> haproxy can now be built with native systemd support using USE_SYSTEMD=1 and starting it with -Ws (systemd-aware master-worker mode).
What features/integrations make sense for a proxy with systemd? I'd assume it's only a unit that comes with the package, but that "-Ws" makes me wonder if there're deeper integrations.
I was the person creating the patch. For now all it does is compiling in support for `Type=notify` (using sd_notify [1]) in the unit file: haproxy is able to notify systemd when it completed the `start` or the `reload`.
In the future this could be extended to support systemd's socket passing and status messages. The latter allowing you to show a short string in `systemctl status haproxy`. See this example for php-fpm:
[root@example~]systemctl status php7.0-fpm.service
● php7.0-fpm.service - The PHP 7.0 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.0-fpm.service; enabled)
Active: active (running) since Sat 2017-11-25 13:28:22 CET; 1 day 8h ago
Docs: man:php-fpm7.0(8)
Main PID: 4624 (php-fpm7.0)
Status: "Processes active: 3, idle: 29, Requests: 1203613, slow: 545, Traffic: 10.1req/sec"
*snip*
I actually had/have an issue with the systemd-wrapper haproxy uses in 1.7 where systemd gets confused when doing a reload + a restart before all sessions are closed. This caused haproxy to completely stop accepting connections until the systemd timeout kicked in and sent a kill -9
I do hope that HAProxy might support ACME at some point, I'm currently stuck on Traefik which has been breaking some traffic but I rely heavily on dynamically issued LE certs.
Otherwise, outside of SSL, HAProxy has been very pleasant in my experience.
My problem is usually that I rely heavily on traefik being able to very easily issue certificates simply by having a backend with a hostname present.
If I, for example, configure my PHP VM to be reachable over "test.example.org" in Traefik, then Traefik will automatically try to issue a certificate for this domain once it detects the config change.
On HAProxy this is not as easy as I need to tell both LE and HAP about the new backend.
If it was integrated, I would only have to tell HAP.
> On HAProxy this is not as easy as I need to tell both LE and HAP about the new backend.
You only need to tell the certbot container the new domain. The frontend config I gave you actually hits before any host-ACLs which means it will pass all acme-challenge requests on all domains to the certbot container, and certbot will reload haproxy when it's done.
My major problem with Traefik is that if you aren't using the defined stacks and opt for file configuration it can be a bit exhausting to configure, TOML is a rather repetitive format.
It also lacks support for HTTP streaming for non-standard HTTP (I wish there was an option to just enable streaming on a host) which sucks for some enterprise software, and streaming for entire hosts so my nextcloud instance always has to wait for the traefik host to buffer the response before being able to download the file to the browser.
However, in terms of scaling and being able to get a SSL-terminating or SSL-handover reverse proxy going it's a breeze and it handles decent load very well.
Do people really announce new releases just over email and things like mail-archive or? Those mail archives always looked strange to me for some unknown reason.
For going on 20 years, yes. I even add hashes for each package (i.e. the tarball & platform installers) to the end of the message and sign it. I find it odd and inconvenient when projects don't announce releases via email.
If there is a mailing list for the software, why not send releases information over there? It makes a lot of sense to me.
I'm also subscribed to several, and some software also announce patches or security related stuff on mail lists.
I see mail as a low barrier of entry (every developer has an email address).
What else would you use to notify interested people and be able to receive feedback at the same time?
Sure I think it makes sense to have this on the forum as well as a shadow post or something, I posted this https://discourse.haproxy.org/t/haproxy-1-8-officially-relea... will see if willy would like to keep this and perhaps create an announcemet category. Ultimately his call, but there has been a lot of 1.8 discussion on the forum lately.
We use it on many of our projects and it has always been a very reliable piece of software, even at high traffic.
Kudos Willy and team, congratulations on the release!
-b