blob: a7d411f292c19d2501a8d4857850d4eef40f99e9 [file] [log] [blame]
Willy Tarreaub1a34b62010-05-09 22:37:12 +02001 ----------------------
2 HAProxy how-to
3 ----------------------
Willy Tarreau15480d72014-06-19 21:10:58 +02004 version 1.6-dev
Willy Tarreaub1a34b62010-05-09 22:37:12 +02005 willy tarreau
Willy Tarreaue7ae6562015-09-28 23:46:27 +02006 2015/09/28
willy tarreau78345332005-12-18 01:33:16 +01007
8
Willy Tarreaub1a34b62010-05-09 22:37:12 +020091) How to build it
10------------------
11
Willy Tarreau15480d72014-06-19 21:10:58 +020012First, please note that this version is a development version, so in general if
13you are not used to build from sources or if you don't have the time to track
14very frequent updates, it is recommended that instead you switch to the stable
15version (1.5) or follow the packaged updates provided by your software vendor
16or Linux distribution. Most of them are taking this task seriously and are
17doing a good job. If for any reason you'd prefer a different version than the
18one packaged for your system, or to get some commercial support, other choices
19are available at :
Willy Tarreau869f3512014-06-19 15:26:32 +020020
21 http://www.haproxy.com/
22
willy tarreau78345332005-12-18 01:33:16 +010023To build haproxy, you will need :
Willy Tarreaub1a34b62010-05-09 22:37:12 +020024 - GNU make. Neither Solaris nor OpenBSD's make work with the GNU Makefile.
Willy Tarreau3543cdb2014-05-10 09:12:46 +020025 If you get many syntax errors when running "make", you may want to retry
26 with "gmake" which is the name commonly used for GNU make on BSD systems.
Willy Tarreau869f3512014-06-19 15:26:32 +020027 - GCC between 2.95 and 4.8. Others may work, but not tested.
willy tarreau78345332005-12-18 01:33:16 +010028 - GNU ld
29
30Also, you might want to build with libpcre support, which will provide a very
Willy Tarreaub1a34b62010-05-09 22:37:12 +020031efficient regex implementation and will also fix some badness on Solaris' one.
willy tarreau78345332005-12-18 01:33:16 +010032
33To build haproxy, you have to choose your target OS amongst the following ones
34and assign it to the TARGET variable :
35
Willy Tarreau83b30c12008-05-25 10:32:50 +020036 - linux22 for Linux 2.2
37 - linux24 for Linux 2.4 and above (default)
38 - linux24e for Linux 2.4 with support for a working epoll (> 0.21)
Willy Tarreau83b30c12008-05-25 10:32:50 +020039 - linux26 for Linux 2.6 and above
Willy Tarreau869f3512014-06-19 15:26:32 +020040 - linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy)
Willy Tarreau83b30c12008-05-25 10:32:50 +020041 - solaris for Solaris 8 or 10 (others untested)
Willy Tarreau869f3512014-06-19 15:26:32 +020042 - freebsd for FreeBSD 5 to 10 (others untested)
Willy Tarreau8624cab2013-04-02 08:17:43 +020043 - osx for Mac OS/X
Daniel Jakots17d228b2015-07-29 08:03:08 +020044 - openbsd for OpenBSD 3.1 and above
Willy Tarreau50abe302014-04-02 20:44:43 +020045 - aix51 for AIX 5.1
Willy Tarreau7dec9652012-06-06 16:15:03 +020046 - aix52 for AIX 5.2
Yitzhak Sapir32087312009-06-14 18:27:54 +020047 - cygwin for Cygwin
Willy Tarreau869f3512014-06-19 15:26:32 +020048 - generic for any other OS or version.
Willy Tarreau83b30c12008-05-25 10:32:50 +020049 - custom to manually adjust every setting
willy tarreau78345332005-12-18 01:33:16 +010050
51You may also choose your CPU to benefit from some optimizations. This is
52particularly important on UltraSparc machines. For this, you can assign
53one of the following choices to the CPU variable :
54
55 - i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon
56 - i586 for intel Pentium, AMD K6, VIA C3.
57 - ultrasparc : Sun UltraSparc I/II/III/IV processor
Willy Tarreau817dad52014-07-10 20:24:25 +020058 - native : use the build machine's specific processor optimizations. Use with
59 extreme care, and never in virtualized environments (known to break).
60 - generic : any other processor or no CPU-specific optimization. (default)
willy tarreau78345332005-12-18 01:33:16 +010061
Willy Tarreau83b30c12008-05-25 10:32:50 +020062Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options
63for your platform.
