Benchmarking Reverse Proxies

Downloads

I personally have a couple of websites running on a single server. As only one application can listen on the http and https port, I need a reverse proxy, which redirects each request to the program which is registered to handle all requests for a specific domain.

At this time I use Caddy, which is quite comfortable because it has the simplest configuration format I know and – more importantly – it fetches all its https certificates on its own, without any additional configuration.

I compared the performance of several different combinations of Caddy, Varnish, HAProxy, NGINX and Apache. Caddy, NGINX, Apache are normal web servers. Varnish is a caching reverse proxy, which can be used to e.g. cache sites rendered by php scripts and greatly accelerate page loading and reduce server load. Varnish is not able to use TLS so it is often used in conjunction with HAProxy, which can strip TLS from connections and is also a load balancer.

Some important for HAProxy settings are:

global
	maxconn 1024
	npthread 12
	…

defaults
	# This turned out to be a big performance hit, at least for this benchmark scenario
	#option http-server-close

The server I choose as the back-end behind the reverse proxies rendered a simple template and is written in Rust using the actix-web library. The used processor is a i7-5280K with 6 cores/12 threads @3.6 GHz. wrk generated requests for 10 seconds:

wrk -t2 -c100 -d10s http://localhost:8080

The different setups are:

  • raw: The back-end is directly benchmarked, this should give a baseline.
  • caddy/varnish/haproxy/nginx/apache: The respective program is used as a reverse proxy before the back-end.
  • varnish_cache: Varnish is the reverse proxy and caching is not disabled (i.e. no instruction in the vcl_recv block).
  • haproxy_http-varnish: Every request goes first through HAProxy, then through Varnish and hits then the back-end. The communication between HAProxy and Varnish is normal http.
  • haproxy_proxy-varnish: Same as above, but the communication between HAProxy and Varnish is done through the PROXY protocol v2.
  • haproxy_http-varnish_cache/haproxy_proxy-varnish_cache: Same as above, but without disabled caching in Varnish.

Here is the throughput:

Table of throughput using http

Diagram of throughput using http

And the latency, so how long the browser has to wait until it receives the requested site:

Table of latency using http

Diagram of latency using http

The same benchmarks were also run with https instead of http. This time, only combinations which are capable to run with https are listed.

Interestingly it turns out that Caddy is faster with https than http.

Throughput:

Table of throughput using https

Diagram of throughput using https

Latency:

Table of latency using https

Diagram of latency using https