
HAProxy 1.8.0 - rjgray
https://www.mail-archive.com/haproxy@formilux.org/msg28004.html
======
bbeausej
I really am amazed at the stability and quality of the HAProxy project and
that since it's inception many , many years ago.

We use it on many of our projects and it has always been a very reliable piece
of software, even at high traffic.

Kudos Willy and team, congratulations on the release!

-b

~~~
navinsylvester
Totally agree. Want to show the appreciation in beers. I wish there are
options other than paypal.

------
fermuch
> haproxy can now be built with native systemd support using USE_SYSTEMD=1 and
> starting it with -Ws (systemd-aware master-worker mode).

What features/integrations make sense for a proxy with systemd? I'd assume
it's only a unit that comes with the package, but that "-Ws" makes me wonder
if there're deeper integrations.

~~~
TimWolla
I was the person creating the patch. For now all it does is compiling in
support for `Type=notify` (using sd_notify [1]) in the unit file: haproxy is
able to notify systemd when it completed the `start` or the `reload`.

In the future this could be extended to support systemd's socket passing and
status messages. The latter allowing you to show a short string in `systemctl
status haproxy`. See this example for php-fpm:

    
    
        [root@example~]systemctl status php7.0-fpm.service 
        ● php7.0-fpm.service - The PHP 7.0 FastCGI Process Manager
           Loaded: loaded (/lib/systemd/system/php7.0-fpm.service; enabled)
           Active: active (running) since Sat 2017-11-25 13:28:22 CET; 1 day 8h ago
             Docs: man:php-fpm7.0(8)
         Main PID: 4624 (php-fpm7.0)
           Status: "Processes active: 3, idle: 29, Requests: 1203613, slow: 545, Traffic: 10.1req/sec"
        *snip*
    
    

See the mailing list thread for the full discussion of the feature:
[https://www.mail-
archive.com/haproxy@formilux.org/msg27874.h...](https://www.mail-
archive.com/haproxy@formilux.org/msg27874.html)

[1]
[https://www.freedesktop.org/software/systemd/man/sd_notify.h...](https://www.freedesktop.org/software/systemd/man/sd_notify.html)

------
ThinkingGuy
If anyone is wondering, as I was, what haproxy is, it's a "reliable, high
performance TCP/HTTP load balancer."

[http://www.haproxy.org/](http://www.haproxy.org/)

------
JeanMarcS
Great ! I'm using it since 1.4 on projects that are reliable because of it.
It's a great software.

Now I know what my week R&D time will be : HTTP2 in HAProxy !

------
zaarn
I do hope that HAProxy might support ACME at some point, I'm currently stuck
on Traefik which has been breaking some traffic but I rely heavily on
dynamically issued LE certs.

Otherwise, outside of SSL, HAProxy has been very pleasant in my experience.

~~~
mschuster91
Where's your problem? Spin up a certbot docker container and use this here in
haproxy:

    
    
        frontend http_in
          bind *:80
          bind *:443 ssl crt /path/to/letsencrypt/data/mydomain.pem
          acl path_letsencrypt path_beg /.well-known/acme-challenge
          use_backend letsencrypt if path_letsencrypt
        backend letsencrypt
          mode http
          server server-letsencrypt MYLOCALIP:8080
    
    

For the letsencrypt docker image, I use mesosphere/letsencrypt-dcos with a
patched run.sh that triggers a docker kill -s HUP on the haproxy container.

~~~
zaarn
My problem is usually that I rely heavily on traefik being able to very easily
issue certificates simply by having a backend with a hostname present.

If I, for example, configure my PHP VM to be reachable over "test.example.org"
in Traefik, then Traefik will automatically try to issue a certificate for
this domain once it detects the config change.

On HAProxy this is not as easy as I need to tell both LE and HAP about the new
backend.

If it was integrated, I would only have to tell HAP.

~~~
mschuster91
> On HAProxy this is not as easy as I need to tell both LE and HAP about the
> new backend.

You only need to tell the certbot container the new domain. The frontend
config I gave you actually hits before any host-ACLs which means it will pass
all acme-challenge requests on all domains to the certbot container, and
certbot will reload haproxy when it's done.

~~~
zaarn
No I need to tell both.

HAP still needs to know where to route the traffic to and LE needs to know
which domains are available.

------
foobarbazetc
Amazing work. Thanks haproxy team!

------
ssijak
Do people really announce new releases just over email and things like mail-
archive or? Those mail archives always looked strange to me for some unknown
reason.

~~~
geraldcombs
For going on 20 years, yes. I even add hashes for each package (i.e. the
tarball & platform installers) to the end of the message and sign it. I find
it odd and inconvenient when projects _don 't_ announce releases via email.

~~~
stmw
Agree

