willy tarreau | 9fe663a | 2005-12-17 13:02:59 +0100 | [diff] [blame] | 1 | * x-forwarded-for |
| 2 | * implémenter l'option "log global" au niveau proxy pour utiliser les logs |
| 3 | globaux. |
| 4 | * matching case-insensitive |
willy tarreau | a159808 | 2005-12-17 13:08:06 +0100 | [diff] [blame] | 5 | * implémenter outgoing addr |
| 6 | * loguer t_cnx, t_data, t_total |
willy tarreau | 9fe663a | 2005-12-17 13:02:59 +0100 | [diff] [blame] | 7 | + factoriser la fonction de log (send_log = send_syslog+warning+alert) |
| 8 | + désactivation du keep-alive (suppression des ^Connection: et ajout des Connection: close) |
| 9 | -> 4 lignes (2 del, 2 add) suffisent. |
willy tarreau | a159808 | 2005-12-17 13:08:06 +0100 | [diff] [blame] | 10 | + ne pas loguer certaines adresses IP sources |
| 11 | -> pour les health-checks uniquement -> pas de log pour les requêtes |
| 12 | vides (option dontlognull) |
willy tarreau | 9fe663a | 2005-12-17 13:02:59 +0100 | [diff] [blame] | 13 | - mesurer le tps consommé entre deux select, et fournir la conso CPU : |
| 14 | %cpu = 100 * (tpreselect(n+1)-tpostselect(n)) / (tpreselect(n+1)-tpreselect(n)) |
willy tarreau | 01a73eb | 2005-12-18 01:34:05 +0100 | [diff] [blame] | 15 | * implémenter limitation fd dans la conf : setrlimit(RLIMIT_NOFILE, ...) |
willy tarreau | 9fe663a | 2005-12-17 13:02:59 +0100 | [diff] [blame] | 16 | - implémenter core/no-core dans la conf : setrlimit(RLIMIT_CORE, ...) |
willy tarreau | 9fe663a | 2005-12-17 13:02:59 +0100 | [diff] [blame] | 17 | - optimiser les regex pour accélérer les matches : |
| 18 | - compter les matches |
| 19 | - si match(n) & ([n].cpt > [n-1].cpt) & ([n].action == [n-1].action), swap(n,n-1) |
| 20 | - régulièrement, diviser tous les compteurs (lors d'un dépassement par exemple) |
willy tarreau | 240afa6 | 2005-12-17 13:14:35 +0100 | [diff] [blame] | 21 | - filtrage sur l'adresse IP source, et stocker le pointeur sur la dernière regex |
| 22 | matchée dans la "session" pour accélérer les regex. |
willy tarreau | 9fe663a | 2005-12-17 13:02:59 +0100 | [diff] [blame] | 23 | - gestion keep-alive |
willy tarreau | 240afa6 | 2005-12-17 13:14:35 +0100 | [diff] [blame] | 24 | |
willy tarreau | bc4e1fb | 2005-12-17 13:32:07 +0100 | [diff] [blame] | 25 | + handle parametrable HTTP health-checks replies |
willy tarreau | 240afa6 | 2005-12-17 13:14:35 +0100 | [diff] [blame] | 26 | - differentiate http headers and http uris |
| 27 | - support environment variables in config file |
| 28 | - support keep-alive |
willy tarreau | 906b268 | 2005-12-17 13:49:52 +0100 | [diff] [blame] | 29 | - support SSL |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 30 | |
| 31 | ===================== demandes ========================== |
| 32 | ok> 1) écoute sur une plage de ports : |
| 33 | ok> listen XXX 1.2.3.4:21000-21060 |
| 34 | ok> |
| 35 | ok> 2) écoutes multiples : |
| 36 | ok> listen XXX 1.2.3.4:21000 |
| 37 | ok> bind 2.3.4.5:21001 |
| 38 | ok> bind 2.3.4.5:21000-21060 |
| 39 | ok> |
| 40 | ok> => on en arrive à ceci : |
| 41 | ok> |
| 42 | ok> listen XXX [ address:port ] |
| 43 | ok> bind addr:plage-port[,[addr:]plage-port]* |
| 44 | ok> bind ... |
| 45 | ok> ... |
| 46 | ok> |
| 47 | ok> => proxy->listen_fd et proxy->listen_addr doivent être |
| 48 | ok> mis dans des listes |
| 49 | ok> => OK pour listen, implémenter le BIND. |
| 50 | ok> |
| 51 | ok> 3) reconnexion sur le même port sur le serveur : |
| 52 | ok> |
| 53 | ok> server XXX 1.2.3.4[:port] |
| 54 | ok> si <port> n'est pas spécifié, on utilise le même port que celui qui a reçu |
| 55 | ok> la connexion. Dans ce cas, il faut pouvoir forcer le port du health-check |
| 56 | ok> par un nouveau parametre "port". |
| 57 | ok> |
