New and/or improved features in HAProxy Enterprise 2.1r1 include:
Strict Rewriting Mode By default, HAProxy triggers an internal error when a rule that performs a rewrite on an HTTP message fails.
New HTTP Errors section allows you to:
Create global groups of custom HTTP error files by using the new section
Support the loading of
http-errorsgroups using the expanded directives
http-request deny, and
New HTTP Return Actions make it possible to:
Return a custom response from HAProxy with any status code based on an error file, a file, or a string using the new actions
Enable responses with dynamic content by using a log-format string or a log-format file.
Define extra headers by passing the
HTTP "After Response" Rulesets makes it possible to:
Evaluate a new ruleset
http-after-responseon all responses prior to forwarding
Let HAProxy evaluate these rules at the end of the response analysis on all HTTP responses, just before it forwards the data. This includes responses from the server as well as responses from HAProxy. This makes it possible to add headers to the responses that the stats applet generates.
Cookie Attributes allow you to:
attroption to insert any attribute when HAProxy inserts a cookie.
Use with the Chrome 80 update that requires the "SameSite" attribute. (Example:
cookie SRV insert attr "SameSite=Strict")
attroption to add several attributes.
Dynamic SSL Certificate Updates
Centralized SSL certificate information that only loads once when multiple
bindlines reference the same certificate.
Ability to update SSL certificates with the Runtime API using the
set ssl certand
commit ssl certcommands.
Direct communication between HAProxy and FastCGI
Definition of parameters for communicating with a FastCGI application in a new section called
Backends can relay requests to a defined application using the
Native Protocol Tracing
Integration of a new tracing infrastructure to allow systems engineers and developers to collect low-level trace messages
Tracing ability and access through the Runtime API using the
Removal of the File Descriptor Cache
Complete removal of the file descriptor (FD)
This change has shown an increase in performance of up to ~20% on some artificially tailored workloads. Realistically, production environments can expect to see a 5-10% improvement.
Improved internal scheduler supports waking up tasks that belong to another thread
The scheduler now uses a combination of a locked and a lock-free list to regain 5-10% performance on workloads involving high connection rates.
Defaulted HTTP Representation to HTX
Removal of support for legacy HTTP mode
Support only of the Native HTTP Representation (HTX)
No configuration change is necessary, unless you try to specify
no option http-use-htx, in which case you get an error.
Assistance for a seamless transition from legacy applications with new global directives
h1-case-adjust-bogus-serverdirectives to enable explicitly the case adjustment within defined
Returns a string containing the name of the server that processed the request. It can be useful to return this to the client for debugging purposes.
Takes an input, either a server name or <backend>/<server> format and returns the number of queued sessions on that server.
Returns the PP2_TYPE_AUTHORITY Type-Length-Value (TLV) from the client in the PROXY protocol header.
Returns a universally unique identifier (UUID) following the RFC4122 standard. Currently, there is only support for version 4.
Generates a checksum for a binary string using the SHA-2 cryptographic hash function. The result is a binary value with a byte length equal to number_of_bits / 8. You can set the number_of_bits parameter to 224, 256, 384, or 512. The default is 256.
Deprecated Configuration Options
Strict Limits Setting
Allows HAProxy to abort at startup if it cannot get the required limits, such as in cases where HAProxy is unable to increase necessary limits upon startup.
A new global directive
strict-limitswill cause HAProxy to fail to start if it cannot increase the limits through
Version Info Show Links: Passing
-vnow displays End of Life (EOL) information for this release
Runtime API Field Descriptions: The
show statRuntime API commands now accept a new parameter called
descthat adds a short description to each field.
Prometheus Improvements: You can now pass a new scope query string parameter to filter exported metrics. The following values are supported: global, frontend, backend, server, * (all)
Moving the storage of the server-state global file to a tree, which provides much faster reloads
Acceptance as an expression:
ignore-weight. Hence, when HAProxy generates servers with DNS SRV records, it can set server weights dynamically using agent health checks or the Runtime API, and not have DNS SRV reset the weights subsequently.
Ability to export the Stats page in JSON format by appending "/;json" to the URI
Ability to send the
PP2_TYPE_AUTHORITYvalue to allow it to chain layers using SNI, using the new directive
Additional support for the user and group directives in the program's Process Manager section
Connections require significantly less memory as HAProxy allocates dynamically the source and destination addresses as needed. This translates to 128 to 256 bytes saved per connection and per side in the common case.