Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 1 | ---------------------- |
| 2 | HAProxy |
| 3 | Configuration Manual |
| 4 | ---------------------- |
Willy Tarreau | 21475e3 | 2010-05-23 08:46:08 +0200 | [diff] [blame] | 5 | version 1.5 |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 6 | willy tarreau |
Willy Tarreau | 37242fa | 2010-08-28 19:21:00 +0200 | [diff] [blame] | 7 | 2010/08/28 |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 8 | |
| 9 | |
| 10 | This document covers the configuration language as implemented in the version |
| 11 | specified above. It does not provide any hint, example or advice. For such |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 12 | documentation, please refer to the Reference Manual or the Architecture Manual. |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 13 | The summary below is meant to help you search sections by name and navigate |
| 14 | through the document. |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 15 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 16 | Note to documentation contributors : |
| 17 | This document is formated with 80 columns per line, with even number of |
| 18 | spaces for indentation and without tabs. Please follow these rules strictly |
| 19 | so that it remains easily printable everywhere. If a line needs to be |
| 20 | printed verbatim and does not fit, please end each line with a backslash |
Willy Tarreau | 62a36c4 | 2010-08-17 15:53:10 +0200 | [diff] [blame] | 21 | ('\') and continue on next line, indented by two characters. It is also |
| 22 | sometimes useful to prefix all output lines (logs, console outs) with 3 |
| 23 | closing angle brackets ('>>>') in order to help get the difference between |
| 24 | inputs and outputs when it can become ambiguous. If you add sections, |
| 25 | please update the summary below for easier searching. |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 26 | |
| 27 | |
| 28 | Summary |
| 29 | ------- |
| 30 | |
| 31 | 1. Quick reminder about HTTP |
| 32 | 1.1. The HTTP transaction model |
| 33 | 1.2. HTTP request |
| 34 | 1.2.1. The Request line |
| 35 | 1.2.2. The request headers |
| 36 | 1.3. HTTP response |
| 37 | 1.3.1. The Response line |
| 38 | 1.3.2. The response headers |
| 39 | |
| 40 | 2. Configuring HAProxy |
| 41 | 2.1. Configuration file format |
| 42 | 2.2. Time format |
Patrick Mezard | 35da19c | 2010-06-12 17:02:47 +0200 | [diff] [blame] | 43 | 2.3. Examples |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 44 | |
| 45 | 3. Global parameters |
| 46 | 3.1. Process management and security |
| 47 | 3.2. Performance tuning |
| 48 | 3.3. Debugging |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 49 | 3.4. Userlists |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 50 | |
| 51 | 4. Proxies |
| 52 | 4.1. Proxy keywords matrix |
| 53 | 4.2. Alphabetically sorted keywords reference |
| 54 | |
Krzysztof Piotr Oledzki | c6df066 | 2010-01-05 16:38:49 +0100 | [diff] [blame] | 55 | 5. Server and default-server options |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 56 | |
| 57 | 6. HTTP header manipulation |
| 58 | |
Cyril Bonté | 7d38afb | 2010-02-03 20:41:26 +0100 | [diff] [blame] | 59 | 7. Using ACLs and pattern extraction |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 60 | 7.1. Matching integers |
| 61 | 7.2. Matching strings |
| 62 | 7.3. Matching regular expressions (regexes) |
| 63 | 7.4. Matching IPv4 addresses |
| 64 | 7.5. Available matching criteria |
| 65 | 7.5.1. Matching at Layer 4 and below |
| 66 | 7.5.2. Matching contents at Layer 4 |
| 67 | 7.5.3. Matching at Layer 7 |
| 68 | 7.6. Pre-defined ACLs |
| 69 | 7.7. Using ACLs to form conditions |
Cyril Bonté | 7d38afb | 2010-02-03 20:41:26 +0100 | [diff] [blame] | 70 | 7.8. Pattern extraction |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 71 | |
| 72 | 8. Logging |
| 73 | 8.1. Log levels |
| 74 | 8.2. Log formats |
| 75 | 8.2.1. Default log format |
| 76 | 8.2.2. TCP log format |
| 77 | 8.2.3. HTTP log format |
| 78 | 8.3. Advanced logging options |
| 79 | 8.3.1. Disabling logging of external tests |
| 80 | 8.3.2. Logging before waiting for the session to terminate |
| 81 | 8.3.3. Raising log level upon errors |
| 82 | 8.3.4. Disabling logging of successful connections |
| 83 | 8.4. Timing events |
| 84 | 8.5. Session state at disconnection |
| 85 | 8.6. Non-printable characters |
| 86 | 8.7. Capturing HTTP cookies |
| 87 | 8.8. Capturing HTTP headers |
| 88 | 8.9. Examples of logs |
| 89 | |
| 90 | 9. Statistics and monitoring |
| 91 | 9.1. CSV format |
| 92 | 9.2. Unix Socket commands |
| 93 | |
| 94 | |
| 95 | 1. Quick reminder about HTTP |
| 96 | ---------------------------- |
| 97 | |
| 98 | When haproxy is running in HTTP mode, both the request and the response are |
| 99 | fully analyzed and indexed, thus it becomes possible to build matching criteria |
| 100 | on almost anything found in the contents. |
| 101 | |
| 102 | However, it is important to understand how HTTP requests and responses are |
| 103 | formed, and how HAProxy decomposes them. It will then become easier to write |
| 104 | correct rules and to debug existing configurations. |
| 105 | |
| 106 | |
| 107 | 1.1. The HTTP transaction model |
| 108 | ------------------------------- |
| 109 | |
| 110 | The HTTP protocol is transaction-driven. This means that each request will lead |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 111 | to one and only one response. Traditionally, a TCP connection is established |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 112 | from the client to the server, a request is sent by the client on the |
| 113 | connection, the server responds and the connection is closed. A new request |
| 114 | will involve a new connection : |
| 115 | |
| 116 | [CON1] [REQ1] ... [RESP1] [CLO1] [CON2] [REQ2] ... [RESP2] [CLO2] ... |
| 117 | |
| 118 | In this mode, called the "HTTP close" mode, there are as many connection |
| 119 | establishments as there are HTTP transactions. Since the connection is closed |
| 120 | by the server after the response, the client does not need to know the content |
| 121 | length. |
| 122 | |
| 123 | Due to the transactional nature of the protocol, it was possible to improve it |
| 124 | to avoid closing a connection between two subsequent transactions. In this mode |
| 125 | however, it is mandatory that the server indicates the content length for each |
| 126 | response so that the client does not wait indefinitely. For this, a special |
| 127 | header is used: "Content-length". This mode is called the "keep-alive" mode : |
| 128 | |
| 129 | [CON] [REQ1] ... [RESP1] [REQ2] ... [RESP2] [CLO] ... |
| 130 | |
| 131 | Its advantages are a reduced latency between transactions, and less processing |
| 132 | power required on the server side. It is generally better than the close mode, |
| 133 | but not always because the clients often limit their concurrent connections to |
Patrick Mezard | 9ec2ec4 | 2010-06-12 17:02:45 +0200 | [diff] [blame] | 134 | a smaller value. |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 135 | |
| 136 | A last improvement in the communications is the pipelining mode. It still uses |
| 137 | keep-alive, but the client does not wait for the first response to send the |
| 138 | second request. This is useful for fetching large number of images composing a |
| 139 | page : |
| 140 | |
| 141 | [CON] [REQ1] [REQ2] ... [RESP1] [RESP2] [CLO] ... |
| 142 | |
| 143 | This can obviously have a tremendous benefit on performance because the network |
| 144 | latency is eliminated between subsequent requests. Many HTTP agents do not |
| 145 | correctly support pipelining since there is no way to associate a response with |
| 146 | the corresponding request in HTTP. For this reason, it is mandatory for the |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 147 | server to reply in the exact same order as the requests were received. |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 148 | |
Patrick Mezard | 9ec2ec4 | 2010-06-12 17:02:45 +0200 | [diff] [blame] | 149 | By default HAProxy operates in a tunnel-like mode with regards to persistent |
| 150 | connections: for each connection it processes the first request and forwards |
| 151 | everything else (including additional requests) to selected server. Once |
| 152 | established, the connection is persisted both on the client and server |
| 153 | sides. Use "option http-server-close" to preserve client persistent connections |
| 154 | while handling every incoming request individually, dispatching them one after |
| 155 | another to servers, in HTTP close mode. Use "option httpclose" to switch both |
| 156 | sides to HTTP close mode. "option forceclose" and "option |
| 157 | http-pretend-keepalive" help working around servers misbehaving in HTTP close |
| 158 | mode. |
| 159 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 160 | |
| 161 | 1.2. HTTP request |
| 162 | ----------------- |
| 163 | |
| 164 | First, let's consider this HTTP request : |
| 165 | |
| 166 | Line Contents |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 167 | number |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 168 | 1 GET /serv/login.php?lang=en&profile=2 HTTP/1.1 |
| 169 | 2 Host: www.mydomain.com |
| 170 | 3 User-agent: my small browser |
| 171 | 4 Accept: image/jpeg, image/gif |
| 172 | 5 Accept: image/png |
| 173 | |
| 174 | |
| 175 | 1.2.1. The Request line |
| 176 | ----------------------- |
| 177 | |
| 178 | Line 1 is the "request line". It is always composed of 3 fields : |
| 179 | |
| 180 | - a METHOD : GET |
| 181 | - a URI : /serv/login.php?lang=en&profile=2 |
| 182 | - a version tag : HTTP/1.1 |
| 183 | |
| 184 | All of them are delimited by what the standard calls LWS (linear white spaces), |
| 185 | which are commonly spaces, but can also be tabs or line feeds/carriage returns |
| 186 | followed by spaces/tabs. The method itself cannot contain any colon (':') and |
| 187 | is limited to alphabetic letters. All those various combinations make it |
| 188 | desirable that HAProxy performs the splitting itself rather than leaving it to |
| 189 | the user to write a complex or inaccurate regular expression. |
| 190 | |
| 191 | The URI itself can have several forms : |
| 192 | |
| 193 | - A "relative URI" : |
| 194 | |
| 195 | /serv/login.php?lang=en&profile=2 |
| 196 | |
| 197 | It is a complete URL without the host part. This is generally what is |
| 198 | received by servers, reverse proxies and transparent proxies. |
| 199 | |
| 200 | - An "absolute URI", also called a "URL" : |
| 201 | |
| 202 | http://192.168.0.12:8080/serv/login.php?lang=en&profile=2 |
| 203 | |
| 204 | It is composed of a "scheme" (the protocol name followed by '://'), a host |
| 205 | name or address, optionally a colon (':') followed by a port number, then |
| 206 | a relative URI beginning at the first slash ('/') after the address part. |
| 207 | This is generally what proxies receive, but a server supporting HTTP/1.1 |
| 208 | must accept this form too. |
| 209 | |
| 210 | - a star ('*') : this form is only accepted in association with the OPTIONS |
| 211 | method and is not relayable. It is used to inquiry a next hop's |
| 212 | capabilities. |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 213 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 214 | - an address:port combination : 192.168.0.12:80 |
| 215 | This is used with the CONNECT method, which is used to establish TCP |
| 216 | tunnels through HTTP proxies, generally for HTTPS, but sometimes for |
| 217 | other protocols too. |
| 218 | |
| 219 | In a relative URI, two sub-parts are identified. The part before the question |
| 220 | mark is called the "path". It is typically the relative path to static objects |
| 221 | on the server. The part after the question mark is called the "query string". |
| 222 | It is mostly used with GET requests sent to dynamic scripts and is very |
| 223 | specific to the language, framework or application in use. |
| 224 | |
| 225 | |
| 226 | 1.2.2. The request headers |
| 227 | -------------------------- |
| 228 | |
| 229 | The headers start at the second line. They are composed of a name at the |
| 230 | beginning of the line, immediately followed by a colon (':'). Traditionally, |
| 231 | an LWS is added after the colon but that's not required. Then come the values. |
| 232 | Multiple identical headers may be folded into one single line, delimiting the |
| 233 | values with commas, provided that their order is respected. This is commonly |
| 234 | encountered in the "Cookie:" field. A header may span over multiple lines if |
| 235 | the subsequent lines begin with an LWS. In the example in 1.2, lines 4 and 5 |
| 236 | define a total of 3 values for the "Accept:" header. |
| 237 | |
| 238 | Contrary to a common mis-conception, header names are not case-sensitive, and |
| 239 | their values are not either if they refer to other header names (such as the |
| 240 | "Connection:" header). |
| 241 | |
| 242 | The end of the headers is indicated by the first empty line. People often say |
| 243 | that it's a double line feed, which is not exact, even if a double line feed |
| 244 | is one valid form of empty line. |
| 245 | |
| 246 | Fortunately, HAProxy takes care of all these complex combinations when indexing |
| 247 | headers, checking values and counting them, so there is no reason to worry |
| 248 | about the way they could be written, but it is important not to accuse an |
| 249 | application of being buggy if it does unusual, valid things. |
| 250 | |
| 251 | Important note: |
| 252 | As suggested by RFC2616, HAProxy normalizes headers by replacing line breaks |
| 253 | in the middle of headers by LWS in order to join multi-line headers. This |
| 254 | is necessary for proper analysis and helps less capable HTTP parsers to work |
| 255 | correctly and not to be fooled by such complex constructs. |
| 256 | |
| 257 | |
| 258 | 1.3. HTTP response |
| 259 | ------------------ |
| 260 | |
| 261 | An HTTP response looks very much like an HTTP request. Both are called HTTP |
| 262 | messages. Let's consider this HTTP response : |
| 263 | |
| 264 | Line Contents |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 265 | number |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 266 | 1 HTTP/1.1 200 OK |
| 267 | 2 Content-length: 350 |
| 268 | 3 Content-Type: text/html |
| 269 | |
Willy Tarreau | 816b979 | 2009-09-15 21:25:21 +0200 | [diff] [blame] | 270 | As a special case, HTTP supports so called "Informational responses" as status |
| 271 | codes 1xx. These messages are special in that they don't convey any part of the |
| 272 | response, they're just used as sort of a signaling message to ask a client to |
Willy Tarreau | 5843d1a | 2010-02-01 15:13:32 +0100 | [diff] [blame] | 273 | continue to post its request for instance. In the case of a status 100 response |
| 274 | the requested information will be carried by the next non-100 response message |
| 275 | following the informational one. This implies that multiple responses may be |
| 276 | sent to a single request, and that this only works when keep-alive is enabled |
| 277 | (1xx messages are HTTP/1.1 only). HAProxy handles these messages and is able to |
| 278 | correctly forward and skip them, and only process the next non-100 response. As |
| 279 | such, these messages are neither logged nor transformed, unless explicitly |
| 280 | state otherwise. Status 101 messages indicate that the protocol is changing |
| 281 | over the same connection and that haproxy must switch to tunnel mode, just as |
| 282 | if a CONNECT had occurred. Then the Upgrade header would contain additional |
| 283 | information about the type of protocol the connection is switching to. |
Willy Tarreau | 816b979 | 2009-09-15 21:25:21 +0200 | [diff] [blame] | 284 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 285 | |
| 286 | 1.3.1. The Response line |
| 287 | ------------------------ |
| 288 | |
| 289 | Line 1 is the "response line". It is always composed of 3 fields : |
| 290 | |
| 291 | - a version tag : HTTP/1.1 |
| 292 | - a status code : 200 |
| 293 | - a reason : OK |
| 294 | |
| 295 | The status code is always 3-digit. The first digit indicates a general status : |
Willy Tarreau | 816b979 | 2009-09-15 21:25:21 +0200 | [diff] [blame] | 296 | - 1xx = informational message to be skipped (eg: 100, 101) |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 297 | - 2xx = OK, content is following (eg: 200, 206) |
| 298 | - 3xx = OK, no content following (eg: 302, 304) |
| 299 | - 4xx = error caused by the client (eg: 401, 403, 404) |
| 300 | - 5xx = error caused by the server (eg: 500, 502, 503) |
| 301 | |
| 302 | Please refer to RFC2616 for the detailed meaning of all such codes. The |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 303 | "reason" field is just a hint, but is not parsed by clients. Anything can be |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 304 | found there, but it's a common practice to respect the well-established |
| 305 | messages. It can be composed of one or multiple words, such as "OK", "Found", |
| 306 | or "Authentication Required". |
| 307 | |
| 308 | Haproxy may emit the following status codes by itself : |
| 309 | |
| 310 | Code When / reason |
| 311 | 200 access to stats page, and when replying to monitoring requests |
| 312 | 301 when performing a redirection, depending on the configured code |
| 313 | 302 when performing a redirection, depending on the configured code |
| 314 | 303 when performing a redirection, depending on the configured code |
| 315 | 400 for an invalid or too large request |
| 316 | 401 when an authentication is required to perform the action (when |
| 317 | accessing the stats page) |
| 318 | 403 when a request is forbidden by a "block" ACL or "reqdeny" filter |
| 319 | 408 when the request timeout strikes before the request is complete |
| 320 | 500 when haproxy encounters an unrecoverable internal error, such as a |
| 321 | memory allocation failure, which should never happen |
| 322 | 502 when the server returns an empty, invalid or incomplete response, or |
| 323 | when an "rspdeny" filter blocks the response. |
| 324 | 503 when no server was available to handle the request, or in response to |
| 325 | monitoring requests which match the "monitor fail" condition |
| 326 | 504 when the response timeout strikes before the server responds |
| 327 | |
| 328 | The error 4xx and 5xx codes above may be customized (see "errorloc" in section |
| 329 | 4.2). |
| 330 | |
| 331 | |
| 332 | 1.3.2. The response headers |
| 333 | --------------------------- |
| 334 | |
| 335 | Response headers work exactly like request headers, and as such, HAProxy uses |
| 336 | the same parsing function for both. Please refer to paragraph 1.2.2 for more |
| 337 | details. |
| 338 | |
| 339 | |
| 340 | 2. Configuring HAProxy |
| 341 | ---------------------- |
| 342 | |
| 343 | 2.1. Configuration file format |
| 344 | ------------------------------ |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 345 | |
| 346 | HAProxy's configuration process involves 3 major sources of parameters : |
| 347 | |
| 348 | - the arguments from the command-line, which always take precedence |
| 349 | - the "global" section, which sets process-wide parameters |
| 350 | - the proxies sections which can take form of "defaults", "listen", |
| 351 | "frontend" and "backend". |
| 352 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 353 | The configuration file syntax consists in lines beginning with a keyword |
| 354 | referenced in this manual, optionally followed by one or several parameters |
| 355 | delimited by spaces. If spaces have to be entered in strings, then they must be |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 356 | preceded by a backslash ('\') to be escaped. Backslashes also have to be |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 357 | escaped by doubling them. |
| 358 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 359 | |
| 360 | 2.2. Time format |
| 361 | ---------------- |
| 362 | |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 363 | Some parameters involve values representing time, such as timeouts. These |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 364 | values are generally expressed in milliseconds (unless explicitly stated |
| 365 | otherwise) but may be expressed in any other unit by suffixing the unit to the |
| 366 | numeric value. It is important to consider this because it will not be repeated |
| 367 | for every keyword. Supported units are : |
| 368 | |
| 369 | - us : microseconds. 1 microsecond = 1/1000000 second |
| 370 | - ms : milliseconds. 1 millisecond = 1/1000 second. This is the default. |
| 371 | - s : seconds. 1s = 1000ms |
| 372 | - m : minutes. 1m = 60s = 60000ms |
| 373 | - h : hours. 1h = 60m = 3600s = 3600000ms |
| 374 | - d : days. 1d = 24h = 1440m = 86400s = 86400000ms |
| 375 | |
| 376 | |
Patrick Mezard | 35da19c | 2010-06-12 17:02:47 +0200 | [diff] [blame] | 377 | 2.3. Examples |
| 378 | ------------- |
| 379 | |
| 380 | # Simple configuration for an HTTP proxy listening on port 80 on all |
| 381 | # interfaces and forwarding requests to a single backend "servers" with a |
| 382 | # single server "server1" listening on 127.0.0.1:8000 |
| 383 | global |
| 384 | daemon |
| 385 | maxconn 256 |
| 386 | |
| 387 | defaults |
| 388 | mode http |
| 389 | timeout connect 5000ms |
| 390 | timeout client 50000ms |
| 391 | timeout server 50000ms |
| 392 | |
| 393 | frontend http-in |
| 394 | bind *:80 |
| 395 | default_backend servers |
| 396 | |
| 397 | backend servers |
| 398 | server server1 127.0.0.1:8000 maxconn 32 |
| 399 | |
| 400 | |
| 401 | # The same configuration defined with a single listen block. Shorter but |
| 402 | # less expressive, especially in HTTP mode. |
| 403 | global |
| 404 | daemon |
| 405 | maxconn 256 |
