| /* |
| * include/common/defaults.h |
| * Miscellaneous default values. |
| * |
| * Copyright (C) 2000-2010 Willy Tarreau - w@1wt.eu |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation, version 2.1 |
| * exclusively. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public |
| * License along with this library; if not, write to the Free Software |
| * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| */ |
| |
| #ifndef _COMMON_DEFAULTS_H |
| #define _COMMON_DEFAULTS_H |
| |
| /* MAX_PROCS defines the highest limit for the global "nbproc" value. It |
| * defaults to the number of bits in a long integer but may be lowered to save |
| * resources on embedded systems. |
| */ |
| #ifndef MAX_PROCS |
| #define MAX_PROCS LONGBITS |
| #endif |
| |
| /* |
| * BUFSIZE defines the size of a read and write buffer. It is the maximum |
| * amount of bytes which can be stored by the proxy for each stream. However, |
| * when reading HTTP headers, the proxy needs some spare space to add or rewrite |
| * headers if needed. The size of this spare is defined with MAXREWRITE. So it |
| * is not possible to process headers longer than BUFSIZE-MAXREWRITE bytes. By |
| * default, BUFSIZE=16384 bytes and MAXREWRITE=min(1024,BUFSIZE/2), so the |
| * maximum length of headers accepted is 15360 bytes. |
| */ |
| #ifndef BUFSIZE |
| #define BUFSIZE 16384 |
| #endif |
| |
| /* certain buffers may only be allocated for responses in order to avoid |
| * deadlocks caused by request queuing. 2 buffers is the absolute minimum |
| * acceptable to ensure that a request gaining access to a server can get |
| * a response buffer even if it doesn't completely flush the request buffer. |
| * The worst case is an applet making use of a request buffer that cannot |
| * completely be sent while the server starts to respond, and all unreserved |
| * buffers are allocated by request buffers from pending connections in the |
| * queue waiting for this one to flush. Both buffers reserved buffers may |
| * thus be used at the same time. |
| */ |
| #ifndef RESERVED_BUFS |
| #define RESERVED_BUFS 2 |
| #endif |
| |
| // reserved buffer space for header rewriting |
| #ifndef MAXREWRITE |
| #define MAXREWRITE 1024 |
| #endif |
| |
| #ifndef REQURI_LEN |
| #define REQURI_LEN 1024 |
| #endif |
| |
| #ifndef CAPTURE_LEN |
| #define CAPTURE_LEN 64 |
| #endif |
| |
| #ifndef MAX_SYSLOG_LEN |
| #define MAX_SYSLOG_LEN 1024 |
| #endif |
| |
| // maximum line size when parsing config |
| #ifndef LINESIZE |
| #define LINESIZE 2048 |
| #endif |
| |
| // max # args on a configuration line |
| #define MAX_LINE_ARGS 64 |
| |
| // maximum line size when parsing crt-bind-list config |
| #define CRT_LINESIZE 65536 |
| |
| // max # args on crt-bind-list configuration line |
| #define MAX_CRT_ARGS 2048 |
| |
| // max # args on a stats socket |
| // This should cover at least 5 + twice the # of data_types |
| #define MAX_STATS_ARGS 64 |
| |
| // max # of matches per regexp |
| #define MAX_MATCH 10 |
| |
| // max # of headers in one HTTP request or response |
| // By default, about 100 headers (+1 for the first line) |
| #ifndef MAX_HTTP_HDR |
| #define MAX_HTTP_HDR 101 |
| #endif |
| |
| // max # of headers in history when looking for header #-X |
| #ifndef MAX_HDR_HISTORY |
| #define MAX_HDR_HISTORY 10 |
| #endif |
| |
| // max # of stick counters per session (at least 3 for sc0..sc2) |
| #ifndef MAX_SESS_STKCTR |
| #define MAX_SESS_STKCTR 3 |
| #endif |
| |
| // max # of extra stick-table data types that can be registred at runtime |
| #ifndef STKTABLE_EXTRA_DATA_TYPES |
| #define STKTABLE_EXTRA_DATA_TYPES 0 |
| #endif |
| |
| // max # of stick-table filter entries that can be used during dump |
| #ifndef STKTABLE_FILTER_LEN |
| #define STKTABLE_FILTER_LEN 4 |
| #endif |
| |
| // max # of loops we can perform around a read() which succeeds. |
| // It's very frequent that the system returns a few TCP segments at a time. |