| 58 | ok> => ça permet les forwardings de plages : |
| 59 | ok> |
| 60 | ok> listen XXX |
| 61 | ok> bind 1.2.3.4:10000-11000 |
| 62 | ok> server 1.2.3.5 |
| 63 | ok> |
| 64 | 4) paramètres par défaut : |
| 65 | créer une section "defaults" qui précise les paramètres par défaut pour les |
| 66 | sections suivantes, concernant les paramètres suivants : |
| 67 | ok- les logs |
| 68 | ok- les modes (tcp/http) |
| 69 | ok- le balancing (round-robin/source) |
| 70 | ok- les time-outs |
| 71 | ok- maxconn |
| 72 | ok- redisp |
| 73 | ok- les options |
| 74 | ok- le retry |
| 75 | ok- les checks |
willy tarreau | eedaa9f | 2005-12-17 14:08:03 +0100 | [diff] [blame] | 76 | ok- les cookies/captures |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 77 | - les options des serveurs ? |
| 78 | - les filtres et regex ? |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 79 | |
willy tarreau | 91b7621 | 2006-04-10 20:34:25 +0200 | [diff] [blame] | 80 | * implémenter "balance source" pour faire un hash sur la source. |
willy tarreau | eedaa9f | 2005-12-17 14:08:03 +0100 | [diff] [blame] | 81 | permettre de spécifier un masque sur lequel s'applique le hachage, |
| 82 | ainsi qu'une option pour hacher en fonction de l'adresse dans le |
willy tarreau | dd07e97 | 2005-12-18 00:48:48 +0100 | [diff] [blame] | 83 | champ "x-forwarded-for". Problème pour le support des pannes: ce |
| 84 | type de hash est utile là où la persistence par cookie ne peut pas |
| 85 | s'appliquer, donc comment faire pour assurer un maximum de persistence |
| 86 | en cas de panne ? |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 87 | |
| 88 | 6) possibilité d'un process séparé par listen : |
| 89 | listen XXX |
| 90 | fork [ group_id ] |
| 91 | |
willy tarreau | dd07e97 | 2005-12-18 00:48:48 +0100 | [diff] [blame] | 92 | le fait de spécifier group_id fera que toutes les instances utilisant le |
| 93 | même identifiant de groupe seront gérées par un même processus. |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 94 | |
willy tarreau | eedaa9f | 2005-12-17 14:08:03 +0100 | [diff] [blame] | 95 | -> plus souple et plus compréhensible de faire des sections par processus, |
willy tarreau | dd07e97 | 2005-12-18 00:48:48 +0100 | [diff] [blame] | 96 | ce qui résoud également le cas ci-dessous. Ex: |
| 97 | process_group X |
| 98 | nbproc X |
| 99 | uid X |
| 100 | chroot X |
| 101 | listen ... |
willy tarreau | eedaa9f | 2005-12-17 14:08:03 +0100 | [diff] [blame] | 102 | |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 103 | 7) gérer un chroot/uid/gid différents par process : |
| 104 | listen XXX |
| 105 | chroot /truc |
| 106 | uid 123 |
| 107 | gid 456 |
| 108 | |
| 109 | 8) beaucoup de paramètres pourraient être spécifiques aux serveurs et non |
| 110 | aux instances. Exemples : |
willy tarreau | 01a73eb | 2005-12-18 01:34:05 +0100 | [diff] [blame] | 111 | * adresse IP source pour atteindre le serveur |
| 112 | - méthode de health-check (proto, ...) |
| 113 | * méthode de health-check (port) |
willy tarreau | a41a8b4 | 2005-12-17 14:02:24 +0100 | [diff] [blame] | 114 | - poids |
| 115 | - alerte en cas de disparition |
| 116 | - le nombre max de sessions à lui envoyer |
| 117 | |
willy tarreau | eedaa9f | 2005-12-17 14:08:03 +0100 | [diff] [blame] | 118 | ok> 9) ajouter des paramètres optionnels à l'option "httpchk" permettant |
| 119 | ok> de forcer la méthode, la version HTTP et des headers. |
| 120 | ok> ex: option httpchk -> OPTIONS / HTTP/1.0 |
| 121 | ok> option httpchk /test -> OPTIONS /test HTTP/1.0 |
| 122 | ok> option httpchk HEAD / HTTP/1.0\nHost:\ www -> tel quel |
willy tarreau | dd07e97 | 2005-12-18 00:48:48 +0100 | [diff] [blame] | 123 | |
| 124 | Todo for 1.1 |
| 125 | ============ |
