blob: a432537e323c5588a8a6fc95d748b2bddd0e0d5d [file] [log] [blame]
Willy Tarreaub1a34b62010-05-09 22:37:12 +02001 ----------------------
2 HAProxy how-to
3 ----------------------
Willy Tarreau15480d72014-06-19 21:10:58 +02004 version 1.6-dev
Willy Tarreaub1a34b62010-05-09 22:37:12 +02005 willy tarreau
Willy Tarreau50bdda62015-07-22 17:32:56 +02006 2015/07/22
willy tarreau78345332005-12-18 01:33:16 +01007
8
Willy Tarreaub1a34b62010-05-09 22:37:12 +020091) How to build it
10------------------
11
Willy Tarreau15480d72014-06-19 21:10:58 +020012First, please note that this version is a development version, so in general if
13you are not used to build from sources or if you don't have the time to track
14very frequent updates, it is recommended that instead you switch to the stable
15version (1.5) or follow the packaged updates provided by your software vendor
16or Linux distribution. Most of them are taking this task seriously and are
17doing a good job. If for any reason you'd prefer a different version than the
18one packaged for your system, or to get some commercial support, other choices
19are available at :
Willy Tarreau869f3512014-06-19 15:26:32 +020020
21 http://www.haproxy.com/
22
willy tarreau78345332005-12-18 01:33:16 +010023To build haproxy, you will need :
Willy Tarreaub1a34b62010-05-09 22:37:12 +020024 - GNU make. Neither Solaris nor OpenBSD's make work with the GNU Makefile.
Willy Tarreau3543cdb2014-05-10 09:12:46 +020025 If you get many syntax errors when running "make", you may want to retry
26 with "gmake" which is the name commonly used for GNU make on BSD systems.
Willy Tarreau869f3512014-06-19 15:26:32 +020027 - GCC between 2.95 and 4.8. Others may work, but not tested.
willy tarreau78345332005-12-18 01:33:16 +010028 - GNU ld
29
30Also, you might want to build with libpcre support, which will provide a very
Willy Tarreaub1a34b62010-05-09 22:37:12 +020031efficient regex implementation and will also fix some badness on Solaris' one.
willy tarreau78345332005-12-18 01:33:16 +010032
33To build haproxy, you have to choose your target OS amongst the following ones
34and assign it to the TARGET variable :
35
Willy Tarreau83b30c12008-05-25 10:32:50 +020036 - linux22 for Linux 2.2
37 - linux24 for Linux 2.4 and above (default)
38 - linux24e for Linux 2.4 with support for a working epoll (> 0.21)
Willy Tarreau83b30c12008-05-25 10:32:50 +020039 - linux26 for Linux 2.6 and above
Willy Tarreau869f3512014-06-19 15:26:32 +020040 - linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy)
Willy Tarreau83b30c12008-05-25 10:32:50 +020041 - solaris for Solaris 8 or 10 (others untested)
Willy Tarreau869f3512014-06-19 15:26:32 +020042 - freebsd for FreeBSD 5 to 10 (others untested)
Willy Tarreau8624cab2013-04-02 08:17:43 +020043 - osx for Mac OS/X
Daniel Jakots17d228b2015-07-29 08:03:08 +020044 - openbsd for OpenBSD 3.1 and above
Willy Tarreau50abe302014-04-02 20:44:43 +020045 - aix51 for AIX 5.1
Willy Tarreau7dec9652012-06-06 16:15:03 +020046 - aix52 for AIX 5.2
Yitzhak Sapir32087312009-06-14 18:27:54 +020047 - cygwin for Cygwin
Willy Tarreau869f3512014-06-19 15:26:32 +020048 - generic for any other OS or version.
Willy Tarreau83b30c12008-05-25 10:32:50 +020049 - custom to manually adjust every setting
willy tarreau78345332005-12-18 01:33:16 +010050
51You may also choose your CPU to benefit from some optimizations. This is
52particularly important on UltraSparc machines. For this, you can assign
53one of the following choices to the CPU variable :
54
55 - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon
56 - i586 for intel Pentium, AMD K6, VIA C3.
57 - ultrasparc : Sun UltraSparc I/II/III/IV processor
Willy Tarreau817dad52014-07-10 20:24:25 +020058 - native : use the build machine's specific processor optimizations. Use with
59 extreme care, and never in virtualized environments (known to break).
60 - generic : any other processor or no CPU-specific optimization. (default)
willy tarreau78345332005-12-18 01:33:16 +010061
Willy Tarreau83b30c12008-05-25 10:32:50 +020062Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options
63for your platform.
