Haven’t used HAProxy since Tumblr, but it was fantastic then.
Anyone with recent experience using it as the reverse-proxy in front of your webservers, especially if it does your HTTPS decryption:
Is it still awesome?
Does it work well with LetsEncrypt + certbot or similar?
How "big" is Overcast?
We know of several companies using us to serve tens of thousands of their customers sites -- Caddy scales globally and can handle millions of sites and certificates (hardware/cluster permitting).
Google, Netflix, Cloudflare all run Go on their edge.
Unrelated. I’m currently doing load-balancing and HTTPS termination with CloudFlare, I’m looking to bring it back “in-house”, and my previous experience with Linode NodeBalancers was fine but I overloaded them a lot.
I’d recommend giving Caddy 2 a try, does wonders as a reverse proxy with auto SSL. Super simple config, rock solid.
I find HAProxy’s config overly verbose, Caddy is a breath of fresh air.
Happy to help if you have any questions!
Having said that, yes HAProxy still works flawlessly and is great at serving HTTPS.
The benefit of a modern alternative (like Caddy or Traefik) is that you can get modern cryptography without being tied to your (probably old) OpenSSL version on the host.
HaProxy is still awesome. Old boring technology that works really well.
We use it for load balancing and HTTPS encryption at @ChurchTools
It was never our bottleneck and handles everything you throw at it.
Just add a Kubernetes container to spin up an autoprovisioned terraform node and orchestrate level 6 load balancing across multicloud distributed kvs clusters by dropping in an etcd pod to your systemd YAML.
My employer uses it for load balancing and some routing (some paths go to applications servers some directed to asset servers) and our ops team seems pretty happy with it. I don’t know Overcast’s numbers but we’re a fairly large e-commerce company
Another one for Nginx. It’s so super simple and it’s there’s plenty of tutorials on using it with letsencrypt. I use Nginx and certbot (letsencrypt) as a reverse proxy with HTTPS running on docker to front all my home automation stuff