HAProxy vs Traefik for web proxy?

O

oguruma

Patron
Joined
Jan 2, 2016
Messages
226
I have a couple web servers behind my single ISP IP address. I currently use a HAProxy in a Ubuntu VM as a proxy for those. It works fine, but I can't help but think it might be more efficient to use the Traefik App instead of using a VM.

I've never needed app ingress, but I suppose it would also make sense to have Traefik in place in case I do at some point in the future.

Can Traefik handle SSL termination?

Does Traefik perform as well as HAProxy in terms of web proxys?

Are there any good walkthroughs on how to configure it to proxy?
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
oguruma said:
Can Traefik handle SSL termination?
Click to expand...
Definitely.
oguruma said:
Are there any good walkthroughs on how to configure it to proxy?
Click to expand...

Installing Traefik | TrueCharts

Within TrueCharts, our aim is to make it as easy as possible to secure your Apps.
truecharts.org truecharts.org

Ingress | TrueCharts

Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names). If you choose to enable this you must have a Reverse Proxy installed and a DNS service to resolve the DNS name...
truecharts.org truecharts.org
 
S

sos_nz

Explorer
Joined
Mar 17, 2023
Messages
58
FWIW, I run haproxy, but on OPNsense, where the GUI makes things very easy to configure. I use this to access my various homelab services (nextcloud, jellyfin, homeassistant et al.), and it's excellent. It can also easily serve up an SSL certificate, or respect an existing SSL setup which a service may be running with.

For such a critical piece of infrastructure, I prefer to run it on my firewall, rather than as an app / kubernetes container.

It's also trivial to harden it so you get an 100% A+ score @ Qualys SSL Server Test (https://www.ssllabs.com/ssltest/), which is a fun thing to aim for :)
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
On my OPNsense box, I found it far easier to install the community package of Caddy, and then write the Caddyfile by hand, than to deal with the Byzantine, inherited-from-pfSense configuration for HAProxy. No, there's no GUI for it, but a complete reverse proxy configuration consists of:

Code:
bitwarden.mydomain {
    reverse_proxy 10.0.0.50:8000
}


Nothing to configure for the cert, nothing to configure for TLS, nothing to configure for HTTP->HTTPS redirection--all that is handled automatically. When/if I want to add another reverse proxy configuration, I edit the Caddyfile to add another three lines in that form, and that's it. As a result, I don't even have the ACME certificate plugin installed in my OPNsense box.

But that's probably getting kind of far afield from OP's question.
 
You must log in or register to reply here.

Similar threads

D
Is the Traefik app the *recommended* option for app ingress, or the *only* option?
Replies
0
Views
2K
Darren David
D
B
Traefik - Can't access the dashboard
2
Replies
23
Views
6K
sammie
S
R
SOLVED webnut (truecharts) - ingress
Replies
7
Views
2K
ragametal
R
flimofly
SOLVED Traefik - remote access to apps works via URL, but not via Open button in TNS GUI
Replies
3
Views
2K
sretalla
sretalla
L
How to expose containers / apps to a vlan !!???
Replies
8
Views
3K
PackElend
P
Top