Great ;-)
Updated on docker hub.
https://hub.docker.com/r/me2digital/haproxy18/
###
HA-Proxy version 1.8-rc3-34650d5 2017/11/11
Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
-fwrapv -Wno-unused-label
OPTIONS = USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_ZLIB=1
USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_PCRE_JIT=1
USE_TFO=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents =
200
Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Built with network namespace support.
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Encrypted password support via crypt(3): yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with multi-threading support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
###
------ Originalnachricht ------
Von: "Willy Tarreau" <w...@1wt.eu>
An: haproxy@formilux.org
Gesendet: 11.11.2017 09:34:13
Betreff: [ANNOUNCE] haproxy-1.8-rc3
Hi,
things are getting much better. We fixed a large number of remaining
issues in the multi-threaded code (mostly unmatched locks), and various
issues in the HTTP/2 code causing some streams either time out or some
connections to be closed before the end of the response could be
transmitted. There were also some issues in the HTTP/1 response parser
used by the HTTP/2 gateway causing spinning loops on certain invalid
responses such as status codes made of more than 3 digits, or on
chunked
responses filling the buffer. Also, the HTTP/1 parser now properly
blocks
"PRI" requests which are in fact caused by an HTTP/2 preface sent to a
TCP frontend relaying to an HTTP backend.
There was an issue with the multi-threaded task scheduler converging
in O(N) when long series of tasks were running on the same thread, as
triggered with HTTP/2 benchmarks. This was addressed so that it now
does O(log(N)) again. So if you have run some benchmarks of H/2 with
multithreaded and were surprised with some low performance results,
you'll have to run them again :-) It's suspected that the applets
scheduler will need the same change by the way, because while it used
to endure little stress, with the cache that may change quite a bit.
The code is now expected to build fine again on Solaris since SPIN_LOCK
macros were renamed to HA_SPIN_LOCK, and the server-side 0-rtt TLS-1.3
code should now work.
In master-worker mode, the pid file now only reports the parent's pid,
which is more consistent with what is done by most other deamons and is
more friendly to many tools. Nothing changed for the legacy
multi-process
mode however.
I've run a number of tests on this one and could not freeze it nor
crash it anymore. It even survived 100 million stats requests over H/2
with threads enabled without any error, something which previously
would cause a few timeouts or spinning loops.
I'm going to deploy 1.8-rc3 with threads enabled on haproxy.org now and
watch it a little bit.
We still have some cleanups to do in the code, and we have more or less
decided what to do to address the HTTP2/cache/filters incompatibilities
so hopefully cache+HTTP/2 will work fine together in rc4.
While I used to say "be extremely careful" till rc2, I'd now say that
you may want to give it a try on a single server if you're able to
quickly take it out or roll back in case of outage. Please at least try
to collect a core file if you see it crash, as there's no more known
case where this is expected to happen. And please keep in mind that the
HTTP/2 and multi-thread features are still experimental, so in case of
trouble, just disable H2 and/or threads and see if the issue persists.
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Sources : http://www.haproxy.org/download/1.8/src/
Git repository : http://git.haproxy.org/git/haproxy-1.8.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-1.8.git
Changelog : http://www.haproxy.org/download/1.8/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
PS: I messed up during the first upload and force-pushed it again after
checking in the logs that nobody tried to pull it. In case you have
an automated mirror that reports an error, it's my fault and you'll
have to fix it by hand. The code doesn't differ at all, it's just
that the last commit with the changelog used to happen twice.
Willy
---
Complete changelog :
Christopher Faulet (4):
BUILD: threads: Rename SPIN/RWLOCK macros using HA_ prefix
BUILD: enable USE_THREAD for Solaris build.
BUG/MEDIUM: stream-int: Don't loss write's notifs when a stream is
woken up
BUG/MINOR: pattern: Rely on the sample type to copy it in
pattern_exec_match
Daniel Schneller (1):
DOC: Add note about encrypted password CPU usage
Emeric Brun (2):
BUG/MEDIUM: splice/threads: pipe reuse list was not protected.
BUG/MINOR: comp: fix compilation warning compiling without
compression.
Olivier Houchard (7):
BUILD: use MAXPATHLEN instead of NAME_MAX.
BUG/MINOR: dns: Don't try to get the server lock if it's already
held.
BUG/MINOR: dns: Don't lock the server lock in
snr_check_ip_callback().
BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI
is matched.
MINOR: ssl: Handle session resumption with TLS 1.3
MINOR: ssl: Spell 0x10101000L correctly.
