HAProxy Technologies announced the general availability of HAProxy 2.2, the latest version of the company's software load balancer.

This major LTS release of HAProxy adds new features such as a fully dynamic SSL certificate storage, a native response generator, advanced ring buffer logging with syslog over TCP, security hardening, and improved observability and debugging capabilities.

HAProxy 2.2 also includes more customizable error handling and several new features that integrate directly with HAProxy's highly performant log-format capabilities, which allow developers to build complex strings that use HAProxy's powerful built-in fetches and converters. The new features allow users to serve responses directly at the edge and generate custom error files on-the-fly, which can be incorporated directly into the new and improved, flexible health check system. This release comes in short succession to the HAProxy Data Plane API 2.0 release just last month.

These exciting new HAProxy features bring improved flexibility, observability, and security capabilities needed by IT professionals, systems architects, and SREs responsible for designing reliable infrastructure, including:

- Dynamic SSL Certificate Storage -- The ability to update SSL certificates that had been previously loaded into memory by using the Runtime API has been expanded even further to allow full management of certificates using the in-memory dynamic storage. Easily create, delete, and update certificates on-the-fly. Note that it's best to have a separate step that writes these files to disk too.

- Native Response Generator -- HAProxy can now generate dynamic responses from the infrastructure edge using the new http-request return action without forwarding the request to the backend servers. Users can send dynamic responses from on-disk templates, as well as text that uses the log-format syntax, without resorting to hacks with errorfile directives and dummy backends.

- Advanced Ring Buffer Logging with Syslog Over TCP -- The new ring buffer section in HAProxy allows you to queue logs and can send them to syslog over TCP, which can be helpful when you want to ensure that every log line is processed and not lost or dropped.

- SSL/TLS Enhancements - HAProxy 2.2 updates the default TLS version to 1.2 to avoid problems found in the older protocols. It also adds more flexibility when it comes to configuring SSL certificates: You can store private key files separately now, intermediate certificates can be appended using the new issuers-chain-path directive to form a chain of trust, and the new ca-verify-file argument lets you reference a root CA for validating intermediate certificates that are, in turn, used to validate client certificates.

- Resource savings and performance improvements -- in order to further reduce the footprint in container environments, HAProxy 2.2 constantly monitors and adapts its memory usage and its idle connection pools to maintain the least needed resources without affecting performance. This even results in significant performance improvements and resource usage reductions on servers thanks to the much lower connection counts and better network efficiency.

- Improved Observability -- Each version of HAProxy improves observability and this one is no exception, with new statistics on idle connections and memory usage, multi-filter stick table searches, more accurate moving averages, and refined details in instant dumps. However, what will probably be useful to the majority is a new timing metric, %Tu, which will return the total estimated time as seen from the client, from the moment the proxy accepted the request to the moment both ends were closed, not including the idle time before the request began. This makes it more convenient to gauge a user's end-to-end experience and spot slowness at a macro level.

- Debugging -- The debug converter is a handy option that can aid in debugging captured input samples. Previously, it required compiling HAProxy with debug mode enabled. Now, it is always available and will send the output to a defined event sink.

Willy Tarreau, HAProxy Project Leader, CTO HAProxy Technologies, said: "HAProxy 2.2 further improved on top of previous versions’ quality, stability and performance. It would not be possible without all the contributions from a self-organized community of active members who drive the project forward by testing code, helping others on various media and channels, share their opinions on important design decisions, operate a constantly growing set of automated tools used for QA and documentation, provide turn-key packages for end users, bring suggestions, fixes and code. Users of open-source products often consider only the code aspect of a project, but code doesn’t stand by itself without this essential support that requires too many skills to be endorsed by developers only, and all those doing this work behind the curtains, often without having their name mentioned in any commit message, really deserve to be thanked."