New and/or improved features in HAProxy Enterprise 2.0r1 include:
sha2: Converts a binary input sample to a digest in the SHA-2 family
srv_queue: Takes an input value of type string and returns the number of queued sessions on that server
uuid: Returns a UUID following the RFC4122 standard
http_auth_type: Returns the authentication method from the Authorization header
http_auth_user: Returns the authorized user from the Authorization header
http_auth_pass: Returns the authentication password from the Authorization header
Stats page export in JSON
Additional support for logging to a ring buffer
SSL memory enhancements
- Cloud-native threading
HAProxy Enterprise sets the number of worker threads to match the machine's number of available CPU cores to scale and accommodate any environment with less manual configuration.
- Cloud-native logging
Easier to adapt for containerized environments, allowing you to log directly to
stderror to a file descriptor.
- HTTP representation (HTX)
Introduced with HAProxy Enterprise 1.9, HTX makes any future HTTP protocols easier to integrate. It is enabled by default.
- End-to-End HTTP/2
Official support for end-to-end HTTP/2 through new parameters
- gRPC: Full support for the open-source RPC framework
This allows for bidirectional streaming of data, detection of gRPC messages, and logging gRPC traffic. Activated using a standard end-to-end HTTP/2 configuration.
- Layer 7 retries
Can retry a connection at Layer 7 for failed HTTP requests using the new configuration directive
- Data Plane API
Provides a modern REST API to configure HAProxy Enterprise on the fly by dynamically adding and removing frontends, backends, and servers. You can create ACL rules, insert HTTP routing directives, set IP and port bindings, etc.
- Process Manager
Allows you to specify external binaries for HAProxy Enterprise to start and manage directly under its master/worker mode.
- Traffic Shadowing (or mirroring)
Allows you to mirror requests from one environment to another. The new Traffic Shadowing daemon is developed as a Stream Processing Offload Agent (SPOA) and takes advantage of HAProxy's SPOE which allows you to extend HAProxy Enterprise using any programming language.
- Kubernetes Ingress Controller
Provides a high-performance ingress for your Kubernetes-hosted applications. It supports TLS offloading, Layer 7 routing, rate limiting, whitelisting,
- Prometheus Exporter
HAProxy Enterprise can export metrics to Prometheus for monitoring and alerting purposes.
- Peers & Stick Tables
HAProxy Enterprise 2.0 introduces several improvements to the Peers Protocol including:
Stick tables in peers sections
Runtime API command:
New stick table counters
New stick table data type,
Peers section expanded to allow using the
default-serverconfiguration directives. It also now supports having stick tables directly within itself.
- Power of Two Random Choices Algorithm
Added a new load-balancing algorithm called random that chooses a random number as the key for the consistent hashing function. This is useful with large farms or when servers are frequently added or removed.
- Log Distribution and Sampling
It is now possible to do sampling directly within HAProxy Enterprise by using the
logdirective's sample parameter. You can specify multiple log and sample directives simultaneously.
- Built-in Automatic Profiling
This version now features the
profiling.tasksdirective to specify in the
globalsection. CPU profiling per task shows where the time is spent and which requests have what effect on which other request.
- Enhanced TCP Fast Open (TFO)
Added TFO for connections to backend servers on systems that support it. This requires Linux kernel 4.11 or newer.
- New request actions
Introduced several new
http-request do-resolve: Performs DNS resolution of the output and stores the result in the variable.
http-request disable-l7-retry: Disables any attempt to retry the request if it fails for any reason other than a connection failure. This ensures that POST requests aren't retried upon failure.
http-request replace-uri: Matches the regular expression in the URI part of the request and replaces it.
tcp-request content do-resolve: Performs DNS resolution of the output and stores the result in the variable.
tcp-request content set-dst: Sets the destination IP address.
tcp-request content set-dst-port: Sets the destination port.
- New converters
Converters allow you to transform data captured by fetch methods. Below are new converters in this version:
aes_gcm_dev: Decrypts the raw byte input using the AES128-GCM, AES192-GCM or AES256-GCM algorithm.
protobuf: Extracts the raw field of an input binary sample representation of a Protocol Buffers message.
ungrpc: Extracts the raw field of an input binary sample representation of a gRPC message.
- New fetches
Fetches provide a source of information from either an internal state or from layers 4, 5, 6, and 7. New fetches in this release return a random of the front or back connection when the incoming connection was made over an SSL/TLS transport layer. This release's new fetches (below) return a random of the front or back connection when the incoming connection was made over an SSL/TLS transport layer:
ssl_fc_client_random: Returns the client random of the front connection
ssl_fc_server_random: Returns the server random of the front connection
sl_bc_client_random: Returns the client random of the back connection
ssl_bc_server_random: Returns the server random of the back connection; this requires OpenSSL >= 1.1.0, or BoringSSL.
- SSL/TLS Ticket Keys
TLS session tickets help to speed up session resumption for clients that support them. HAProxy 2.0 adds support for AES256-bit ticket keys specified in both a file or through the Runtime API.
- Core Dump - ease of use
A new global directive
set-dumpablemakes it easier to retrieve a core file.
- SOCKS4 support
Introduces 2 new server keywords,
check-via-socks4used for communicating with servers within a backend over SOCKS4 and adds similar functionality for health checking over SOCKS4.
LTS support for 1.9 features
Small Object Cache with an increased caching size up to 2GB
New fetches that report either an internal state or from layer 4, 5, 6, and 7.
New converters that allow you to transform data within HAProxy.
HTTP 103 (Early Hints), which asks the browser to preload resources.
Server Queue Priority Control to let you prioritize some queued connections over others.
Connection pooling to backend servers
The resolvers section supports using
resolv.confby specifying parse-resolv-conf.
The busy-polling directive to reduce request processing latency by 30-100 microseconds on machines using frequency scaling or supporting deep idle states.
The Server class gained the ability to change a server's
The TXN class can now adjust a connection's priority within the server queue.
There is a new StickTable class that allows access to the content of a
stick-tableby key and allows dumping of content.
ScientiaMobile WURFL module
Extensive ModSecurity hardening improvements