64
Willy Tarreauef7341d2009-04-11 19:45:50 +020065You may want to build specific target binaries which do not match your native
66compiler's target. This is particularly true on 64-bit systems when you want
67to build a 32-bit binary. Use the ARCH variable for this purpose. Right now
Willy Tarreaua5899aa2010-11-28 07:41:00 +010068it only knows about a few x86 variants (i386,i486,i586,i686,x86_64), two
69generic ones (32,64) and sets -m32/-m64 as well as -march=<arch> accordingly.
Willy Tarreauef7341d2009-04-11 19:45:50 +020070
willy tarreau78345332005-12-18 01:33:16 +010071If your system supports PCRE (Perl Compatible Regular Expressions), then you
72really should build with libpcre which is between 2 and 10 times faster than
73other libc implementations. Regex are used for header processing (deletion,
74rewriting, allow, deny). The only inconvenient of libpcre is that it is not
75yet widely spread, so if you build for other systems, you might get into
76trouble if they don't have the dynamic library. In this situation, you should
77statically link libpcre into haproxy so that it will not be necessary to
Willy Tarreau83b30c12008-05-25 10:32:50 +020078install it on target systems. Available build options for PCRE are :
willy tarreau78345332005-12-18 01:33:16 +010079
Willy Tarreau83b30c12008-05-25 10:32:50 +020080 - USE_PCRE=1 to use libpcre, in whatever form is available on your system
willy tarreau78345332005-12-18 01:33:16 +010081 (shared or static)
82
Willy Tarreau83b30c12008-05-25 10:32:50 +020083 - USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic
84 one is available. This will enhance portability.
85
Willy Tarreau663148c2012-12-12 00:38:22 +010086 - with no option, use your OS libc's standard regex implementation (default).
Willy Tarreau83b30c12008-05-25 10:32:50 +020087 Warning! group references on Solaris seem broken. Use static-pcre whenever
88 possible.
willy tarreau78345332005-12-18 01:33:16 +010089
Willy Tarreau64bc40b2011-03-23 20:00:53 +010090Recent systems can resolve IPv6 host names using getaddrinfo(). This primitive
91is not present in all libcs and does not work in all of them either. Support in
92glibc was broken before 2.3. Some embedded libs may not properly work either,
93thus, support is disabled by default, meaning that some host names which only
94resolve as IPv6 addresses will not resolve and configs might emit an error
95during parsing. If you know that your OS libc has reliable support for
96getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command line to enable
97it. This is the recommended option for most Linux distro packagers since it's
98working fine on all recent mainstream distros. It is automatically enabled on
99Solaris 8 and above, as it's known to work.
100
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200101It is possible to add native support for SSL using the GNU makefile, by passing
102"USE_OPENSSL=1" on the make command line. The libssl and libcrypto will
103automatically be linked with haproxy. Some systems also require libz, so if the
104build fails due to missing symbols such as deflateInit(), then try again with
105"ADDLIB=-lz".
Willy Tarreaud4508812012-09-10 09:07:41 +0200106
Lukas Tribus3fe9f1e2013-05-19 16:28:17 +0200107To link OpenSSL statically against haproxy, build OpenSSL with the no-shared
108keyword and install it to a local directory, so your system is not affected :
109
110 $ export STATICLIBSSL=/tmp/staticlibssl
111 $ ./config --prefix=$STATICLIBSSL no-shared
112 $ make && make install_sw
113
Lukas Tribus130ddf72013-10-01 00:28:03 +0200114When building haproxy, pass that path via SSL_INC and SSL_LIB to make and
115include additional libs with ADDLIB if needed (in this case for example libdl):
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200116
Lukas Tribus130ddf72013-10-01 00:28:03 +0200117 $ make TARGET=linux26 USE_OPENSSL=1 SSL_INC=$STATICLIBSSL/include SSL_LIB=$STATICLIBSSL/lib ADDLIB=-ldl
Lukas Tribus3fe9f1e2013-05-19 16:28:17 +0200118
William Lallemand82fe75c2012-10-23 10:25:10 +0200119It is also possible to include native support for ZLIB to benefit from HTTP
120compression. For this, pass "USE_ZLIB=1" on the "make" command line and ensure
Willy Tarreau418b8c02015-03-29 03:32:06 +0200121that zlib is present on the system. Alternatively it is possible to use libslz
122for a faster, memory less, but slightly less efficient compression, by passing
123"USE_SLZ=1".
