on certain criteria, we pass those requests to our backend application, which is horizontally scaled. We needed a proxy or load balancer between them to proxy all these requests. Instead of using a cloud-native solution, we chose HAProxy , which helps us scale effectively whenever requests are being passed through.
Being an e-commerce application, we often received a lot of requests, and although we scaled our applications in the backend, HAProxy managed to handle all those connections without much scaling. This significantly helped us during events with massive traffic or specific campaigns in our e-commerce applications.
What is most valuable?
The proxying capability itself is a feature we have used, and we utilize it as a load balancer. The multiple algorithm support, such as round-robin and least requested, along with all those options, proved very effective, and it was able to handle a lot of connections.
The concurrency handling of HAProxy was remarkably efficient. As a production engineer at that time, I definitely wanted to ensure that the system could handle massive connections, especially since we operated an e-commerce platform where we could not lose any customer calls. It was very critical to handle all the connections, and therefore, the concurrency handling of HAProxy was truly efficient.
During those high-traffic campaigns, there was actually very minimal latency. There definitely was a spike in latency, but it was very minimal, and HAProxy was able to manage the traffic without any noticeable latency in the application.
What needs improvement?
HAProxy already provides many of the features that other solutions in the market are providing, such as Nginx, so I do not see much room for improvement.
For how long have I used the solution?
I have been working in the current field for more than 15 years.
What do I think about the stability of the solution?
HAProxy is definitely stable. It was very scalable, and we never had many issues. The hot reload feature of HAProxy also really helped us so that we never had to shut it down to reload it.
What do I think about the scalability of the solution?
HAProxy's scalability is excellent. It handles tens and thousands of connections without any problem.
How are customer service and support?
I have never had to contact customer support, so I cannot speak to that experience.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before choosing HAProxy, we evaluated Nginx.
We tried Nginx before using HAProxy, but HAProxy was far better than Nginx, especially because of the syntax. We had a script that auto-reloads HAProxy, making it a superior choice at that time.
What was our ROI?
We definitely saw fewer employees needed and money saved. We achieved 100% money savings and fewer employees with very little maintenance required. HAProxy has a very community, so we never had to get stuck while troubleshooting or creating new configuration files, resulting in significant time saved.
What's my experience with pricing, setup cost, and licensing?
Since we used the open-source version, we were not concerned about pricing, setup cost, or licensing.
Which other solutions did I evaluate?
My advice for others looking into using HAProxy is that it is really scalable. We used the open-source version, and I think the paid version offers even better options and support. If you are looking for a proxy solution, HAProxy is a good option to consider.
What other advice do I have?
I would recommend moving forward with HAProxy. I am rating this review a 10 out of 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Supports flexible traffic routing and handles high request volumes with minimal overhead
What is our primary use case?
My main use case for HAProxy is as the Ingress controller for all my workloads sitting in Kubernetes , where anything entering from the public internet has to hit HAProxy first. HAProxy makes the weighted routing for blue-green deployments and also some sort of request and header-based routing to different environments and different applications or microservices in the Kubernetes clusters.
I used HAProxy mostly with the initial 1.5 or 1.6 Kubernetes clusters where it was the only solution compatible with NGINX , which I used for Kubernetes workloads and also for the monolithic architecture where the traffic comes from the external world, and we want to have a similar kind of configuration with a load balancer in place. I use the same HAProxy open source for on-premises to maintain similar toolsets, one from the commercial variant for the cloud and one for the on-premises variant.
A unique use case I would highlight is that initially, most API gateways or reverse proxies did not support all the functionalities we expect from an API gateway. For example, we needed rate limiting functionality not just on IP addresses but on a mix of multiple headers and content manipulations. I used HAProxy for rate limiting and integrated it with ModSecurity, our homegrown tool from open source, which we wanted to inline with HAProxy. Eventually, HAProxy introduced WAF functionality for web application filtering, where we configured certain rules for acceptance and content enrichment, ensuring that X-Forwarded-For requests were sent to downstream applications for visibility and effective issue triage. We wrote some plugins for HAProxy and received significant help from the HAProxy team to empower our WAF use cases over time.
