I-HAProxy i-balancer yokulayisha isofthiwe yomthombo ovulekile edumile, muva nje umemezele ukwethulwa kwe inguqulo entsha ye "HAProxy 3.0", eza nochungechunge lwezibuyekezo ezithembisa ukuthuthukisa ubulula, ukusebenza, ukwethembeka nokuvikeleka.
Kulabo abangazi nge-HAProxy, kufanele wazi ukuthi lokhu iyibhalansi yokulayisha ekuvumela ukuthi usabalalise ithrafikhi ye-HTTP kanye nezicelo ze-TCP phakathi kweqembu lamaseva. I-HAProxy icabangela izici eziningi, njengokutholakala kweseva, ukuhlolwa kwezinga lomthwalo, kanye nokuqaliswa kwezinyathelo zokuphikisa ze-DDoS.
Izici ezintsha eziphambili ze-HAProxy 3.0
Le nguqulo entsha eyethulwa ye-HAProxy 3.0, ibekwe njengenguqulo yosekelo yesikhathi eside (LTS) futhi izosekelwa kuze kube ngu-2029 futhi inesigaba esisha se-crt-store okunikeza indlela eguquguqukayo yokugcina nokusebenzisa izitifiketi ze-SSL, ehlukanisa isitoreji ekusetshenzisweni endaweni engaphambili. Lokhu kukuvumela ukuthi ucacise izindawo zengxenye ngayinye yesitifiketi, njengamafayela esitifiketi, amafayela abalulekile, namafayela okuphendula e-OCSP.
Olunye ushintsho olugqamile yi Amandla anwetshiwe okulinganisa imilayezo ye-Syslog. Kushiwo ukuthi inqubekelaphambili yenziwe ukuze manje ukwazi ukusetha izisindo emigqeni yeseva kuma-logbackends emodi yakho. Ngaleso sikhathi, i-algorithm enamathelayo, ebikhawulelwe ekubhaliseni i-backends, manje isisebenza kumodi ethi tcp.mode http backends futhi.
Ngaphezu kwalokho, ku-HAProxy manje kungenzeka ukubeka imingcele yezicelo ezithile kuvunyelwe umthetho olandelwayo we-HTTP/2 ongabangela izinkinga, okukuvumela ukuthi ubone izinhlelo zokusebenza ezinephutha noma amaklayenti ngokuziphatha okungalungile
Ku-HAProxy 3.0, kwethulwa "umhlahlandlela" omusha, lo myalelo ungasetshenziswa ezigabeni "frontend", "backend" kanye "lalela" ukuxhuma isihlonzi esiyingqayizivele kulezi zigaba, okuvumela izibalo ezihambisanayo ukuthi zilondolozwe ngisho nangemva kokuqalisa kabusha. Ukwengeza, umyalo othi "lahla ifayela lezibalo" ungeziwe ukuze kugcinwe izibalo efayelini futhi umyalo "wefayela lezibalo" ungeziwe ukuze kufundwe izibalo efayelini ngemva kokuqalisa kabusha.
Kanjalo, Inani ledatha elingatholakala linwetshiwe, okukuvumela ukuthi ucele ulwazi mayelana nenani lamaseshini e-HTTP avuliwe, usayizi womugqa wesicelo kanye nenani elivunyelwe lezikhathi ngesikhathi esisodwa.
Ngakolunye uhlangothi, futhil ukusebenza kwezindawo zokugcina inkumbulo ezidalwe nge-stick-table ikhule kakhulu ngokusebenzisa indlela yokukhiya esebenza kahle kakhulu, ethuthukisa kakhulu ukusebenza kumasistimu anemicu eminingi. Isibonelo, kusistimu enezintambo ezingu-80, ukusebenza kukhuphuke izikhathi ezingu-6.
Ezilungiselelweni zamasayithi amaningi lapho isitifiketi se-TLS sikhethwa khona ngokusekelwe ku-ID yomsingathi enikezwe isandiso se-TLS SNI, i-agumenti ethi "default-crt" yengezwe ukuze kukhethwe isitifiketi esimisiwe uma izitifiketi ezikhona zingafani nesayithi.
Se wengeze izenzo ezithi “set-fc-tos” kanye “set-bc-tos” ukuze kungene inkambu ye-DS (Izinkonzo Ezihlukene) kumaphakethe e-IP ngemuva noma indawo engaphambili, kanye nezenzo “ze-set-fc-mark” kanye “ne-set-bc-mark” zokumaka amaphakethe e-IP ukuze ahlanganiswe kamuva kuthebula elithile lomzila.
Manje kunqatshelwe ukuthumela imiyalo eminingi ku-Runtime API ngesicelo esisodwa esihlukaniswa uhlamvu olusha; ukusetha igama elingukhiye "elinikwe amandla" lamaseva aguqukayo akuvunyelwe; kanye nokuqinisekiswa kwama-URI angajwayelekile kuqinisiwe.
Of ezinye izinguquko ezigqamile yale nguqulo entsha:
- Isiqalo esithi "@virt" singasetshenziswa ukwenza imephu ebonakalayo kanye namafayela e-ACL angalondolozwanga kudiski, ngokuqukethwe okuphethwe nge-Runtime API.
- Isiqalo esithi “@opt” siyatholakala esisebenzisa amafayela abonakalayo kuphela uma kungekho mafayela angempela kudiski.
- Ukuhlaziya manje kuqinile ngesikhathi sokucutshungulwa kwe-HTTP/1 ukuze kuqinisekiswe okuhlosiwe kwesicelo.
- Iziqondiso zomhlaba wonke (http-err-codes kanye ne-http-fail-codes) zethuliwe ezikuvumela ukuthi usethe amakhodi esimo se-HTTP ukuze uwalandele.
- Indlela ye-uuid Yokulanda manje ithatha impikiswano yokuzikhethela esetha inguqulo ye-UUID ibe ngu-4 noma 7
- Ukusebenza kwezikripthi ze-Lua ezinochungechunge olulodwa ezilayishwe kusetshenziswa isiyalelo esithi "lua-load" kuthuthukiswe kakhulu.
- Ukufometha imigqa yelogi ku-JSON naku-CBOR manje kuyasekelwa.
- Manje sekungenzeka ukuthi udale izihlonzi ngefomethi ye-UUIDv7.
ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.