William Lallemand82fe75c2012-10-23 10:25:10 +0200124
willy tarreau78345332005-12-18 01:33:16 +0100125By default, the DEBUG variable is set to '-g' to enable debug symbols. It is
126not wise to disable it on uncommon systems, because it's often the only way to
127get a complete core when you need one. Otherwise, you can set DEBUG to '-s' to
128strip the binary.
129
130For example, I use this to build for Solaris 8 :
131
Willy Tarreau83b30c12008-05-25 10:32:50 +0200132 $ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1
willy tarreau78345332005-12-18 01:33:16 +0100133
Willy Tarreau83b30c12008-05-25 10:32:50 +0200134And I build it this way on OpenBSD or FreeBSD :
willy tarreaud38e72d2006-03-19 20:56:52 +0100135
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200136 $ gmake TARGET=freebsd USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
willy tarreaud38e72d2006-03-19 20:56:52 +0100137
Willy Tarreau663148c2012-12-12 00:38:22 +0100138And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) :
139
Willy Tarreau817dad52014-07-10 20:24:25 +0200140 $ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
Willy Tarreau663148c2012-12-12 00:38:22 +0100141
142And on a recent Linux >= 2.6.28 with SSL and ZLIB support :
Willy Tarreaud4508812012-09-10 09:07:41 +0200143
Willy Tarreau817dad52014-07-10 20:24:25 +0200144 $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
Willy Tarreaud4508812012-09-10 09:07:41 +0200145
William Lallemand82fe75c2012-10-23 10:25:10 +0200146In order to build a 32-bit binary on an x86_64 Linux system with SSL support
147without support for compression but when OpenSSL requires ZLIB anyway :
Willy Tarreauef7341d2009-04-11 19:45:50 +0200148
Willy Tarreaud4508812012-09-10 09:07:41 +0200149 $ make TARGET=linux26 ARCH=i386 USE_OPENSSL=1 ADDLIB=-lz
Willy Tarreauef7341d2009-04-11 19:45:50 +0200150
Willy Tarreaub1efede2014-05-09 00:44:48 +0200151The SSL stack supports session cache synchronization between all running
152processes. This involves some atomic operations and synchronization operations
153which come in multiple flavors depending on the system and architecture :
154
155 Atomic operations :
156 - internal assembler versions for x86/x86_64 architectures
157
158 - gcc builtins for other architectures. Some architectures might not
159 be fully supported or might require a more recent version of gcc.
160 If your architecture is not supported, you willy have to either use
161 pthread if supported, or to disable the shared cache.
162
163 - pthread (posix threads). Pthreads are very common but inter-process
164 support is not that common, and some older operating systems did not
165 report an error when enabling multi-process mode, so they used to
166 silently fail, possibly causing crashes. Linux's implementation is
167 fine. OpenBSD doesn't support them and doesn't build. FreeBSD 9 builds
168 and reports an error at runtime, while certain older versions might
169 silently fail. Pthreads are enabled using USE_PTHREAD_PSHARED=1.
170
171 Synchronization operations :
172 - internal spinlock : this mode is OS-independant, light but will not
173 scale well to many processes. However, accesses to the session cache
174 are rare enough that this mode could certainly always be used. This
175 is the default mode.
176
177 - Futexes, which are Linux-specific highly scalable light weight mutexes
178 implemented in user-space with some limited assistance from the kernel.
179 This is the default on Linux 2.6 and above and is enabled by passing
180 USE_FUTEX=1
181
182 - pthread (posix threads). See above.
183
184If none of these mechanisms is supported by your platform, you may need to
185build with USE_PRIVATE_CACHE=1 to totally disable SSL cache sharing. Then
186it is better not to run SSL on multiple processes.
187
willy tarreau78345332005-12-18 01:33:16 +0100188If you need to pass other defines, includes, libraries, etc... then please
189check the Makefile to see which ones will be available in your case, and
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200190use the USE_* variables in the Makefile.
willy tarreau78345332005-12-18 01:33:16 +0100191
Willy Tarreau97ec9692010-01-28 20:52:05 +0100192AIX 5.3 is known to work with the generic target. However, for the binary to
193also run on 5.2 or earlier, you need to build with DEFINE="-D_MSGQSUPPORT",
Willy Tarreau869f3512014-06-19 15:26:32 +0200194otherwise __fd_select() will be used while not being present in the libc, but
195this is easily addressed using the "aix52" target. If you get build errors
196because of strange symbols or section mismatches, simply remove -g from
197DEBUG_CFLAGS.
