What Is New in HAProxy 1.3
HAProxy 1.3 delivers critical enhancements focused on performance tuning and core protocol support. This release solidifies its position as a high-performance TCP/HTTP load balancer.
| Category | Key Changes |
|---|---|
| New Features | SSL Support, URI Hashing Load Balancing, Transparent Proxy (TProxy) |
| Improvements | HTTP Header Processing, Connection Handling, Logging Format |
| Bug Fixes | Sticky Session Handling, Memory Leaks, Connection State Management |
How did SSL support change in HAProxy 1.3?
HAProxy 1.3 introduced foundational SSL support, a major milestone. This allows the proxy to terminate SSL/TLS connections for backend servers, offloading the decryption workload. In practice, this was a game-changer for securing web traffic without modifying application code.
What new load balancing algorithms were added?
The URI hashing algorithm (uri) was added for persistent, content-aware load balancing. This algorithm hashes the URI to always send the same request to the same server, which is essential for caching scenarios. It provided a more deterministic alternative to round-robin or leastconn for specific use cases.
How was transparent proxying improved?
Native transparent proxy (TProxy) support was integrated, allowing HAProxy to spoof the client's source IP address to the backend server even when operating on a different network. This matters because it makes the server's logs and security policies much more accurate. It required OS-level configuration but solved a major visibility issue.
Were there any critical performance fixes?
Yes, several patches addressed memory management and connection pooling. One significant fix resolved issues where under high load, HAProxy could fail to reuse existing connections to backends efficiently. This directly improved throughput and reduced latency spikes during traffic surges.
FAQ
Does HAProxy 1.3 support SSL termination for multiple domains?
No, the initial SSL implementation in 1.3 is basic and does not include Server Name Indication (SNI) support. It's designed for terminating SSL connections to a single service or domain.
What is the 'uri' load balancing algorithm and when should I use it?
The uri algorithm hashes the entire URI or a part of it to determine which backend server receives the request. Use it when you need a specific URI to always be processed by the same server, such as for caching or sticky user sessions.
Is the transparent proxy feature easy to set up?
Setting up TProxy requires root privileges and specific iptables rules on the Linux host to mark packets for routing. It's more complex than a standard reverse proxy setup but provides crucial client IP preservation.
Were there any changes to the logging format?
Yes, the logging output was enhanced to provide more detailed information about connections and timers. This made it easier to debug timeouts and analyze the performance of each request through the proxy.
Should I upgrade from 1.2 to 1.3 for production?
If you require SSL termination, URI-based load balancing, or transparent proxying, then yes. The release also includes important stability fixes. However, always test the new version in a staging environment first to ensure compatibility with your specific setup.