I have a need similar to this member: Single public IP, multiple HTTPS backends, Certs should stay on the backend servers. The answers to the post list NGINX, haproxy and sniproxy als possible solutions.
My public IP lives on a Debian server with really tight resources (1 vCPU, 512MB RAM), so that's an issue. Which of the listed solutions needs the least resources? Or are there other alternatives? TIA!
@anx said "Test it" (in bold, nonetheless) and so I did.
Well, not really, since I don't have the time for that. Since I suspected that the different solution may be apart by orders of magnitude, I saved myself the pain of: Actually configuring things and setting up another system to run a load-test. Especially since the specs of my reverse proxy hint that the backend servers are not high volume.
Instead I installed the packages (just apt install <App>) and did free -m && service <APP> start && free -m && service <APP> stop && free -m. Waiting a few seconds between the steps. I also used Debian 11, which, at the time of writing, is still the testing branch.
Very rudimentary, I know, but it served my purpose. This is the result, formatted as: Application (Disk space used, Additional packages installed by apt, memory used)
sniproxy (298 kB, 2, 1-2 MB)
apache2 (8,634 kB, 6, 3-4 MB)
nginx (20,500 kB, 20, 4-6 MB)
haproxy (4,315 kB, 1, 34-35 MB)
I've included apache since I assume that it also includes a similar functionality, even though it was not mentioned in the linked post. Be aware, this is not scientifically solid, given that I just used free and memory usage by the operating system can of course contribute to the changes.
So, in the UNIX tradition, use a tool, which does one job only (and hopefully does it good). So if you just need a lightweight Layer 4 proxy with SNI support, go with sniproxy. The linked post also mentioned, that it's easy to configure.