Willy Tarreau97ec9692010-01-28 20:52:05 +0100198
Willy Tarreau32e65ef2013-04-02 08:14:29 +0200199You can easily define your own target with the GNU Makefile. Unknown targets
200are processed with no default option except USE_POLL=default. So you can very
201well use that property to define your own set of options. USE_POLL can even be
202disabled by setting USE_POLL="". For example :
203
204 $ gmake TARGET=tiny USE_POLL="" TARGET_CFLAGS=-fomit-frame-pointer
205
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200206
David Carlierb5efa012015-06-01 14:21:47 +02002071.1) DeviceAtlas Device Detection
208---------------------------------
209
210In order to add DeviceAtlas Device Detection support, you would need to download
211the API source code from https://deviceatlas.com/deviceatlas-haproxy-module and
212once extracted :
213
Willy Tarreau82bd42e2015-06-02 14:10:28 +0200214 $ make TARGET=<target> USE_PCRE=1 USE_DEVICEATLAS=1 DEVICEATLAS_SRC=<path to the API root folder>
215
216Optionally DEVICEATLAS_INC and DEVICEATLAS_LIB may be set to override the path
217to the include files and libraries respectively if they're not in the source
218directory.
David Carlierb5efa012015-06-01 14:21:47 +0200219
220These are supported DeviceAtlas directives (see doc/configuration.txt) :
221 - deviceatlas-json-file <path to the DeviceAtlas JSON data file>.
222 - deviceatlas-log-level <number> (0 to 3, level of information returned by
223 the API, 0 by default).
224 - deviceatlas-property-separator <character> (character used to separate the
225 properties produced by the API, | by default).
226
227Sample configuration :
228
229 global
230 deviceatlas-json-file <path to json file>
231
232 ...
233 frontend
234 bind *:8881
235 default_backend servers
236 http-request set-header X-DeviceAtlas-Data %[req.fhdr(User-Agent),da-csv(primaryHardwareType,osName,osVersion,browserName,browserVersion)]
237
238
Thomas Holmesf95aaf62015-05-29 15:21:42 +01002391.2) 51Degrees Device Detection
240-------------------------------
241
242You can also include 51Degrees for inbuilt device detection enabling attributes
243such as screen size (physical & pixels), supported input methods, release date,
244hardware vendor and model, browser information, and device price among many
245others. Such information can be used to improve the user experience of a web
246site by tailoring the page content, layout and business processes to the
247precise characteristics of the device. Such customisations improve profit by
248making it easier for customers to get to the information or services they
249need. Theses attributes of the device making a web request can be added to HTTP
250headers as configurable parameters.
251
Willy Tarreauc7203c72015-06-01 11:12:35 +0200252In order to enable 51Degrees get the 51Degrees source code from the official
253github repository :
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100254
Willy Tarreauc7203c72015-06-01 11:12:35 +0200255 git clone https://github.com/51Degreesmobi/51Degrees-C
256
257then run 'make' with USE_51DEGREES and 51DEGREES_SRC set. Both 51DEGREES_INC
258and 51DEGREES_LIB may additionally be used to force specific different paths
259for .o and .h, but will default to 51DEGREES_SRC. Make sure to replace
260'51D_REPO_PATH' with the path to the 51Degrees repository.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100261
Willy Tarreauc7203c72015-06-01 11:12:35 +020026251Degrees provide 2 different detection algorithms :
263 1. Pattern - balances main memory usage and CPU.
264 2. Trie - a very high performance detection solution which uses more main
265 memory than Pattern.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100266
267To make with 51Degrees Pattern algorithm use the following command line.
268
Willy Tarreauc7203c72015-06-01 11:12:35 +0200269 $ make TARGET=linux26 USE_51DEGREES=1 51DEGREES_SRC='51D_REPO_PATH'/src/pattern
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100270
271To use the 51Degrees Trie algorithm use the following command line.
272
Willy Tarreauc7203c72015-06-01 11:12:35 +0200273 $ make TARGET=linux26 USE_51DEGREES=1 51DEGREES_SRC='51D_REPO_PATH'/src/trie
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100274
275A data file containing information about devices, browsers, operating systems
276and their associated signatures is then needed. 51Degrees provide a free
277database with Github repo for this purpose. These free data files are located
278in '51D_REPO_PATH'/data with the extensions .dat for Pattern data and .trie for
279Trie data.
280
281The configuration file needs to set the following parameters:
282
283 51degrees-data-file path to the pattern or trie data file
284 51degrees-property-name-list list of 51Degrees properties to detect
Dragan Dosen93b38d92015-06-29 16:43:25 +0200285 51degrees-property-separator separator to use between values
Dragan Dosenae6d39a2015-06-29 16:43:27 +0200286 51degrees-cache-size LRU-based cache size (disabled by default)
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100287
288The following is an example of the settings for Pattern.