| 406 | |
| 407 | defaults |
| 408 | mode http |
| 409 | timeout connect 5000ms |
| 410 | timeout client 50000ms |
| 411 | timeout server 50000ms |
| 412 | |
| 413 | listen http-in |
| 414 | bind *:80 |
| 415 | server server1 127.0.0.1:8000 maxconn 32 |
| 416 | |
| 417 | |
| 418 | Assuming haproxy is in $PATH, test these configurations in a shell with: |
| 419 | |
| 420 | $ sudo haproxy -f configuration.conf -d |
| 421 | |
| 422 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 423 | 3. Global parameters |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 424 | -------------------- |
| 425 | |
| 426 | Parameters in the "global" section are process-wide and often OS-specific. They |
| 427 | are generally set once for all and do not need being changed once correct. Some |
| 428 | of them have command-line equivalents. |
| 429 | |
| 430 | The following keywords are supported in the "global" section : |
| 431 | |
| 432 | * Process management and security |
| 433 | - chroot |
| 434 | - daemon |
| 435 | - gid |
| 436 | - group |
| 437 | - log |
| 438 | - nbproc |
| 439 | - pidfile |
| 440 | - uid |
| 441 | - ulimit-n |
| 442 | - user |
Willy Tarreau | fbee713 | 2007-10-18 13:53:22 +0200 | [diff] [blame] | 443 | - stats |
Krzysztof Piotr Oledzki | 48cb2ae | 2009-10-02 22:51:14 +0200 | [diff] [blame] | 444 | - node |
| 445 | - description |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 446 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 447 | * Performance tuning |
| 448 | - maxconn |
Willy Tarreau | ff4f82d | 2009-02-06 11:28:13 +0100 | [diff] [blame] | 449 | - maxpipes |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 450 | - noepoll |
| 451 | - nokqueue |
| 452 | - nopoll |
| 453 | - nosepoll |
Willy Tarreau | ff4f82d | 2009-02-06 11:28:13 +0100 | [diff] [blame] | 454 | - nosplice |
Willy Tarreau | fe255b7 | 2007-10-14 23:09:26 +0200 | [diff] [blame] | 455 | - spread-checks |
Willy Tarreau | 27a674e | 2009-08-17 07:23:33 +0200 | [diff] [blame] | 456 | - tune.bufsize |
Willy Tarreau | 43961d5 | 2010-10-04 20:39:20 +0200 | [diff] [blame] | 457 | - tune.chksize |
Willy Tarreau | a0250ba | 2008-01-06 11:22:57 +0100 | [diff] [blame] | 458 | - tune.maxaccept |
| 459 | - tune.maxpollevents |
Willy Tarreau | 27a674e | 2009-08-17 07:23:33 +0200 | [diff] [blame] | 460 | - tune.maxrewrite |
Willy Tarreau | e803de2 | 2010-01-21 17:43:04 +0100 | [diff] [blame] | 461 | - tune.rcvbuf.client |
| 462 | - tune.rcvbuf.server |
| 463 | - tune.sndbuf.client |
| 464 | - tune.sndbuf.server |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 465 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 466 | * Debugging |
| 467 | - debug |
| 468 | - quiet |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 469 | |
| 470 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 471 | 3.1. Process management and security |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 472 | ------------------------------------ |
| 473 | |
| 474 | chroot <jail dir> |
| 475 | Changes current directory to <jail dir> and performs a chroot() there before |
| 476 | dropping privileges. This increases the security level in case an unknown |
| 477 | vulnerability would be exploited, since it would make it very hard for the |
| 478 | attacker to exploit the system. This only works when the process is started |
| 479 | with superuser privileges. It is important to ensure that <jail_dir> is both |
| 480 | empty and unwritable to anyone. |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 481 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 482 | daemon |
| 483 | Makes the process fork into background. This is the recommended mode of |
| 484 | operation. It is equivalent to the command line "-D" argument. It can be |
| 485 | disabled by the command line "-db" argument. |
| 486 | |
| 487 | gid <number> |
| 488 | Changes the process' group ID to <number>. It is recommended that the group |
| 489 | ID is dedicated to HAProxy or to a small set of similar daemons. HAProxy must |
| 490 | be started with a user belonging to this group, or with superuser privileges. |
| 491 | See also "group" and "uid". |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 492 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 493 | group <group name> |
| 494 | Similar to "gid" but uses the GID of group name <group name> from /etc/group. |
| 495 | See also "gid" and "user". |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 496 | |
Willy Tarreau | f7edefa | 2009-05-10 17:20:05 +0200 | [diff] [blame] | 497 | log <address> <facility> [max level [min level]] |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 498 | Adds a global syslog server. Up to two global servers can be defined. They |
| 499 | will receive logs for startups and exits, as well as all logs from proxies |
Robert Tsai | 81ae195 | 2007-12-05 10:47:29 +0100 | [diff] [blame] | 500 | configured with "log global". |
| 501 | |
| 502 | <address> can be one of: |
| 503 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 504 | - An IPv4 address optionally followed by a colon and a UDP port. If |
Robert Tsai | 81ae195 | 2007-12-05 10:47:29 +0100 | [diff] [blame] | 505 | no port is specified, 514 is used by default (the standard syslog |
| 506 | port). |
| 507 | |
| 508 | - A filesystem path to a UNIX domain socket, keeping in mind |
| 509 | considerations for chroot (be sure the path is accessible inside |
| 510 | the chroot) and uid/gid (be sure the path is appropriately |
| 511 | writeable). |
| 512 | |
| 513 | <facility> must be one of the 24 standard syslog facilities : |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 514 | |
| 515 | kern user mail daemon auth syslog lpr news |
| 516 | uucp cron auth2 ftp ntp audit alert cron2 |
| 517 | local0 local1 local2 local3 local4 local5 local6 local7 |
| 518 | |
| 519 | An optional level can be specified to filter outgoing messages. By default, |
Willy Tarreau | f7edefa | 2009-05-10 17:20:05 +0200 | [diff] [blame] | 520 | all messages are sent. If a maximum level is specified, only messages with a |
| 521 | severity at least as important as this level will be sent. An optional minimum |
| 522 | level can be specified. If it is set, logs emitted with a more severe level |
| 523 | than this one will be capped to this level. This is used to avoid sending |
| 524 | "emerg" messages on all terminals on some default syslog configurations. |
| 525 | Eight levels are known : |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 526 | |
| 527 | emerg alert crit err warning notice info debug |
| 528 | |
| 529 | nbproc <number> |
| 530 | Creates <number> processes when going daemon. This requires the "daemon" |
| 531 | mode. By default, only one process is created, which is the recommended mode |
| 532 | of operation. For systems limited to small sets of file descriptors per |
| 533 | process, it may be needed to fork multiple daemons. USING MULTIPLE PROCESSES |
| 534 | IS HARDER TO DEBUG AND IS REALLY DISCOURAGED. See also "daemon". |
| 535 | |
| 536 | pidfile <pidfile> |
| 537 | Writes pids of all daemons into file <pidfile>. This option is equivalent to |
| 538 | the "-p" command line argument. The file must be accessible to the user |
| 539 | starting the process. See also "daemon". |
| 540 | |
Willy Tarreau | fbee713 | 2007-10-18 13:53:22 +0200 | [diff] [blame] | 541 | stats socket <path> [{uid | user} <uid>] [{gid | group} <gid>] [mode <mode>] |
Willy Tarreau | 6162db2 | 2009-10-10 17:13:00 +0200 | [diff] [blame] | 542 | [level <level>] |
| 543 | |
Willy Tarreau | fbee713 | 2007-10-18 13:53:22 +0200 | [diff] [blame] | 544 | Creates a UNIX socket in stream mode at location <path>. Any previously |
| 545 | existing socket will be backed up then replaced. Connections to this socket |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 546 | will return various statistics outputs and even allow some commands to be |
Willy Tarreau | 6162db2 | 2009-10-10 17:13:00 +0200 | [diff] [blame] | 547 | issued. Please consult section 9.2 "Unix Socket commands" for more details. |
| 548 | |
| 549 | An optional "level" parameter can be specified to restrict the nature of |
| 550 | the commands that can be issued on the socket : |
| 551 | - "user" is the least privileged level ; only non-sensitive stats can be |
| 552 | read, and no change is allowed. It would make sense on systems where it |
| 553 | is not easy to restrict access to the socket. |
| 554 | |
| 555 | - "operator" is the default level and fits most common uses. All data can |
| 556 | be read, and only non-sensible changes are permitted (eg: clear max |
| 557 | counters). |
| 558 | |
| 559 | - "admin" should be used with care, as everything is permitted (eg: clear |
| 560 | all counters). |
Willy Tarreau | a8efd36 | 2008-01-03 10:19:15 +0100 | [diff] [blame] | 561 | |
| 562 | On platforms which support it, it is possible to restrict access to this |
| 563 | socket by specifying numerical IDs after "uid" and "gid", or valid user and |
| 564 | group names after the "user" and "group" keywords. It is also possible to |
| 565 | restrict permissions on the socket by passing an octal value after the "mode" |
| 566 | keyword (same syntax as chmod). Depending on the platform, the permissions on |
| 567 | the socket will be inherited from the directory which hosts it, or from the |
| 568 | user the process is started with. |
Willy Tarreau | fbee713 | 2007-10-18 13:53:22 +0200 | [diff] [blame] | 569 | |
| 570 | stats timeout <timeout, in milliseconds> |
| 571 | The default timeout on the stats socket is set to 10 seconds. It is possible |
| 572 | to change this value with "stats timeout". The value must be passed in |
Willy Tarreau | befdff1 | 2007-12-02 22:27:38 +0100 | [diff] [blame] | 573 | milliseconds, or be suffixed by a time unit among { us, ms, s, m, h, d }. |
Willy Tarreau | fbee713 | 2007-10-18 13:53:22 +0200 | [diff] [blame] | 574 | |
| 575 | stats maxconn <connections> |
| 576 | By default, the stats socket is limited to 10 concurrent connections. It is |
| 577 | possible to change this value with "stats maxconn". |
| 578 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 579 | uid <number> |
| 580 | Changes the process' user ID to <number>. It is recommended that the user ID |
| 581 | is dedicated to HAProxy or to a small set of similar daemons. HAProxy must |
| 582 | be started with superuser privileges in order to be able to switch to another |
| 583 | one. See also "gid" and "user". |
| 584 | |
| 585 | ulimit-n <number> |
| 586 | Sets the maximum number of per-process file-descriptors to <number>. By |
| 587 | default, it is automatically computed, so it is recommended not to use this |
| 588 | option. |
| 589 | |
| 590 | user <user name> |
| 591 | Similar to "uid" but uses the UID of user name <user name> from /etc/passwd. |
| 592 | See also "uid" and "group". |
| 593 | |
Krzysztof Piotr Oledzki | 48cb2ae | 2009-10-02 22:51:14 +0200 | [diff] [blame] | 594 | node <name> |
| 595 | Only letters, digits, hyphen and underscore are allowed, like in DNS names. |
| 596 | |
| 597 | This statement is useful in HA configurations where two or more processes or |
| 598 | servers share the same IP address. By setting a different node-name on all |
| 599 | nodes, it becomes easy to immediately spot what server is handling the |
| 600 | traffic. |
| 601 | |
| 602 | description <text> |
| 603 | Add a text that describes the instance. |
| 604 | |
| 605 | Please note that it is required to escape certain characters (# for example) |
| 606 | and this text is inserted into a html page so you should avoid using |
| 607 | "<" and ">" characters. |
| 608 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 609 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 610 | 3.2. Performance tuning |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 611 | ----------------------- |
| 612 | |
| 613 | maxconn <number> |
| 614 | Sets the maximum per-process number of concurrent connections to <number>. It |
| 615 | is equivalent to the command-line argument "-n". Proxies will stop accepting |
| 616 | connections when this limit is reached. The "ulimit-n" parameter is |
| 617 | automatically adjusted according to this value. See also "ulimit-n". |
| 618 | |
Willy Tarreau | ff4f82d | 2009-02-06 11:28:13 +0100 | [diff] [blame] | 619 | maxpipes <number> |
| 620 | Sets the maximum per-process number of pipes to <number>. Currently, pipes |
| 621 | are only used by kernel-based tcp splicing. Since a pipe contains two file |
| 622 | descriptors, the "ulimit-n" value will be increased accordingly. The default |
| 623 | value is maxconn/4, which seems to be more than enough for most heavy usages. |
| 624 | The splice code dynamically allocates and releases pipes, and can fall back |
| 625 | to standard copy, so setting this value too low may only impact performance. |
| 626 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 627 | noepoll |
| 628 | Disables the use of the "epoll" event polling system on Linux. It is |
| 629 | equivalent to the command-line argument "-de". The next polling system |
| 630 | used will generally be "poll". See also "nosepoll", and "nopoll". |
| 631 | |
| 632 | nokqueue |
| 633 | Disables the use of the "kqueue" event polling system on BSD. It is |
| 634 | equivalent to the command-line argument "-dk". The next polling system |
| 635 | used will generally be "poll". See also "nopoll". |
| 636 | |
| 637 | nopoll |
| 638 | Disables the use of the "poll" event polling system. It is equivalent to the |
| 639 | command-line argument "-dp". The next polling system used will be "select". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 640 | It should never be needed to disable "poll" since it's available on all |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 641 | platforms supported by HAProxy. See also "nosepoll", and "nopoll" and |
| 642 | "nokqueue". |
| 643 | |
| 644 | nosepoll |
| 645 | Disables the use of the "speculative epoll" event polling system on Linux. It |
| 646 | is equivalent to the command-line argument "-ds". The next polling system |
| 647 | used will generally be "epoll". See also "nosepoll", and "nopoll". |
| 648 | |
Willy Tarreau | ff4f82d | 2009-02-06 11:28:13 +0100 | [diff] [blame] | 649 | nosplice |
| 650 | Disables the use of kernel tcp splicing between sockets on Linux. It is |
| 651 | equivalent to the command line argument "-dS". Data will then be copied |
| 652 | using conventional and more portable recv/send calls. Kernel tcp splicing is |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 653 | limited to some very recent instances of kernel 2.6. Most versions between |
Willy Tarreau | ff4f82d | 2009-02-06 11:28:13 +0100 | [diff] [blame] | 654 | 2.6.25 and 2.6.28 are buggy and will forward corrupted data, so they must not |
| 655 | be used. This option makes it easier to globally disable kernel splicing in |
| 656 | case of doubt. See also "option splice-auto", "option splice-request" and |
| 657 | "option splice-response". |
| 658 | |
Willy Tarreau | fe255b7 | 2007-10-14 23:09:26 +0200 | [diff] [blame] | 659 | spread-checks <0..50, in percent> |
| 660 | Sometimes it is desirable to avoid sending health checks to servers at exact |
| 661 | intervals, for instance when many logical servers are located on the same |
| 662 | physical server. With the help of this parameter, it becomes possible to add |
| 663 | some randomness in the check interval between 0 and +/- 50%. A value between |
| 664 | 2 and 5 seems to show good results. The default value remains at 0. |
| 665 | |
Willy Tarreau | 27a674e | 2009-08-17 07:23:33 +0200 | [diff] [blame] | 666 | tune.bufsize <number> |
| 667 | Sets the buffer size to this size (in bytes). Lower values allow more |
| 668 | sessions to coexist in the same amount of RAM, and higher values allow some |
| 669 | applications with very large cookies to work. The default value is 16384 and |
| 670 | can be changed at build time. It is strongly recommended not to change this |
| 671 | from the default value, as very low values will break some services such as |
| 672 | statistics, and values larger than default size will increase memory usage, |
| 673 | possibly causing the system to run out of memory. At least the global maxconn |
| 674 | parameter should be decreased by the same factor as this one is increased. |
| 675 | |
Willy Tarreau | 43961d5 | 2010-10-04 20:39:20 +0200 | [diff] [blame] | 676 | tune.chksize <number> |
| 677 | Sets the check buffer size to this size (in bytes). Higher values may help |
| 678 | find string or regex patterns in very large pages, though doing so may imply |
| 679 | more memory and CPU usage. The default value is 16384 and can be changed at |
| 680 | build time. It is not recommended to change this value, but to use better |
| 681 | checks whenever possible. |
| 682 | |
Willy Tarreau | a0250ba | 2008-01-06 11:22:57 +0100 | [diff] [blame] | 683 | tune.maxaccept <number> |
| 684 | Sets the maximum number of consecutive accepts that a process may perform on |
| 685 | a single wake up. High values give higher priority to high connection rates, |
| 686 | while lower values give higher priority to already established connections. |
Willy Tarreau | f49d1df | 2009-03-01 08:35:41 +0100 | [diff] [blame] | 687 | This value is limited to 100 by default in single process mode. However, in |
Willy Tarreau | a0250ba | 2008-01-06 11:22:57 +0100 | [diff] [blame] | 688 | multi-process mode (nbproc > 1), it defaults to 8 so that when one process |
| 689 | wakes up, it does not take all incoming connections for itself and leaves a |
Willy Tarreau | f49d1df | 2009-03-01 08:35:41 +0100 | [diff] [blame] | 690 | part of them to other processes. Setting this value to -1 completely disables |
Willy Tarreau | a0250ba | 2008-01-06 11:22:57 +0100 | [diff] [blame] | 691 | the limitation. It should normally not be needed to tweak this value. |
| 692 | |
| 693 | tune.maxpollevents <number> |
| 694 | Sets the maximum amount of events that can be processed at once in a call to |
| 695 | the polling system. The default value is adapted to the operating system. It |
| 696 | has been noticed that reducing it below 200 tends to slightly decrease |
| 697 | latency at the expense of network bandwidth, and increasing it above 200 |
| 698 | tends to trade latency for slightly increased bandwidth. |
| 699 | |
Willy Tarreau | 27a674e | 2009-08-17 07:23:33 +0200 | [diff] [blame] | 700 | tune.maxrewrite <number> |
| 701 | Sets the reserved buffer space to this size in bytes. The reserved space is |
| 702 | used for header rewriting or appending. The first reads on sockets will never |
| 703 | fill more than bufsize-maxrewrite. Historically it has defaulted to half of |
| 704 | bufsize, though that does not make much sense since there are rarely large |
| 705 | numbers of headers to add. Setting it too high prevents processing of large |
| 706 | requests or responses. Setting it too low prevents addition of new headers |
| 707 | to already large requests or to POST requests. It is generally wise to set it |
| 708 | to about 1024. It is automatically readjusted to half of bufsize if it is |
| 709 | larger than that. This means you don't have to worry about it when changing |
| 710 | bufsize. |
| 711 | |
Willy Tarreau | e803de2 | 2010-01-21 17:43:04 +0100 | [diff] [blame] | 712 | tune.rcvbuf.client <number> |
| 713 | tune.rcvbuf.server <number> |
| 714 | Forces the kernel socket receive buffer size on the client or the server side |
| 715 | to the specified value in bytes. This value applies to all TCP/HTTP frontends |
| 716 | and backends. It should normally never be set, and the default size (0) lets |
| 717 | the kernel autotune this value depending on the amount of available memory. |
| 718 | However it can sometimes help to set it to very low values (eg: 4096) in |
| 719 | order to save kernel memory by preventing it from buffering too large amounts |
| 720 | of received data. Lower values will significantly increase CPU usage though. |
| 721 | |
| 722 | tune.sndbuf.client <number> |
| 723 | tune.sndbuf.server <number> |
| 724 | Forces the kernel socket send buffer size on the client or the server side to |
| 725 | the specified value in bytes. This value applies to all TCP/HTTP frontends |
| 726 | and backends. It should normally never be set, and the default size (0) lets |
| 727 | the kernel autotune this value depending on the amount of available memory. |
| 728 | However it can sometimes help to set it to very low values (eg: 4096) in |
| 729 | order to save kernel memory by preventing it from buffering too large amounts |
| 730 | of received data. Lower values will significantly increase CPU usage though. |
| 731 | Another use case is to prevent write timeouts with extremely slow clients due |
| 732 | to the kernel waiting for a large part of the buffer to be read before |
| 733 | notifying haproxy again. |
| 734 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 735 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 736 | 3.3. Debugging |
| 737 | -------------- |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 738 | |
| 739 | debug |
| 740 | Enables debug mode which dumps to stdout all exchanges, and disables forking |
| 741 | into background. It is the equivalent of the command-line argument "-d". It |
| 742 | should never be used in a production configuration since it may prevent full |
| 743 | system startup. |
| 744 | |
| 745 | quiet |
| 746 | Do not display any message during startup. It is equivalent to the command- |
| 747 | line argument "-q". |
| 748 | |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 749 | 3.4. Userlists |
| 750 | -------------- |
| 751 | It is possible to control access to frontend/backend/listen sections or to |
| 752 | http stats by allowing only authenticated and authorized users. To do this, |
| 753 | it is required to create at least one userlist and to define users. |
| 754 | |