What is most valuable?
In my experience, the best feature of HAProxy is its load balancing capabilities, as it provides various algorithms, stickiness, and configurations. I have extensively used HAProxy along with NGINX over the years and found its load balancing feature to stand out. Configuration management is easy once you are familiar with deploying it, but it is not flexible enough to allow complete configuration from the UI. I have not used HAProxy in the last three to four years, but previously, its UI perspective was lacking, requiring manual adjustments. Though configuration management is not a primary focus, load balancing definitely stands out in terms of feature set. Flexibility-wise, we centralized multiple environments with a single HAProxy deployment, and its ability to handle billions of events amazed me. However, while security features have replaced WAF functionality, they are limited for smaller organizations that do not need dedicated load balancers or WAF capabilities. Built-in capabilities provide a core advantage from a cost perspective, especially for those starting out, and I recommend exploring Terraform or Ansible for configuration management, though it is still in an outdated style.
HAProxy positively impacted our organization by exceeding scalability expectations, initially projected at 200k requests but ultimately handling over 15 million transactions per second without any issues. We assume it can handle beyond 1 billion transactions per second since we encountered no performance hiccups. In terms of reliability, we have not experienced significant issues, though reliability concerns can arise during configuration management reloads. Cost savings are notable for startups needing minimal feature sets across WAF, API gateway, and load balancer functions, making HAProxy a cost-effective foundational tool that can save more than $100k per year for users.
What needs improvement?
One needed feature for HAProxy is a more robust API Gateway, which still has limitations despite many validations for Kubernetes, especially around ease of use and persona-based designs for different user roles. The existing functionalities around load balancing do not focus enough on security or configuration management aspects. The reloading functionality is effective as it allows soft reloads without interrupting traffic patterns, but configuration management should improve significantly, especially concerning UI and GitOps principles for easier management. While RBAC is implemented, it is not sufficiently granular for controlling access privileges, which should improve over time for managing distinct features.
A significant area for improvement in HAProxy is its tenancy model; managing multiple environments can be challenging, especially with mergers, acquisitions, or domain changes. It lacks centralized management capabilities for uniform configuration templates across regions. The tool should allow smooth version transitions and facilitate zero-touch deployments to streamline operations.
Enhancements in tooling and integration with technologies like eBPF are crucial for HAProxy. The customer support aspect also requires improvement, as their SLA responses are often not immediate enough for users who depend on HAProxy as a primary tool. Documentation can be better, particularly regarding configuration templates and best practices that fit diverse requirements.
For how long have I used the solution?
I have been using HAProxy for almost four to five years during my career at Arista Networks and some portion at the Zeta as well, especially for the Kubernetes workload deployments from the marketplace.
What do I think about the stability of the solution?
HAProxy is generally stable in my experience, though issues can arise during configuration management when changes are necessary.
What do I think about the scalability of the solution?
For scalability, HAProxy meets my needs, supporting our initial horizontal scaling and then adapting to vertical scaling in a VMware environment, utilizing Horizontal Pod Autoscaler (HPA) for Kubernetes and Vertical Pod Autoscaler (VPA) for the VM deployments.
How are customer service and support?
My interactions with HAProxy's customer support were limited, but the feedback from my team indicated satisfactory service; however, SLAs were longer than our expectations.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before HAProxy, I initially used NGINX and switched due to scaling and reliability needs, finding HAProxy more maintainable and user-friendly with better documentation.
How was the initial setup?
We purchased HAProxy via the AWS Marketplace , deploying it with our own methods using the provided Helm charts.
What was our ROI?
I estimate seeing a return on investment with HAProxy, as it significantly reduced staff requirements and enhanced scaling capabilities, particularly when transitioning from NGINX, which faced issues. Although HAProxy simplified the transition to Kubernetes, operational differences remained minimal over time.
What's my experience with pricing, setup cost, and licensing?