289
290 51degrees-data-file '51D_REPO_PATH'/data/51Degrees-Lite.dat
291 51degrees-property-name-list IsTablet DeviceType IsMobile
Dragan Dosen93b38d92015-06-29 16:43:25 +0200292 51degrees-property-separator ,
Dragan Dosenae6d39a2015-06-29 16:43:27 +0200293 51degrees-cache-size 10000
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100294
295HAProxy needs a way to pass device information to the backend servers. This is
296done by using the 51d converter, which intercepts the User-Agent header and
297creates some new headers. This is controlled in the frontend http-in section
298
299The following is an example which adds two new HTTP headers prefixed X-51D-
300
301 frontend http-in
302 bind *:8081
303 default_backend servers
304 http-request set-header X-51D-DeviceTypeMobileTablet %[req.fhdr(User-Agent),51d(DeviceType,IsMobile,IsTablet)]
305 http-request set-header X-51D-Tablet %[req.fhdr(User-Agent),51d(IsTablet)]
306
307Here, two headers are created with 51Degrees data, X-51D-DeviceTypeMobileTablet
308and X-51D-Tablet. Any number of headers can be created this way and can be
309named anything. The User-Agent header is passed to the converter in
310req.fhdr(User-Agent). 51d( ) invokes the 51degrees converter. It can be passed
311up to five property names of values to return. Values will be returned in the
Dragan Dosen93b38d92015-06-29 16:43:25 +0200312same order, seperated by the 51-degrees-property-separator configured earlier.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100313If a property name can't be found the value 'NoData' is returned instead.
314
315The free Lite data file contains information about screen size in pixels and
316whether the device is a mobile. A full list of available properties is located
317on the 51Degrees web site at:
318
319 https://51degrees.com/resources/property-dictionary.
320
321Some properties are only available in the paid for Premium and Enterprise
322versions of 51Degrees. These data sets no only contain more properties but
323are updated weekly and daily and contain signatures for 100,000s of different
324device combinations. For more information see the data options comparison web
325page:
326
327 https://51degrees.com/compare-data-options
328
329
Willy Tarreaub1a34b62010-05-09 22:37:12 +02003302) How to install it
331--------------------
332
333To install haproxy, you can either copy the single resulting binary to the
334place you want, or run :
335
336 $ sudo make install
337
338If you're packaging it for another system, you can specify its root directory
339in the usual DESTDIR variable.
340
341
3423) How to set it up
343-------------------
344
345There is some documentation in the doc/ directory :
346
Willy Tarreaud8e42b62015-08-18 21:51:36 +0200347 - intro.txt : this is an introduction to haproxy, it explains what it is
348 what it is not. Useful for beginners or to re-discover it when planning
349 for an upgrade.
350
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200351 - architecture.txt : this is the architecture manual. It is quite old and
352 does not tell about the nice new features, but it's still a good starting
353 point when you know what you want but don't know how to do it.
354
355 - configuration.txt : this is the configuration manual. It recalls a few
356 essential HTTP basic concepts, and details all the configuration file
357 syntax (keywords, units). It also describes the log and stats format. It
358 is normally always up to date. If you see that something is missing from
Willy Tarreau74774c02014-04-23 00:57:08 +0200359 it, please report it as this is a bug. Please note that this file is
360 huge and that it's generally more convenient to review Cyril Bonté's
361 HTML translation online here :
362
363 http://cbonte.github.io/haproxy-dconv/configuration-1.5.html
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200364
365 - haproxy-en.txt / haproxy-fr.txt : these are the old outdated docs. You
366 should never need them. If you do, then please report what you didn't
367 find in the other ones.
368
369 - gpl.txt / lgpl.txt : the copy of the licenses covering the software. See
370 the 'LICENSE' file at the top for more information.
371
372 - the rest is mainly for developers.
373
374There are also a number of nice configuration examples in the "examples"
375directory as well as on several sites and articles on the net which are linked
376to from the haproxy web site.
377
378
3794) How to report a bug
380----------------------
381
382It is possible that from time to time you'll find a bug. A bug is a case where
383what you see is not what is documented. Otherwise it can be a misdesign. If you
384find that something is stupidly design, please discuss it on the list (see the
385"how to contribute" section below). If you feel like you're proceeding right
386and haproxy doesn't obey, then first ask yourself if it is possible that nobody
387before you has even encountered this issue. If it's unlikely, the you probably
388have an issue in your setup. Just in case of doubt, please consult the mailing
389list archives :
390
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200391 http://marc.info/?l=haproxy
392
393Otherwise, please try to gather the maximum amount of information to help
394reproduce the issue and send that to the mailing list :
395
396 haproxy@formilux.org
397
398Please include your configuration and logs. You can mask your IP addresses and
399passwords, we don't need them. But it's essential that you post your config if
400you want people to guess what is happening.
