OSBal is a visual control panel for HAProxy, Keepalived, and Stunnel4. Convert any physical machine, VM, or Raspberry Pi into a secure, layer 7 load-balancing appliance in minutes.
A load balancer built specifically for environments where cost, performance efficiency, and offline resilience are paramount.
Unlike cloud load balancers (AWS ALB, Azure, GCP) that charge subscription hours plus data egress metrics, OSBal runs on your own hardware or VMs with unlimited bandwidth for free.
Perfect for private subnets, secure military networks, edge installations, or homelabs. OSBal functions 100% locally and does not depend on cloud APIs or WAN connection links.
Proprietary enterprise VMs require several cores and gigabytes of RAM. OSBal runs high-performance C binaries (HAProxy & Keepalived) using less than 512MB RAM on a Raspberry Pi.
How OSBal compares directly to other open-source load balancers and proxy managers in the ecosystem.
| Feature | OSBal | Roxy-WI | Nginx Proxy Manager | Raw CLI Configurations |
|---|---|---|---|---|
| Clustering / Failover (VRRP) | Yes (Built-in active-passive config) | Yes (Complex multi-daemon) | No (Must setup manually) | Manual script configuration |
| Supported Proxy Engines | HAProxy & Stunnel4 | HAProxy, Nginx, Keepalived | Nginx only | Any (HAProxy, Stunnel, Nginx) |
| License & Restrictions | 100% Free (No limits) | Commercially limited / Paid subscription | 100% Free | 100% Free |
| Resource Overhead | Ultra Low (<512MB RAM) | Heavy (requires Python backend) | Medium (NodeJS & database) | Ultra Low |
| Setup & Maintenance | Easy (1-line script & UI) | Hard (requires database & config servers) | Easy | Hard (Manual text edits only) |
Pros: Highly comprehensive, supports multiple load balancers, and has advanced monitoring dashboards.
Cons: Heavy Python/Flask overhead. Advanced features and updates are locked behind paid commercial licenses or memberships. Setup is complex and time-consuming.
Pros: Extremely user-friendly UI, simple setup, and integrated Let's Encrypt SSL certificate generation.
Cons: Limited strictly to Nginx. Lacks Keepalived VRRP failover config, meaning you cannot easily set up active-passive redundant cluster load balancers out of the box.
Toggle native SQL Injection (SQLi) query blocking, Cross-Site Scripting (XSS) filters, automated WAF request mitigation (Deny vs. Tarpit delay), and configure global IP Access Blacklists. Compiled directly into HAProxy ACL rules.
Inspect active connection stats, query response times, and filter blocks. Features a simulated live Access Logs terminal and stress simulator to test threshold behaviors.
Dynamic package diagnostics list automatically verifies that HAProxy, Keepalived, and Stunnel are installed, guiding you through admin setups and network interfaces.
Create frontends, backends, and assign server nodes using balancing strategies like Round-Robin, Session Cookie-based stickiness, or Client IP hashing from a clean web form.
Validate compilation syntax before reloads. Invokes the official `haproxy -c` config check directly from the web console, preventing bad parameters from crashing active services.
Run instant socket reachability tests from the load balancer appliance to backend IPs and ports. Verify connection latency (in ms) or receive detailed system-level socket failure reports.
Ready to deploy? Copy the script below to install system dependencies, download the OSBal interface, configure system permissions, and launch the web server automatically.
OSBal exposes a fully featured REST API on every node. This API allows external orchestration tools to export configuration states, deploy certificates, update blocklists, or synchronize redundant HA pairs.
All external API requests must authorize by sending the cluster's shared secret API key. Add the key under one of the following HTTP headers. Requests without valid keys will receive a 401 Unauthorized response.
Retrieves the complete appliance database structure. The output is a consolidated JSON object containing service configurations, SSL certificates, global IP blacklists, and HA router parameters.
Overwrites the local appliance configuration database with the incoming JSON payload, triggers a compilation of configuration files, and restarts services.
ha_settings, OSBal automatically inverts the VRRP role (e.g. if the incoming role is MASTER, the receiving local node configures itself as BACKUP). This prevents duplicate MASTER conflicts.
Send a JSON payload matching the structure exported by the GET endpoint (with optional services, ssl, blacklist, or ha_settings objects).
| HTTP Code | Meaning | Condition | JSON Response Example |
|---|---|---|---|
| 200 OK | Request Success | Config exported or successfully imported & reloaded. | {"success":true,"message":"..."} |
| 400 Bad Request | Invalid Payload | JSON parsing failed or parameters are missing. | {"success":false,"message":"Invalid payload"} |
| 401 Unauthorized | Auth Failure | Missing or incorrect X-OSBAL-API-KEY header. |
{"success":false,"message":"Unauthorized"} |
| 405 Method Not Allowed | Invalid Method | Endpoint queried using PUT, DELETE, or other method. | {"success":false,"message":"Unsupported method"} |
| 500 Server Error | Reload Failed | Config stored locally, but daemon reload command failed. | {"success":false,"message":"Reload failed: ..."} |
OSBal was designed to fill a crucial gap in modern infrastructure: providing an elegant, visual, and secure management platform for bare-metal, virtualized, and edge load-balancing appliances. Built entirely on top of industry-standard C-based engines (HAProxy, Keepalived VRRP failover, and Stunnel4 SSL termination), OSBal delivers enterprise reliability with a lightweight resource footprint capable of running on Raspberry Pi or virtual private servers.