HAProxy 2.2 Released
July 13, 2020
Share this

HAProxy Technologies announced the general availability of HAProxy 2.2, the latest version of the company's software load balancer.

This major LTS release of HAProxy adds new features such as a fully dynamic SSL certificate storage, a native response generator, advanced ring buffer logging with syslog over TCP, security hardening, and improved observability and debugging capabilities.

HAProxy 2.2 also includes more customizable error handling and several new features that integrate directly with HAProxy's highly performant log-format capabilities, which allow developers to build complex strings that use HAProxy's powerful built-in fetches and converters. The new features allow users to serve responses directly at the edge and generate custom error files on-the-fly, which can be incorporated directly into the new and improved, flexible health check system. This release comes in short succession to the HAProxy Data Plane API 2.0 release just last month.

These exciting new HAProxy features bring improved flexibility, observability, and security capabilities needed by IT professionals, systems architects, and SREs responsible for designing reliable infrastructure, including:

- Dynamic SSL Certificate Storage -- The ability to update SSL certificates that had been previously loaded into memory by using the Runtime API has been expanded even further to allow full management of certificates using the in-memory dynamic storage. Easily create, delete, and update certificates on-the-fly. Note that it's best to have a separate step that writes these files to disk too.

- Native Response Generator -- HAProxy can now generate dynamic responses from the infrastructure edge using the new http-request return action without forwarding the request to the backend servers. Users can send dynamic responses from on-disk templates, as well as text that uses the log-format syntax, without resorting to hacks with errorfile directives and dummy backends.

- Advanced Ring Buffer Logging with Syslog Over TCP -- The new ring buffer section in HAProxy allows you to queue logs and can send them to syslog over TCP, which can be helpful when you want to ensure that every log line is processed and not lost or dropped.

- SSL/TLS Enhancements - HAProxy 2.2 updates the default TLS version to 1.2 to avoid problems found in the older protocols. It also adds more flexibility when it comes to configuring SSL certificates: You can store private key files separately now, intermediate certificates can be appended using the new issuers-chain-path directive to form a chain of trust, and the new ca-verify-file argument lets you reference a root CA for validating intermediate certificates that are, in turn, used to validate client certificates.

- Resource savings and performance improvements -- in order to further reduce the footprint in container environments, HAProxy 2.2 constantly monitors and adapts its memory usage and its idle connection pools to maintain the least needed resources without affecting performance. This even results in significant performance improvements and resource usage reductions on servers thanks to the much lower connection counts and better network efficiency.

- Improved Observability -- Each version of HAProxy improves observability and this one is no exception, with new statistics on idle connections and memory usage, multi-filter stick table searches, more accurate moving averages, and refined details in instant dumps. However, what will probably be useful to the majority is a new timing metric, %Tu, which will return the total estimated time as seen from the client, from the moment the proxy accepted the request to the moment both ends were closed, not including the idle time before the request began. This makes it more convenient to gauge a user's end-to-end experience and spot slowness at a macro level.

- Debugging -- The debug converter is a handy option that can aid in debugging captured input samples. Previously, it required compiling HAProxy with debug mode enabled. Now, it is always available and will send the output to a defined event sink.

Willy Tarreau, HAProxy Project Leader, CTO HAProxy Technologies, said: "HAProxy 2.2 further improved on top of previous versions’ quality, stability and performance. It would not be possible without all the contributions from a self-organized community of active members who drive the project forward by testing code, helping others on various media and channels, share their opinions on important design decisions, operate a constantly growing set of automated tools used for QA and documentation, provide turn-key packages for end users, bring suggestions, fixes and code. Users of open-source products often consider only the code aspect of a project, but code doesn’t stand by itself without this essential support that requires too many skills to be endorsed by developers only, and all those doing this work behind the curtains, often without having their name mentioned in any commit message, really deserve to be thanked."

Share this

The Latest

September 29, 2020

More than 80% of organizations have experienced a significant increase in pressure on digital services since the start of the COVID-19 pandemic, according to a new study conducted by PagerDuty ...

September 28, 2020

In Episode 9, Sean McDermott, President, CEO and Founder of Windward Consulting Group, joins the AI+ITOPS Podcast to discuss how the pandemic has impacted IT and is driving the need for AIOps ...

September 25, 2020

Michael Olson on the AI+ITOPS Podcast: "I really see AIOps as being a core requirement for observability because it ... applies intelligence to your telemetry data and your incident data ... to potentially predict problems before they happen."

September 24, 2020

Enterprise ITOM and ITSM teams have been welcoming of AIOps, believing that it has the potential to deliver great value to them as their IT environments become more distributed, hybrid and complex. Not so with DevOps teams. It's safe to say they've kept AIOps at arm's length, because they don't think it's relevant nor useful for what they do. Instead, to manage the software code they develop and deploy, they've focused on observability ...

September 23, 2020

The post-pandemic environment has resulted in a major shift on where SREs will be located, with nearly 50% of SREs believing they will be working remotely post COVID-19, as compared to only 19% prior to the pandemic, according to the 2020 SRE Survey Report from Catchpoint and the DevOps Institute ...

September 22, 2020

All application traffic travels across the network. While application performance management tools can offer insight into how critical applications are functioning, they do not provide visibility into the broader network environment. In order to optimize application performance, you need a few key capabilities. Let's explore three steps that can help NetOps teams better support the critical applications upon which your business depends ...

September 21, 2020

In Episode 8, Michael Olson, Director of Product Marketing at New Relic, joins the AI+ITOPS Podcast to discuss how AIOps provides real benefits to IT teams ...

September 18, 2020

Will Cappelli on the AI+ITOPS Podcast: "I'll predict that in 5 years time, APM as we know it will have been completely mutated into an observability plus dynamic analytics capability."

September 17, 2020
One of the benefits of doing the EMA Radar Report: AIOps- A Guide for Investing in Innovation was getting data from all 17 vendors on critical areas ranging from deployment and adoption challenges, to cost and pricing, to architectural and functionality insights across everything from heuristics, to automation, and data assimilation ...
September 16, 2020

When you consider that the average end-user interacts with at least 8 applications, then think about how important those applications are in the overall success of the business and how often the interface between the application and the hardware needs to be updated, it's a potential minefield for business operations. Any single update could explode in your face at any time ...