My experience with HAProxy's pricing was positive, though I do not remember the exact figures as it was a few years ago. The pricing remains competitive compared to other vendors, and the service is somewhat aligned with recent tooling developments, although pricing structures may require re-evaluation for future offerings.
Which other solutions did I evaluate?
I considered NGINX during my selection process and also looked into Kong, which I find to be a robust API gateway with better functionality alongside Envoy .
What other advice do I have?
We measured transaction rates and cost savings by comparing alternatives like dedicated tools for WAF, such as Cloudflare WAF or AWS WAF , noting their costs and estimating a 30% to 40% saving. We evaluated metrics with Prometheus, analyzed through Grafana , and created custom metrics that confirmed our handling of requests without any performance issues during our scale-up period. Cost-wise, we determined HAProxy was a tool that could replace WAF, load balancer, and reverse proxy capabilities in a unified solution.
I would rate HAProxy an eight out of ten because of concerns around configuration management, the need for better management of multiple environments, a single source of truth, UI enhancements, and the potential for more frequent updates and support. Once these areas are improved, HAProxy could easily become a nine or ten out of ten.
My advice to new users is to pre-plan their intended feature use, clearly define limitations, and understand compatibility to avoid scalability issues. It is also crucial to benchmark in real-time environments. Overall, HAProxy is a great product; thorough evaluation is important to ensure that it meets user expectations before fully committing.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Has simplified load distribution across services and centralized configuration management
What is our primary use case?
I have been using HAProxy for about a year.
My main use case for HAProxy is mostly forwarding public traffic into internal services over a Proxmox HA cluster. I get traffic from Keepalived VIP and forward it to HAProxy, and from there to internal services. I monitor and track port 80 and 443.
I am also using HAProxy for Redis and RabbitMQ traffic. I have three dedicated servers right now, with each server having one Redis node and one RabbitMQ node. Based on the traffic, for example, if an API is running on host one, HAProxy forwards traffic from this API host one to host one Redis node or RabbitMQ node one, internally making them use the same host to prevent latency.
What is most valuable?
The best features HAProxy offers for my setup are easy configuration, as I don't need to set up many things; I just installed it and write configurations based on my needs. Traffic flows easily, and it's easy to manage all the internal services in one place, in one file.
The configuration is easy for me because the syntax is straightforward; it's easy to catch paths and domains. It seems simpler than NGINX , and the load balancing is very good on HAProxy. The load balancing is easy on HAProxy, and I appreciate that.
HAProxy has positively impacted my organization by making it easier for me to manage configurations. I put configuration files on the Ceph storage shared across the whole cluster, allowing me to write my configuration, change it easily in one place, and reload it. I wrote a reload script that reloads all the configurations on all the cluster nodes, allowing them to run smoothly.
I don't know how much time I save, but it made my setup stable, which is the most positive aspect. There are months when I don't even touch it as long as I don't add a new service on my cluster.
What needs improvement?
HAProxy is very easy for me to use. I installed it easily and configured it after checking the documentation, which was clear. I wrote as described, and it worked well, but an easier desktop interface to connect to a remote server and make changes on my PC would be beneficial.
An alerting system would be better as I need to check log files if any backend is down. Integrated Telegram alerts or WhatsApp or different channels would make it better.
What do I think about the stability of the solution?
HAProxy is very stable.
What do I think about the scalability of the solution?
HAProxy's scalability is easy for me as I'm using it on dedicated servers with a cluster, but I haven't used it for Kubernetes or any other cloud platforms, so I cannot comment on that.
Which solution did I use previously and why did I switch?
I was using NGINX before switching to HAProxy.
How was the initial setup?
Setting up HAProxy didn't cost anything for me.
What's my experience with pricing, setup cost, and licensing?
Setting up HAProxy didn't cost anything for me.
Which other solutions did I evaluate?
Before choosing HAProxy, I discussed it with ChatGPT, found it convenient, tried it, tested it, and it was fine, so I didn't bother to try anything else.
What other advice do I have?
My advice to others looking into using HAProxy is to dive straight into it; there's nothing to lose and many things to gain. I would rate this product an 8.