HAProxy (High Availability Proxy) is an open-source TCP and HTTP load balancer used to distribute incoming connections across multiple backend servers. It is widely used for its high performance, reliability, and scalability.
It is capable of handling and forwarding incoming requests based on various load balancing algorithms, such as Round Robin, Least Connections, Source IP Hash, URI Hash, URL Parameter Hash, Static Round Robin, and First Available. It also supports SSL/TLS termination (offloading), content caching, compression, request and response rewriting, health checks, and detailed logging.
Load balancing SOCKS5 connections over multiple SOCKS5 proxies is a way to maximize performance when using open proxy servers. Check out a frequently updated list of servers at [Link].
COMPARISON (basic and superficial, based on my experience)
- Apache
- A fully featured web server that can also run a WAF (e.g.
modsecurity) and act as a reverse proxy.
- A fully featured web server that can also run a WAF (e.g.
- NGINX
- Also a fully featured web server, but lighter than Apache.
- Varnish
- A powerful reverse proxy focused on offloading backend web applications through caching and SSL termination.
- HAProxy
- A proxy capable of load balancing not only HTTP/HTTPS but also any TCP and UDP traffic.
Note: Many could argue that most of the features listed above are common to all of these solutions, and that is true. But this is how I prefer to use each of them.
INSTALLATION
sudo apt update && sudo apt upgrade -y sudo apt install haproxy -y sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bkp sudo nano /etc/haproxy/haproxy.cfg
LOAD BALANCING TCP TRAFFIC
In the following example, the SOCKS5 load balancer listens on port 1080 on all interfaces. It forwards each new connection in a round-robin fashion to one of the SOCKS4 proxy servers (in this case on localhost ports 9050 to 9059).
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
listen socks5
bind :1080
mode tcp
balance roundrobin
server server0 127.0.0.1:9050
server server1 127.0.0.1:9051
server server2 127.0.0.1:9052
server server3 127.0.0.1:9053
server server4 127.0.0.1:9054
server server5 127.0.0.1:9055
server server6 127.0.0.1:9056
server server7 127.0.0.1:9057
server server8 127.0.0.1:9058
server server9 127.0.0.1:9059
sudo systemctl restart haproxy
Note: This SOCKS5 load balancer can also be used to distribute Tor traffic across multiple circuits. It requires the Tor service to be configured to listen on multiple ports and run as a daemon.
sudo nano /etc/tor/torrc
... SocksPort 0.0.0.0:9050 SocksPort 0.0.0.0:9051 SocksPort 0.0.0.0:9052 SocksPort 0.0.0.0:9053 SocksPort 0.0.0.0:9054 SocksPort 0.0.0.0:9055 SocksPort 0.0.0.0:9056 SocksPort 0.0.0.0:9057 SocksPort 0.0.0.0:9058 SocksPort 0.0.0.0:9059 ... RunAsDaemon 1 ...
sudo nano /lib/systemd/system/tor.service
... ExecStart=/usr/sbin/tor -f /etc/tor/torrc ...
BONUS
The following example uses a different syntax. Instead of a single block, two separate blocks are used: one for the frontend and one for the backend.
frontend http-inbound-traffic
bind :80
mode http
default_backend apache-servers
backend apache-servers
mode http
balance leastconn
server apache1 10.1.1.100
server apache2 10.1.1.200:8080