Blog
Nginx vs HAProxy vs Envoy — an honest 2026 comparison
May 24, 2026 · 1 min read · by Sudhanshu K.
We deploy all three. Nginx is the default unless something specific is needed. HAProxy still beats it on raw TCP load balancing and on the dynamic-backend story. Envoy is what we reach for when we need real service mesh, gRPC features, or modern observability that the other two don't natively provide.
This is the decision framework we use.
Nginx — the safe default
upstream backend {
least_conn;
server 10.0.0.10:8080;
server 10.0.0.11:8080;
keepalive 32;
}
server {
listen 443 ssl http2;
location / { proxy_pass http://backend; }
}Nginx wins when: HTTP/1.1 + HTTP/2 + static-file serving + simple reverse proxy is enough. Which is most of the time.
The full write-up covers:
- HAProxy's strengths: stick tables, advanced ACLs, raw TCP performance, runtime API for live backend updates
- Envoy's strengths: dynamic config via xDS, native gRPC + HTTP/2 to backend, OpenTelemetry instrumentation, mTLS termination at scale
- The failure modes that decide which to pick (zero-downtime config reload, runtime backend changes, gRPC-specific load balancing)
- Memory and CPU profiles at 10K and 100K connections
- Operational story: how each reloads config, how each handles upstream failure
- Real workload mapping — which proxy we deploy for which customer pattern
We deploy this matrix on every managed edge engagement.
Full article available
Read the full article