HAProxy (High Availability Proxy) is an open-source TCP and HTTP load balancer used to distribute incoming connections across multiple backend servers. It is widely used for its high performance, reliability, and scalability.

It is capable of handling and forwarding incoming requests based on various load balancing algorithms, such as Round Robin, Least Connections, Source IP Hash, URI Hash, URL Parameter Hash, Static Round Robin, and First Available. It also supports SSL/TLS termination (offloading), content caching, compression, request and response rewriting, health checks, and detailed logging.

Load balancing SOCKS5 connections over multiple SOCKS5 proxies is a way to maximize performance when using open proxy servers. Check out a frequently updated list of servers at [Link].

COMPARISON (basic and superficial, based on my experience)

  • Apache
    • A fully featured web server that can also run a WAF (e.g. modsecurity) and act as a reverse proxy.
  • NGINX
    • Also a fully featured web server, but lighter than Apache.
  • Varnish
    • A powerful reverse proxy focused on offloading backend web applications through caching and SSL termination.
  • HAProxy
    • A proxy capable of load balancing not only HTTP/HTTPS but also any TCP and UDP traffic.

Note: Many could argue that most of the features listed above are common to all of these solutions, and that is true. But this is how I prefer to use each of them.


INSTALLATION

sudo apt update && sudo apt upgrade -y
sudo apt install haproxy -y
sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bkp
sudo nano /etc/haproxy/haproxy.cfg

LOAD BALANCING TCP TRAFFIC

In the following example, the SOCKS5 load balancer listens on port 1080 on all interfaces. It forwards each new connection in a round-robin fashion to one of the SOCKS4 proxy servers (in this case on localhost ports 9050 to 9059).

global
    log 127.0.0.1 local0
    log 127.0.0.1 local1 notice
    maxconn 4096
    user haproxy
    group haproxy

defaults
    log global
    mode tcp
    option tcplog
    option dontlognull
    timeout connect 5000
    timeout client 50000
    timeout server 50000

listen socks5
    bind :1080
    mode tcp
    balance roundrobin
    server server0 127.0.0.1:9050
    server server1 127.0.0.1:9051
    server server2 127.0.0.1:9052
    server server3 127.0.0.1:9053
    server server4 127.0.0.1:9054
    server server5 127.0.0.1:9055
    server server6 127.0.0.1:9056
    server server7 127.0.0.1:9057
    server server8 127.0.0.1:9058
    server server9 127.0.0.1:9059
sudo systemctl restart haproxy

Note: This SOCKS5 load balancer can also be used to distribute Tor traffic across multiple circuits. It requires the Tor service to be configured to listen on multiple ports and run as a daemon.

sudo nano /etc/tor/torrc
...
SocksPort 0.0.0.0:9050
SocksPort 0.0.0.0:9051
SocksPort 0.0.0.0:9052
SocksPort 0.0.0.0:9053
SocksPort 0.0.0.0:9054
SocksPort 0.0.0.0:9055
SocksPort 0.0.0.0:9056
SocksPort 0.0.0.0:9057
SocksPort 0.0.0.0:9058
SocksPort 0.0.0.0:9059
...
RunAsDaemon 1
...
sudo nano /lib/systemd/system/tor.service
...
ExecStart=/usr/sbin/tor -f /etc/tor/torrc
...

BONUS

The following example uses a different syntax. Instead of a single block, two separate blocks are used: one for the frontend and one for the backend.

frontend http-inbound-traffic
        bind :80
        mode http
        default_backend apache-servers

backend apache-servers
        mode http
        balance leastconn
        server apache1 10.1.1.100
        server apache2 10.1.1.200:8080