HAProxy ALOHA Documentation 15.0

Release Notes

About this release

Key changes in the HAProxy ALOHA 15.0 release include:

  • Upgraded to HAProxy Enterprise 2.7r1

  • Support for HTTP/3 over QUIC

  • Control over SSL errors

  • The ability to pass optional arguments to your Lua scripts

  • Thread groups, which enable assigning sets of threads to listeners

  • New converters

  • Performance upgrades

What's new, improved and removed

HTTP/3 over QUIC
  • This version adds support for the HTTP/3 protocol over QUIC.

  • The bind directive's ca-ignore-err and crt-ignore-err arguments, which let you list TLS errors to ignore, now accept human-readable names in addition to numeric IDs. Refer to the OpenSSL list of error codes to see which values are available.

  • You can now pass optional arguments to your custom Lua scripts from within your L7 configuration file. The lua-load and lua-load-per-thread directives accept one or more arguments after the first argument, which is always the script's filepath. Then, in your script use the built-in table.pack(...) function with an ellipsis as its argument to collect arguments into a variable of type table.

  • A new global directive named thread-group lets you place a range of threads into a group. Once in a group, you can assign those threads to a listening address by adding the thread argument to a bind line in a frontend or listen section. On servers with many CPU cores and thus many threads, allocating a subset of threads to handle connections like this can improve performance by reducing the number of threads competing for work. You can define up to 64 thread groups, each including up to 64 threads.

  • A new global directive named thread-groups lets you set the number of thread groups to create and HAProxy ALOHA will divide the threads available on your server into that number of groups. The maximum number is 64.


This version adds the following converters:




Returns the remaining time before a given key will expire in the stick table, as well as how long ago a given key was last seen.


Returns the time the given key has remained idle since the last time it was updated.


Converts a string that contains a Host header value and removes its port.


Converts a string that contains a Host header value and returns only its integer port.


Converts a numerical value to its corresponding X509_V_ERR constant name, which is useful for setting ACL expressions based on different client certificate errors (expired certificate, revoked certificate, etc.).

Performance upgrades
  • Server health checks, which run at an interval, now fire on the same thread exclusively rather than allowing any available thread to perform the task. This has reduced latency by decreasing competition among threads.

  • Stick tables became more efficient by changing the type of lock used to restrict multiple threads from accessing a table simultaneously. By revising internal code to use a read-write lock, which allows multiple threads to read from the table simultaneously, but allows only one thread to write, performance improved.

  • The integrated HAProxy reduces latency by more aggressively using idle connections when sending HTTP requests to backend servers. If you leave the defaults, or if you manually set the http-reuse directive in a backend to safe, reusing idle connections is enabled and you are choosing the safest mode. That is, a client's first HTTP request will be dispatched to a backend server on a new thread guaranteed to not be closed, and only subsequent requests will use idle connections, which have the risk of closing unexpectedly. In this release, as long as you have also set the retry-on directive in that backend to retry the connection in case of failure, HAProxy Enterprise will use an idle connection for a client's first request too. Set retry-on to include conn-failure, empty-response, and response-timeout.

Deprecated keywords
  • The bind-process directive has been removed.

  • The process argument on a bind line has been removed.

Getting support

Current HAProxy ALOHA customers, log in to the customer portal, https://my.haproxy.com/portal/cust/login.

Next up