| 755 | userlist <listname> |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 756 | Creates new userlist with name <listname>. Many independent userlists can be |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 757 | used to store authentication & authorization data for independent customers. |
| 758 | |
| 759 | group <groupname> [users <user>,<user>,(...)] |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 760 | Adds group <groupname> to the current userlist. It is also possible to |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 761 | attach users to this group by using a comma separated list of names |
| 762 | proceeded by "users" keyword. |
| 763 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 764 | user <username> [password|insecure-password <password>] |
| 765 | [groups <group>,<group>,(...)] |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 766 | Adds user <username> to the current userlist. Both secure (encrypted) and |
| 767 | insecure (unencrypted) passwords can be used. Encrypted passwords are |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 768 | evaluated using the crypt(3) function so depending of the system's |
| 769 | capabilities, different algorithms are supported. For example modern Glibc |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 770 | based Linux system supports MD5, SHA-256, SHA-512 and of course classic, |
| 771 | DES-based method of crypting passwords. |
| 772 | |
| 773 | |
| 774 | Example: |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 775 | userlist L1 |
| 776 | group G1 users tiger,scott |
| 777 | group G2 users xdb,scott |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 778 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 779 | user tiger password $6$k6y3o.eP$JlKBx9za9667qe4(...)xHSwRv6J.C0/D7cV91 |
| 780 | user scott insecure-password elgato |
| 781 | user xdb insecure-password hello |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 782 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 783 | userlist L2 |
| 784 | group G1 |
| 785 | group G2 |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 786 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 787 | user tiger password $6$k6y3o.eP$JlKBx(...)xHSwRv6J.C0/D7cV91 groups G1 |
| 788 | user scott insecure-password elgato groups G1,G2 |
| 789 | user xdb insecure-password hello groups G2 |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 790 | |
| 791 | Please note that both lists are functionally identical. |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 792 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 793 | 4. Proxies |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 794 | ---------- |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 795 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 796 | Proxy configuration can be located in a set of sections : |
| 797 | - defaults <name> |
| 798 | - frontend <name> |
| 799 | - backend <name> |
| 800 | - listen <name> |
| 801 | |
| 802 | A "defaults" section sets default parameters for all other sections following |
| 803 | its declaration. Those default parameters are reset by the next "defaults" |
| 804 | section. See below for the list of parameters which can be set in a "defaults" |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 805 | section. The name is optional but its use is encouraged for better readability. |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 806 | |
| 807 | A "frontend" section describes a set of listening sockets accepting client |
| 808 | connections. |
| 809 | |
| 810 | A "backend" section describes a set of servers to which the proxy will connect |
| 811 | to forward incoming connections. |
| 812 | |
| 813 | A "listen" section defines a complete proxy with its frontend and backend |
| 814 | parts combined in one section. It is generally useful for TCP-only traffic. |
| 815 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 816 | All proxy names must be formed from upper and lower case letters, digits, |
| 817 | '-' (dash), '_' (underscore) , '.' (dot) and ':' (colon). ACL names are |
| 818 | case-sensitive, which means that "www" and "WWW" are two different proxies. |
| 819 | |
| 820 | Historically, all proxy names could overlap, it just caused troubles in the |
| 821 | logs. Since the introduction of content switching, it is mandatory that two |
| 822 | proxies with overlapping capabilities (frontend/backend) have different names. |
| 823 | However, it is still permitted that a frontend and a backend share the same |
| 824 | name, as this configuration seems to be commonly encountered. |
| 825 | |
| 826 | Right now, two major proxy modes are supported : "tcp", also known as layer 4, |
| 827 | and "http", also known as layer 7. In layer 4 mode, HAProxy simply forwards |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 828 | bidirectional traffic between two sides. In layer 7 mode, HAProxy analyzes the |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 829 | protocol, and can interact with it by allowing, blocking, switching, adding, |
| 830 | modifying, or removing arbitrary contents in requests or responses, based on |
| 831 | arbitrary criteria. |
| 832 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 833 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 834 | 4.1. Proxy keywords matrix |
| 835 | -------------------------- |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 836 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 837 | The following list of keywords is supported. Most of them may only be used in a |
| 838 | limited set of section types. Some of them are marked as "deprecated" because |
| 839 | they are inherited from an old syntax which may be confusing or functionally |
| 840 | limited, and there are new recommended keywords to replace them. Keywords |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 841 | marked with "(*)" can be optionally inverted using the "no" prefix, eg. "no |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 842 | option contstats". This makes sense when the option has been enabled by default |
Willy Tarreau | 3842f00 | 2009-06-14 11:39:52 +0200 | [diff] [blame] | 843 | and must be disabled for a specific instance. Such options may also be prefixed |
| 844 | with "default" in order to restore default settings regardless of what has been |
| 845 | specified in a previous "defaults" section. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 846 | |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 847 | |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 848 | keyword defaults frontend listen backend |
| 849 | ------------------------------------+----------+----------+---------+--------- |
| 850 | acl - X X X |
| 851 | appsession - - X X |
| 852 | backlog X X X - |
| 853 | balance X - X X |
| 854 | bind - X X - |
| 855 | bind-process X X X X |
| 856 | block - X X X |
| 857 | capture cookie - X X - |
| 858 | capture request header - X X - |
| 859 | capture response header - X X - |
| 860 | clitimeout (deprecated) X X X - |
| 861 | contimeout (deprecated) X - X X |
| 862 | cookie X - X X |
| 863 | default-server X - X X |
| 864 | default_backend X X X - |
| 865 | description - X X X |
| 866 | disabled X X X X |
| 867 | dispatch - - X X |
| 868 | enabled X X X X |
| 869 | errorfile X X X X |
| 870 | errorloc X X X X |
| 871 | errorloc302 X X X X |
| 872 | -- keyword -------------------------- defaults - frontend - listen -- backend - |
| 873 | errorloc303 X X X X |
Cyril Bonté | 0d4bf01 | 2010-04-25 23:21:46 +0200 | [diff] [blame] | 874 | force-persist - X X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 875 | fullconn X - X X |
| 876 | grace X X X X |
| 877 | hash-type X - X X |
| 878 | http-check disable-on-404 X - X X |
Willy Tarreau | bd74154 | 2010-03-16 18:46:54 +0100 | [diff] [blame] | 879 | http-check expect - - X X |
Willy Tarreau | 7ab6aff | 2010-10-12 06:30:16 +0200 | [diff] [blame] | 880 | http-check send-state X - X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 881 | http-request - X X X |
| 882 | id - X X X |
Cyril Bonté | 0d4bf01 | 2010-04-25 23:21:46 +0200 | [diff] [blame] | 883 | ignore-persist - X X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 884 | log X X X X |
| 885 | maxconn X X X - |
| 886 | mode X X X X |
| 887 | monitor fail - X X - |
| 888 | monitor-net X X X - |
| 889 | monitor-uri X X X - |
| 890 | option abortonclose (*) X - X X |
| 891 | option accept-invalid-http-request (*) X X X - |
| 892 | option accept-invalid-http-response (*) X - X X |
| 893 | option allbackups (*) X - X X |
| 894 | option checkcache (*) X - X X |
| 895 | option clitcpka (*) X X X - |
| 896 | option contstats (*) X X X - |
| 897 | option dontlog-normal (*) X X X - |
| 898 | option dontlognull (*) X X X - |
| 899 | option forceclose (*) X X X X |
| 900 | -- keyword -------------------------- defaults - frontend - listen -- backend - |
| 901 | option forwardfor X X X X |
Willy Tarreau | 8a8e1d9 | 2010-04-05 16:15:16 +0200 | [diff] [blame] | 902 | option http-pretend-keepalive (*) X X X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 903 | option http-server-close (*) X X X X |
| 904 | option http-use-proxy-header (*) X X X - |
| 905 | option httpchk X - X X |
| 906 | option httpclose (*) X X X X |
| 907 | option httplog X X X X |
| 908 | option http_proxy (*) X X X X |
| 909 | option independant-streams (*) X X X X |
Gabor Lekeny | b4c81e4 | 2010-09-29 18:17:05 +0200 | [diff] [blame] | 910 | option ldap-check X - X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 911 | option log-health-checks (*) X - X X |
| 912 | option log-separate-errors (*) X X X - |
| 913 | option logasap (*) X X X - |
| 914 | option mysql-check X - X X |
| 915 | option nolinger (*) X X X X |
| 916 | option originalto X X X X |
| 917 | option persist (*) X - X X |
| 918 | option redispatch (*) X - X X |
| 919 | option smtpchk X - X X |
| 920 | option socket-stats (*) X X X - |
| 921 | option splice-auto (*) X X X X |
| 922 | option splice-request (*) X X X X |
| 923 | option splice-response (*) X X X X |
| 924 | option srvtcpka (*) X - X X |
| 925 | option ssl-hello-chk X - X X |
| 926 | -- keyword -------------------------- defaults - frontend - listen -- backend - |
| 927 | option tcp-smart-accept (*) X X X - |
| 928 | option tcp-smart-connect (*) X - X X |
| 929 | option tcpka X X X X |
| 930 | option tcplog X X X X |
| 931 | option transparent (*) X - X X |
| 932 | persist rdp-cookie X - X X |
| 933 | rate-limit sessions X X X - |
| 934 | redirect - X X X |
| 935 | redisp (deprecated) X - X X |
| 936 | redispatch (deprecated) X - X X |
| 937 | reqadd - X X X |
| 938 | reqallow - X X X |
| 939 | reqdel - X X X |
| 940 | reqdeny - X X X |
| 941 | reqiallow - X X X |
| 942 | reqidel - X X X |
| 943 | reqideny - X X X |
| 944 | reqipass - X X X |
| 945 | reqirep - X X X |
| 946 | reqisetbe - X X X |
| 947 | reqitarpit - X X X |
| 948 | reqpass - X X X |
| 949 | reqrep - X X X |
| 950 | -- keyword -------------------------- defaults - frontend - listen -- backend - |
| 951 | reqsetbe - X X X |
| 952 | reqtarpit - X X X |
| 953 | retries X - X X |
| 954 | rspadd - X X X |
| 955 | rspdel - X X X |
| 956 | rspdeny - X X X |
| 957 | rspidel - X X X |
| 958 | rspideny - X X X |
| 959 | rspirep - X X X |
| 960 | rsprep - X X X |
| 961 | server - - X X |
| 962 | source X - X X |
| 963 | srvtimeout (deprecated) X - X X |
Cyril Bonté | 66c327d | 2010-10-12 00:14:37 +0200 | [diff] [blame] | 964 | stats admin - - X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 965 | stats auth X - X X |
| 966 | stats enable X - X X |
| 967 | stats hide-version X - X X |
Cyril Bonté | 2be1b3f | 2010-09-30 23:46:30 +0200 | [diff] [blame] | 968 | stats http-request - - X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 969 | stats realm X - X X |
| 970 | stats refresh X - X X |
| 971 | stats scope X - X X |
| 972 | stats show-desc X - X X |
| 973 | stats show-legends X - X X |
| 974 | stats show-node X - X X |
| 975 | stats uri X - X X |
| 976 | -- keyword -------------------------- defaults - frontend - listen -- backend - |
| 977 | stick match - - X X |
| 978 | stick on - - X X |
| 979 | stick store-request - - X X |
| 980 | stick-table - - X X |
Willy Tarreau | e965652 | 2010-08-17 15:40:09 +0200 | [diff] [blame] | 981 | tcp-request connection - X X - |
| 982 | tcp-request content - X X X |
Willy Tarreau | a56235c | 2010-09-14 11:31:36 +0200 | [diff] [blame] | 983 | tcp-request inspect-delay - X X X |
Willy Tarreau | 5c6f7b3 | 2010-02-26 13:34:29 +0100 | [diff] [blame] | 984 | timeout check X - X X |
| 985 | timeout client X X X - |
| 986 | timeout clitimeout (deprecated) X X X - |
| 987 | timeout connect X - X X |
| 988 | timeout contimeout (deprecated) X - X X |
| 989 | timeout http-keep-alive X X X X |
| 990 | timeout http-request X X X X |
| 991 | timeout queue X - X X |
| 992 | timeout server X - X X |
| 993 | timeout srvtimeout (deprecated) X - X X |
| 994 | timeout tarpit X X X X |
| 995 | transparent (deprecated) X - X X |
| 996 | use_backend - X X - |
| 997 | ------------------------------------+----------+----------+---------+--------- |
| 998 | keyword defaults frontend listen backend |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 999 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1000 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1001 | 4.2. Alphabetically sorted keywords reference |
| 1002 | --------------------------------------------- |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1003 | |
| 1004 | This section provides a description of each keyword and its usage. |
| 1005 | |
| 1006 | |
| 1007 | acl <aclname> <criterion> [flags] [operator] <value> ... |
| 1008 | Declare or complete an access list. |
| 1009 | May be used in sections : defaults | frontend | listen | backend |
| 1010 | no | yes | yes | yes |
| 1011 | Example: |
| 1012 | acl invalid_src src 0.0.0.0/7 224.0.0.0/3 |
| 1013 | acl invalid_src src_port 0:1023 |
| 1014 | acl local_dst hdr(host) -i localhost |
| 1015 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1016 | See section 7 about ACL usage. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1017 | |
| 1018 | |
Cyril Bonté | b21570a | 2009-11-29 20:04:48 +0100 | [diff] [blame] | 1019 | appsession <cookie> len <length> timeout <holdtime> |
| 1020 | [request-learn] [prefix] [mode <path-parameters|query-string>] |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1021 | Define session stickiness on an existing application cookie. |
| 1022 | May be used in sections : defaults | frontend | listen | backend |
| 1023 | no | no | yes | yes |
| 1024 | Arguments : |
| 1025 | <cookie> this is the name of the cookie used by the application and which |
| 1026 | HAProxy will have to learn for each new session. |
| 1027 | |
Cyril Bonté | b21570a | 2009-11-29 20:04:48 +0100 | [diff] [blame] | 1028 | <length> this is the max number of characters that will be memorized and |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1029 | checked in each cookie value. |
| 1030 | |
| 1031 | <holdtime> this is the time after which the cookie will be removed from |
| 1032 | memory if unused. If no unit is specified, this time is in |
| 1033 | milliseconds. |
| 1034 | |
Cyril Bonté | bf47aeb | 2009-10-15 00:15:40 +0200 | [diff] [blame] | 1035 | request-learn |
| 1036 | If this option is specified, then haproxy will be able to learn |
| 1037 | the cookie found in the request in case the server does not |
| 1038 | specify any in response. This is typically what happens with |
| 1039 | PHPSESSID cookies, or when haproxy's session expires before |
| 1040 | the application's session and the correct server is selected. |
| 1041 | It is recommended to specify this option to improve reliability. |
| 1042 | |
Cyril Bonté | b21570a | 2009-11-29 20:04:48 +0100 | [diff] [blame] | 1043 | prefix When this option is specified, haproxy will match on the cookie |
| 1044 | prefix (or URL parameter prefix). The appsession value is the |
| 1045 | data following this prefix. |
| 1046 | |
| 1047 | Example : |
| 1048 | appsession ASPSESSIONID len 64 timeout 3h prefix |
| 1049 | |
| 1050 | This will match the cookie ASPSESSIONIDXXXX=XXXXX, |
| 1051 | the appsession value will be XXXX=XXXXX. |
| 1052 | |
| 1053 | mode This option allows to change the URL parser mode. |
| 1054 | 2 modes are currently supported : |
| 1055 | - path-parameters : |
| 1056 | The parser looks for the appsession in the path parameters |
| 1057 | part (each parameter is separated by a semi-colon), which is |
| 1058 | convenient for JSESSIONID for example. |
| 1059 | This is the default mode if the option is not set. |
| 1060 | - query-string : |
| 1061 | In this mode, the parser will look for the appsession in the |
| 1062 | query string. |
| 1063 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1064 | When an application cookie is defined in a backend, HAProxy will check when |
| 1065 | the server sets such a cookie, and will store its value in a table, and |
| 1066 | associate it with the server's identifier. Up to <length> characters from |
| 1067 | the value will be retained. On each connection, haproxy will look for this |
Cyril Bonté | b21570a | 2009-11-29 20:04:48 +0100 | [diff] [blame] | 1068 | cookie both in the "Cookie:" headers, and as a URL parameter (depending on |
| 1069 | the mode used). If a known value is found, the client will be directed to the |
| 1070 | server associated with this value. Otherwise, the load balancing algorithm is |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1071 | applied. Cookies are automatically removed from memory when they have been |
| 1072 | unused for a duration longer than <holdtime>. |
| 1073 | |
| 1074 | The definition of an application cookie is limited to one per backend. |
| 1075 | |
| 1076 | Example : |
| 1077 | appsession JSESSIONID len 52 timeout 3h |
| 1078 | |
Cyril Bonté | a8e7bbc | 2010-04-25 22:29:29 +0200 | [diff] [blame] | 1079 | See also : "cookie", "capture cookie", "balance", "stick", "stick-table" |
Cyril Bonté | 0d4bf01 | 2010-04-25 23:21:46 +0200 | [diff] [blame] | 1080 | and "ignore-persist" |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1081 | |
| 1082 | |
Willy Tarreau | c73ce2b | 2008-01-06 10:55:10 +0100 | [diff] [blame] | 1083 | backlog <conns> |
| 1084 | Give hints to the system about the approximate listen backlog desired size |
| 1085 | May be used in sections : defaults | frontend | listen | backend |
| 1086 | yes | yes | yes | no |
| 1087 | Arguments : |
| 1088 | <conns> is the number of pending connections. Depending on the operating |
| 1089 | system, it may represent the number of already acknowledged |
| 1090 | connections, of non-acknowledged ones, or both. |
| 1091 | |
| 1092 | In order to protect against SYN flood attacks, one solution is to increase |
| 1093 | the system's SYN backlog size. Depending on the system, sometimes it is just |
| 1094 | tunable via a system parameter, sometimes it is not adjustable at all, and |
| 1095 | sometimes the system relies on hints given by the application at the time of |
| 1096 | the listen() syscall. By default, HAProxy passes the frontend's maxconn value |
| 1097 | to the listen() syscall. On systems which can make use of this value, it can |
| 1098 | sometimes be useful to be able to specify a different value, hence this |
| 1099 | backlog parameter. |
| 1100 | |
| 1101 | On Linux 2.4, the parameter is ignored by the system. On Linux 2.6, it is |
| 1102 | used as a hint and the system accepts up to the smallest greater power of |
| 1103 | two, and never more than some limits (usually 32768). |
| 1104 | |
| 1105 | See also : "maxconn" and the target operating system's tuning guide. |
| 1106 | |
| 1107 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1108 | balance <algorithm> [ <arguments> ] |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1109 | balance url_param <param> [check_post [<max_wait>]] |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1110 | Define the load balancing algorithm to be used in a backend. |
| 1111 | May be used in sections : defaults | frontend | listen | backend |
| 1112 | yes | no | yes | yes |
| 1113 | Arguments : |
| 1114 | <algorithm> is the algorithm used to select a server when doing load |
| 1115 | balancing. This only applies when no persistence information |
| 1116 | is available, or when a connection is redispatched to another |
| 1117 | server. <algorithm> may be one of the following : |
| 1118 | |
| 1119 | roundrobin Each server is used in turns, according to their weights. |
| 1120 | This is the smoothest and fairest algorithm when the server's |
| 1121 | processing time remains equally distributed. This algorithm |
| 1122 | is dynamic, which means that server weights may be adjusted |
Willy Tarreau | 9757a38 | 2009-10-03 12:56:50 +0200 | [diff] [blame] | 1123 | on the fly for slow starts for instance. It is limited by |
| 1124 | design to 4128 active servers per backend. Note that in some |
| 1125 | large farms, when a server becomes up after having been down |
| 1126 | for a very short time, it may sometimes take a few hundreds |
| 1127 | requests for it to be re-integrated into the farm and start |
| 1128 | receiving traffic. This is normal, though very rare. It is |
| 1129 | indicated here in case you would have the chance to observe |
| 1130 | it, so that you don't worry. |
| 1131 | |
| 1132 | static-rr Each server is used in turns, according to their weights. |
| 1133 | This algorithm is as similar to roundrobin except that it is |
| 1134 | static, which means that changing a server's weight on the |
| 1135 | fly will have no effect. On the other hand, it has no design |
| 1136 | limitation on the number of servers, and when a server goes |
| 1137 | up, it is always immediately reintroduced into the farm, once |
| 1138 | the full map is recomputed. It also uses slightly less CPU to |
