About this release
Key changes in the HAProxy Enterprise 2.5r1 release include:
Improved performance from enhancements in memory utilization, HTTP chunking, multithreading, and DNS response processing
More granular thread allocation and control to reduce scheduler contention to support high connection rates
Access to more actionable information through logging, fetches and Runtime API commands
Runtime adding, editing and removal of certificate authority (CA) entries and certificate revocation list (CRL) files
Added functionality for Lua scripting
Getting this release
Installation and upgrade instructions.
If you're not an HAProxy Enterprise user yet, request a free 14 day trial: https://www.haproxy.com/downloads/hapee-trial/ .
If you'd like to speak to someone about becoming an HAProxy Enterprise user, contact us here https://www.haproxy.com/contact-us/ .
What's new, improved and removed
Multiple performance improvements are built-in to HAProxy Enterprise.
- Improved Performance
Memory optimizations on x86 platforms
Lockless memory pool implementation for non-x86 architectures
Faster connection dequeueing due to locking reduction
Revamped and more efficient Domain Name Service (DNS) response processing
Faster HTTP/1 small chunk parsing
- Better thread allocation and control
Split the total number of configured threads (
nbthread) into ranges and assign them to handle incoming connections for unique IP addresses by adding the
threadargument to a
bind. Reduce scheduler contention with the
shardsoptions on systems that support multiple listeners per socket.
- Observability and access to more information
More robust reporting on startup
Statistics for stopped proxies are viewable in the Stats Pane
The HAProxy Enterprise version and executable path are displayed before the first warning or error to aid with troubleshooting
Retrieve the original source address of an incoming proxy that connects using the PROXY protocol with fetch
tcp-request content ruleset: set-src, set-src-port
Log connection information for handshake errors, using:
ssl_bc_err, ssl_fc_err, ssl_bc_err_str, ssl_fc_err_str, fc_err, bc_err
Retrieve backend connection errors with
Store up to 100 indexes in a single Stick Table variable, using General Purpose Counter (GPC) and General Purpose Tag (GPT) arrays.
Disable bootstrapping WebSockets with HTTP/2 (RFC8441) for newer browsers that don't support it by using
Ignore connections without data transfer in the logs with the
Gracefully stop proxies, allowing enough time for layer 4 devices to detect changes with the global
http-requestdirectives to named
Add more logic to configuration file
.if, .elif, and endifconditions with the addition of
AND, OR, NOT,and parentheses expressions.
improved reliability of host header field dependent ACLs by automatically stripping the port (80 or 443) from the URI and the host field.
Peers ignore updates on the Stick Table
conn_curcounter from other peers, ensuring local data is accurate and reflects actual traffic.
- Runtime API commands
Display free memory in thread-local caches with
Display file, line numbers, rules, and filters processed per session with
show sess all
Full support for creating, managing and removing servers on the fly. The
add servercommand now supports all keywords including:
check, track, slowstart, error-limit, ssland
View the number of entries in summary output of the
show aclcommands with the included
- Lua scripting
Initiate HTTP requests using the
httpclientclass. Inspect or modify TCP and HTTP content using an experimental feature set that should be used only in test environments.
- Traffic routing
Redirect rules for empty target URLs are skipped by adding
Check the integrity of claims contained within JSON Web Tokens (JWT) and extract data from JWTs to use in rules.
Add, update, and delete Certificate Authorities (CA) and Certificate Revocation Lists (CRL) using Runtime API commands.
Display Online Certificate Status Protocol (OCSP) to validate X.509 digital certificates from the command line (CLI) with
show ssl certand
show ssl ocsp-responsecommands.
OpenSSL 3.0 is fully supported
Automatic sanitizing of Transfer Encoding (TE) headers to conform to HTTP/1 specs by making a request or response TE header or a request with Content-Length and TE header the last on a connection.
- Removed directives
grace (per proxy directive replaced by global grace directive)
no option http-use-htx
Current HAProxy Enterprise customers, log in to the customer portal, https://my.haproxy.com/portal/cust/login.
Next upGetting Started