64
Willy Tarreauef7341d2009-04-11 19:45:50 +020065You may want to build specific target binaries which do not match your native
66compiler's target. This is particularly true on 64-bit systems when you want
67to build a 32-bit binary. Use the ARCH variable for this purpose. Right now
Willy Tarreaua5899aa2010-11-28 07:41:00 +010068it only knows about a few x86 variants (i386,i486,i586,i686,x86_64), two
69generic ones (32,64) and sets -m32/-m64 as well as -march=<arch> accordingly.
Willy Tarreauef7341d2009-04-11 19:45:50 +020070
willy tarreau78345332005-12-18 01:33:16 +010071If your system supports PCRE (Perl Compatible Regular Expressions), then you
72really should build with libpcre which is between 2 and 10 times faster than
73other libc implementations. Regex are used for header processing (deletion,
74rewriting, allow, deny). The only inconvenient of libpcre is that it is not
75yet widely spread, so if you build for other systems, you might get into
76trouble if they don't have the dynamic library. In this situation, you should
77statically link libpcre into haproxy so that it will not be necessary to
Willy Tarreau83b30c12008-05-25 10:32:50 +020078install it on target systems. Available build options for PCRE are :
willy tarreau78345332005-12-18 01:33:16 +010079
Willy Tarreau83b30c12008-05-25 10:32:50 +020080 - USE_PCRE=1 to use libpcre, in whatever form is available on your system
willy tarreau78345332005-12-18 01:33:16 +010081 (shared or static)
82
Willy Tarreau83b30c12008-05-25 10:32:50 +020083 - USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic
84 one is available. This will enhance portability.
85
Willy Tarreau663148c2012-12-12 00:38:22 +010086 - with no option, use your OS libc's standard regex implementation (default).
Willy Tarreau83b30c12008-05-25 10:32:50 +020087 Warning! group references on Solaris seem broken. Use static-pcre whenever
88 possible.
willy tarreau78345332005-12-18 01:33:16 +010089
Willy Tarreaua8fc8a22015-09-28 22:36:21 +020090If your system doesn't provide PCRE, you are encouraged to download it from
91http://www.pcre.org/ and build it yourself, it's fast and easy.
92
Willy Tarreau64bc40b2011-03-23 20:00:53 +010093Recent systems can resolve IPv6 host names using getaddrinfo(). This primitive
94is not present in all libcs and does not work in all of them either. Support in
95glibc was broken before 2.3. Some embedded libs may not properly work either,
96thus, support is disabled by default, meaning that some host names which only
97resolve as IPv6 addresses will not resolve and configs might emit an error
98during parsing. If you know that your OS libc has reliable support for
99getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command line to enable
100it. This is the recommended option for most Linux distro packagers since it's
101working fine on all recent mainstream distros. It is automatically enabled on
102Solaris 8 and above, as it's known to work.
103
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200104It is possible to add native support for SSL using the GNU makefile, by passing
105"USE_OPENSSL=1" on the make command line. The libssl and libcrypto will
106automatically be linked with haproxy. Some systems also require libz, so if the
107build fails due to missing symbols such as deflateInit(), then try again with
108"ADDLIB=-lz".
Willy Tarreaud4508812012-09-10 09:07:41 +0200109
Willy Tarreaua8fc8a22015-09-28 22:36:21 +0200110Your are strongly encouraged to always use an up-to-date version of OpenSSL, as
111found on https://www.openssl.org/ as vulnerabilities are occasionally found and
112you don't want them on your systems. HAProxy is known to build correctly on all
113currently supported branches (0.9.8, 1.0.0, 1.0.1 and 1.0.2 at the time of
114writing). Branch 1.0.2 is recommended for the richest features.
115
Lukas Tribus3fe9f1e2013-05-19 16:28:17 +0200116To link OpenSSL statically against haproxy, build OpenSSL with the no-shared
117keyword and install it to a local directory, so your system is not affected :
118
119 $ export STATICLIBSSL=/tmp/staticlibssl
120 $ ./config --prefix=$STATICLIBSSL no-shared
121 $ make && make install_sw
122
Lukas Tribus130ddf72013-10-01 00:28:03 +0200123When building haproxy, pass that path via SSL_INC and SSL_LIB to make and
124include additional libs with ADDLIB if needed (in this case for example libdl):
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200125
Lukas Tribus130ddf72013-10-01 00:28:03 +0200126 $ make TARGET=linux26 USE_OPENSSL=1 SSL_INC=$STATICLIBSSL/include SSL_LIB=$STATICLIBSSL/lib ADDLIB=-ldl
Lukas Tribus3fe9f1e2013-05-19 16:28:17 +0200127
Willy Tarreaua8fc8a22015-09-28 22:36:21 +0200128It is also possible to include native support for zlib to benefit from HTTP
William Lallemand82fe75c2012-10-23 10:25:10 +0200129compression. For this, pass "USE_ZLIB=1" on the "make" command line and ensure
Willy Tarreau418b8c02015-03-29 03:32:06 +0200130that zlib is present on the system. Alternatively it is possible to use libslz
131for a faster, memory less, but slightly less efficient compression, by passing
132"USE_SLZ=1".
