NGINX is awesome, we all know that. It's a great open source web server. But I think after 15 years of building commercial load balancers I can justify writing a fairly aggressive blog post. In general, I agree with the HFT guy - who says that you should 'never use NGINX for load balancing!'.
HAProxy is better than NGINX - in every possible way!
OK - this could turn out to be a very short blog, so why am I writing it now?
Well, as I design, build and sell load balancers based on LVS and HAProxy, it is in my own interest to try and combat the avalanche of NGINX+ marketing propaganda that I've seen over the last year. Let's call this an attempt to skewer fake news.
The thing that really annoyed me was the fact that they re-wrote the start of this book to be about load balancing: https://www.nginx.com/blog/announcing-oreillys-new-book-nginx-a-practical-guide-to-high-performance/
OK, so I admit that it's just pure jealousy - I wish I had the marketing clout that commercial NGINX+ has with Google, O’Reilly (and Gartner for that matter).
Before I continue this rant, let's address the following questions:
When should you use NGINX for load balancing?
- When you are already using NGINX and have basic requirements.
- If you've already used it before and are happy with it.
- Ummmm....
So yes, if you are already using NGINX in your environment and just need a simple load balancer, then go ahead and use NGINX as a reverse proxy as well. It's perfectly functional, reliable and scalable.
But if you need a real load balancer, with high-availability, monitoring and full application delivery functionality then use HAProxy.
Why should you use HAProxy for load balancing?
- Because everyone else does
- It's tried and tested
- It has 98% of the functionality you would ever need
- It's been around for a long time
- Large active open source community
- Designed from the start to be a high performance load balancer
- IPV6, PROXY PROTOCOL, TPANSPARENT PROXY, SSL & SNI, HTTP2, API, LUA Scripting, RDP connection broker, Stick tables, multi-node session replication, DDOS & DOS protection... etc.
I could go on, but I think you get the point!
What about commercial NGINX+?
Commercial NGINX+ is a great product. The company is well funded and growing rapidly. It is clearly targeting the cloud and dev ops market (like Avi Networks). I'm sure it has fantastic support... and the product is going through very rapid development and improvement...
Well, this brings us to the actual problem doesn't it?
"Commercial NGINX+ has a clear conflict of interest with the open source NGINX load balancer"
They don't make any effort to hide this fact:
"NGINX Plus has exclusive production‑ready features on top of what's available in the open source offering, including session persistence, configuration via API, and active health checks."
(https://www.nginx.com/products/nginx/)
The best way to ensure product breadth, depth and quality of a platform is to work with the open source community in a productive and open manner.
Just like NGINX does for its excellent and widely loved web server....
BUT - intentionally cripples its open source load balancer.
HAProxy does not seem to have this inherent conflict of interest with its commercial offering:
https://www.haproxy.com/products/haproxy-enterprise-edition/
In fact, I'm sure Willy Tarreau's investors wish he was slightly LESS committed to the open source purity of the product :-)
Do I blame NGINX inventor Igor Sysoev?
Hell no - good luck to him.
But I do reserve the right to speak my mind.
BTW - No offense intended to anyone who likes 2CVs. Actually, I quite like the fact a 2CV is so easy to understand and maintain, but it's no Tesla...