401
402Also, keep in mind that haproxy is designed to NEVER CRASH. If you see it die
403without any reason, then it definitely is a critical bug that must be reported
404and urgently fixed. It has happened a couple of times in the past, essentially
405on development versions running on new architectures. If you think your setup
406is fairly common, then it is possible that the issue is totally unrelated.
407Anyway, if that happens, feel free to contact me directly, as I will give you
408instructions on how to collect a usable core file, and will probably ask for
409other captures that you'll not want to share with the list.
410
411
4125) How to contribute
413--------------------
414
415It is possible that you'll want to add a specific feature to satisfy your needs
416or one of your customers'. Contributions are welcome, however I'm often very
417picky about changes. I will generally reject patches that change massive parts
418of the code, or that touch the core parts without any good reason if those
419changes have not been discussed first.
420
421The proper place to discuss your changes is the HAProxy Mailing List. There are
422enough skilled readers to catch hazardous mistakes and to suggest improvements.
Willy Tarreau9a639a12011-09-10 22:48:36 +0200423I trust a number of them enough to merge a patch if they say it's OK, so using
424the list is the fastest way to get your code reviewed and merged. You can
425subscribe to it by sending an empty e-mail at the following address :
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200426
427 haproxy+subscribe@formilux.org
428
Willy Tarreau9a639a12011-09-10 22:48:36 +0200429If you have an idea about something to implement, *please* discuss it on the
430list first. It has already happened several times that two persons did the same
431thing simultaneously. This is a waste of time for both of them. It's also very
432common to see some changes rejected because they're done in a way that will
433conflict with future evolutions, or that does not leave a good feeling. It's
434always unpleasant for the person who did the work, and it is unpleasant for me
435too because I value people's time and efforts. That would not happen if these
436were discussed first. There is no problem posting work in progress to the list,
437it happens quite often in fact. Also, don't waste your time with the doc when
438submitting patches for review, only add the doc with the patch you consider
439ready to merge.
440
Willy Tarreau2ddccb72013-05-01 10:07:21 +0200441Another important point concerns code portability. Haproxy requires gcc as the
442C compiler, and may or may not work with other compilers. However it's known
443to build using gcc 2.95 or any later version. As such, it is important to keep
444in mind that certain facilities offered by recent versions must not be used in
445the code :
446
447 - declarations mixed in the code (requires gcc >= 3.x)
448 - GCC builtins without checking for their availability based on version and
449 architecture ;
450 - assembly code without any alternate portable form for other platforms
451 - use of stdbool.h, "bool", "false", "true" : simply use "int", "0", "1"
452 - in general, anything which requires C99 (such as declaring variables in
453 "for" statements)
454
455Since most of these restrictions are just a matter of coding style, it is
456normally not a problem to comply.
457
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200458If your work is very confidential and you can't publicly discuss it, you can
459also mail me directly about it, but your mail may be waiting several days in
460the queue before you get a response.
461
462If you'd like a feature to be added but you think you don't have the skills to
463implement it yourself, you should follow these steps :
464
465 1. discuss the feature on the mailing list. It is possible that someone
466 else has already implemented it, or that someone will tell you how to
467 proceed without it, or even why not to do it. It is also possible that
468 in fact it's quite easy to implement and people will guide you through
469 the process. That way you'll finally have YOUR patch merged, providing
470 the feature YOU need.
471
472 2. if you really can't code it yourself after discussing it, then you may
473 consider contacting someone to do the job for you. Some people on the
Willy Tarreau869f3512014-06-19 15:26:32 +0200474 list might sometimes be OK with trying to do it.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200475
476Note to contributors: it's very handy when patches comes with a properly
Willy Tarreau9a639a12011-09-10 22:48:36 +0200477formated subject. There are 3 criteria of particular importance in any patch :
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200478
Willy Tarreau9a639a12011-09-10 22:48:36 +0200479 - its nature (is it a fix for a bug, a new feature, an optimization, ...)
480 - its importance, which generally reflects the risk of merging/not merging it
481 - what area it applies to (eg: http, stats, startup, config, doc, ...)
