HAProxy Version
| version | date |
|---|---|
| [HAProxy 2.8] | 2023-05-31 |
| [HAProxy 2.7] | 2022-12-01 |
| HAProxy 2.6 | 2022-05-31 |
| HAProxy 2.5 | 2021-11-23 |
| HAProxy 2.4 | 2021-05-13 |
| HAProxy 2.3 | 2020-11-05 |
HAProxy 2.8
- OCSP Stapling
- 以前
set ssl ocsp-response - 现在内置支持
ocs-update on - 全局配置参数
tune.ssl.ocsp-update.mindelaytune.ssl.ocsp-update.maxdelay
- 新 Command
update ssl ocsp-responseshow ssl ocsp-updates
- 以前
- HTTP 压缩后端 Request & Response
backend webservers
balance roundrobin
server web1 192.168.56.10:8080 check maxconn 30
filter compression
compression direction both
compression offload
compression algo-req gzip
compression type-req application/json
compression algo-res gzip
compression type-res text/css text/html text/javascript text/plain
- HTTP Forwarded Header
- 在
option forwarde之上控制 - rfc7239_is_valid
- rfc7239_field
- rfc7239_n2nn
- rfc7239_n2np
- 在
- HTTP Actions
- Tuning HTTP/2 Performance
- tune.h2.be.initial-window-size
- tune.h2.be.max-concurrent-streams
- tune.h2.fe.initial-window-size
- tune.h2.fe.max-concurrent-streams
- tune.h2.initial-window-size
- tune.h2.max-concurrent-streams
- Defaults for Listener Sharding
- tune.listener.default-shards
- Default ALPN Values
- 默认
h2,http/1.1 - 配置了 QUIC 会增加
h3
- 默认
- Fetch Method
- bc_rtt, bc_rttver
- 集成 acme.sh
- add the deploy script for acme.sh in admin directory
- 支持直接颁发证书
- Signing Algorithms for TLS
ssl-default-bind-client-sigalgsssl-default-bind-sigalgs
- 支持使用 WolfSSL 编译
- Lua
- mailers - 之前为 C 现在为 Lua 模块
- New Event Framework in Lua
core.event_sub(),Server.event_sub()
- Queues in Lua -
core.queue() - Lua Functions for Server Information
- Timeout for Lua execution
- Disable the Default Resolvers Section for the HTTP Client
- global
httpclient.resolvers.disabled on
- global
global
lua-load /etc/haproxy/mailers.lua
defaults
email-alert mailers smtp_servers
email-alert from [email protected]
email-alert to [email protected]
email-alert level info
mailers smtp_servers
mailer mailserver1 mailserver1.example.com:25
HAProxy 2.7
- Traffic shaping
- 下载速度
filter bwlim-outhttp-response set-bandwidth-limit
- 上传速度
filter bwlim-inhttp-request set-bandwidth-limit
- 下载速度
thread-group- 之前最多 64 个线程 -
thread-group 1 threads 64 - 现在可以 64*64=4096 个线程 -
thread-group 64 threads 64
- 之前最多 64 个线程 -
- QUICv2
echo "reload" | sudo socat -t300 /run/haproxy-master.sock -
- show startup-logs
HAProxy 2.6
- HTTP/3 over QUIC
- Generic hash load balancing algorithm
balance hash pathq
- 支持 OpenSSL 3.0
- Master CLI
- HAProxy worker processes
socat /run/haproxy-master.sock -
http-request set-var,tcp-request content set-var支持 选项- ifexists, ifnotexists, ifempty, ifnotempty, ifset, ifnotset, ifgt, iflt
# 显示所有配置
haproxy -dKhelp -q -c -f /dev/null
# 某个主题下的配置项
haproxy -dKacl -q -c -f /dev/null
frontend mysite
# enables HTTP/3 over QUIC
bind quic4@:443 ssl crt /etc/haproxy/certs/foo.com/cert.pem alpn h3