| 1139 | run (around -1%). |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1140 | |
Willy Tarreau | 2d2a7f8 | 2008-03-17 12:07:56 +0100 | [diff] [blame] | 1141 | leastconn The server with the lowest number of connections receives the |
| 1142 | connection. Round-robin is performed within groups of servers |
| 1143 | of the same load to ensure that all servers will be used. Use |
| 1144 | of this algorithm is recommended where very long sessions are |
| 1145 | expected, such as LDAP, SQL, TSE, etc... but is not very well |
| 1146 | suited for protocols using short sessions such as HTTP. This |
| 1147 | algorithm is dynamic, which means that server weights may be |
| 1148 | adjusted on the fly for slow starts for instance. |
| 1149 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1150 | source The source IP address is hashed and divided by the total |
| 1151 | weight of the running servers to designate which server will |
| 1152 | receive the request. This ensures that the same client IP |
| 1153 | address will always reach the same server as long as no |
| 1154 | server goes down or up. If the hash result changes due to the |
| 1155 | number of running servers changing, many clients will be |
| 1156 | directed to a different server. This algorithm is generally |
| 1157 | used in TCP mode where no cookie may be inserted. It may also |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1158 | be used on the Internet to provide a best-effort stickiness |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1159 | to clients which refuse session cookies. This algorithm is |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 1160 | static by default, which means that changing a server's |
| 1161 | weight on the fly will have no effect, but this can be |
| 1162 | changed using "hash-type". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1163 | |
| 1164 | uri The left part of the URI (before the question mark) is hashed |
| 1165 | and divided by the total weight of the running servers. The |
| 1166 | result designates which server will receive the request. This |
| 1167 | ensures that a same URI will always be directed to the same |
| 1168 | server as long as no server goes up or down. This is used |
| 1169 | with proxy caches and anti-virus proxies in order to maximize |
| 1170 | the cache hit rate. Note that this algorithm may only be used |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 1171 | in an HTTP backend. This algorithm is static by default, |
| 1172 | which means that changing a server's weight on the fly will |
| 1173 | have no effect, but this can be changed using "hash-type". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1174 | |
Marek Majkowski | 9c30fc1 | 2008-04-27 23:25:55 +0200 | [diff] [blame] | 1175 | This algorithm support two optional parameters "len" and |
| 1176 | "depth", both followed by a positive integer number. These |
| 1177 | options may be helpful when it is needed to balance servers |
| 1178 | based on the beginning of the URI only. The "len" parameter |
| 1179 | indicates that the algorithm should only consider that many |
| 1180 | characters at the beginning of the URI to compute the hash. |
| 1181 | Note that having "len" set to 1 rarely makes sense since most |
| 1182 | URIs start with a leading "/". |
| 1183 | |
| 1184 | The "depth" parameter indicates the maximum directory depth |
| 1185 | to be used to compute the hash. One level is counted for each |
| 1186 | slash in the request. If both parameters are specified, the |
| 1187 | evaluation stops when either is reached. |
| 1188 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1189 | url_param The URL parameter specified in argument will be looked up in |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1190 | the query string of each HTTP GET request. |
| 1191 | |
| 1192 | If the modifier "check_post" is used, then an HTTP POST |
| 1193 | request entity will be searched for the parameter argument, |
| 1194 | when the question mark indicating a query string ('?') is not |
| 1195 | present in the URL. Optionally, specify a number of octets to |
| 1196 | wait for before attempting to search the message body. If the |
| 1197 | entity can not be searched, then round robin is used for each |
| 1198 | request. For instance, if your clients always send the LB |
| 1199 | parameter in the first 128 bytes, then specify that. The |
| 1200 | default is 48. The entity data will not be scanned until the |
| 1201 | required number of octets have arrived at the gateway, this |
| 1202 | is the minimum of: (default/max_wait, Content-Length or first |
| 1203 | chunk length). If Content-Length is missing or zero, it does |
| 1204 | not need to wait for more data than the client promised to |
| 1205 | send. When Content-Length is present and larger than |
| 1206 | <max_wait>, then waiting is limited to <max_wait> and it is |
| 1207 | assumed that this will be enough data to search for the |
| 1208 | presence of the parameter. In the unlikely event that |
| 1209 | Transfer-Encoding: chunked is used, only the first chunk is |
| 1210 | scanned. Parameter values separated by a chunk boundary, may |
| 1211 | be randomly balanced if at all. |
| 1212 | |
| 1213 | If the parameter is found followed by an equal sign ('=') and |
| 1214 | a value, then the value is hashed and divided by the total |
| 1215 | weight of the running servers. The result designates which |
| 1216 | server will receive the request. |
| 1217 | |
| 1218 | This is used to track user identifiers in requests and ensure |
| 1219 | that a same user ID will always be sent to the same server as |
| 1220 | long as no server goes up or down. If no value is found or if |
| 1221 | the parameter is not found, then a round robin algorithm is |
| 1222 | applied. Note that this algorithm may only be used in an HTTP |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 1223 | backend. This algorithm is static by default, which means |
| 1224 | that changing a server's weight on the fly will have no |
| 1225 | effect, but this can be changed using "hash-type". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1226 | |
Benoit | affb481 | 2009-03-25 13:02:10 +0100 | [diff] [blame] | 1227 | hdr(name) The HTTP header <name> will be looked up in each HTTP request. |
| 1228 | Just as with the equivalent ACL 'hdr()' function, the header |
| 1229 | name in parenthesis is not case sensitive. If the header is |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1230 | absent or if it does not contain any value, the roundrobin |
Benoit | affb481 | 2009-03-25 13:02:10 +0100 | [diff] [blame] | 1231 | algorithm is applied instead. |
| 1232 | |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1233 | An optional 'use_domain_only' parameter is available, for |
Benoit | affb481 | 2009-03-25 13:02:10 +0100 | [diff] [blame] | 1234 | reducing the hash algorithm to the main domain part with some |
| 1235 | specific headers such as 'Host'. For instance, in the Host |
| 1236 | value "haproxy.1wt.eu", only "1wt" will be considered. |
| 1237 | |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 1238 | This algorithm is static by default, which means that |
| 1239 | changing a server's weight on the fly will have no effect, |
| 1240 | but this can be changed using "hash-type". |
| 1241 | |
Emeric Brun | 736aa23 | 2009-06-30 17:56:00 +0200 | [diff] [blame] | 1242 | rdp-cookie |
| 1243 | rdp-cookie(name) |
| 1244 | The RDP cookie <name> (or "mstshash" if omitted) will be |
| 1245 | looked up and hashed for each incoming TCP request. Just as |
| 1246 | with the equivalent ACL 'req_rdp_cookie()' function, the name |
| 1247 | is not case-sensitive. This mechanism is useful as a degraded |
| 1248 | persistence mode, as it makes it possible to always send the |
| 1249 | same user (or the same session ID) to the same server. If the |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1250 | cookie is not found, the normal roundrobin algorithm is |
Emeric Brun | 736aa23 | 2009-06-30 17:56:00 +0200 | [diff] [blame] | 1251 | used instead. |
| 1252 | |
| 1253 | Note that for this to work, the frontend must ensure that an |
| 1254 | RDP cookie is already present in the request buffer. For this |
| 1255 | you must use 'tcp-request content accept' rule combined with |
| 1256 | a 'req_rdp_cookie_cnt' ACL. |
| 1257 | |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 1258 | This algorithm is static by default, which means that |
| 1259 | changing a server's weight on the fly will have no effect, |
| 1260 | but this can be changed using "hash-type". |
| 1261 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1262 | <arguments> is an optional list of arguments which may be needed by some |
Marek Majkowski | 9c30fc1 | 2008-04-27 23:25:55 +0200 | [diff] [blame] | 1263 | algorithms. Right now, only "url_param" and "uri" support an |
| 1264 | optional argument. |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1265 | |
Marek Majkowski | 9c30fc1 | 2008-04-27 23:25:55 +0200 | [diff] [blame] | 1266 | balance uri [len <len>] [depth <depth>] |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1267 | balance url_param <param> [check_post [<max_wait>]] |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1268 | |
Willy Tarreau | 3cd9af2 | 2009-03-15 14:06:41 +0100 | [diff] [blame] | 1269 | The load balancing algorithm of a backend is set to roundrobin when no other |
| 1270 | algorithm, mode nor option have been set. The algorithm may only be set once |
| 1271 | for each backend. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1272 | |
| 1273 | Examples : |
| 1274 | balance roundrobin |
| 1275 | balance url_param userid |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1276 | balance url_param session_id check_post 64 |
Benoit | affb481 | 2009-03-25 13:02:10 +0100 | [diff] [blame] | 1277 | balance hdr(User-Agent) |
| 1278 | balance hdr(host) |
| 1279 | balance hdr(Host) use_domain_only |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1280 | |
| 1281 | Note: the following caveats and limitations on using the "check_post" |
| 1282 | extension with "url_param" must be considered : |
| 1283 | |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1284 | - all POST requests are eligible for consideration, because there is no way |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1285 | to determine if the parameters will be found in the body or entity which |
| 1286 | may contain binary data. Therefore another method may be required to |
| 1287 | restrict consideration of POST requests that have no URL parameters in |
| 1288 | the body. (see acl reqideny http_end) |
| 1289 | |
| 1290 | - using a <max_wait> value larger than the request buffer size does not |
| 1291 | make sense and is useless. The buffer size is set at build time, and |
| 1292 | defaults to 16 kB. |
| 1293 | |
| 1294 | - Content-Encoding is not supported, the parameter search will probably |
| 1295 | fail; and load balancing will fall back to Round Robin. |
| 1296 | |
| 1297 | - Expect: 100-continue is not supported, load balancing will fall back to |
| 1298 | Round Robin. |
| 1299 | |
| 1300 | - Transfer-Encoding (RFC2616 3.6.1) is only supported in the first chunk. |
| 1301 | If the entire parameter value is not present in the first chunk, the |
| 1302 | selection of server is undefined (actually, defined by how little |
| 1303 | actually appeared in the first chunk). |
| 1304 | |
| 1305 | - This feature does not support generation of a 100, 411 or 501 response. |
| 1306 | |
| 1307 | - In some cases, requesting "check_post" MAY attempt to scan the entire |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1308 | contents of a message body. Scanning normally terminates when linear |
matt.farnsworth@nokia.com | 1c2ab96 | 2008-04-14 20:47:37 +0200 | [diff] [blame] | 1309 | white space or control characters are found, indicating the end of what |
| 1310 | might be a URL parameter list. This is probably not a concern with SGML |
| 1311 | type message bodies. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1312 | |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 1313 | See also : "dispatch", "cookie", "appsession", "transparent", "hash-type" and |
| 1314 | "http_proxy". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1315 | |
| 1316 | |
Willy Tarreau | c5011ca | 2010-03-22 11:53:56 +0100 | [diff] [blame] | 1317 | bind [<address>]:<port_range> [, ...] |
| 1318 | bind [<address>]:<port_range> [, ...] interface <interface> |
| 1319 | bind [<address>]:<port_range> [, ...] mss <maxseg> |
| 1320 | bind [<address>]:<port_range> [, ...] transparent |
| 1321 | bind [<address>]:<port_range> [, ...] id <id> |
| 1322 | bind [<address>]:<port_range> [, ...] name <name> |
| 1323 | bind [<address>]:<port_range> [, ...] defer-accept |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1324 | Define one or several listening addresses and/or ports in a frontend. |
| 1325 | May be used in sections : defaults | frontend | listen | backend |
| 1326 | no | yes | yes | no |
| 1327 | Arguments : |
Willy Tarreau | b1e52e8 | 2008-01-13 14:49:51 +0100 | [diff] [blame] | 1328 | <address> is optional and can be a host name, an IPv4 address, an IPv6 |
| 1329 | address, or '*'. It designates the address the frontend will |
| 1330 | listen on. If unset, all IPv4 addresses of the system will be |
| 1331 | listened on. The same will apply for '*' or the system's |
| 1332 | special address "0.0.0.0". |
| 1333 | |
Willy Tarreau | c5011ca | 2010-03-22 11:53:56 +0100 | [diff] [blame] | 1334 | <port_range> is either a unique TCP port, or a port range for which the |
| 1335 | proxy will accept connections for the IP address specified |
| 1336 | above. The port is mandatory. Note that in the case of an |
| 1337 | IPv6 address, the port is always the number after the last |
| 1338 | colon (':'). A range can either be : |
| 1339 | - a numerical port (ex: '80') |
| 1340 | - a dash-delimited ports range explicitly stating the lower |
| 1341 | and upper bounds (ex: '2000-2100') which are included in |
| 1342 | the range. |
| 1343 | |
| 1344 | Particular care must be taken against port ranges, because |
| 1345 | every <address:port> couple consumes one socket (= a file |
| 1346 | descriptor), so it's easy to consume lots of descriptors |
| 1347 | with a simple range, and to run out of sockets. Also, each |
| 1348 | <address:port> couple must be used only once among all |
| 1349 | instances running on a same system. Please note that binding |
| 1350 | to ports lower than 1024 generally require particular |
| 1351 | privileges to start the program, which are independant of |
| 1352 | the 'uid' parameter. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1353 | |
Willy Tarreau | 5e6e204 | 2009-02-04 17:19:29 +0100 | [diff] [blame] | 1354 | <interface> is an optional physical interface name. This is currently |
| 1355 | only supported on Linux. The interface must be a physical |
| 1356 | interface, not an aliased interface. When specified, all |
| 1357 | addresses on the same line will only be accepted if the |
| 1358 | incoming packet physically come through the designated |
| 1359 | interface. It is also possible to bind multiple frontends to |
| 1360 | the same address if they are bound to different interfaces. |
| 1361 | Note that binding to a physical interface requires root |
| 1362 | privileges. |
| 1363 | |
Willy Tarreau | be1b918 | 2009-06-14 18:48:19 +0200 | [diff] [blame] | 1364 | <maxseg> is an optional TCP Maximum Segment Size (MSS) value to be |
| 1365 | advertised on incoming connections. This can be used to force |
| 1366 | a lower MSS for certain specific ports, for instance for |
| 1367 | connections passing through a VPN. Note that this relies on a |
| 1368 | kernel feature which is theorically supported under Linux but |
| 1369 | was buggy in all versions prior to 2.6.28. It may or may not |
| 1370 | work on other operating systems. The commonly advertised |
| 1371 | value on Ethernet networks is 1460 = 1500(MTU) - 40(IP+TCP). |
| 1372 | |
Willy Tarreau | 53fb4ae | 2009-10-04 23:04:08 +0200 | [diff] [blame] | 1373 | <id> is a persistent value for socket ID. Must be positive and |
| 1374 | unique in the proxy. An unused value will automatically be |
| 1375 | assigned if unset. Can only be used when defining only a |
| 1376 | single socket. |
Krzysztof Piotr Oledzki | aeebf9b | 2009-10-04 15:43:17 +0200 | [diff] [blame] | 1377 | |
| 1378 | <name> is an optional name provided for stats |
| 1379 | |
Willy Tarreau | b1e52e8 | 2008-01-13 14:49:51 +0100 | [diff] [blame] | 1380 | transparent is an optional keyword which is supported only on certain |
| 1381 | Linux kernels. It indicates that the addresses will be bound |
| 1382 | even if they do not belong to the local machine. Any packet |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1383 | targeting any of these addresses will be caught just as if |
Willy Tarreau | b1e52e8 | 2008-01-13 14:49:51 +0100 | [diff] [blame] | 1384 | the address was locally configured. This normally requires |
| 1385 | that IP forwarding is enabled. Caution! do not use this with |
| 1386 | the default address '*', as it would redirect any traffic for |
| 1387 | the specified port. This keyword is available only when |
| 1388 | HAProxy is built with USE_LINUX_TPROXY=1. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1389 | |
Willy Tarreau | 59f8920 | 2010-10-02 11:54:00 +0200 | [diff] [blame] | 1390 | defer-accept is an optional keyword which is supported only on certain |
Willy Tarreau | cb6cd43 | 2009-10-13 07:34:14 +0200 | [diff] [blame] | 1391 | Linux kernels. It states that a connection will only be |
| 1392 | accepted once some data arrive on it, or at worst after the |
| 1393 | first retransmit. This should be used only on protocols for |
| 1394 | which the client talks first (eg: HTTP). It can slightly |
| 1395 | improve performance by ensuring that most of the request is |
| 1396 | already available when the connection is accepted. On the |
| 1397 | other hand, it will not be able to detect connections which |
| 1398 | don't talk. It is important to note that this option is |
| 1399 | broken in all kernels up to 2.6.31, as the connection is |
| 1400 | never accepted until the client talks. This can cause issues |
| 1401 | with front firewalls which would see an established |
| 1402 | connection while the proxy will only see it in SYN_RECV. |
| 1403 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1404 | It is possible to specify a list of address:port combinations delimited by |
| 1405 | commas. The frontend will then listen on all of these addresses. There is no |
| 1406 | fixed limit to the number of addresses and ports which can be listened on in |
| 1407 | a frontend, as well as there is no limit to the number of "bind" statements |
| 1408 | in a frontend. |
| 1409 | |
| 1410 | Example : |
| 1411 | listen http_proxy |
| 1412 | bind :80,:443 |
| 1413 | bind 10.0.0.1:10080,10.0.0.1:10443 |
| 1414 | |
| 1415 | See also : "source". |
| 1416 | |
| 1417 | |
Willy Tarreau | 0b9c02c | 2009-02-04 22:05:05 +0100 | [diff] [blame] | 1418 | bind-process [ all | odd | even | <number 1-32> ] ... |
| 1419 | Limit visibility of an instance to a certain set of processes numbers. |
| 1420 | May be used in sections : defaults | frontend | listen | backend |
| 1421 | yes | yes | yes | yes |
| 1422 | Arguments : |
| 1423 | all All process will see this instance. This is the default. It |
| 1424 | may be used to override a default value. |
| 1425 | |
| 1426 | odd This instance will be enabled on processes 1,3,5,...31. This |
| 1427 | option may be combined with other numbers. |
| 1428 | |
| 1429 | even This instance will be enabled on processes 2,4,6,...32. This |
| 1430 | option may be combined with other numbers. Do not use it |
| 1431 | with less than 2 processes otherwise some instances might be |
| 1432 | missing from all processes. |
| 1433 | |
| 1434 | number The instance will be enabled on this process number, between |
| 1435 | 1 and 32. You must be careful not to reference a process |
| 1436 | number greater than the configured global.nbproc, otherwise |
| 1437 | some instances might be missing from all processes. |
| 1438 | |
| 1439 | This keyword limits binding of certain instances to certain processes. This |
| 1440 | is useful in order not to have too many processes listening to the same |
| 1441 | ports. For instance, on a dual-core machine, it might make sense to set |
| 1442 | 'nbproc 2' in the global section, then distributes the listeners among 'odd' |
| 1443 | and 'even' instances. |
| 1444 | |
| 1445 | At the moment, it is not possible to reference more than 32 processes using |
| 1446 | this keyword, but this should be more than enough for most setups. Please |
| 1447 | note that 'all' really means all processes and is not limited to the first |
| 1448 | 32. |
| 1449 | |
| 1450 | If some backends are referenced by frontends bound to other processes, the |
| 1451 | backend automatically inherits the frontend's processes. |
| 1452 | |
| 1453 | Example : |
| 1454 | listen app_ip1 |
| 1455 | bind 10.0.0.1:80 |
Willy Tarreau | bfcd311 | 2010-10-23 11:22:08 +0200 | [diff] [blame] | 1456 | bind-process odd |
Willy Tarreau | 0b9c02c | 2009-02-04 22:05:05 +0100 | [diff] [blame] | 1457 | |
| 1458 | listen app_ip2 |
| 1459 | bind 10.0.0.2:80 |
Willy Tarreau | bfcd311 | 2010-10-23 11:22:08 +0200 | [diff] [blame] | 1460 | bind-process even |
Willy Tarreau | 0b9c02c | 2009-02-04 22:05:05 +0100 | [diff] [blame] | 1461 | |
| 1462 | listen management |
| 1463 | bind 10.0.0.3:80 |
Willy Tarreau | bfcd311 | 2010-10-23 11:22:08 +0200 | [diff] [blame] | 1464 | bind-process 1 2 3 4 |
Willy Tarreau | 0b9c02c | 2009-02-04 22:05:05 +0100 | [diff] [blame] | 1465 | |
| 1466 | See also : "nbproc" in global section. |
| 1467 | |
| 1468 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1469 | block { if | unless } <condition> |
