Last checked and updated on April 22, 2026What Is New in HAProxy 1.8
| Category | Key Changes |
|---|---|
| New Features | Multithreading, Dynamic SSL Certificate Storage, Server Address Resolution Over DNS |
| Improvements | Enhanced HTTP/2 Support, Faster HPACK Compression, Improved Logging & Stick Tables |
| Bug Fixes | Numerous fixes for HTTP processing, connection management, and memory handling |
| Deprecated | The nbproc configuration directive and the fd parameter for server lines |
How does multithreading improve HAProxy performance?
HAProxy 1.8 introduces a native multithreading model, a fundamental shift from previous architectures. This allows a single process to utilize multiple CPU cores, dramatically increasing connection and request throughput. In practice, this means you can handle more traffic without the complexity of managing multiple HAProxy processes with nbproc.
The old nbproc directive is now deprecated in favor of the new thread directive and the nbthread global option. This new model is more efficient because threads share the same memory space, simplifying configuration and improving inter-thread communication.
What are the new dynamic SSL capabilities?
This release adds a powerful feature for dynamic SSL certificate storage. You can now store SSL certificates in memory-mapped files, which allows you to update certificates on disk without reloading the HAProxy process. This is a game-changer for large-scale deployments managing thousands of certificates.
The feature uses the ssl keyword with a new @ prefix in bind lines, like bind :443 ssl crt @/path/to/certdir. HAProxy will then automatically detect changes to the certificate directory and load new certificates, eliminating downtime for SSL updates.
How does server resolution over DNS work?
You can now configure backend servers to be resolved via DNS directly in the configuration. By using the resolvers section and adding a resolve-prefer option to a server line, HAProxy will periodically re-resolve the hostname and update the server's IP address automatically.
This is incredibly useful in dynamic environments like Kubernetes or cloud platforms where backend IP addresses can change frequently. It removes the need for external orchestration tools to constantly rewrite the HAProxy config and trigger reloads.
What HTTP/2 improvements were made?
HTTP/2 support has been moved out of the experimental phase and is now fully supported for both frontend and backend connections. The implementation now uses a much faster HPACK header compression algorithm, reducing CPU overhead significantly.
You can enable it on a bind line with bind :443 ssl crt example.com.pem alpn h2,http/1.1. The improved performance makes it practical to terminate HTTP/2 at the load balancer and use HTTP/1.1 to the backends, simplifying application server requirements.
What logging and stick table enhancements are there?
Logging gets more flexible with the ability to define multiple independent log targets using the new log directive within a ring section. This allows you to route different types of traffic to different loggers.
Stick tables see a major upgrade with new data types (srvkey), new converters (sc_bytes_in, sc_bytes_out), and new sample fetch methods (table_avl, table_entries). These give you much deeper insight into tracked metrics and table health.
FAQ
Is the switch to multithreading stable for production use?
Yes, it is the new recommended model. The developers have put significant effort into ensuring thread safety. The performance gains are substantial, and it simplifies configuration by deprecating the more cumbersome multi-process (nbproc) setup.
How do I migrate from using nbproc to the new thread model?
Replace the nbproc setting in your global section with nbthread. The value can often be the same as your previous nbproc value or the number of CPUs. Also, remove any bind line modifications that used the process parameter to bind to specific processes.
Can I use the dynamic SSL certificate feature with Let's Encrypt?
Absolutely. This feature was practically designed for it. You can point the crt @/path/to/certdir directive at the directory where your automation tool (like Certbot) places the renewed certificates. HAProxy will pick up the changes without any restart, making certificate renewal seamless.
What happens if a DNS resolution fails for a backend server?
HAProxy handles this gracefully. If a resolution fails, the server is marked as down, and the load balancer will stop sending traffic to it. It will continue to retry the resolution based on the interval defined in your resolvers section until it succeeds and the server is marked up again.
Are there any breaking changes I should be aware of when upgrading to 1.8?
The main thing to check is the deprecation of nbproc and the fd parameter for servers. Your configuration will need to be updated to use the multithreading model. Also, review any custom Lua scripts, as the core now uses Lua 5.3 instead of 5.2, which might affect certain functions.