On 4/9/2022 3:30 AM, Willy Tarreau wrote:
Shawn, however, please use the latest 2.6-dev for QUIC. A lot of progress has been made since 2.5, so much that it has been running for one week on haproxy.org without major issues. I'm going to issue 2.6-dev5 today so I would suggest starting from this one and the latest QuicTLS lib. Also as I indicated in the last news onhttps://haproxy.org/ I'd encourage you to place QUIC in a separate haproxy process. This will allow you to easily kill it if you notice anything wrong, and it will limit the impact if any bug were to make it crash (it spent 6.5 continuous days without crashing for us but 2.6-dev remains development so one must be careful).
OK, so it sounds like I am going to need to figure out how to install a second copy of haproxy, and install another systemd service for it. Not sure yet what I will call that second service. I will paint that bikeshed when I manage to get it built.
I have 2.4.15 installed. Would it be acceptable to keep this completely as-is and then use the dev version as the second process? I really don't want to run a dev version as my primary if I can avoid it. For now I will only enable QUIC on websites where a little downtime won't cause problems, waiting to do them all until 2.6.2 or 2.6.3, at which point I think I'll be able to drop to one service again.
I ran a dev release in production at ${DAYJOB} a while back when 1.5 was still in dev -- I needed the latest TLS advancements at the time.
Thanks, Shawn