| #ifndef MAX_READ_POLL_LOOPS |
| #define MAX_READ_POLL_LOOPS 4 |
| #endif |
| |
| // minimum number of bytes read at once above which we don't try to read |
| // more, in order not to risk facing an EAGAIN. Most often, if we read |
| // at least 10 kB, we can consider that the system has tried to read a |
| // full buffer and got multiple segments (>1 MSS for jumbo frames, >7 MSS |
| // for normal frames) did not bother truncating the last segment. |
| #ifndef MIN_RECV_AT_ONCE_ENOUGH |
| #define MIN_RECV_AT_ONCE_ENOUGH (7*1448) |
| #endif |
| |
| // The minimum number of bytes to be forwarded that is worth trying to splice. |
| // Below 4kB, it's not worth allocating pipes nor pretending to zero-copy. |
| #ifndef MIN_SPLICE_FORWARD |
| #define MIN_SPLICE_FORWARD 4096 |
| #endif |
| |
| // the max number of events returned in one call to poll/epoll. Too small a |
| // value will cause lots of calls, and too high a value may cause high latency. |
| #ifndef MAX_POLL_EVENTS |
| #define MAX_POLL_EVENTS 200 |
| #endif |
| |
| // the max number of tasks to run at once |
| #ifndef RUNQUEUE_DEPTH |
| #define RUNQUEUE_DEPTH 200 |
| #endif |
| |
| // cookie delimitor in "prefix" mode. This character is inserted between the |
| // persistence cookie and the original value. The '~' is allowed by RFC6265, |
| // and should not be too common in server names. |
| #ifndef COOKIE_DELIM |
| #define COOKIE_DELIM '~' |
| #endif |
| |
| // this delimitor is used between a server's name and a last visit date in |
| // cookies exchanged with the client. |
| #ifndef COOKIE_DELIM_DATE |
| #define COOKIE_DELIM_DATE '|' |
| #endif |
| |
| #define CONN_RETRIES 3 |
| |
| #define CHK_CONNTIME 2000 |
| #define DEF_CHKINTR 2000 |
| #define DEF_MAILALERTTIME 10000 |
| #define DEF_FALLTIME 3 |
| #define DEF_RISETIME 2 |
| #define DEF_AGENT_FALLTIME 1 |
| #define DEF_AGENT_RISETIME 1 |
| #define DEF_CHECK_REQ "OPTIONS / HTTP/1.0\r\n" |
| #define DEF_CHECK_PATH "" |
| #define DEF_SMTP_CHECK_REQ "HELO localhost\r\n" |
| #define DEF_LDAP_CHECK_REQ "\x30\x0c\x02\x01\x01\x60\x07\x02\x01\x03\x04\x00\x80\x00" |
| #define DEF_REDIS_CHECK_REQ "*1\r\n$4\r\nPING\r\n" |
| |
| #define DEF_HANA_ONERR HANA_ONERR_FAILCHK |
| #define DEF_HANA_ERRLIMIT 10 |
| |
| // X-Forwarded-For header default |
| #define DEF_XFORWARDFOR_HDR "X-Forwarded-For" |
| |
| // X-Original-To header default |
| #define DEF_XORIGINALTO_HDR "X-Original-To" |
| |
| /* Default connections limit. |
| * |
| * A system limit can be enforced at build time in order to avoid using haproxy |
| * beyond reasonable system limits. For this, just define SYSTEM_MAXCONN to the |
| * absolute limit accepted by the system. If the configuration specifies a |
| * higher value, it will be capped to SYSTEM_MAXCONN and a warning will be |
| * emitted. The only way to override this limit will be to set it via the |
| * command-line '-n' argument. If SYSTEM_MAXCONN is not set, a minimum value |
| * of 100 will be used for DEFAULT_MAXCONN which almost guarantees that a |
| * process will correctly start in any situation. |
| */ |
| #ifdef SYSTEM_MAXCONN |
| #undef DEFAULT_MAXCONN |
| #define DEFAULT_MAXCONN SYSTEM_MAXCONN |
| #elif !defined(DEFAULT_MAXCONN) |
| #define DEFAULT_MAXCONN 100 |
| #endif |
| |
| /* Minimum check interval for spread health checks. Servers with intervals |
| * greater than or equal to this value will have their checks spread apart |
| * and will be considered when searching the minimal interval. |
| * Others will be ignored for the minimal interval and will have their checks |
| * scheduled on a different basis. |
| */ |
| #ifndef SRV_CHK_INTER_THRES |
| #define SRV_CHK_INTER_THRES 1000 |
| #endif |
| |
| /* Specifies the string used to report the version and release date on the |
| * statistics page. May be defined to the empty string ("") to permanently |
