

HAProxy 1.5 - golan
http://www.haproxy.org/#news

======
coops
This release contains a neat feature: you can now bind HAProxy to a specific
FD opened by its parent process. This means that you can babysit your HAProxy
processes underneath a parent process that opens ports and get hitless HAProxy
restarts, which I've long desired.

~~~
ebroder
Have you looked at einhorn? We've been running HAProxy under einhorn for a
while now, using something like
[https://gist.github.com/ebroder/36b2f4f3aa210b9d9f3d](https://gist.github.com/ebroder/36b2f4f3aa210b9d9f3d)
to translate between HAProxy's signalling mechanisms and einhorn's signalling
mechanisms.

~~~
coops
Er, yes, hi Evan! Cooper here. I believe either you or Andy originally pointed
this interesting HAProxy restart behavior out to me, in the context of
explaining why you wrote Einhorn.

------
daigoba66
We've been using HAProxy 1.5dev in production for a few month, including SSL.
It's been one of the most simplest and stable parts of our infrastructure.

~~~
justizin
how much traffic are you passing in this environment?

we're still using stunnel for ssl, have been waiting for positive reports to
let haproxy do it, but are optimistic.

~~~
indutny
A bit of self-promotion, but you may want to take a look at bud (
[https://github.com/indutny/bud](https://github.com/indutny/bud) ) too. It is
basically a TLS terminating proxy, and does support some availability features
(if you need them).

The bud is built on the top of the libuv, which empowers the node.js.

------
swah
This is embarassing. I'm getting a 502 Proxy Error.

~~~
pilif
Well. That means that HAProxy is still up when the backend servers aren't.
"embarassing" isn't the terminology I'd use in this case.

~~~
rbsn
How embarrassing for OP!

------
fideloper
If you're a curious Ubuntu (14.04) user, it looks like the PPA to get version
1.5 is ppa:vbernat/haproxy-1.5.

Based on this: [http://haproxy.debian.net/](http://haproxy.debian.net/)

~~~
druiid
Been using this in production for about six months now. Happy that the release
version is finally out. The nicest feature of 1.5 is that you can easily do
Redis failover using the new TCP check features.

~~~
kawsper
I think the Redis checks are now native built in when looking at the
changelog:

    
    
        - [MINOR] check: add redis check support

~~~
druiid
Nice. I'll look into it. The TCP check was still a bit of a dirty hack.

------
diminish
Impressive list of features. Does anyone know if HAProxy is used by any
IAAS/PAAS providers?

~~~
jdub
I have the sneaking suspicion that Amazon's Elastic Load Balancer is based on
HAProxy (and has been tracking the 1.5 series in development for some time).
Nothing particularly evidentiary, but it's a glass slipper that fits very
snugly.

~~~
Rapzid
I believe they use nginx. Traditionally ELB has been the most featureless LB's
you'd ever encounter. That's in direct contrast with HAProxy. Truly a pain
point with AWS IMO.

~~~
jdub
ELB has features that nginx does not (health checks for one), and does not
take advantage of _many_ features that nginx does have. On the other hand, the
feature set of HAProxy (1.5 branch, now "released") matches remarkably
closely.

~~~
tachion
> ELB has features that nginx does not (health checks for one)

Check out Tengine, a Nginx fork made by Alibaba guys ;)

------
mathieuruellan
I'm using HAProxy to load balance to an EC2 autoscaling group. I have to list
all ip in the configuration file. It's still not possibile to put A.B.C.0/24.

------
kawsper

        - [MINOR] checks: add PostgreSQL health check
    

A bit silent, but this is a very interesting change for us.

------
aaas_dot_io
Thanks for all hard work. I had checked 1.5 dev build 2-3 months ago, enabling
SSL was causing very high CPU. Must have been good now.

------
fasteo
Kudos to loadbalancer.org team. Classy

------
tachion
How come this is a news if 1.5.1 has already been released on June 24th?

~~~
brlewis
June, even. I'm still interested, though. Fitbit uses haproxy but I set up my
development machine with nginx because of SSL. It probably doesn't make a
difference, but I'll still feel better when I can easily make my dev setup
more closely mirror production.

~~~
tomaac
What about SSL? HAProxy supports SSL offloading.

~~~
brlewis
I didn't investigate deeply; I'd never heard of haproxy prior to Fitbit.
Someone from site ops told me they use nginx + haproxy but it would be easier
for me to just set up nginx.

This article does sound to me like SSL support in haproxy is brand new:
[http://seanmcgary.com/posts/using-sslhttps-with-
haproxy](http://seanmcgary.com/posts/using-sslhttps-with-haproxy)

~~~
ominous_prime
SSL support has been around for a while, but 1.5 has been considered beta for
a few years now, though that hasn't stopped it from being deployed in a _lot_
of production environments.

Before SSL was rolled into haproxy, nginx was often a good candidate to handle
the SSL termination. Stunnel is also common, and stud was popular for a while,
but seems it was abandoned once haproxy could handle the job.