| 1470 | Block a layer 7 request if/unless a condition is matched |
| 1471 | May be used in sections : defaults | frontend | listen | backend |
| 1472 | no | yes | yes | yes |
| 1473 | |
| 1474 | The HTTP request will be blocked very early in the layer 7 processing |
| 1475 | if/unless <condition> is matched. A 403 error will be returned if the request |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1476 | is blocked. The condition has to reference ACLs (see section 7). This is |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1477 | typically used to deny access to certain sensible resources if some |
| 1478 | conditions are met or not met. There is no fixed limit to the number of |
| 1479 | "block" statements per instance. |
| 1480 | |
| 1481 | Example: |
| 1482 | acl invalid_src src 0.0.0.0/7 224.0.0.0/3 |
| 1483 | acl invalid_src src_port 0:1023 |
| 1484 | acl local_dst hdr(host) -i localhost |
| 1485 | block if invalid_src || local_dst |
| 1486 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1487 | See section 7 about ACL usage. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1488 | |
| 1489 | |
| 1490 | capture cookie <name> len <length> |
| 1491 | Capture and log a cookie in the request and in the response. |
| 1492 | May be used in sections : defaults | frontend | listen | backend |
| 1493 | no | yes | yes | no |
| 1494 | Arguments : |
| 1495 | <name> is the beginning of the name of the cookie to capture. In order |
| 1496 | to match the exact name, simply suffix the name with an equal |
| 1497 | sign ('='). The full name will appear in the logs, which is |
| 1498 | useful with application servers which adjust both the cookie name |
| 1499 | and value (eg: ASPSESSIONXXXXX). |
| 1500 | |
| 1501 | <length> is the maximum number of characters to report in the logs, which |
| 1502 | include the cookie name, the equal sign and the value, all in the |
| 1503 | standard "name=value" form. The string will be truncated on the |
| 1504 | right if it exceeds <length>. |
| 1505 | |
| 1506 | Only the first cookie is captured. Both the "cookie" request headers and the |
| 1507 | "set-cookie" response headers are monitored. This is particularly useful to |
| 1508 | check for application bugs causing session crossing or stealing between |
| 1509 | users, because generally the user's cookies can only change on a login page. |
| 1510 | |
| 1511 | When the cookie was not presented by the client, the associated log column |
| 1512 | will report "-". When a request does not cause a cookie to be assigned by the |
| 1513 | server, a "-" is reported in the response column. |
| 1514 | |
| 1515 | The capture is performed in the frontend only because it is necessary that |
| 1516 | the log format does not change for a given frontend depending on the |
| 1517 | backends. This may change in the future. Note that there can be only one |
| 1518 | "capture cookie" statement in a frontend. The maximum capture length is |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1519 | configured in the sources by default to 64 characters. It is not possible to |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1520 | specify a capture in a "defaults" section. |
| 1521 | |
| 1522 | Example: |
| 1523 | capture cookie ASPSESSION len 32 |
| 1524 | |
| 1525 | See also : "capture request header", "capture response header" as well as |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1526 | section 8 about logging. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1527 | |
| 1528 | |
| 1529 | capture request header <name> len <length> |
| 1530 | Capture and log the first occurrence of the specified request header. |
| 1531 | May be used in sections : defaults | frontend | listen | backend |
| 1532 | no | yes | yes | no |
| 1533 | Arguments : |
| 1534 | <name> is the name of the header to capture. The header names are not |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 1535 | case-sensitive, but it is a common practice to write them as they |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1536 | appear in the requests, with the first letter of each word in |
| 1537 | upper case. The header name will not appear in the logs, only the |
| 1538 | value is reported, but the position in the logs is respected. |
| 1539 | |
| 1540 | <length> is the maximum number of characters to extract from the value and |
| 1541 | report in the logs. The string will be truncated on the right if |
| 1542 | it exceeds <length>. |
| 1543 | |
Willy Tarreau | cc6c891 | 2009-02-22 10:53:55 +0100 | [diff] [blame] | 1544 | Only the first value of the last occurrence of the header is captured. The |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1545 | value will be added to the logs between braces ('{}'). If multiple headers |
| 1546 | are captured, they will be delimited by a vertical bar ('|') and will appear |
Willy Tarreau | cc6c891 | 2009-02-22 10:53:55 +0100 | [diff] [blame] | 1547 | in the same order they were declared in the configuration. Non-existent |
| 1548 | headers will be logged just as an empty string. Common uses for request |
| 1549 | header captures include the "Host" field in virtual hosting environments, the |
| 1550 | "Content-length" when uploads are supported, "User-agent" to quickly |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1551 | differentiate between real users and robots, and "X-Forwarded-For" in proxied |
Willy Tarreau | cc6c891 | 2009-02-22 10:53:55 +0100 | [diff] [blame] | 1552 | environments to find where the request came from. |
| 1553 | |
| 1554 | Note that when capturing headers such as "User-agent", some spaces may be |
| 1555 | logged, making the log analysis more difficult. Thus be careful about what |
| 1556 | you log if you know your log parser is not smart enough to rely on the |
| 1557 | braces. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1558 | |
| 1559 | There is no limit to the number of captured request headers, but each capture |
| 1560 | is limited to 64 characters. In order to keep log format consistent for a |
| 1561 | same frontend, header captures can only be declared in a frontend. It is not |
| 1562 | possible to specify a capture in a "defaults" section. |
| 1563 | |
| 1564 | Example: |
| 1565 | capture request header Host len 15 |
| 1566 | capture request header X-Forwarded-For len 15 |
| 1567 | capture request header Referrer len 15 |
| 1568 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1569 | See also : "capture cookie", "capture response header" as well as section 8 |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1570 | about logging. |
| 1571 | |
| 1572 | |
| 1573 | capture response header <name> len <length> |
| 1574 | Capture and log the first occurrence of the specified response header. |
| 1575 | May be used in sections : defaults | frontend | listen | backend |
| 1576 | no | yes | yes | no |
| 1577 | Arguments : |
| 1578 | <name> is the name of the header to capture. The header names are not |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 1579 | case-sensitive, but it is a common practice to write them as they |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1580 | appear in the response, with the first letter of each word in |
| 1581 | upper case. The header name will not appear in the logs, only the |
| 1582 | value is reported, but the position in the logs is respected. |
| 1583 | |
| 1584 | <length> is the maximum number of characters to extract from the value and |
| 1585 | report in the logs. The string will be truncated on the right if |
| 1586 | it exceeds <length>. |
| 1587 | |
Willy Tarreau | cc6c891 | 2009-02-22 10:53:55 +0100 | [diff] [blame] | 1588 | Only the first value of the last occurrence of the header is captured. The |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1589 | result will be added to the logs between braces ('{}') after the captured |
| 1590 | request headers. If multiple headers are captured, they will be delimited by |
| 1591 | a vertical bar ('|') and will appear in the same order they were declared in |
Willy Tarreau | cc6c891 | 2009-02-22 10:53:55 +0100 | [diff] [blame] | 1592 | the configuration. Non-existent headers will be logged just as an empty |
| 1593 | string. Common uses for response header captures include the "Content-length" |
| 1594 | header which indicates how many bytes are expected to be returned, the |
| 1595 | "Location" header to track redirections. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1596 | |
| 1597 | There is no limit to the number of captured response headers, but each |
| 1598 | capture is limited to 64 characters. In order to keep log format consistent |
| 1599 | for a same frontend, header captures can only be declared in a frontend. It |
| 1600 | is not possible to specify a capture in a "defaults" section. |
| 1601 | |
| 1602 | Example: |
| 1603 | capture response header Content-length len 9 |
| 1604 | capture response header Location len 15 |
| 1605 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 1606 | See also : "capture cookie", "capture request header" as well as section 8 |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1607 | about logging. |
| 1608 | |
| 1609 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 1610 | clitimeout <timeout> (deprecated) |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1611 | Set the maximum inactivity time on the client side. |
| 1612 | May be used in sections : defaults | frontend | listen | backend |
| 1613 | yes | yes | yes | no |
| 1614 | Arguments : |
| 1615 | <timeout> is the timeout value is specified in milliseconds by default, but |
| 1616 | can be in any other unit if the number is suffixed by the unit, |
| 1617 | as explained at the top of this document. |
| 1618 | |
| 1619 | The inactivity timeout applies when the client is expected to acknowledge or |
| 1620 | send data. In HTTP mode, this timeout is particularly important to consider |
| 1621 | during the first phase, when the client sends the request, and during the |
| 1622 | response while it is reading data sent by the server. The value is specified |
| 1623 | in milliseconds by default, but can be in any other unit if the number is |
| 1624 | suffixed by the unit, as specified at the top of this document. In TCP mode |
| 1625 | (and to a lesser extent, in HTTP mode), it is highly recommended that the |
| 1626 | client timeout remains equal to the server timeout in order to avoid complex |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 1627 | situations to debug. It is a good practice to cover one or several TCP packet |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1628 | losses by specifying timeouts that are slightly above multiples of 3 seconds |
| 1629 | (eg: 4 or 5 seconds). |
| 1630 | |
| 1631 | This parameter is specific to frontends, but can be specified once for all in |
| 1632 | "defaults" sections. This is in fact one of the easiest solutions not to |
| 1633 | forget about it. An unspecified timeout results in an infinite timeout, which |
| 1634 | is not recommended. Such a usage is accepted and works but reports a warning |
| 1635 | during startup because it may results in accumulation of expired sessions in |
| 1636 | the system if the system's timeouts are not configured either. |
| 1637 | |
| 1638 | This parameter is provided for compatibility but is currently deprecated. |
| 1639 | Please use "timeout client" instead. |
| 1640 | |
Willy Tarreau | 036fae0 | 2008-01-06 13:24:40 +0100 | [diff] [blame] | 1641 | See also : "timeout client", "timeout http-request", "timeout server", and |
| 1642 | "srvtimeout". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1643 | |
| 1644 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 1645 | contimeout <timeout> (deprecated) |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1646 | Set the maximum time to wait for a connection attempt to a server to succeed. |
| 1647 | May be used in sections : defaults | frontend | listen | backend |
| 1648 | yes | no | yes | yes |
| 1649 | Arguments : |
| 1650 | <timeout> is the timeout value is specified in milliseconds by default, but |
| 1651 | can be in any other unit if the number is suffixed by the unit, |
| 1652 | as explained at the top of this document. |
| 1653 | |
| 1654 | If the server is located on the same LAN as haproxy, the connection should be |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 1655 | immediate (less than a few milliseconds). Anyway, it is a good practice to |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 1656 | cover one or several TCP packet losses by specifying timeouts that are |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1657 | slightly above multiples of 3 seconds (eg: 4 or 5 seconds). By default, the |
| 1658 | connect timeout also presets the queue timeout to the same value if this one |
| 1659 | has not been specified. Historically, the contimeout was also used to set the |
| 1660 | tarpit timeout in a listen section, which is not possible in a pure frontend. |
| 1661 | |
| 1662 | This parameter is specific to backends, but can be specified once for all in |
| 1663 | "defaults" sections. This is in fact one of the easiest solutions not to |
| 1664 | forget about it. An unspecified timeout results in an infinite timeout, which |
| 1665 | is not recommended. Such a usage is accepted and works but reports a warning |
| 1666 | during startup because it may results in accumulation of failed sessions in |
| 1667 | the system if the system's timeouts are not configured either. |
| 1668 | |
| 1669 | This parameter is provided for backwards compatibility but is currently |
| 1670 | deprecated. Please use "timeout connect", "timeout queue" or "timeout tarpit" |
| 1671 | instead. |
| 1672 | |
| 1673 | See also : "timeout connect", "timeout queue", "timeout tarpit", |
| 1674 | "timeout server", "contimeout". |
| 1675 | |
| 1676 | |
Willy Tarreau | 55165fe | 2009-05-10 12:02:55 +0200 | [diff] [blame] | 1677 | cookie <name> [ rewrite | insert | prefix ] [ indirect ] [ nocache ] |
Willy Tarreau | ba4c5be | 2010-10-23 12:46:42 +0200 | [diff] [blame^] | 1678 | [ postonly ] [ preserve ] [ domain <domain> ]* |
Willy Tarreau | 996a92c | 2010-10-13 19:30:47 +0200 | [diff] [blame] | 1679 | [ maxidle <idle> ] [ maxlife <life> ] |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1680 | Enable cookie-based persistence in a backend. |
| 1681 | May be used in sections : defaults | frontend | listen | backend |
| 1682 | yes | no | yes | yes |
| 1683 | Arguments : |
| 1684 | <name> is the name of the cookie which will be monitored, modified or |
| 1685 | inserted in order to bring persistence. This cookie is sent to |
| 1686 | the client via a "Set-Cookie" header in the response, and is |
| 1687 | brought back by the client in a "Cookie" header in all requests. |
| 1688 | Special care should be taken to choose a name which does not |
| 1689 | conflict with any likely application cookie. Also, if the same |
| 1690 | backends are subject to be used by the same clients (eg: |
| 1691 | HTTP/HTTPS), care should be taken to use different cookie names |
| 1692 | between all backends if persistence between them is not desired. |
| 1693 | |
| 1694 | rewrite This keyword indicates that the cookie will be provided by the |
| 1695 | server and that haproxy will have to modify its value to set the |
| 1696 | server's identifier in it. This mode is handy when the management |
| 1697 | of complex combinations of "Set-cookie" and "Cache-control" |
| 1698 | headers is left to the application. The application can then |
| 1699 | decide whether or not it is appropriate to emit a persistence |
| 1700 | cookie. Since all responses should be monitored, this mode only |
| 1701 | works in HTTP close mode. Unless the application behaviour is |
| 1702 | very complex and/or broken, it is advised not to start with this |
| 1703 | mode for new deployments. This keyword is incompatible with |
| 1704 | "insert" and "prefix". |
| 1705 | |
| 1706 | insert This keyword indicates that the persistence cookie will have to |
Willy Tarreau | a79094d | 2010-08-31 22:54:15 +0200 | [diff] [blame] | 1707 | be inserted by haproxy in server responses if the client did not |
Willy Tarreau | ba4c5be | 2010-10-23 12:46:42 +0200 | [diff] [blame^] | 1708 | |
Willy Tarreau | a79094d | 2010-08-31 22:54:15 +0200 | [diff] [blame] | 1709 | already have a cookie that would have permitted it to access this |
Willy Tarreau | ba4c5be | 2010-10-23 12:46:42 +0200 | [diff] [blame^] | 1710 | server. When used without the "preserve" option, if the server |
| 1711 | emits a cookie with the same name, it will be remove before |
| 1712 | processing. For this reason, this mode can be used to upgrade |
| 1713 | existing configurations running in the "rewrite" mode. The cookie |
| 1714 | will only be a session cookie and will not be stored on the |
| 1715 | client's disk. By default, unless the "indirect" option is added, |
| 1716 | the server will see the cookies emitted by the client. Due to |
| 1717 | caching effects, it is generally wise to add the "nocache" or |
| 1718 | "postonly" keywords (see below). The "insert" keyword is not |
| 1719 | compatible with "rewrite" and "prefix". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1720 | |
| 1721 | prefix This keyword indicates that instead of relying on a dedicated |
| 1722 | cookie for the persistence, an existing one will be completed. |
| 1723 | This may be needed in some specific environments where the client |
| 1724 | does not support more than one single cookie and the application |
| 1725 | already needs it. In this case, whenever the server sets a cookie |
| 1726 | named <name>, it will be prefixed with the server's identifier |
| 1727 | and a delimiter. The prefix will be removed from all client |
| 1728 | requests so that the server still finds the cookie it emitted. |
| 1729 | Since all requests and responses are subject to being modified, |
| 1730 | this mode requires the HTTP close mode. The "prefix" keyword is |
| 1731 | not compatible with "rewrite" and "insert". |
| 1732 | |
Willy Tarreau | a79094d | 2010-08-31 22:54:15 +0200 | [diff] [blame] | 1733 | indirect When this option is specified, no cookie will be emitted to a |
| 1734 | client which already has a valid one for the server which has |
| 1735 | processed the request. If the server sets such a cookie itself, |
Willy Tarreau | ba4c5be | 2010-10-23 12:46:42 +0200 | [diff] [blame^] | 1736 | it will be removed, unless the "preserve" option is also set. In |
| 1737 | "insert" mode, this will additionally remove cookies from the |
| 1738 | requests transmitted to the server, making the persistence |
| 1739 | mechanism totally transparent from an application point of view. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1740 | |
| 1741 | nocache This option is recommended in conjunction with the insert mode |
| 1742 | when there is a cache between the client and HAProxy, as it |
| 1743 | ensures that a cacheable response will be tagged non-cacheable if |
| 1744 | a cookie needs to be inserted. This is important because if all |
| 1745 | persistence cookies are added on a cacheable home page for |
| 1746 | instance, then all customers will then fetch the page from an |
| 1747 | outer cache and will all share the same persistence cookie, |
| 1748 | leading to one server receiving much more traffic than others. |
| 1749 | See also the "insert" and "postonly" options. |
| 1750 | |
| 1751 | postonly This option ensures that cookie insertion will only be performed |
| 1752 | on responses to POST requests. It is an alternative to the |
| 1753 | "nocache" option, because POST responses are not cacheable, so |
| 1754 | this ensures that the persistence cookie will never get cached. |
| 1755 | Since most sites do not need any sort of persistence before the |
| 1756 | first POST which generally is a login request, this is a very |
| 1757 | efficient method to optimize caching without risking to find a |
| 1758 | persistence cookie in the cache. |
| 1759 | See also the "insert" and "nocache" options. |
| 1760 | |
Willy Tarreau | ba4c5be | 2010-10-23 12:46:42 +0200 | [diff] [blame^] | 1761 | preserve This option may only be used with "insert" and/or "indirect". It |
| 1762 | allows the server to emit the persistence cookie itself. In this |
| 1763 | case, if a cookie is found in the response, haproxy will leave it |
| 1764 | untouched. This is useful in order to end persistence after a |
| 1765 | logout request for instance. For this, the server just has to |
| 1766 | emit a cookie with an invalid value (eg: empty) or with a date in |
| 1767 | the past. By combining this mechanism with the "disable-on-404" |
| 1768 | check option, it is possible to perform a completely graceful |
| 1769 | shutdown because users will definitely leave the server after |
| 1770 | they logout. |
| 1771 | |
Krzysztof Piotr Oledzki | efe3b6f | 2008-05-23 23:49:32 +0200 | [diff] [blame] | 1772 | domain This option allows to specify the domain at which a cookie is |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 1773 | inserted. It requires exactly one parameter: a valid domain |
Willy Tarreau | 68a897b | 2009-12-03 23:28:34 +0100 | [diff] [blame] | 1774 | name. If the domain begins with a dot, the browser is allowed to |
| 1775 | use it for any host ending with that name. It is also possible to |
| 1776 | specify several domain names by invoking this option multiple |
| 1777 | times. Some browsers might have small limits on the number of |
| 1778 | domains, so be careful when doing that. For the record, sending |
| 1779 | 10 domains to MSIE 6 or Firefox 2 works as expected. |
Krzysztof Piotr Oledzki | efe3b6f | 2008-05-23 23:49:32 +0200 | [diff] [blame] | 1780 | |
Willy Tarreau | 996a92c | 2010-10-13 19:30:47 +0200 | [diff] [blame] | 1781 | maxidle This option allows inserted cookies to be ignored after some idle |
| 1782 | time. It only works with insert-mode cookies. When a cookie is |
