v11.0.0

Fixes

• Several fixes to throw alerts if conflicting configuration properties are set
• certs.ttar: Fixed a bug where OPTIONAL_EXT_CERTS was appended to all internal certs instead of just the crt-list

New Features

• Tests have been greatly improved with unit and acceptance tests
• Support for HTTP/2 was added
• Support for master CLI was added (see documentation here)
• Support for ssl_min_version and ssl_max_version properties in crt-list was added

Acknowledgements

Thanks @Gerg for the HTTP/2 PR!
Thanks @b1tamara for the ssl_min_version/ssl_max_version PR!
Thanks @peterellisjones for adding unit and acceptance tests and various fixes!
Thanks @peterellisjones and @46bit for the master CLI PR!

Deployment

releases:
- name: haproxy
  version: 11.0.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v11.0.0/haproxy-11.0.0.tgz
  sha1: 9bd49ed810dfa07ecf7971c5cb16a8995ef8b643

v10.6.0

New Features

• ha_proxy.tcp_link_check_port property added as an optional port for tcp_backend health checks.
• ha_proxy.forwarded_client_cert now supports a new forward_only_if_route_service option. This allows HAproxy to forward client certificates if (and only if) they are forwarded by a CF route service. Requires gorouter to check the validity of the route service secret for security.

Upgrades

• haproxy has been upgraded to v2.2.14 from v2.2.13

Acknowledgements

Thanks @46bit for the forward_only_if_route_service PR!
Thanks @domdom82 for the tcp_link_check_port PR!

Deployment

releases:
- name: haproxy
  version: 10.6.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.6.0/haproxy-10.6.0.tgz
  sha1: 16ce23f5aee8c0b9ebaed2bf1da688e02d20721d

v10.5.0

Fixes

• Fix hatop not working with Python3-only stem cells (See PR #179, Issue #160)

New Features

• Add monit check for haproxy health endpoint to avoid deploying a non-running HAproxy (See PR #177)

Upgrades

• haproxy has been upgraded from v2.2.5 to v2.2.13

Acknowledgements

Thanks @domdom82 for the PRs!

Deployment

releases:
- name: haproxy
  version: 10.5.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.5.0/haproxy-10.5.0.tgz
  sha1: 52f5b1f1de27a6133293e0a6e025dc122a286042

v10.3.0

Fixes

• Fix soft reload which stopped working with the switch to BPM 1.1.9 and the addition of the feature that allowed HAproxy to log to stdout, which requires launching in foreground.

New Features

• Switch to master-worker-mode to allow reload to work with nbproc > 1

Acknowledgements

Thanks @domdom82 for the PR!

Deployment

releases:
- name: haproxy
  version: 10.3.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.3.0/haproxy-10.3.0.tgz
  sha1: 248a5fc7e9f652e074cf914926847fac109a2108

v10.2.0

New Features

• Added retries and timeouts to the custom resolver section for DNS resolution.
• Added support for default_config, a block of raw HAProxy config that will be added to the HAProxy default section.

Acknowledgements

Thanks @ogrand for the retries on custom resolvers!
Thanks @axel7born for the default_config PR!

Deployment

releases:
- name: haproxy
  version: 10.2.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.2.0/haproxy-10.2.0.tgz
  sha1: 0c56617383db2cd84ae015ecfcae65618c3b3113

v10.1.1

New Features

• Bumps LUA to 5.4.1 and HAProxy to 2.2.5, to address many CVEs

Acknowledgements

Thanks @domdom82 for the upgrade PR!

Deployment

releases:
- name: haproxy
  version: 10.1.1
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.1.1/haproxy-10.1.1.tgz
  sha1: b79bae46449de09cd30ecdbaec322c50121049e9

v10.1.0

New Features

• Support has been added for pulling in certificates to be managed
  out of band to haproxy-boshrelease. This is useful for cases where
  many certs need to be provided to HAProxy in an on demand basis without
  doing a full bosh deploy + restarting HAProxy every time a client's
  certificate changes. See the docs for more details!

Acknowledgments

Thanks @domdom82 for the feature!

Deployment

releases:
- name: haproxy
  version: 10.1.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.1.0/haproxy-10.1.0.tgz
  sha1: c892c02b90913a669d06b03ce27964dd403139f4

v10.0.0

Breaking Changes

• HAProxy now logs to stdout by default! They will now show up in /var/vcap/sys/log/haproxy
  and can be forwarded using the syslog-boshrelease like any other log. If you wish to use
  syslog to forward logs directly, this can still be accomplished, however you will likely want
  to also set ha_proxy.log_format back to rfc3164 as its default changed to raw in support of
  stdout logging.

  If you make use of ha_proxy.nbproc at a value larger than one, stdout logging is not supported,
  and a syslog server must be specified. This is NOT required when using ha_proxy.nbthread > 1.

• The deprecated ha_proxy.threads property has been removed in favor of ha_proxy.nbproc
  and ha_proxy.nbthread

New Features

• Support for live config reloading was added via a reload script. This can be used in use cases
  where config updates need to happen out of band to BOSH, where stopping and restarting processes
  is too disruptive. No changes were made to traditional BOSH process management for HAProxy as a result
  of this change, but the capability is now there for operators or other processes running on HAProxy
  VMs to trigger these reloads.
• ha_proxy.maxrewrite is now tunable for supporting large headers from things like X-Forwarded-Client-Cert.

Upgrades

• haproxy has been upgraded to v1.9.15 from v1.8.20.
• pcre2 has been upgraded to v10.34 from v10.31.
• socat has been upgraded to v1.7.3.4 from v1.7.3.2.

Acknowledgements

Thanks @domdom82 for the live reloading support and @stefanlay for the header length fix!

Deployment

releases:
- name: haproxy
  version: 10.0.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v10.0.0/haproxy-10.0.0.tgz
  sha1: 8c485beb92dceb4e2a78c4b540b2d0506684b9a8

v9.8.0

New Features

• The hatop utility has been added to haproxy-boshrelease to assist in haproxy troubleshooting
  http://feurix.org/projects/hatop/ Kudos to @jhunt and the Genesis Community for making this possible!
• @Scoobed added support for specifying additional filesystem paths to make available to the HAProxy
  process via BPM's unrestricted volumes list.
  This is particularly helpful when integrating LUA scripts from other BOSH releases. The
  ha_proxy.additional_unrestricted_volumes will allow this, and uses the same syntax as BPM.

Acknowledgements

Thanks @jhunt and @Scoobed!

Deployment

releases:
- name: haproxy
  version: 9.8.0
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v9.8.0/haproxy-9.8.0.tgz
  sha1: 8b9bf30e11e19f40e88cafa1a3cca1037f350516

v9.7.1

Fixes

• BPM now whitelists the filepath used for HAProxy's logging device, rather
  than hardcoding /dev/log. If you use a custom logging socket, this tells BPM
  to allow HAProxy to access the root filesystem for it.

Acknowledgments

Thanks go to @h0nlg for the PR!

Deployment

releases:
- name: haproxy
  version: 9.7.1
  url: https://github.com/cloudfoundry-incubator/haproxy-boshrelease/releases/download/v9.7.1/haproxy-9.7.1.tgz
  sha1: a26aff30b406849160854b9ee95eaad133a7338b