| 126 | * "no more server" alert |
| 127 | * config check |
| 128 | - anti-flapping |
| 129 | |
| 130 | Todo for 1.2 |
| 131 | ============ |
| 132 | - direct <server> <regex> <match> |
| 133 | - new config syntax allowing braces to be able to shorten lines |
| 134 | - insert/learn/check/log unique request ID, and add the ability |
| 135 | to block bad responses. |
| 136 | - IPv6 : |
| 137 | * listen [ip4.ip4.ip4.ip4]:port[-port] |
| 138 | * listen [ip6::...ip6]/port[-port] |
| 139 | - server xxx ipv4 | ipv4: | ipv4:port[-port] | ipv6/ | ipv6/port[-port] |
willy tarreau | 1235015 | 2005-12-18 01:03:27 +0100 | [diff] [blame] | 140 | * appcookie |
willy tarreau | 91b7621 | 2006-04-10 20:34:25 +0200 | [diff] [blame] | 141 | * weighted round robin |
willy tarreau | 4302f49 | 2005-12-18 01:00:37 +0100 | [diff] [blame] | 142 | - option to shutdown(listen_sock) when max connections reached |
willy tarreau | ad90a0c | 2005-12-18 01:09:15 +0100 | [diff] [blame] | 143 | * epoll |
willy tarreau | 8cef8a9 | 2006-05-02 23:45:50 +0200 | [diff] [blame] | 144 | - replace the event scheduler with an O(log(N)) one. The timer queue will |
| 145 | need a tree with a known end (to speed up queueing of latest events), and |
| 146 | no entry for eternity. |
willy tarreau | 64a3cc3 | 2005-12-18 01:13:11 +0100 | [diff] [blame] | 147 | - refine memory management so that the request buffer is only allocated in |
| 148 | cli_read() and response buffer during srv_read(). This would protect against |
| 149 | attacks with thousands connections : 20000 connections consume 340 MB RSS and |
| 150 | 1.3 GB VSZ on Linux. Data should be in a separate buffer to prevent any |
| 151 | activity on the buffer's pointers from touching the buffer page itself. |
| 152 | - make buffer size configurable in global options |
willy tarreau | 01a73eb | 2005-12-18 01:34:05 +0100 | [diff] [blame] | 153 | * monitor number of simultaneous sessions in logs (per srv/inst/global) |
willy tarreau | 43b1512 | 2006-04-10 21:01:39 +0200 | [diff] [blame] | 154 | * ignore leading empty lines in HTTP requests |
willy tarreau | 8cef8a9 | 2006-05-02 23:45:50 +0200 | [diff] [blame] | 155 | + limit the per-server number of sessions and queue incoming connections |
| 156 | => still needs refinement (actions at servers UP/DOWN, timeouts) |
| 157 | - new 'timeout' keyword to set all timeouts (including the queue) |
| 158 | - ability to intercept an URI to report statistics |
| 159 | - ability to intercept an URI to return 404 |
| 160 | - embedded error pages loaded in memory at startup time (eg: for expired time |
| 161 | in connection queue) |
willy tarreau | 01a73eb | 2005-12-18 01:34:05 +0100 | [diff] [blame] | 162 | |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 163 | |
| 164 | TODO for 1.3 |
| 165 | ============ |
| 166 | - check all copyrights |
Willy Tarreau | baaee00 | 2006-06-26 02:48:02 +0200 | [diff] [blame] | 167 | - fix Makefile.bsd |
| 168 | - separate inline functions to put them in files covered by GPL |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 169 | - implement HTTP status 414 - request URI too long |
Willy Tarreau | 5fc49f2 | 2006-12-17 23:32:53 +0100 | [diff] [blame] | 170 | - implement 'use_filters <proxy>' and 'use_backend <proxy>' |
| 171 | - fix the logs. The logs might be defined from the frontend and |
| 172 | augmented depending on the backends' options. Another solution |
| 173 | would be to support a 'log' type entity just like the frontend, |
| 174 | filters and backend, on which every entity could rely. |
| 175 | - implement 'on uri <uri> <proxy>', 'on host <host> <proxy>' |
| 176 | - remove the first now useless hop in hdr_idx |
Willy Tarreau | 58f10d7 | 2006-12-04 02:26:12 +0100 | [diff] [blame] | 177 | |