| 1783 | sent to the client, the date this cookie was emitted is sent too. |
| 1784 | Upon further presentations of this cookie, if the date is older |
| 1785 | than the delay indicated by the parameter (in seconds), it will |
| 1786 | be ignored. Otherwise, it will be refreshed if needed when the |
| 1787 | response is sent to the client. This is particularly useful to |
| 1788 | prevent users who never close their browsers from remaining for |
| 1789 | too long on the same server (eg: after a farm size change). When |
| 1790 | this option is set and a cookie has no date, it is always |
| 1791 | accepted, but gets refreshed in the response. This maintains the |
| 1792 | ability for admins to access their sites. Cookies that have a |
| 1793 | date in the future further than 24 hours are ignored. Doing so |
| 1794 | lets admins fix timezone issues without risking kicking users off |
| 1795 | the site. |
| 1796 | |
| 1797 | maxlife This option allows inserted cookies to be ignored after some life |
| 1798 | time, whether they're in use or not. It only works with insert |
| 1799 | mode cookies. When a cookie is first sent to the client, the date |
| 1800 | this cookie was emitted is sent too. Upon further presentations |
| 1801 | of this cookie, if the date is older than the delay indicated by |
| 1802 | the parameter (in seconds), it will be ignored. If the cookie in |
| 1803 | the request has no date, it is accepted and a date will be set. |
| 1804 | Cookies that have a date in the future further than 24 hours are |
| 1805 | ignored. Doing so lets admins fix timezone issues without risking |
| 1806 | kicking users off the site. Contrary to maxidle, this value is |
| 1807 | not refreshed, only the first visit date counts. Both maxidle and |
| 1808 | maxlife may be used at the time. This is particularly useful to |
| 1809 | prevent users who never close their browsers from remaining for |
| 1810 | too long on the same server (eg: after a farm size change). This |
| 1811 | is stronger than the maxidle method in that it forces a |
| 1812 | redispatch after some absolute delay. |
| 1813 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1814 | There can be only one persistence cookie per HTTP backend, and it can be |
| 1815 | declared in a defaults section. The value of the cookie will be the value |
| 1816 | indicated after the "cookie" keyword in a "server" statement. If no cookie |
| 1817 | is declared for a given server, the cookie is not set. |
Willy Tarreau | 6a06a40 | 2007-07-15 20:15:28 +0200 | [diff] [blame] | 1818 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1819 | Examples : |
| 1820 | cookie JSESSIONID prefix |
| 1821 | cookie SRV insert indirect nocache |
| 1822 | cookie SRV insert postonly indirect |
Willy Tarreau | 996a92c | 2010-10-13 19:30:47 +0200 | [diff] [blame] | 1823 | cookie SRV insert indirect nocache maxidle 30m maxlife 8h |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1824 | |
Cyril Bonté | a8e7bbc | 2010-04-25 22:29:29 +0200 | [diff] [blame] | 1825 | See also : "appsession", "balance source", "capture cookie", "server" |
Cyril Bonté | 0d4bf01 | 2010-04-25 23:21:46 +0200 | [diff] [blame] | 1826 | and "ignore-persist". |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1827 | |
Willy Tarreau | 983e01e | 2010-01-11 18:42:06 +0100 | [diff] [blame] | 1828 | |
Krzysztof Piotr Oledzki | c6df066 | 2010-01-05 16:38:49 +0100 | [diff] [blame] | 1829 | default-server [param*] |
| 1830 | Change default options for a server in a backend |
| 1831 | May be used in sections : defaults | frontend | listen | backend |
| 1832 | yes | no | yes | yes |
| 1833 | Arguments: |
Willy Tarreau | 983e01e | 2010-01-11 18:42:06 +0100 | [diff] [blame] | 1834 | <param*> is a list of parameters for this server. The "default-server" |
| 1835 | keyword accepts an important number of options and has a complete |
| 1836 | section dedicated to it. Please refer to section 5 for more |
| 1837 | details. |
Krzysztof Piotr Oledzki | c6df066 | 2010-01-05 16:38:49 +0100 | [diff] [blame] | 1838 | |
Willy Tarreau | 983e01e | 2010-01-11 18:42:06 +0100 | [diff] [blame] | 1839 | Example : |
Krzysztof Piotr Oledzki | c6df066 | 2010-01-05 16:38:49 +0100 | [diff] [blame] | 1840 | default-server inter 1000 weight 13 |
| 1841 | |
| 1842 | See also: "server" and section 5 about server options |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1843 | |
Willy Tarreau | 983e01e | 2010-01-11 18:42:06 +0100 | [diff] [blame] | 1844 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1845 | default_backend <backend> |
| 1846 | Specify the backend to use when no "use_backend" rule has been matched. |
| 1847 | May be used in sections : defaults | frontend | listen | backend |
| 1848 | yes | yes | yes | no |
| 1849 | Arguments : |
| 1850 | <backend> is the name of the backend to use. |
| 1851 | |
| 1852 | When doing content-switching between frontend and backends using the |
| 1853 | "use_backend" keyword, it is often useful to indicate which backend will be |
| 1854 | used when no rule has matched. It generally is the dynamic backend which |
| 1855 | will catch all undetermined requests. |
| 1856 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1857 | Example : |
| 1858 | |
| 1859 | use_backend dynamic if url_dyn |
| 1860 | use_backend static if url_css url_img extension_img |
| 1861 | default_backend dynamic |
| 1862 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 1863 | See also : "use_backend", "reqsetbe", "reqisetbe" |
| 1864 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1865 | |
| 1866 | disabled |
| 1867 | Disable a proxy, frontend or backend. |
| 1868 | May be used in sections : defaults | frontend | listen | backend |
| 1869 | yes | yes | yes | yes |
| 1870 | Arguments : none |
| 1871 | |
| 1872 | The "disabled" keyword is used to disable an instance, mainly in order to |
| 1873 | liberate a listening port or to temporarily disable a service. The instance |
| 1874 | will still be created and its configuration will be checked, but it will be |
| 1875 | created in the "stopped" state and will appear as such in the statistics. It |
| 1876 | will not receive any traffic nor will it send any health-checks or logs. It |
| 1877 | is possible to disable many instances at once by adding the "disabled" |
| 1878 | keyword in a "defaults" section. |
| 1879 | |
| 1880 | See also : "enabled" |
| 1881 | |
| 1882 | |
Willy Tarreau | 5ce9457 | 2010-06-07 14:35:41 +0200 | [diff] [blame] | 1883 | dispatch <address>:<port> |
| 1884 | Set a default server address |
| 1885 | May be used in sections : defaults | frontend | listen | backend |
| 1886 | no | no | yes | yes |
| 1887 | Arguments : none |
| 1888 | |
| 1889 | <address> is the IPv4 address of the default server. Alternatively, a |
| 1890 | resolvable hostname is supported, but this name will be resolved |
| 1891 | during start-up. |
| 1892 | |
| 1893 | <ports> is a mandatory port specification. All connections will be sent |
| 1894 | to this port, and it is not permitted to use port offsets as is |
| 1895 | possible with normal servers. |
| 1896 | |
| 1897 | The "disabled" keyword designates a default server for use when no other |
| 1898 | server can take the connection. In the past it was used to forward non |
| 1899 | persistent connections to an auxiliary load balancer. Due to its simple |
| 1900 | syntax, it has also been used for simple TCP relays. It is recommended not to |
| 1901 | use it for more clarity, and to use the "server" directive instead. |
| 1902 | |
| 1903 | See also : "server" |
| 1904 | |
| 1905 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1906 | enabled |
| 1907 | Enable a proxy, frontend or backend. |
| 1908 | May be used in sections : defaults | frontend | listen | backend |
| 1909 | yes | yes | yes | yes |
| 1910 | Arguments : none |
| 1911 | |
| 1912 | The "enabled" keyword is used to explicitly enable an instance, when the |
| 1913 | defaults has been set to "disabled". This is very rarely used. |
| 1914 | |
| 1915 | See also : "disabled" |
| 1916 | |
| 1917 | |
| 1918 | errorfile <code> <file> |
| 1919 | Return a file contents instead of errors generated by HAProxy |
| 1920 | May be used in sections : defaults | frontend | listen | backend |
| 1921 | yes | yes | yes | yes |
| 1922 | Arguments : |
| 1923 | <code> is the HTTP status code. Currently, HAProxy is capable of |
| 1924 | generating codes 400, 403, 408, 500, 502, 503, and 504. |
| 1925 | |
| 1926 | <file> designates a file containing the full HTTP response. It is |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 1927 | recommended to follow the common practice of appending ".http" to |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1928 | the filename so that people do not confuse the response with HTML |
Willy Tarreau | 59140a2 | 2009-02-22 12:02:30 +0100 | [diff] [blame] | 1929 | error pages, and to use absolute paths, since files are read |
| 1930 | before any chroot is performed. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1931 | |
| 1932 | It is important to understand that this keyword is not meant to rewrite |
| 1933 | errors returned by the server, but errors detected and returned by HAProxy. |
| 1934 | This is why the list of supported errors is limited to a small set. |
| 1935 | |
| 1936 | The files are returned verbatim on the TCP socket. This allows any trick such |
| 1937 | as redirections to another URL or site, as well as tricks to clean cookies, |
| 1938 | force enable or disable caching, etc... The package provides default error |
| 1939 | files returning the same contents as default errors. |
| 1940 | |
Willy Tarreau | 59140a2 | 2009-02-22 12:02:30 +0100 | [diff] [blame] | 1941 | The files should not exceed the configured buffer size (BUFSIZE), which |
| 1942 | generally is 8 or 16 kB, otherwise they will be truncated. It is also wise |
| 1943 | not to put any reference to local contents (eg: images) in order to avoid |
| 1944 | loops between the client and HAProxy when all servers are down, causing an |
| 1945 | error to be returned instead of an image. For better HTTP compliance, it is |
| 1946 | recommended that all header lines end with CR-LF and not LF alone. |
| 1947 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1948 | The files are read at the same time as the configuration and kept in memory. |
| 1949 | For this reason, the errors continue to be returned even when the process is |
| 1950 | chrooted, and no file change is considered while the process is running. A |
Willy Tarreau | c27debf | 2008-01-06 08:57:02 +0100 | [diff] [blame] | 1951 | simple method for developing those files consists in associating them to the |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 1952 | 403 status code and interrogating a blocked URL. |
| 1953 | |
| 1954 | See also : "errorloc", "errorloc302", "errorloc303" |
| 1955 | |
Willy Tarreau | 59140a2 | 2009-02-22 12:02:30 +0100 | [diff] [blame] | 1956 | Example : |
| 1957 | errorfile 400 /etc/haproxy/errorfiles/400badreq.http |
| 1958 | errorfile 403 /etc/haproxy/errorfiles/403forbid.http |
| 1959 | errorfile 503 /etc/haproxy/errorfiles/503sorry.http |
| 1960 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 1961 | |
| 1962 | errorloc <code> <url> |
| 1963 | errorloc302 <code> <url> |
| 1964 | Return an HTTP redirection to a URL instead of errors generated by HAProxy |
| 1965 | May be used in sections : defaults | frontend | listen | backend |
| 1966 | yes | yes | yes | yes |
| 1967 | Arguments : |
| 1968 | <code> is the HTTP status code. Currently, HAProxy is capable of |
| 1969 | generating codes 400, 403, 408, 500, 502, 503, and 504. |
| 1970 | |
| 1971 | <url> it is the exact contents of the "Location" header. It may contain |
| 1972 | either a relative URI to an error page hosted on the same site, |
| 1973 | or an absolute URI designating an error page on another site. |
| 1974 | Special care should be given to relative URIs to avoid redirect |
| 1975 | loops if the URI itself may generate the same error (eg: 500). |
| 1976 | |
| 1977 | It is important to understand that this keyword is not meant to rewrite |
| 1978 | errors returned by the server, but errors detected and returned by HAProxy. |
| 1979 | This is why the list of supported errors is limited to a small set. |
| 1980 | |
| 1981 | Note that both keyword return the HTTP 302 status code, which tells the |
| 1982 | client to fetch the designated URL using the same HTTP method. This can be |
| 1983 | quite problematic in case of non-GET methods such as POST, because the URL |
| 1984 | sent to the client might not be allowed for something other than GET. To |
| 1985 | workaround this problem, please use "errorloc303" which send the HTTP 303 |
| 1986 | status code, indicating to the client that the URL must be fetched with a GET |
| 1987 | request. |
| 1988 | |
| 1989 | See also : "errorfile", "errorloc303" |
| 1990 | |
| 1991 | |
| 1992 | errorloc303 <code> <url> |
| 1993 | Return an HTTP redirection to a URL instead of errors generated by HAProxy |
| 1994 | May be used in sections : defaults | frontend | listen | backend |
| 1995 | yes | yes | yes | yes |
| 1996 | Arguments : |
| 1997 | <code> is the HTTP status code. Currently, HAProxy is capable of |
| 1998 | generating codes 400, 403, 408, 500, 502, 503, and 504. |
| 1999 | |
| 2000 | <url> it is the exact contents of the "Location" header. It may contain |
| 2001 | either a relative URI to an error page hosted on the same site, |
| 2002 | or an absolute URI designating an error page on another site. |
| 2003 | Special care should be given to relative URIs to avoid redirect |
| 2004 | loops if the URI itself may generate the same error (eg: 500). |
| 2005 | |
| 2006 | It is important to understand that this keyword is not meant to rewrite |
| 2007 | errors returned by the server, but errors detected and returned by HAProxy. |
| 2008 | This is why the list of supported errors is limited to a small set. |
| 2009 | |
| 2010 | Note that both keyword return the HTTP 303 status code, which tells the |
| 2011 | client to fetch the designated URL using the same HTTP GET method. This |
| 2012 | solves the usual problems associated with "errorloc" and the 302 code. It is |
| 2013 | possible that some very old browsers designed before HTTP/1.1 do not support |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 2014 | it, but no such problem has been reported till now. |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2015 | |
| 2016 | See also : "errorfile", "errorloc", "errorloc302" |
| 2017 | |
| 2018 | |
Willy Tarreau | 4de9149 | 2010-01-22 19:10:05 +0100 | [diff] [blame] | 2019 | force-persist { if | unless } <condition> |
| 2020 | Declare a condition to force persistence on down servers |
| 2021 | May be used in sections: defaults | frontend | listen | backend |
| 2022 | no | yes | yes | yes |
| 2023 | |
| 2024 | By default, requests are not dispatched to down servers. It is possible to |
| 2025 | force this using "option persist", but it is unconditional and redispatches |
| 2026 | to a valid server if "option redispatch" is set. That leaves with very little |
| 2027 | possibilities to force some requests to reach a server which is artificially |
| 2028 | marked down for maintenance operations. |
| 2029 | |
| 2030 | The "force-persist" statement allows one to declare various ACL-based |
| 2031 | conditions which, when met, will cause a request to ignore the down status of |
| 2032 | a server and still try to connect to it. That makes it possible to start a |
| 2033 | server, still replying an error to the health checks, and run a specially |
| 2034 | configured browser to test the service. Among the handy methods, one could |
| 2035 | use a specific source IP address, or a specific cookie. The cookie also has |
| 2036 | the advantage that it can easily be added/removed on the browser from a test |
| 2037 | page. Once the service is validated, it is then possible to open the service |
| 2038 | to the world by returning a valid response to health checks. |
| 2039 | |
| 2040 | The forced persistence is enabled when an "if" condition is met, or unless an |
| 2041 | "unless" condition is met. The final redispatch is always disabled when this |
| 2042 | is used. |
| 2043 | |
Cyril Bonté | 0d4bf01 | 2010-04-25 23:21:46 +0200 | [diff] [blame] | 2044 | See also : "option redispatch", "ignore-persist", "persist", |
Cyril Bonté | a8e7bbc | 2010-04-25 22:29:29 +0200 | [diff] [blame] | 2045 | and section 7 about ACL usage. |
Willy Tarreau | 4de9149 | 2010-01-22 19:10:05 +0100 | [diff] [blame] | 2046 | |
| 2047 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2048 | fullconn <conns> |
| 2049 | Specify at what backend load the servers will reach their maxconn |
| 2050 | May be used in sections : defaults | frontend | listen | backend |
| 2051 | yes | no | yes | yes |
| 2052 | Arguments : |
| 2053 | <conns> is the number of connections on the backend which will make the |
| 2054 | servers use the maximal number of connections. |
| 2055 | |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2056 | When a server has a "maxconn" parameter specified, it means that its number |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2057 | of concurrent connections will never go higher. Additionally, if it has a |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2058 | "minconn" parameter, it indicates a dynamic limit following the backend's |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2059 | load. The server will then always accept at least <minconn> connections, |
| 2060 | never more than <maxconn>, and the limit will be on the ramp between both |
| 2061 | values when the backend has less than <conns> concurrent connections. This |
| 2062 | makes it possible to limit the load on the servers during normal loads, but |
| 2063 | push it further for important loads without overloading the servers during |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2064 | exceptional loads. |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2065 | |
| 2066 | Example : |
| 2067 | # The servers will accept between 100 and 1000 concurrent connections each |
| 2068 | # and the maximum of 1000 will be reached when the backend reaches 10000 |
| 2069 | # connections. |
| 2070 | backend dynamic |
| 2071 | fullconn 10000 |
| 2072 | server srv1 dyn1:80 minconn 100 maxconn 1000 |
| 2073 | server srv2 dyn2:80 minconn 100 maxconn 1000 |
| 2074 | |
| 2075 | See also : "maxconn", "server" |
| 2076 | |
| 2077 | |
| 2078 | grace <time> |
| 2079 | Maintain a proxy operational for some time after a soft stop |
| 2080 | May be used in sections : defaults | frontend | listen | backend |
Cyril Bonté | 99ed327 | 2010-01-24 23:29:44 +0100 | [diff] [blame] | 2081 | yes | yes | yes | yes |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2082 | Arguments : |
| 2083 | <time> is the time (by default in milliseconds) for which the instance |
| 2084 | will remain operational with the frontend sockets still listening |
| 2085 | when a soft-stop is received via the SIGUSR1 signal. |
| 2086 | |
| 2087 | This may be used to ensure that the services disappear in a certain order. |
| 2088 | This was designed so that frontends which are dedicated to monitoring by an |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2089 | external equipment fail immediately while other ones remain up for the time |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2090 | needed by the equipment to detect the failure. |
| 2091 | |
| 2092 | Note that currently, there is very little benefit in using this parameter, |
| 2093 | and it may in fact complicate the soft-reconfiguration process more than |
| 2094 | simplify it. |
| 2095 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2096 | |
Willy Tarreau | 6b2e11b | 2009-10-01 07:52:15 +0200 | [diff] [blame] | 2097 | hash-type <method> |
| 2098 | Specify a method to use for mapping hashes to servers |
| 2099 | May be used in sections : defaults | frontend | listen | backend |
| 2100 | yes | no | yes | yes |
| 2101 | Arguments : |
| 2102 | map-based the hash table is a static array containing all alive servers. |
| 2103 | The hashes will be very smooth, will consider weights, but will |
| 2104 | be static in that weight changes while a server is up will be |
| 2105 | ignored. This means that there will be no slow start. Also, |
| 2106 | since a server is selected by its position in the array, most |
| 2107 | mappings are changed when the server count changes. This means |
| 2108 | that when a server goes up or down, or when a server is added |
| 2109 | to a farm, most connections will be redistributed to different |
| 2110 | servers. This can be inconvenient with caches for instance. |
| 2111 | |
| 2112 | consistent the hash table is a tree filled with many occurrences of each |
| 2113 | server. The hash key is looked up in the tree and the closest |
| 2114 | server is chosen. This hash is dynamic, it supports changing |
| 2115 | weights while the servers are up, so it is compatible with the |
| 2116 | slow start feature. It has the advantage that when a server |
| 2117 | goes up or down, only its associations are moved. When a server |
| 2118 | is added to the farm, only a few part of the mappings are |
| 2119 | redistributed, making it an ideal algorithm for caches. |
| 2120 | However, due to its principle, the algorithm will never be very |
| 2121 | smooth and it may sometimes be necessary to adjust a server's |
| 2122 | weight or its ID to get a more balanced distribution. In order |
| 2123 | to get the same distribution on multiple load balancers, it is |
| 2124 | important that all servers have the same IDs. |
| 2125 | |
| 2126 | The default hash type is "map-based" and is recommended for most usages. |
| 2127 | |
| 2128 | See also : "balance", "server" |
| 2129 | |
| 2130 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2131 | http-check disable-on-404 |