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200482
Willy Tarreau9a639a12011-09-10 22:48:36 +0200483It's important to make these 3 criteria easy to spot in the patch's subject,
484because it's the first (and sometimes the only) thing which is read when
485reviewing patches to find which ones need to be backported to older versions.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200486
Willy Tarreau9a639a12011-09-10 22:48:36 +0200487Specifically, bugs must be clearly easy to spot so that they're never missed.
488Any patch fixing a bug must have the "BUG" tag in its subject. Most common
489patch types include :
490
491 - BUG fix for a bug. The severity of the bug should also be indicated
492 when known. Similarly, if a backport is needed to older versions,
493 it should be indicated on the last line of the commit message. If
494 the bug has been identified as a regression brought by a specific
495 patch or version, this indication will be appreciated too. New
496 maintenance releases are generally emitted when a few of these
497 patches are merged.
498
499 - CLEANUP code cleanup, silence of warnings, etc... theorically no impact.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200500 These patches will rarely be seen in stable branches, though they
Willy Tarreau9a639a12011-09-10 22:48:36 +0200501 may appear when they remove some annoyance or when they make
502 backporting easier. By nature, a cleanup is always minor.
503
504 - REORG code reorganization. Some blocks may be moved to other places,
505 some important checks might be swapped, etc... These changes
506 always present a risk of regression. For this reason, they should
507 never be mixed with any bug fix nor functional change. Code is
508 only moved as-is. Indicating the risk of breakage is highly
509 recommended.
510
511 - BUILD updates or fixes for build issues. Changes to makefiles also fall
512 into this category. The risk of breakage should be indicated if
513 known. It is also appreciated to indicate what platforms and/or
514 configurations were tested after the change.
515
516 - OPTIM some code was optimised. Sometimes if the regression risk is very
517 low and the gains significant, such patches may be merged in the
518 stable branch. Depending on the amount of code changed or replaced
519 and the level of trust the author has in the change, the risk of
520 regression should be indicated.
521
522 - RELEASE release of a new version (development or stable).
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200523
Willy Tarreau9a639a12011-09-10 22:48:36 +0200524 - LICENSE licensing updates (may impact distro packagers).
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200525
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200526
Willy Tarreau9a639a12011-09-10 22:48:36 +0200527When the patch cannot be categorized, it's best not to put any tag. This is
528commonly the case for new features, which development versions are mostly made
529of.
530
531Additionally, the importance of the patch should be indicated when known. A
532single upper-case word is preferred, among :
533
534 - MINOR minor change, very low risk of impact. It is often the case for
535 code additions that don't touch live code. For a bug, it generally
536 indicates an annoyance, nothing more.
537
538 - MEDIUM medium risk, may cause unexpected regressions of low importance or
539 which may quickly be discovered. For a bug, it generally indicates
540 something odd which requires changing the configuration in an
541 undesired way to work around the issue.
542
543 - MAJOR major risk of hidden regression. This happens when I rearrange
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200544 large parts of code, when I play with timeouts, with variable
545 initializations, etc... We should only exceptionally find such
Willy Tarreau9a639a12011-09-10 22:48:36 +0200546 patches in stable branches. For a bug, it indicates severe
547 reliability issues for which workarounds are identified with or
548 without performance impacts.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200549
Willy Tarreau9a639a12011-09-10 22:48:36 +0200550 - CRITICAL medium-term reliability or security is at risk and workarounds,
551 if they exist, might not always be acceptable. An upgrade is
552 absolutely required. A maintenance release may be emitted even if
553 only one of these bugs are fixed. Note that this tag is only used
554 with bugs. Such patches must indicate what is the first version
555 affected, and if known, the commit ID which introduced the issue.
556
557If this criterion doesn't apply, it's best not to put it. For instance, most
558doc updates and most examples or test files are just added or updated without
559any need to qualify a level of importance.
560
561The area the patch applies to is quite important, because some areas are known
562to be similar in older versions, suggesting a backport might be desirable, and
563conversely, some areas are known to be specific to one version. When the tag is
564used alone, uppercase is preferred for readability, otherwise lowercase is fine
565too. The following tags are suggested but not limitative :
566
567 - doc documentation updates or fixes. No code is affected, no need to
568 upgrade. These patches can also be sent right after a new feature,
569 to document it.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200570
Willy Tarreau9a639a12011-09-10 22:48:36 +0200571 - examples example files. Be careful, sometimes these files are packaged.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200572
Willy Tarreau9a639a12011-09-10 22:48:36 +0200573 - tests regression test files. No code is affected, no need to upgrade.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200574
Willy Tarreau9a639a12011-09-10 22:48:36 +0200575 - init initialization code, arguments parsing, etc...
