Last checked and updated on April 22, 2026What Is New in HAProxy 1.7
| Category | Key Changes |
|---|---|
| New Features | DNS Service Discovery, Dynamic SSL Certificate Storage, Server Queue Priority, Lua Scripting Enhancements |
| Core Improvements | Multithreading, HTTP/2 Support, New Mailing List, Improved SSL/TLS |
| Bug Fixes | Numerous fixes across the codebase for stability and reliability |
How does HAProxy 1.7 handle dynamic environments?
HAProxy 1.7 introduced native DNS Service Discovery, a game-changer for dynamic infrastructures like cloud and containerized deployments. This feature allows HAProxy to automatically resolve backend server hostnames and update its configuration in real-time as your infrastructure scales. You can configure it using the resolvers section and the resolve-prefer option on a server line.
In practice, this means you can point HAProxy at a service name and it will continuously query the DNS server for the latest set of IP addresses. This eliminates the need for external orchestration tools to constantly rewrite the config file and trigger reloads, making your service discovery much more seamless and robust.
What are the major performance upgrades in 1.7?
The headline performance feature is experimental multithreading support. This allows HAProxy to utilize multiple CPU cores to handle connections, significantly boosting performance on modern multi-core systems. While still experimental in 1.7, it laid the critical groundwork for future stable releases.
Beyond threading, Server Queue Priority was added to prevent low-priority requests from blocking high-priority ones during traffic surges. The release also brought full HTTP/2 termination support, enabling you to accept HTTP/2 connections from clients while communicating with backend servers over HTTP/1.1, improving efficiency for modern web clients.
How did SSL/TLS management get easier?
Dynamic SSL Certificate storage via the ssl socket command was a major operational improvement. Instead of reloading HAProxy to add or update every certificate, you can now manage them on the fly by sending commands to the runtime API. This drastically reduces operational overhead for sites managing many certificates.
The release also continued to enhance general SSL/TLS performance and flexibility, ensuring HAProxy stays current with the latest cryptographic standards and best practices. This matters because it keeps your TLS termination both fast and secure without service interruptions.
What scripting enhancements were introduced?
Lua integration received powerful new capabilities, allowing scripts to register services and functions directly with the HAProxy core. This opens up extensive possibilities for custom logging, advanced routing logic, and complex content transformation that was previously difficult or impossible to implement.
These enhancements make the Lua interface much more than a simple extension; it becomes a core part of the data plane logic. Developers can now write more sophisticated and integrated functionality directly in Lua, tailoring HAProxy's behavior to very specific use cases.
FAQ
Is the multithreading in HAProxy 1.7 production-ready?
No, it is explicitly marked as experimental in the 1.7 release. It was introduced to allow for testing and to build a foundation for future stable multithreading support. For production environments, it's advised to use the stable, single-threaded process model.
Can I use HAProxy 1.7 to terminate HTTP/2 and connect to HTTP/1.1 backends?
Yes, that is exactly the supported use case. HAProxy 1.7 can accept incoming HTTP/2 connections from modern clients, decode them, and then forward the requests to your backend servers using HTTP/1.1, acting as a full HTTP/2 gateway.
How do I update an SSL certificate without a reload in 1.7?
You use the new dynamic SSL certificate storage feature. Certificates can be added, updated, and managed by issuing commands to the runtime API via the ssl socket, eliminating the need for a configuration reload and the associated connection overhead.
What is the 'resolve-prefer' option used for?
This option works with the new DNS Service Discovery. It lets you specify which address family (IPv4 or IPv6) HAProxy should prefer when a hostname resolves to both types of addresses, giving you control over connection behavior in dual-stack environments.
Where can I get community support for HAProxy 1.7?
The project launched a new official mailing list during the 1.7 cycle. This list replaced the previous forum as the primary place for community discussions, help, and announcements, creating a more focused and efficient support channel.