| 2132 | Enable a maintenance mode upon HTTP/404 response to health-checks |
| 2133 | May be used in sections : defaults | frontend | listen | backend |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2134 | yes | no | yes | yes |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2135 | Arguments : none |
| 2136 | |
| 2137 | When this option is set, a server which returns an HTTP code 404 will be |
| 2138 | excluded from further load-balancing, but will still receive persistent |
| 2139 | connections. This provides a very convenient method for Web administrators |
| 2140 | to perform a graceful shutdown of their servers. It is also important to note |
| 2141 | that a server which is detected as failed while it was in this mode will not |
| 2142 | generate an alert, just a notice. If the server responds 2xx or 3xx again, it |
| 2143 | will immediately be reinserted into the farm. The status on the stats page |
| 2144 | reports "NOLB" for a server in this mode. It is important to note that this |
Willy Tarreau | bd74154 | 2010-03-16 18:46:54 +0100 | [diff] [blame] | 2145 | option only works in conjunction with the "httpchk" option. If this option |
| 2146 | is used with "http-check expect", then it has precedence over it so that 404 |
| 2147 | responses will still be considered as soft-stop. |
| 2148 | |
| 2149 | See also : "option httpchk", "http-check expect" |
| 2150 | |
| 2151 | |
| 2152 | http-check expect [!] <match> <pattern> |
| 2153 | Make HTTP health checks consider reponse contents or specific status codes |
| 2154 | May be used in sections : defaults | frontend | listen | backend |
| 2155 | no | no | yes | yes |
| 2156 | Arguments : |
| 2157 | <match> is a keyword indicating how to look for a specific pattern in the |
| 2158 | response. The keyword may be one of "status", "rstatus", |
| 2159 | "string", or "rstring". The keyword may be preceeded by an |
| 2160 | exclamation mark ("!") to negate the match. Spaces are allowed |
| 2161 | between the exclamation mark and the keyword. See below for more |
| 2162 | details on the supported keywords. |
| 2163 | |
| 2164 | <pattern> is the pattern to look for. It may be a string or a regular |
| 2165 | expression. If the pattern contains spaces, they must be escaped |
| 2166 | with the usual backslash ('\'). |
| 2167 | |
| 2168 | By default, "option httpchk" considers that response statuses 2xx and 3xx |
| 2169 | are valid, and that others are invalid. When "http-check expect" is used, |
| 2170 | it defines what is considered valid or invalid. Only one "http-check" |
| 2171 | statement is supported in a backend. If a server fails to respond or times |
| 2172 | out, the check obviously fails. The available matches are : |
| 2173 | |
| 2174 | status <string> : test the exact string match for the HTTP status code. |
| 2175 | A health check respose will be considered valid if the |
| 2176 | response's status code is exactly this string. If the |
| 2177 | "status" keyword is prefixed with "!", then the response |
| 2178 | will be considered invalid if the status code matches. |
| 2179 | |
| 2180 | rstatus <regex> : test a regular expression for the HTTP status code. |
| 2181 | A health check respose will be considered valid if the |
| 2182 | response's status code matches the expression. If the |
| 2183 | "rstatus" keyword is prefixed with "!", then the response |
| 2184 | will be considered invalid if the status code matches. |
| 2185 | This is mostly used to check for multiple codes. |
| 2186 | |
| 2187 | string <string> : test the exact string match in the HTTP response body. |
| 2188 | A health check respose will be considered valid if the |
| 2189 | response's body contains this exact string. If the |
| 2190 | "string" keyword is prefixed with "!", then the response |
| 2191 | will be considered invalid if the body contains this |
| 2192 | string. This can be used to look for a mandatory word at |
| 2193 | the end of a dynamic page, or to detect a failure when a |
| 2194 | specific error appears on the check page (eg: a stack |
| 2195 | trace). |
| 2196 | |
| 2197 | rstring <regex> : test a regular expression on the HTTP response body. |
| 2198 | A health check respose will be considered valid if the |
| 2199 | response's body matches this expression. If the "rstring" |
| 2200 | keyword is prefixed with "!", then the response will be |
| 2201 | considered invalid if the body matches the expression. |
| 2202 | This can be used to look for a mandatory word at the end |
| 2203 | of a dynamic page, or to detect a failure when a specific |
| 2204 | error appears on the check page (eg: a stack trace). |
| 2205 | |
| 2206 | It is important to note that the responses will be limited to a certain size |
| 2207 | defined by the global "tune.chksize" option, which defaults to 16384 bytes. |
| 2208 | Thus, too large responses may not contain the mandatory pattern when using |
| 2209 | "string" or "rstring". If a large response is absolutely required, it is |
| 2210 | possible to change the default max size by setting the global variable. |
| 2211 | However, it is worth keeping in mind that parsing very large responses can |
| 2212 | waste some CPU cycles, especially when regular expressions are used, and that |
| 2213 | it is always better to focus the checks on smaller resources. |
| 2214 | |
| 2215 | Last, if "http-check expect" is combined with "http-check disable-on-404", |
| 2216 | then this last one has precedence when the server responds with 404. |
| 2217 | |
| 2218 | Examples : |
| 2219 | # only accept status 200 as valid |
| 2220 | http-request expect status 200 |
| 2221 | |
| 2222 | # consider SQL errors as errors |
| 2223 | http-request expect ! string SQL\ Error |
| 2224 | |
| 2225 | # consider status 5xx only as errors |
| 2226 | http-request expect ! rstatus ^5 |
| 2227 | |
| 2228 | # check that we have a correct hexadecimal tag before /html |
| 2229 | http-request expect rstring <!--tag:[0-9a-f]*</html> |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2230 | |
Willy Tarreau | bd74154 | 2010-03-16 18:46:54 +0100 | [diff] [blame] | 2231 | See also : "option httpchk", "http-check disable-on-404" |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2232 | |
| 2233 | |
Willy Tarreau | ef78104 | 2010-01-27 11:53:01 +0100 | [diff] [blame] | 2234 | http-check send-state |
| 2235 | Enable emission of a state header with HTTP health checks |
| 2236 | May be used in sections : defaults | frontend | listen | backend |
| 2237 | yes | no | yes | yes |
| 2238 | Arguments : none |
| 2239 | |
| 2240 | When this option is set, haproxy will systematically send a special header |
| 2241 | "X-Haproxy-Server-State" with a list of parameters indicating to each server |
| 2242 | how they are seen by haproxy. This can be used for instance when a server is |
| 2243 | manipulated without access to haproxy and the operator needs to know whether |
| 2244 | haproxy still sees it up or not, or if the server is the last one in a farm. |
| 2245 | |
| 2246 | The header is composed of fields delimited by semi-colons, the first of which |
| 2247 | is a word ("UP", "DOWN", "NOLB"), possibly followed by a number of valid |
| 2248 | checks on the total number before transition, just as appears in the stats |
| 2249 | interface. Next headers are in the form "<variable>=<value>", indicating in |
| 2250 | no specific order some values available in the stats interface : |
| 2251 | - a variable "name", containing the name of the backend followed by a slash |
| 2252 | ("/") then the name of the server. This can be used when a server is |
| 2253 | checked in multiple backends. |
| 2254 | |
| 2255 | - a variable "node" containing the name of the haproxy node, as set in the |
| 2256 | global "node" variable, otherwise the system's hostname if unspecified. |
| 2257 | |
| 2258 | - a variable "weight" indicating the weight of the server, a slash ("/") |
| 2259 | and the total weight of the farm (just counting usable servers). This |
| 2260 | helps to know if other servers are available to handle the load when this |
| 2261 | one fails. |
| 2262 | |
| 2263 | - a variable "scur" indicating the current number of concurrent connections |
| 2264 | on the server, followed by a slash ("/") then the total number of |
| 2265 | connections on all servers of the same backend. |
| 2266 | |
| 2267 | - a variable "qcur" indicating the current number of requests in the |
| 2268 | server's queue. |
| 2269 | |
| 2270 | Example of a header received by the application server : |
| 2271 | >>> X-Haproxy-Server-State: UP 2/3; name=bck/srv2; node=lb1; weight=1/2; \ |
| 2272 | scur=13/22; qcur=0 |
| 2273 | |
| 2274 | See also : "option httpchk", "http-check disable-on-404" |
| 2275 | |
Cyril Bonté | 2be1b3f | 2010-09-30 23:46:30 +0200 | [diff] [blame] | 2276 | http-request { allow | deny | auth [realm <realm>] } |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 2277 | [ { if | unless } <condition> ] |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 2278 | Access control for Layer 7 requests |
| 2279 | |
| 2280 | May be used in sections: defaults | frontend | listen | backend |
| 2281 | no | yes | yes | yes |
| 2282 | |
| 2283 | These set of options allow to fine control access to a |
| 2284 | frontend/listen/backend. Each option may be followed by if/unless and acl. |
| 2285 | First option with matched condition (or option without condition) is final. |
Cyril Bonté | 2be1b3f | 2010-09-30 23:46:30 +0200 | [diff] [blame] | 2286 | For "deny" a 403 error will be returned, for "allow" normal processing is |
| 2287 | performed, for "auth" a 401/407 error code is returned so the client |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 2288 | should be asked to enter a username and password. |
| 2289 | |
| 2290 | There is no fixed limit to the number of http-request statements per |
| 2291 | instance. |
| 2292 | |
| 2293 | Example: |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 2294 | acl nagios src 192.168.129.3 |
| 2295 | acl local_net src 192.168.0.0/16 |
| 2296 | acl auth_ok http_auth(L1) |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 2297 | |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 2298 | http-request allow if nagios |
| 2299 | http-request allow if local_net auth_ok |
| 2300 | http-request auth realm Gimme if local_net auth_ok |
| 2301 | http-request deny |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 2302 | |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 2303 | Example: |
| 2304 | acl auth_ok http_auth_group(L1) G1 |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 2305 | |
Cyril Bonté | 78caf84 | 2010-03-10 22:41:43 +0100 | [diff] [blame] | 2306 | http-request auth unless auth_ok |
Krzysztof Piotr Oledzki | 6b35ce1 | 2010-02-01 23:35:44 +0100 | [diff] [blame] | 2307 | |
Cyril Bonté | 2be1b3f | 2010-09-30 23:46:30 +0200 | [diff] [blame] | 2308 | See also : "stats http-request", section 3.4 about userlists and section 7 |
| 2309 | about ACL usage. |
Willy Tarreau | ef78104 | 2010-01-27 11:53:01 +0100 | [diff] [blame] | 2310 | |
Krzysztof Piotr Oledzki | f58a962 | 2008-02-23 01:19:10 +0100 | [diff] [blame] | 2311 | id <value> |
Willy Tarreau | 53fb4ae | 2009-10-04 23:04:08 +0200 | [diff] [blame] | 2312 | Set a persistent ID to a proxy. |
| 2313 | May be used in sections : defaults | frontend | listen | backend |
| 2314 | no | yes | yes | yes |
| 2315 | Arguments : none |
| 2316 | |
| 2317 | Set a persistent ID for the proxy. This ID must be unique and positive. |
| 2318 | An unused ID will automatically be assigned if unset. The first assigned |
| 2319 | value will be 1. This ID is currently only returned in statistics. |
Krzysztof Piotr Oledzki | f58a962 | 2008-02-23 01:19:10 +0100 | [diff] [blame] | 2320 | |
| 2321 | |
Cyril Bonté | 0d4bf01 | 2010-04-25 23:21:46 +0200 | [diff] [blame] | 2322 | ignore-persist { if | unless } <condition> |
| 2323 | Declare a condition to ignore persistence |
| 2324 | May be used in sections: defaults | frontend | listen | backend |
| 2325 | no | yes | yes | yes |
| 2326 | |
| 2327 | By default, when cookie persistence is enabled, every requests containing |
| 2328 | the cookie are unconditionally persistent (assuming the target server is up |
| 2329 | and running). |
| 2330 | |
| 2331 | The "ignore-persist" statement allows one to declare various ACL-based |
| 2332 | conditions which, when met, will cause a request to ignore persistence. |
| 2333 | This is sometimes useful to load balance requests for static files, which |
| 2334 | oftenly don't require persistence. This can also be used to fully disable |
| 2335 | persistence for a specific User-Agent (for example, some web crawler bots). |
| 2336 | |
| 2337 | Combined with "appsession", it can also help reduce HAProxy memory usage, as |
| 2338 | the appsession table won't grow if persistence is ignored. |
| 2339 | |
| 2340 | The persistence is ignored when an "if" condition is met, or unless an |
| 2341 | "unless" condition is met. |
| 2342 | |
| 2343 | See also : "force-persist", "cookie", and section 7 about ACL usage. |
| 2344 | |
| 2345 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2346 | log global |
Willy Tarreau | f7edefa | 2009-05-10 17:20:05 +0200 | [diff] [blame] | 2347 | log <address> <facility> [<level> [<minlevel>]] |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2348 | Enable per-instance logging of events and traffic. |
| 2349 | May be used in sections : defaults | frontend | listen | backend |
| 2350 | yes | yes | yes | yes |
| 2351 | Arguments : |
| 2352 | global should be used when the instance's logging parameters are the |
| 2353 | same as the global ones. This is the most common usage. "global" |
| 2354 | replaces <address>, <facility> and <level> with those of the log |
| 2355 | entries found in the "global" section. Only one "log global" |
| 2356 | statement may be used per instance, and this form takes no other |
| 2357 | parameter. |
| 2358 | |
| 2359 | <address> indicates where to send the logs. It takes the same format as |
| 2360 | for the "global" section's logs, and can be one of : |
| 2361 | |
| 2362 | - An IPv4 address optionally followed by a colon (':') and a UDP |
| 2363 | port. If no port is specified, 514 is used by default (the |
| 2364 | standard syslog port). |
| 2365 | |
| 2366 | - A filesystem path to a UNIX domain socket, keeping in mind |
| 2367 | considerations for chroot (be sure the path is accessible |
| 2368 | inside the chroot) and uid/gid (be sure the path is |
| 2369 | appropriately writeable). |
| 2370 | |
| 2371 | <facility> must be one of the 24 standard syslog facilities : |
| 2372 | |
| 2373 | kern user mail daemon auth syslog lpr news |
| 2374 | uucp cron auth2 ftp ntp audit alert cron2 |
| 2375 | local0 local1 local2 local3 local4 local5 local6 local7 |
| 2376 | |
| 2377 | <level> is optional and can be specified to filter outgoing messages. By |
| 2378 | default, all messages are sent. If a level is specified, only |
| 2379 | messages with a severity at least as important as this level |
Willy Tarreau | f7edefa | 2009-05-10 17:20:05 +0200 | [diff] [blame] | 2380 | will be sent. An optional minimum level can be specified. If it |
| 2381 | is set, logs emitted with a more severe level than this one will |
| 2382 | be capped to this level. This is used to avoid sending "emerg" |
| 2383 | messages on all terminals on some default syslog configurations. |
| 2384 | Eight levels are known : |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2385 | |
| 2386 | emerg alert crit err warning notice info debug |
| 2387 | |
| 2388 | Note that up to two "log" entries may be specified per instance. However, if |
| 2389 | "log global" is used and if the "global" section already contains 2 log |
| 2390 | entries, then additional log entries will be ignored. |
| 2391 | |
| 2392 | Also, it is important to keep in mind that it is the frontend which decides |
Willy Tarreau | cc6c891 | 2009-02-22 10:53:55 +0100 | [diff] [blame] | 2393 | what to log from a connection, and that in case of content switching, the log |
| 2394 | entries from the backend will be ignored. Connections are logged at level |
| 2395 | "info". |
| 2396 | |
| 2397 | However, backend log declaration define how and where servers status changes |
| 2398 | will be logged. Level "notice" will be used to indicate a server going up, |
| 2399 | "warning" will be used for termination signals and definitive service |
| 2400 | termination, and "alert" will be used for when a server goes down. |
| 2401 | |
| 2402 | Note : According to RFC3164, messages are truncated to 1024 bytes before |
| 2403 | being emitted. |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2404 | |
| 2405 | Example : |
| 2406 | log global |
Willy Tarreau | f7edefa | 2009-05-10 17:20:05 +0200 | [diff] [blame] | 2407 | log 127.0.0.1:514 local0 notice # only send important events |
| 2408 | log 127.0.0.1:514 local0 notice notice # same but limit output level |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2409 | |
| 2410 | |
| 2411 | maxconn <conns> |
| 2412 | Fix the maximum number of concurrent connections on a frontend |
| 2413 | May be used in sections : defaults | frontend | listen | backend |
| 2414 | yes | yes | yes | no |
| 2415 | Arguments : |
| 2416 | <conns> is the maximum number of concurrent connections the frontend will |
| 2417 | accept to serve. Excess connections will be queued by the system |
| 2418 | in the socket's listen queue and will be served once a connection |
| 2419 | closes. |
| 2420 | |
| 2421 | If the system supports it, it can be useful on big sites to raise this limit |
| 2422 | very high so that haproxy manages connection queues, instead of leaving the |
| 2423 | clients with unanswered connection attempts. This value should not exceed the |
| 2424 | global maxconn. Also, keep in mind that a connection contains two buffers |
| 2425 | of 8kB each, as well as some other data resulting in about 17 kB of RAM being |
| 2426 | consumed per established connection. That means that a medium system equipped |
| 2427 | with 1GB of RAM can withstand around 40000-50000 concurrent connections if |
| 2428 | properly tuned. |
| 2429 | |
| 2430 | Also, when <conns> is set to large values, it is possible that the servers |
| 2431 | are not sized to accept such loads, and for this reason it is generally wise |
| 2432 | to assign them some reasonable connection limits. |
| 2433 | |
| 2434 | See also : "server", global section's "maxconn", "fullconn" |
| 2435 | |
| 2436 | |
| 2437 | mode { tcp|http|health } |
| 2438 | Set the running mode or protocol of the instance |
| 2439 | May be used in sections : defaults | frontend | listen | backend |
| 2440 | yes | yes | yes | yes |
| 2441 | Arguments : |
| 2442 | tcp The instance will work in pure TCP mode. A full-duplex connection |
| 2443 | will be established between clients and servers, and no layer 7 |
| 2444 | examination will be performed. This is the default mode. It |
| 2445 | should be used for SSL, SSH, SMTP, ... |
| 2446 | |
| 2447 | http The instance will work in HTTP mode. The client request will be |
| 2448 | analyzed in depth before connecting to any server. Any request |
| 2449 | which is not RFC-compliant will be rejected. Layer 7 filtering, |
| 2450 | processing and switching will be possible. This is the mode which |
| 2451 | brings HAProxy most of its value. |
| 2452 | |
| 2453 | health The instance will work in "health" mode. It will just reply "OK" |
| 2454 | to incoming connections and close the connection. Nothing will be |
| 2455 | logged. This mode is used to reply to external components health |
| 2456 | checks. This mode is deprecated and should not be used anymore as |
| 2457 | it is possible to do the same and even better by combining TCP or |
| 2458 | HTTP modes with the "monitor" keyword. |
| 2459 | |
| 2460 | When doing content switching, it is mandatory that the frontend and the |
| 2461 | backend are in the same mode (generally HTTP), otherwise the configuration |
| 2462 | will be refused. |
| 2463 | |
| 2464 | Example : |
| 2465 | defaults http_instances |
| 2466 | mode http |
| 2467 | |
| 2468 | See also : "monitor", "monitor-net" |
| 2469 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2470 | |
Cyril Bonté | f0c6061 | 2010-02-06 14:44:47 +0100 | [diff] [blame] | 2471 | monitor fail { if | unless } <condition> |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2472 | Add a condition to report a failure to a monitor HTTP request. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2473 | May be used in sections : defaults | frontend | listen | backend |
| 2474 | no | yes | yes | no |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2475 | Arguments : |
| 2476 | if <cond> the monitor request will fail if the condition is satisfied, |
| 2477 | and will succeed otherwise. The condition should describe a |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2478 | combined test which must induce a failure if all conditions |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2479 | are met, for instance a low number of servers both in a |
| 2480 | backend and its backup. |
| 2481 | |
| 2482 | unless <cond> the monitor request will succeed only if the condition is |
| 2483 | satisfied, and will fail otherwise. Such a condition may be |
| 2484 | based on a test on the presence of a minimum number of active |
| 2485 | servers in a list of backends. |
| 2486 | |
| 2487 | This statement adds a condition which can force the response to a monitor |
| 2488 | request to report a failure. By default, when an external component queries |
| 2489 | the URI dedicated to monitoring, a 200 response is returned. When one of the |
| 2490 | conditions above is met, haproxy will return 503 instead of 200. This is |
| 2491 | very useful to report a site failure to an external component which may base |
| 2492 | routing advertisements between multiple sites on the availability reported by |