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200576
Willy Tarreau9a639a12011-09-10 22:48:36 +0200577 - config configuration parser, mostly used when adding new config keywords
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200578
Willy Tarreau9a639a12011-09-10 22:48:36 +0200579 - http the HTTP engine
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200580
Willy Tarreau9a639a12011-09-10 22:48:36 +0200581 - stats the stats reporting engine as well as the stats socket CLI
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200582
Willy Tarreau9a639a12011-09-10 22:48:36 +0200583 - checks the health checks engine (eg: when adding new checks)
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200584
Willy Tarreau9a639a12011-09-10 22:48:36 +0200585 - acl the ACL processing core or some ACLs from other areas
586
587 - peers the peer synchronization engine
588
589 - listeners everything related to incoming connection settings
590
591 - frontend everything related to incoming connection processing
592
593 - backend everything related to LB algorithms and server farm
594
595 - session session processing and flags (very sensible, be careful)
596
597 - server server connection management, queueing
598
599 - proxy proxy maintenance (start/stop)
600
601 - log log management
602
603 - poll any of the pollers
604
605 - halog the halog sub-component in the contrib directory
606
607 - contrib any addition to the contrib directory
608
609Other names may be invented when more precise indications are meaningful, for
610instance : "cookie" which indicates cookie processing in the HTTP core. Last,
611indicating the name of the affected file is also a good way to quickly spot
612changes. Many commits were already tagged with "stream_sock" or "cfgparse" for
613instance.
614
615It is desired that AT LEAST one of the 3 criteria tags is reported in the patch
616subject. Ideally, we would have the 3 most often. The two first criteria should
617be present before a first colon (':'). If both are present, then they should be
618delimited with a slash ('/'). The 3rd criterion (area) should appear next, also
619followed by a colon. Thus, all of the following messages are valid :
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200620
621Examples of messages :
Willy Tarreau9a639a12011-09-10 22:48:36 +0200622 - DOC: document options forwardfor to logasap
623 - DOC/MAJOR: reorganize the whole document and change indenting
624 - BUG: stats: connection reset counters must be plain ascii, not HTML
625 - BUG/MINOR: stats: connection reset counters must be plain ascii, not HTML
626 - MEDIUM: checks: support multi-packet health check responses
627 - RELEASE: Released version 1.4.2
628 - BUILD: stats: stdint is not present on solaris
629 - OPTIM/MINOR: halog: make fgets parse more bytes by blocks
630 - REORG/MEDIUM: move syscall redefinition to specific places
631
632Please do not use square brackets anymore around the tags, because they give me
633more work when merging patches. By default I'm asking Git to keep them but this
634causes trouble when patches are prefixed with the [PATCH] tag because in order
635not to store it, I have to hand-edit the patches. So as of now, I will ask Git
636to remove whatever is located between square brackets, which implies that any
637subject formatted the old way will have its tag stripped out.
638
639In fact, one of the only square bracket tags that still makes sense is '[RFC]'
640at the beginning of the subject, when you're asking for someone to review your
641change before getting it merged. If the patch is OK to be merged, then I can
642merge it as-is and the '[RFC]' tag will automatically be removed. If you don't
643want it to be merged at all, you can simply state it in the message, or use an
644alternate '[WIP]' tag ("work in progress").
645
646The tags are not rigid, follow your intuition first, anyway I reserve the right
647to change them when merging the patch. It may happen that a same patch has a
648different tag in two distinct branches. The reason is that a bug in one branch
649may just be a cleanup in the other one because the code cannot be triggered.
650
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200651
652For a more efficient interaction between the mainline code and your code, I can
653only strongly encourage you to try the Git version control system :
654
655 http://git-scm.com/
656
657It's very fast, lightweight and lets you undo/redo your work as often as you
658want, without making your mistakes visible to the rest of the world. It will
659definitely help you contribute quality code and take other people's feedback
660in consideration. In order to clone the HAProxy Git repository :
661
Willy Tarreau869f3512014-06-19 15:26:32 +0200662 $ git clone http://git.haproxy.org/git/haproxy-1.5.git (stable 1.5)
Willy Tarreau6346f0a2014-05-10 11:04:39 +0200663 $ git clone http://git.haproxy.org/git/haproxy.git/ (development)
Willy Tarreau663148c2012-12-12 00:38:22 +0100664
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200665If you decide to use Git for your developments, then your commit messages will
666have the subject line in the format described above, then the whole description
667of your work (mainly why you did it) will be in the body. You can directly send
668your commits to the mailing list, the format is convenient to read and process.
669
willy tarreau78345332005-12-18 01:33:16 +0100670-- end