| * disable the feature. |
| */ |
| #ifndef STATS_VERSION_STRING |
| #define STATS_VERSION_STRING " version " HAPROXY_VERSION ", released " HAPROXY_DATE |
| #endif |
| |
| /* Maximum signal queue size, and also number of different signals we can |
| * handle. |
| */ |
| #ifndef MAX_SIGNAL |
| #define MAX_SIGNAL 256 |
| #endif |
| |
| /* Maximum host name length */ |
| #ifndef MAX_HOSTNAME_LEN |
| #if MAXHOSTNAMELEN |
| #define MAX_HOSTNAME_LEN MAXHOSTNAMELEN |
| #else |
| #define MAX_HOSTNAME_LEN 64 |
| #endif // MAXHOSTNAMELEN |
| #endif // MAX_HOSTNAME_LEN |
| |
| /* Maximum health check description length */ |
| #ifndef HCHK_DESC_LEN |
| #define HCHK_DESC_LEN 128 |
| #endif |
| |
| /* ciphers used as defaults on connect */ |
| #ifndef CONNECT_DEFAULT_CIPHERS |
| #define CONNECT_DEFAULT_CIPHERS NULL |
| #endif |
| |
| /* ciphers used as defaults on TLS 1.3 connect */ |
| #ifndef CONNECT_DEFAULT_CIPHERSUITES |
| #define CONNECT_DEFAULT_CIPHERSUITES NULL |
| #endif |
| |
| /* ciphers used as defaults on listeners */ |
| #ifndef LISTEN_DEFAULT_CIPHERS |
| #define LISTEN_DEFAULT_CIPHERS NULL |
| #endif |
| |
| /* cipher suites used as defaults on TLS 1.3 listeners */ |
| #ifndef LISTEN_DEFAULT_CIPHERSUITES |
| #define LISTEN_DEFAULT_CIPHERSUITES NULL |
| #endif |
| |
| /* named curve used as defaults for ECDHE ciphers */ |
| #ifndef ECDHE_DEFAULT_CURVE |
| #define ECDHE_DEFAULT_CURVE "prime256v1" |
| #endif |
| |
| /* ssl cache size */ |
| #ifndef SSLCACHESIZE |
| #define SSLCACHESIZE 20000 |
| #endif |
| |
| /* ssl max dh param size */ |
| #ifndef SSL_DEFAULT_DH_PARAM |
| #define SSL_DEFAULT_DH_PARAM 0 |
| #endif |
| |
| /* max memory cost per SSL session */ |
| #ifndef SSL_SESSION_MAX_COST |
| #define SSL_SESSION_MAX_COST (16*1024) // measured |
| #endif |
| |
| /* max memory cost per SSL handshake (on top of session) */ |
| #ifndef SSL_HANDSHAKE_MAX_COST |
| #define SSL_HANDSHAKE_MAX_COST (76*1024) // measured |
| #endif |
| |
| #ifndef DEFAULT_SSL_CTX_CACHE |
| #define DEFAULT_SSL_CTX_CACHE 1000 |
| #endif |
| |
| /* approximate stream size (for maxconn estimate) */ |
| #ifndef STREAM_MAX_COST |
| #define STREAM_MAX_COST (sizeof(struct stream) + \ |
| 2 * sizeof(struct channel) + \ |
| 2 * sizeof(struct connection) + \ |
| global.tune.requri_len + \ |
| 2 * global.tune.cookie_len) |
| #endif |
| |
| /* available memory estimate : count about 3% of overhead in various structures */ |
| #ifndef MEM_USABLE_RATIO |
| #define MEM_USABLE_RATIO 0.97 |
| #endif |
| |
| /* Number of samples used to compute the times reported in stats. A power of |
| * two is highly recommended, and this value multiplied by the largest response |
| * time must not overflow and unsigned int. See freq_ctr.h for more information. |
| * We consider that values are accurate to 95% with two batches of samples below, |
| * so in order to advertise accurate times across 1k samples, we effectively |
| * measure over 512. |
| */ |
| #ifndef TIME_STATS_SAMPLES |
| #define TIME_STATS_SAMPLES 512 |
| #endif |
| |
| /* max ocsp cert id asn1 encoded length */ |
| #ifndef OCSP_MAX_CERTID_ASN1_LENGTH |
| #define OCSP_MAX_CERTID_ASN1_LENGTH 128 |
| #endif |
| |
| #ifndef OCSP_MAX_RESPONSE_TIME_SKEW |
| #define OCSP_MAX_RESPONSE_TIME_SKEW 300 |
| #endif |
| |
| /* Number of TLS tickets to check, used for rotation */ |
| #ifndef TLS_TICKETS_NO |
| #define TLS_TICKETS_NO 3 |
| #endif |
| |
| /* pattern lookup default cache size, in number of entries : |
| * 10k entries at 10k req/s mean 1% risk of a collision after 60 years, that's |
| * already much less than the memory's reliability in most machines and more |
| * durable than most admin's life expectancy. A collision will result in a |
| * valid result to be returned for a different entry from the same list. |
| */ |
| #ifndef DEFAULT_PAT_LRU_SIZE |
| #define DEFAULT_PAT_LRU_SIZE 10000 |
| #endif |
| |
| #endif /* _COMMON_DEFAULTS_H */ |