| 2493 | haproxy. In this case, one would rely on an ACL involving the "nbsrv" |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2494 | criterion. Note that "monitor fail" only works in HTTP mode. |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2495 | |
| 2496 | Example: |
| 2497 | frontend www |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2498 | mode http |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2499 | acl site_dead nbsrv(dynamic) lt 2 |
| 2500 | acl site_dead nbsrv(static) lt 2 |
| 2501 | monitor-uri /site_alive |
| 2502 | monitor fail if site_dead |
| 2503 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2504 | See also : "monitor-net", "monitor-uri" |
| 2505 | |
| 2506 | |
| 2507 | monitor-net <source> |
| 2508 | Declare a source network which is limited to monitor requests |
| 2509 | May be used in sections : defaults | frontend | listen | backend |
| 2510 | yes | yes | yes | no |
| 2511 | Arguments : |
| 2512 | <source> is the source IPv4 address or network which will only be able to |
| 2513 | get monitor responses to any request. It can be either an IPv4 |
| 2514 | address, a host name, or an address followed by a slash ('/') |
| 2515 | followed by a mask. |
| 2516 | |
| 2517 | In TCP mode, any connection coming from a source matching <source> will cause |
| 2518 | the connection to be immediately closed without any log. This allows another |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2519 | equipment to probe the port and verify that it is still listening, without |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2520 | forwarding the connection to a remote server. |
| 2521 | |
| 2522 | In HTTP mode, a connection coming from a source matching <source> will be |
| 2523 | accepted, the following response will be sent without waiting for a request, |
| 2524 | then the connection will be closed : "HTTP/1.0 200 OK". This is normally |
| 2525 | enough for any front-end HTTP probe to detect that the service is UP and |
| 2526 | running without forwarding the request to a backend server. |
| 2527 | |
| 2528 | Monitor requests are processed very early. It is not possible to block nor |
| 2529 | divert them using ACLs. They cannot be logged either, and it is the intended |
| 2530 | purpose. They are only used to report HAProxy's health to an upper component, |
| 2531 | nothing more. Right now, it is not possible to set failure conditions on |
| 2532 | requests caught by "monitor-net". |
| 2533 | |
Willy Tarreau | 95cd283 | 2010-03-04 23:36:33 +0100 | [diff] [blame] | 2534 | Last, please note that only one "monitor-net" statement can be specified in |
| 2535 | a frontend. If more than one is found, only the last one will be considered. |
| 2536 | |
Willy Tarreau | 2769aa0 | 2007-12-27 18:26:09 +0100 | [diff] [blame] | 2537 | Example : |
| 2538 | # addresses .252 and .253 are just probing us. |
| 2539 | frontend www |
| 2540 | monitor-net 192.168.0.252/31 |
| 2541 | |
| 2542 | See also : "monitor fail", "monitor-uri" |
| 2543 | |
| 2544 | |
| 2545 | monitor-uri <uri> |
| 2546 | Intercept a URI used by external components' monitor requests |
| 2547 | May be used in sections : defaults | frontend | listen | backend |
| 2548 | yes | yes | yes | no |
| 2549 | Arguments : |
| 2550 | <uri> is the exact URI which we want to intercept to return HAProxy's |
| 2551 | health status instead of forwarding the request. |
| 2552 | |
| 2553 | When an HTTP request referencing <uri> will be received on a frontend, |
| 2554 | HAProxy will not forward it nor log it, but instead will return either |
| 2555 | "HTTP/1.0 200 OK" or "HTTP/1.0 503 Service unavailable", depending on failure |
| 2556 | conditions defined with "monitor fail". This is normally enough for any |
| 2557 | front-end HTTP probe to detect that the service is UP and running without |
| 2558 | forwarding the request to a backend server. Note that the HTTP method, the |
| 2559 | version and all headers are ignored, but the request must at least be valid |
| 2560 | at the HTTP level. This keyword may only be used with an HTTP-mode frontend. |
| 2561 | |
| 2562 | Monitor requests are processed very early. It is not possible to block nor |
| 2563 | divert them using ACLs. They cannot be logged either, and it is the intended |
| 2564 | purpose. They are only used to report HAProxy's health to an upper component, |
| 2565 | nothing more. However, it is possible to add any number of conditions using |
| 2566 | "monitor fail" and ACLs so that the result can be adjusted to whatever check |
| 2567 | can be imagined (most often the number of available servers in a backend). |
| 2568 | |
| 2569 | Example : |
| 2570 | # Use /haproxy_test to report haproxy's status |
| 2571 | frontend www |
| 2572 | mode http |
| 2573 | monitor-uri /haproxy_test |
| 2574 | |
| 2575 | See also : "monitor fail", "monitor-net" |
| 2576 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2577 | |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2578 | option abortonclose |
| 2579 | no option abortonclose |
| 2580 | Enable or disable early dropping of aborted requests pending in queues. |
| 2581 | May be used in sections : defaults | frontend | listen | backend |
| 2582 | yes | no | yes | yes |
| 2583 | Arguments : none |
| 2584 | |
| 2585 | In presence of very high loads, the servers will take some time to respond. |
| 2586 | The per-instance connection queue will inflate, and the response time will |
| 2587 | increase respective to the size of the queue times the average per-session |
| 2588 | response time. When clients will wait for more than a few seconds, they will |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2589 | often hit the "STOP" button on their browser, leaving a useless request in |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2590 | the queue, and slowing down other users, and the servers as well, because the |
| 2591 | request will eventually be served, then aborted at the first error |
| 2592 | encountered while delivering the response. |
| 2593 | |
| 2594 | As there is no way to distinguish between a full STOP and a simple output |
| 2595 | close on the client side, HTTP agents should be conservative and consider |
| 2596 | that the client might only have closed its output channel while waiting for |
| 2597 | the response. However, this introduces risks of congestion when lots of users |
| 2598 | do the same, and is completely useless nowadays because probably no client at |
| 2599 | all will close the session while waiting for the response. Some HTTP agents |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 2600 | support this behaviour (Squid, Apache, HAProxy), and others do not (TUX, most |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2601 | hardware-based load balancers). So the probability for a closed input channel |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2602 | to represent a user hitting the "STOP" button is close to 100%, and the risk |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2603 | of being the single component to break rare but valid traffic is extremely |
| 2604 | low, which adds to the temptation to be able to abort a session early while |
| 2605 | still not served and not pollute the servers. |
| 2606 | |
| 2607 | In HAProxy, the user can choose the desired behaviour using the option |
| 2608 | "abortonclose". By default (without the option) the behaviour is HTTP |
| 2609 | compliant and aborted requests will be served. But when the option is |
| 2610 | specified, a session with an incoming channel closed will be aborted while |
| 2611 | it is still possible, either pending in the queue for a connection slot, or |
| 2612 | during the connection establishment if the server has not yet acknowledged |
| 2613 | the connection request. This considerably reduces the queue size and the load |
| 2614 | on saturated servers when users are tempted to click on STOP, which in turn |
Willy Tarreau | d72758d | 2010-01-12 10:42:19 +0100 | [diff] [blame] | 2615 | reduces the response time for other users. |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2616 | |
| 2617 | If this option has been enabled in a "defaults" section, it can be disabled |
| 2618 | in a specific instance by prepending the "no" keyword before it. |
| 2619 | |
| 2620 | See also : "timeout queue" and server's "maxconn" and "maxqueue" parameters |
| 2621 | |
| 2622 | |
Willy Tarreau | 4076a15 | 2009-04-02 15:18:36 +0200 | [diff] [blame] | 2623 | option accept-invalid-http-request |
| 2624 | no option accept-invalid-http-request |
| 2625 | Enable or disable relaxing of HTTP request parsing |
| 2626 | May be used in sections : defaults | frontend | listen | backend |
| 2627 | yes | yes | yes | no |
| 2628 | Arguments : none |
| 2629 | |
| 2630 | By default, HAProxy complies with RFC2616 in terms of message parsing. This |
| 2631 | means that invalid characters in header names are not permitted and cause an |
| 2632 | error to be returned to the client. This is the desired behaviour as such |
| 2633 | forbidden characters are essentially used to build attacks exploiting server |
| 2634 | weaknesses, and bypass security filtering. Sometimes, a buggy browser or |
| 2635 | server will emit invalid header names for whatever reason (configuration, |
| 2636 | implementation) and the issue will not be immediately fixed. In such a case, |
| 2637 | it is possible to relax HAProxy's header name parser to accept any character |
| 2638 | even if that does not make sense, by specifying this option. |
| 2639 | |
| 2640 | This option should never be enabled by default as it hides application bugs |
| 2641 | and open security breaches. It should only be deployed after a problem has |
| 2642 | been confirmed. |
| 2643 | |
| 2644 | When this option is enabled, erroneous header names will still be accepted in |
| 2645 | requests, but the complete request will be captured in order to permit later |
| 2646 | analysis using the "show errors" request on the UNIX stats socket. Doing this |
| 2647 | also helps confirming that the issue has been solved. |
| 2648 | |
| 2649 | If this option has been enabled in a "defaults" section, it can be disabled |
| 2650 | in a specific instance by prepending the "no" keyword before it. |
| 2651 | |
| 2652 | See also : "option accept-invalid-http-response" and "show errors" on the |
| 2653 | stats socket. |
| 2654 | |
| 2655 | |
| 2656 | option accept-invalid-http-response |
| 2657 | no option accept-invalid-http-response |
| 2658 | Enable or disable relaxing of HTTP response parsing |
| 2659 | May be used in sections : defaults | frontend | listen | backend |
| 2660 | yes | no | yes | yes |
| 2661 | Arguments : none |
| 2662 | |
| 2663 | By default, HAProxy complies with RFC2616 in terms of message parsing. This |
| 2664 | means that invalid characters in header names are not permitted and cause an |
| 2665 | error to be returned to the client. This is the desired behaviour as such |
| 2666 | forbidden characters are essentially used to build attacks exploiting server |
| 2667 | weaknesses, and bypass security filtering. Sometimes, a buggy browser or |
| 2668 | server will emit invalid header names for whatever reason (configuration, |
| 2669 | implementation) and the issue will not be immediately fixed. In such a case, |
| 2670 | it is possible to relax HAProxy's header name parser to accept any character |
| 2671 | even if that does not make sense, by specifying this option. |
| 2672 | |
| 2673 | This option should never be enabled by default as it hides application bugs |
| 2674 | and open security breaches. It should only be deployed after a problem has |
| 2675 | been confirmed. |
| 2676 | |
| 2677 | When this option is enabled, erroneous header names will still be accepted in |
| 2678 | responses, but the complete response will be captured in order to permit |
| 2679 | later analysis using the "show errors" request on the UNIX stats socket. |
| 2680 | Doing this also helps confirming that the issue has been solved. |
| 2681 | |
| 2682 | If this option has been enabled in a "defaults" section, it can be disabled |
| 2683 | in a specific instance by prepending the "no" keyword before it. |
| 2684 | |
| 2685 | See also : "option accept-invalid-http-request" and "show errors" on the |
| 2686 | stats socket. |
| 2687 | |
| 2688 | |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2689 | option allbackups |
| 2690 | no option allbackups |
| 2691 | Use either all backup servers at a time or only the first one |
| 2692 | May be used in sections : defaults | frontend | listen | backend |
| 2693 | yes | no | yes | yes |
| 2694 | Arguments : none |
| 2695 | |
| 2696 | By default, the first operational backup server gets all traffic when normal |
| 2697 | servers are all down. Sometimes, it may be preferred to use multiple backups |
| 2698 | at once, because one will not be enough. When "option allbackups" is enabled, |
| 2699 | the load balancing will be performed among all backup servers when all normal |
| 2700 | ones are unavailable. The same load balancing algorithm will be used and the |
| 2701 | servers' weights will be respected. Thus, there will not be any priority |
| 2702 | order between the backup servers anymore. |
| 2703 | |
| 2704 | This option is mostly used with static server farms dedicated to return a |
| 2705 | "sorry" page when an application is completely offline. |
| 2706 | |
| 2707 | If this option has been enabled in a "defaults" section, it can be disabled |
| 2708 | in a specific instance by prepending the "no" keyword before it. |
| 2709 | |
| 2710 | |
| 2711 | option checkcache |
| 2712 | no option checkcache |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2713 | Analyze all server responses and block requests with cacheable cookies |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2714 | May be used in sections : defaults | frontend | listen | backend |
| 2715 | yes | no | yes | yes |
| 2716 | Arguments : none |
| 2717 | |
| 2718 | Some high-level frameworks set application cookies everywhere and do not |
| 2719 | always let enough control to the developer to manage how the responses should |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2720 | be cached. When a session cookie is returned on a cacheable object, there is a |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2721 | high risk of session crossing or stealing between users traversing the same |
| 2722 | caches. In some situations, it is better to block the response than to let |
| 2723 | some sensible session information go in the wild. |
| 2724 | |
| 2725 | The option "checkcache" enables deep inspection of all server responses for |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2726 | strict compliance with HTTP specification in terms of cacheability. It |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2727 | carefully checks "Cache-control", "Pragma" and "Set-cookie" headers in server |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2728 | response to check if there's a risk of caching a cookie on a client-side |
| 2729 | proxy. When this option is enabled, the only responses which can be delivered |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2730 | to the client are : |
| 2731 | - all those without "Set-Cookie" header ; |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2732 | - all those with a return code other than 200, 203, 206, 300, 301, 410, |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2733 | provided that the server has not set a "Cache-control: public" header ; |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2734 | - all those that come from a POST request, provided that the server has not |
| 2735 | set a 'Cache-Control: public' header ; |
| 2736 | - those with a 'Pragma: no-cache' header |
| 2737 | - those with a 'Cache-control: private' header |
| 2738 | - those with a 'Cache-control: no-store' header |
| 2739 | - those with a 'Cache-control: max-age=0' header |
| 2740 | - those with a 'Cache-control: s-maxage=0' header |
| 2741 | - those with a 'Cache-control: no-cache' header |
| 2742 | - those with a 'Cache-control: no-cache="set-cookie"' header |
| 2743 | - those with a 'Cache-control: no-cache="set-cookie,' header |
| 2744 | (allowing other fields after set-cookie) |
| 2745 | |
| 2746 | If a response doesn't respect these requirements, then it will be blocked |
Willy Tarreau | 198a744 | 2008-01-17 12:05:32 +0100 | [diff] [blame] | 2747 | just as if it was from an "rspdeny" filter, with an "HTTP 502 bad gateway". |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2748 | The session state shows "PH--" meaning that the proxy blocked the response |
Krzysztof Piotr Oledzki | f864533 | 2009-12-13 21:55:50 +0100 | [diff] [blame] | 2749 | during headers processing. Additionally, an alert will be sent in the logs so |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2750 | that admins are informed that there's something to be fixed. |
| 2751 | |
| 2752 | Due to the high impact on the application, the application should be tested |
| 2753 | in depth with the option enabled before going to production. It is also a |
Willy Tarreau | d2a4aa2 | 2008-01-31 15:28:22 +0100 | [diff] [blame] | 2754 | good practice to always activate it during tests, even if it is not used in |
Willy Tarreau | bf1f816 | 2007-12-28 17:42:56 +0100 | [diff] [blame] | 2755 | production, as it will report potentially dangerous application behaviours. |
| 2756 | |
| 2757 | If this option has been enabled in a "defaults" section, it can be disabled |
| 2758 | in a specific instance by prepending the "no" keyword before it. |
| 2759 | |
| 2760 | |
| 2761 | option clitcpka |
| 2762 | no option clitcpka |
| 2763 | Enable or disable the sending of TCP keepalive packets on the client side |
| 2764 | May be used in sections : defaults | frontend | listen | backend |
| 2765 | yes | yes | yes | no |
| 2766 | Arguments : none |
| 2767 | |
| 2768 | When there is a firewall or any session-aware component between a client and |
| 2769 | a server, and when the protocol involves very long sessions with long idle |
| 2770 | periods (eg: remote desktops), there is a risk that one of the intermediate |
| 2771 | components decides to expire a session which has remained idle for too long. |
| 2772 | |
| 2773 | Enabling socket-level TCP keep-alives makes the system regularly send packets |
| 2774 | to the other end of the connection, leaving it active. The delay between |
| 2775 | keep-alive probes is controlled by the system only and depends both on the |
| 2776 | operating system and its tuning parameters. |
| 2777 | |
| 2778 | It is important to understand that keep-alive packets are neither emitted nor |
| 2779 | received at the application level. It is only the network stacks which sees |
| 2780 | them. For this reason, even if one side of the proxy already uses keep-alives |
| 2781 | to maintain its connection alive, those keep-alive packets will not be |
| 2782 | forwarded to the other side of the proxy. |
| 2783 | |
| 2784 | Please note that this has nothing to do with HTTP keep-alive. |
| 2785 | |
| 2786 | Using option "clitcpka" enables the emission of TCP keep-alive probes on the |
| 2787 | client side of a connection, which should help when session expirations are |
| 2788 | noticed between HAProxy and a client. |
| 2789 | |
| 2790 | If this option has been enabled in a "defaults" section, it can be disabled |
| 2791 | in a specific instance by prepending the "no" keyword before it. |
| 2792 | |
| 2793 | See also : "option srvtcpka", "option tcpka" |
| 2794 | |
| 2795 | |
Willy Tarreau | 0ba2750 | 2007-12-24 16:55:16 +0100 | [diff] [blame] | 2796 | option contstats |
| 2797 | Enable continuous traffic statistics updates |
| 2798 | May be used in sections : defaults | frontend | listen | backend |
| 2799 | yes | yes | yes | no |
| 2800 | Arguments : none |
| 2801 | |
| 2802 | By default, counters used for statistics calculation are incremented |
| 2803 | only when a session finishes. It works quite well when serving small |
| 2804 | objects, but with big ones (for example large images or archives) or |
| 2805 | with A/V streaming, a graph generated from haproxy counters looks like |
| 2806 | a hedgehog. With this option enabled counters get incremented continuously, |
| 2807 | during a whole session. Recounting touches a hotpath directly so |
| 2808 | it is not enabled by default, as it has small performance impact (~0.5%). |
| 2809 | |
| 2810 | |
Willy Tarreau | c9bd0cc | 2009-05-10 11:57:02 +0200 | [diff] [blame] | 2811 | option dontlog-normal |
| 2812 | no option dontlog-normal |
| 2813 | Enable or disable logging of normal, successful connections |
| 2814 | May be used in sections : defaults | frontend | listen | backend |
| 2815 | yes | yes | yes | no |
| 2816 | Arguments : none |
| 2817 | |
| 2818 | There are large sites dealing with several thousand connections per second |
| 2819 | and for which logging is a major pain. Some of them are even forced to turn |
| 2820 | logs off and cannot debug production issues. Setting this option ensures that |
| 2821 | normal connections, those which experience no error, no timeout, no retry nor |
| 2822 | redispatch, will not be logged. This leaves disk space for anomalies. In HTTP |
| 2823 | mode, the response status code is checked and return codes 5xx will still be |
| 2824 | logged. |
| 2825 | |
| 2826 | It is strongly discouraged to use this option as most of the time, the key to |
| 2827 | complex issues is in the normal logs which will not be logged here. If you |
| 2828 | need to separate logs, see the "log-separate-errors" option instead. |
| 2829 | |
Willy Tarreau | c57f0e2 | 2009-05-10 13:12:33 +0200 | [diff] [blame] | 2830 | See also : "log", "dontlognull", "log-separate-errors" and section 8 about |
Willy Tarreau | c9bd0cc | 2009-05-10 11:57:02 +0200 | [diff] [blame] | 2831 | logging. |
| 2832 | |
| 2833 | |
Willy Tarreau | |