Release Notes
About this release
Key changes in the HAProxy Enterprise 2.5r1 release include:
Improved performance from enhancements in memory utilization, HTTP chunking, multithreading, and DNS response processing
More granular thread allocation and control to reduce scheduler contention to support high connection rates
Access to more actionable information through logging, fetches and Runtime API commands
Runtime adding, editing and removal of certificate authority (CA) entries and certificate revocation list (CRL) files
Added functionality for Lua scripting
Getting this release
Installation and upgrade instructions.
If you're not an HAProxy Enterprise user yet, request a free 14 day trial: https://www.haproxy.com/downloads/hapee-trial/ .
If you'd like to speak to someone about becoming an HAProxy Enterprise user, contact us here https://www.haproxy.com/contact-us/ .
What's new, improved and removed
Multiple performance improvements are built-in to HAProxy Enterprise.
- Improved Performance
-
Memory optimizations on x86 platforms
Lockless memory pool implementation for non-x86 architectures
Faster connection dequeueing due to locking reduction
Revamped and more efficient Domain Name Service (DNS) response processing
Faster HTTP/1 small chunk parsing
- Better thread allocation and control
-
Split the total number of configured threads (
nbthread
) into ranges and assign them to handle incoming connections for unique IP addresses by adding thethread
argument to abind
. Reduce scheduler contention with thebinds
andshards
options on systems that support multiple listeners per socket.
- Observability and access to more information
-
More robust reporting on startup
Statistics for stopped proxies are viewable in the Stats Pane
The HAProxy Enterprise version and executable path are displayed before the first warning or error to aid with troubleshooting
Retrieve the original source address of an incoming proxy that connects using the PROXY protocol with fetch
fc_src
andtcp-request content ruleset: set-src, set-src-port
Log connection information for handshake errors, using:
ssl_bc_err, ssl_fc_err, ssl_bc_err_str, ssl_fc_err_str, fc_err, bc_err
Retrieve backend connection errors with
bc_err, bc_err_str
- Configuration
-
Store up to 100 indexes in a single Stick Table variable, using General Purpose Counter (GPC) and General Purpose Tag (GPT) arrays.
Disable bootstrapping WebSockets with HTTP/2 (RFC8441) for newer browsers that don't support it by using
h2-workaround-bogus-websocket-clients
.Ignore connections without data transfer in the logs with the
http-ignore-probes
option.Gracefully stop proxies, allowing enough time for layer 4 devices to detect changes with the global
grace
option.Add
tcp-request
andhttp-request
directives to nameddefaults
sections.Add more logic to configuration file
.if, .elif, and endif
conditions with the addition ofAND, OR, NOT,
and parentheses expressions.improved reliability of host header field dependent ACLs by automatically stripping the port (80 or 443) from the URI and the host field.
Peers ignore updates on the Stick Table
conn_cur
counter from other peers, ensuring local data is accurate and reflects actual traffic.
- Runtime API commands
-
Display free memory in thread-local caches with
show pools
Display file, line numbers, rules, and filters processed per session with
show sess all
Full support for creating, managing and removing servers on the fly. The
add server
command now supports all keywords including:check, track, slowstart, error-limit, ssl
andobserve
.View the number of entries in summary output of the
show map
andshow acl
commands with the includedentry_cnt
variable.
- Lua scripting
-
Initiate HTTP requests using the
httpclient
class. Inspect or modify TCP and HTTP content using an experimental feature set that should be used only in test environments. - Traffic routing
-
Redirect rules for empty target URLs are skipped by adding
ignore-empty
to thehttp-request redirect
directive.
- Security
-
Check the integrity of claims contained within JSON Web Tokens (JWT) and extract data from JWTs to use in rules.
Add, update, and delete Certificate Authorities (CA) and Certificate Revocation Lists (CRL) using Runtime API commands.
Display Online Certificate Status Protocol (OCSP) to validate X.509 digital certificates from the command line (CLI) with
show ssl cert
andshow ssl ocsp-response
commands.OpenSSL 3.0 is fully supported
Automatic sanitizing of Transfer Encoding (TE) headers to conform to HTTP/1 specs by making a request or response TE header or a request with Content-Length and TE header the last on a connection.
- Removed directives
-
grace (per proxy directive replaced by global grace directive)
http-tunnel
nbproc
no option http-use-htx
option forceclose
option http_proxy
set-cookie()
tune.chksize
Getting Support
Current HAProxy Enterprise customers, log in to the customer portal, https://my.haproxy.com/portal/cust/login.
Next up
Getting Started