Skip to Content
Skip Breadcrumb

The current openshift router images uses the Red Hat RPM package of haproxy. This package is maintained by Red Hat and uses haproxy 1.5 with some Red Hat patches.

You can see what’s in the package on centos git repo

It’s not bad but haproxy have now released the version 1.7.x, therefore there are several enhancements and bugfixes in the newer versions.

Changelog 1.6
Changelog 1.7

To be able to use the haproxy 1.7 you will need to build your own router as in the old days when you wanted to change something in the haproxy config template file.

The pre configmap age

OSE 3.0 | Rebuilding Your Router

UPDATE: There is now a image on docker hub as described in How to use haproxy 1.7 in openshift router (part 2)

Now we have the possibility to change the haproxy config template via a configmap, thanks to the developers which have added this feature by default into the openshift router.

OSE 3.2 | Using a ConfigMap to Replace the Router Configuration Template

Due to the fact that the have no versioning I refer to the enterprise page.

First of all the processes for the Openshift Origin and Openshift Container Platform (OCP)  are the same. The difference is the repository and the subscriptions.

Now let’s start.

Create a new project where this new routers are build and run.

oc new-project new-routers

Now create the images

oc new-app
oc new-app

and wait until the build and push to the registry is done.

You can follow the build logs via the following command.

oc logs -f bc/openshift-origin-router-hap17
# or
oc logs -f bc/openshift-oscp-router-hap17
You have now a router image with a new haproxy.

Here is the output of haproxy -vv

HA-Proxy version 1.7.3 2017/02/28
Copyright 2000-2017 Willy Tarreau <>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
            USE_PCRE=1 USE_PCRE_JIT=1 USE_TFO=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), \
                                   raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : yes
Built with Lua version : Lua 5.3.4
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT \

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
        [COMP] compression
        [TRACE] trace
        [SPOE] spoe

For the openshift origin please follow now this instructions to Rebuilding Your Router and for OSCP this one Rebuilding Your Router

Why should I use a newer haproxy?

Well first of all it’s a coolness factor ;-)

The new version offers some features like TCP Fast Open, elliptic curve certificates, and many more.

You can contact me for any further questions and orders