# 支持 stateless reset packets https://tools.ietf.org/id/draft-ietf-quic-transport-29.html#name-stateless-reset
#cluster-secret
Reload
global
stats socket /var/run/haproxy/api.sock mode 660 level admin expose-fd listeners
HAProxy 2.5
- QUIC, HTTP/3 - 实验支持
- 完整动态服务支持
- 2.4 动态服务不支持 check, track, slowstart, error-limit, ssl, observe
- 支持在 defaults 配置 tcp-request 和 http-request 规则
- Lua
- 新增 httpclient - 可发起请求
- Announcing HAProxy 2.5
# 特性检查
haproxy -cc 'feature(PROMEX)' || echo not supported
# runtime api shell
socat stdio tcp4-connect:127.0.0.1:9999
experimental-mode on
global
nbthread 40
defaults frontend-defaults
log global
mode http
option httplog
option dontlognull
timeout client 10m
# 新增
http-request redirect scheme https unless { ssl_fc }
frontend mysite from frontend-defaults
mode http
# 废弃 process 使用 thread
# 新增 shards 参数 - 等同于多次 bind
bind :80 thread 1-20 shards 2 name website
bind :443 ssl crt /etc/haproxy/ssl/cert.pem
default_backend webservers
HAProxy 2.4
变化非常大
- 协议
- HTTP2/WebSocket
- rfc8441 HTTP CONNECT
- FIX - Financial Information eXchange
- MQTT
- 包有效性校验
- 基于客户端标识路由
- HTTP2/WebSocket
- 负载均衡
- 支持 TCP DNS
- 熔断增强 - http_fail_cnt, http_fail_rate
- SSL/TLS
- 动态 SSL 证书存储 - 不再需要重启
- 允许动态 SNI 链接复用 -
sni req.hdr(host)
- Observability
- 内置 OpenTracing
- Prometheus 增加指标
- 统计增加 SSL/TLS 模块相关 -
stats show-modules
- 缓存
- 支持 Vary 头 -
process-vary on - 最大缓存条目控制 -
max-secondary-entries 10
- 支持 Vary 头 -
- 配置
- 支持预处理
.if <condition> ... .elif <condition> ... .else ... .endif.diag,.notice,.warning,.alert- -dD 显示诊断信息
- 条件
defined(<name>)feature(<name>)-haproxy -vv- OT - OpenTracing
streq(<str1>,<str2>),strneq(<str1>,<str2>)version_atleast(<ver>),version_before(<ver>)
- 默认路径 -
default-path - 默认命名 -
default http-defaults from tcp-defaults - 动态超时 -
http-request set-timeout - TCP 升级 HTTP - fe tcp, be http -
tcp-request content switch-mode - 匹配删除 HTTP 头 -
http-request del-header X-Forwarded -m beg - 新增实验模式 - 开启实验功能
- 动态服务
- 通过 runtime api 新增服务
- 变量修改
- 动态服务
- 支持预处理
- Lua
- 多线程 -
lua-load-per-thread
- 多线程 -
- 参考
# runtime api
echo "help add" | socat /var/run/haproxy/api.sock -
echo "show state" | socat /var/run/haproxy/api.sock -
# 服务
echo "experimental-mode on; add server be_app/app4 192.168.1.22:80" | socat /var/run/haproxy/api.sock -
echo "experimental-mode on; del server be_app/app4" | socat /var/run/haproxy/api.sock -
# 变量
echo "experimental-mode on; get var proc.myapp_version" | socat /var/run/haproxy/api.sock -
echo "experimental-mode on; set var proc.myapp_version str(green)" | socat /var/run/haproxy/api.sock -
echo "experimental-mode on; get var proc.myapp_version" | socat /var/run/haproxy/api.sock -
HAProxy 2.3
- 链接增强 - 为支持 QUIC 和 UDP 做准备
- 完善 Linux keepalive - 支持 sysctl 修改参数
- 协议 - Syslog TCP/UDP
- 负载均衡
- balance uri path-only - 解决 HTTP1 和 HTTP2 地址不一样问题
- SSL/TLS
- 允许静态 SNI 链接复用 -
sni str(example.local)
- 允许静态 SNI 链接复用 -
- Observability
- stats HTTP 2 信息 -
stats show-modules - 基于 SPOE 集成 OpenTracing
- stats HTTP 2 信息 -
- Lua 5.4
- 参考