Last checked and updated on April 22, 2026What Is New in HAProxy 1.5
| Category | Key Changes |
|---|---|
| New Features | SSL/TLS Native Support, Server-Side Name Resolution, Connection Tracking, TCP Logs, Lua Integration |
| Core Improvements | Connection Pooling, Idle Connection Management, Log Format Flexibility, Health Check Enhancements |
| Protocol Support | WebSocket Protocol Support, PROXY Protocol V2, SPDY/3.1 Support |
| Bug Fixes | Various fixes for connection handling, memory management, and configuration parsing |
How did HAProxy 1.5 improve SSL/TLS handling?
HAProxy 1.5 introduced native SSL/TLS support, eliminating the need for external tools like stunnel or Stud. This means you can now terminate SSL connections directly within the process, which simplifies deployment and reduces latency.
In practice, this lets you configure SSL certificates and keys right in the frontend and backend sections using the new ssl bind parameter. The implementation supports both SNI (Server Name Indication) and client certificate authentication, making it a full-featured SSL termination point.
What connection management features were added?
This release brought sophisticated connection pooling and tracking. The new pool-max-conn option allows you to limit the number of concurrent connections a server can use from the pool, preventing server overload.
Connection tracking ensures that HAProxy can properly manage persistent connections, making it much more efficient for HTTP keep-alive scenarios. You get better resource utilization and reduced connection establishment overhead.
How does server-side DNS resolution work?
HAProxy 1.5 added the ability to resolve server names dynamically at runtime. Instead of requiring static IP addresses in your backend configuration, you can now use a hostname that gets resolved periodically.
This is a game-changer for environments where server IPs change frequently, like in cloud or containerized setups. The resolver checks are configurable, so you control how often HAProxy refreshes the DNS records.
What logging enhancements were introduced?
The logging system got a major overhaul with support for TCP-based syslog servers. You can now send logs to remote syslog servers over TCP with SSL encryption, which is crucial for reliable log delivery.
They also added more flexibility to the log format, allowing you to capture additional information about connections and requests. This makes debugging and monitoring more effective.
How did Lua integration change HAProxy?
Version 1.5 embedded a Lua interpreter directly into HAProxy, opening up endless possibilities for customization. You can now write Lua scripts to manipulate traffic, implement complex routing logic, or add custom authentication.
This transforms HAProxy from a static config-driven tool into a programmable data plane. Developers can implement features that weren't possible before without modifying the core C code.
FAQ
Does HAProxy 1.5 require OpenSSL?
Yes, the native SSL/TLS support depends on OpenSSL. You'll need to compile HAProxy with OpenSSL support using the USE_OPENSSL=1 flag.
Can I use HAProxy 1.5 for WebSocket traffic?
Absolutely. The WebSocket protocol support means HAProxy 1.5 can properly handle WebSocket connections without breaking the persistent connection that WebSockets require.
How does the new DNS resolution handle failures?
The resolver includes retry mechanisms and can be configured with timeouts and retry intervals. If a DNS resolution fails, it will retry according to your configuration while continuing to use the last known good IP.
Is the Lua integration performance intensive?
Lua execution happens in the same process but is generally lightweight. For most use cases, the performance impact is minimal compared to the flexibility gained.
Can I upgrade from 1.4 to 1.5 without configuration changes?
Most configurations should work, but you'll want to check the new SSL options and any deprecated features. The core configuration syntax remains compatible.