HAProxy Enterprise handles SAML single sign-on for your applications and integrates with identity providers like Azure Active Directory.
Use the HAProxy Runtime API to update SSL certificates in HAProxy without a reload. When you route traffic through an HAProxy load balancer, you gain the ability to terminate SSL at the load balancer. HAProxy encrypts communication between the client and itself and then sends the decrypted messages to your backend servers, which means less CPU work on the servers because there’s no encryption work left to do.
HAProxy gives you an arsenal of sophisticated countermeasures including deny, tarpit, silent drop, reject, and shadowban to stop malicious users. There are two phases to stopping malicious users from abusing your website and online applications. Step one is detection, step two is deploying countermeasures. HAProxy is more powerful than nearly every other load balancer when it comes to both detection and countermeasures.
The HAProxy Kubernetes Ingress Controller integrates with cert-manager to provide Let’s Encrypt TLS certificates. When it comes to TLS in Kubernetes, the first thing to appreciate when you use the HAProxy Ingress Controller is that all traffic for all services travelling to your Kubernetes cluster passes through HAProxy. Requests are then routed towards the appropriate backend services depending on metadata in the request, such as the Host header.
Version 2.1 of the HAProxy Data Plane API expands support to all available request and response actions, adds Lua actions, and improves file handling. A year ago, we introduced version 1.0 of the HAProxy Data Plane API, enabling you to configure your HAProxy load balancers remotely through a modern RESTful HTTP API. That first version of the API focused on the essential behaviors for creating frontend proxies, backend server pools, ACLs and traffic switching rules.
The HAProxy Process Manager allows you to start external programs that are managed under HAProxy. Not everything is compiled directly into HAProxy’s C code. Some components are written using other programming languages and run alongside the load balancer.
HAProxy Technologies is excited to announce the release of HAProxy 2.2, featuring a fully dynamic SSL certificate storage, a native response generator, an overhaul to its health checking system, and advanced ring logging with syslog over TCP. Watch our on-demand webinar Ask Me Anything About HAProxy 2.2. If you missed the webinar about HAProxy 2.2, you can watch it on-demand as well.
Under the hood, the HAProxy Data Plane API and the HAProxy Kubernetes Ingress Controller are powered by a shared set of Go libraries that apply changes to an HAProxy configuration file. In this talk, Marko Juraga describes how these libraries are developed and invites you to use them in your own projects when you need to integrate with HAProxy. Watch Marko’s presentation video or read the transcript below. Explore more HAProxyConf 2019 talks in our User Spotlight Series.