MINOR: ssl: Handle sending early data to server.
William Lallemand (4):
MINOR: add master-worker in the warning about nbproc
MINOR: mworker: allow pidfile in mworker + foreground
MINOR: mworker: write parent pid in the pidfile
MINOR: mworker: do not store child pid anymore in the pidfile
Willy Tarreau (56):
BUG/MAJOR: threads/checks: add 4 missing spin_unlock() in various
functions
BUG/MAJOR: threads/server: missing unlock in CLI fqdn parser
BUG/MINOR: cli: do not perform an invalid action on "set server
check-port"
BUG/MAJOR: threads/checks: wrong use of SPIN_LOCK instead of
SPIN_UNLOCK
CLEANUP: checks: remove return statements in locked functions
BUG/MINOR: cli: add severity in "set server addr" parser
CLEANUP: server: get rid of return statements in the CLI parser
BUG/MAJOR: cli/streams: missing unlock on exit "show sess"
BUG/MAJOR: threads/dns: add missing unlock on allocation failure
path
BUG/MAJOR: threads/lb: fix missing unlock on consistent hash LB
BUG/MAJOR: threads/lb: fix missing unlock on map-based hash LB
BUG/MEDIUM: threads/stick-tables: close a race condition on
stktable_trash_expired()
BUG/MAJOR: h2: set the connection's task to NULL when no client
timeout is set
BUG/MAJOR: thread/listeners: enable_listener must not call
unbind_listener()
BUG/MEDIUM: threads: don't try to free build option message on
exit
MINOR: applets: no need to check for runqueue's emptiness in
appctx_res_wakeup()
MINOR: ebtree: implement the scope-aware functions for eb32
MEDIUM: ebtree: specify the scope of every node inserted via
eb32sc
MINOR: ebtree: update the eb32sc parent node's scope on delete
MEDIUM: ebtree: only consider the branches matching the scope in
lookups
MINOR: ebtree: implement eb32sc_lookup_ge_or_first()
MAJOR: task: make use of the scope-aware ebtree functions
MINOR: task: simplify wake_expired_tasks() to avoid unlocking in
the loop
MEDIUM: task: change the construction of the loop in
process_runnable_tasks()
MINOR: threads: use faster locks for the spin locks
MINOR: tasks: only visit filled task slots after processing them
MEDIUM: tasks: implement a lockless scheduler for single-thread
usage
BUG/MINOR: h2: set the "HEADERS_SENT" flag on stream, not
connection
BUG/MEDIUM: h2: properly send an RST_STREAM on mux stream error
BUG/MEDIUM: h2: properly send the GOAWAY frame in the mux
BUG/MEDIUM: h2: don't try (and fail) to send non-existing data in
the mux
MEDIUM: h2: remove the H2_SS_RESET intermediate state
BUG/MEDIUM: h2: fix some wrong error codes on connections
BUG/MEDIUM: h2: don't close the connection is there are data left
MINOR: h2: don't re-enable the connection's task when we're
closing
BUG/MEDIUM: h2: properly set H2_SF_ES_SENT when sending the final
frame
BUG/MINOR: h2: correctly check for H2_SF_ES_SENT before closing
MINOR: h2: add new stream flag H2_SF_OUTGOING_DATA
BUG/MINOR: h2: don't send GOAWAY on failed response
BUG/MINOR: stream-int: don't set MSG_MORE on closed request path
BUG/MAJOR: threads/tasks: fix the scheduler again
BUILD: ssl: fix build of backend without ssl
BUILD: shctx: do not depend on openssl anymore
BUG/MINOR: h1: the HTTP/1 make status code parser check for digits
BUG/MEDIUM: h2: reject non-3-digit status codes
BUG/MEDIUM: h2: split the function to send RST_STREAM
BUG/MEDIUM: h1: ensure the chunk size parser can deal with full
buffers
MINOR: tools: don't use unlikely() in hex2i()
BUG/MEDIUM: h2: support orphaned streams
BUG/MEDIUM: threads/cli: fix "show sess" locking on release
CLEANUP: mux: remove the unused "release()" function
MINOR: cli: make "show fd" report the fd's thread mask
BUG/MEDIUM: stream: don't ignore res.analyse_exp anymore
CLEANUP: global: introduce variable pid_bit to avoid shifts with
relative_pid
MEDIUM: http: always reject the "PRI" method
[RELEASE] Released version 1.8-rc3
---