William Lallemand82fe75c2012-10-23 10:25:10 +0200133
Willy Tarreaua8fc8a22015-09-28 22:36:21 +0200134Zlib is commonly found on most systems, otherwise updates can be retrieved from
135http://www.zlib.net/. It is easy and fast to build. Libslz can be downloaded
136from http://1wt.eu/projects/libslz/ and is even easier to build.
137
willy tarreau78345332005-12-18 01:33:16 +0100138By default, the DEBUG variable is set to '-g' to enable debug symbols. It is
139not wise to disable it on uncommon systems, because it's often the only way to
140get a complete core when you need one. Otherwise, you can set DEBUG to '-s' to
141strip the binary.
142
143For example, I use this to build for Solaris 8 :
144
Willy Tarreau83b30c12008-05-25 10:32:50 +0200145 $ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1
willy tarreau78345332005-12-18 01:33:16 +0100146
Willy Tarreau83b30c12008-05-25 10:32:50 +0200147And I build it this way on OpenBSD or FreeBSD :
willy tarreaud38e72d2006-03-19 20:56:52 +0100148
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200149 $ gmake TARGET=freebsd USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
willy tarreaud38e72d2006-03-19 20:56:52 +0100150
Willy Tarreau663148c2012-12-12 00:38:22 +0100151And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) :
152
Willy Tarreau817dad52014-07-10 20:24:25 +0200153 $ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
Willy Tarreau663148c2012-12-12 00:38:22 +0100154
155And on a recent Linux >= 2.6.28 with SSL and ZLIB support :
Willy Tarreaud4508812012-09-10 09:07:41 +0200156
Willy Tarreau817dad52014-07-10 20:24:25 +0200157 $ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
Willy Tarreaud4508812012-09-10 09:07:41 +0200158
William Lallemand82fe75c2012-10-23 10:25:10 +0200159In order to build a 32-bit binary on an x86_64 Linux system with SSL support
160without support for compression but when OpenSSL requires ZLIB anyway :
Willy Tarreauef7341d2009-04-11 19:45:50 +0200161
Willy Tarreaud4508812012-09-10 09:07:41 +0200162 $ make TARGET=linux26 ARCH=i386 USE_OPENSSL=1 ADDLIB=-lz
Willy Tarreauef7341d2009-04-11 19:45:50 +0200163
Willy Tarreaub1efede2014-05-09 00:44:48 +0200164The SSL stack supports session cache synchronization between all running
165processes. This involves some atomic operations and synchronization operations
166which come in multiple flavors depending on the system and architecture :
167
168 Atomic operations :
169 - internal assembler versions for x86/x86_64 architectures
170
171 - gcc builtins for other architectures. Some architectures might not
172 be fully supported or might require a more recent version of gcc.
173 If your architecture is not supported, you willy have to either use
174 pthread if supported, or to disable the shared cache.
175
176 - pthread (posix threads). Pthreads are very common but inter-process
177 support is not that common, and some older operating systems did not
178 report an error when enabling multi-process mode, so they used to
179 silently fail, possibly causing crashes. Linux's implementation is
180 fine. OpenBSD doesn't support them and doesn't build. FreeBSD 9 builds
181 and reports an error at runtime, while certain older versions might
182 silently fail. Pthreads are enabled using USE_PTHREAD_PSHARED=1.
183
184 Synchronization operations :
185 - internal spinlock : this mode is OS-independant, light but will not
186 scale well to many processes. However, accesses to the session cache
187 are rare enough that this mode could certainly always be used. This
188 is the default mode.
189
190 - Futexes, which are Linux-specific highly scalable light weight mutexes
191 implemented in user-space with some limited assistance from the kernel.
192 This is the default on Linux 2.6 and above and is enabled by passing
193 USE_FUTEX=1
194
195 - pthread (posix threads). See above.
196
197If none of these mechanisms is supported by your platform, you may need to
198build with USE_PRIVATE_CACHE=1 to totally disable SSL cache sharing. Then
199it is better not to run SSL on multiple processes.
200
willy tarreau78345332005-12-18 01:33:16 +0100201If you need to pass other defines, includes, libraries, etc... then please
202check the Makefile to see which ones will be available in your case, and
Willy Tarreau3543cdb2014-05-10 09:12:46 +0200203use the USE_* variables in the Makefile.
willy tarreau78345332005-12-18 01:33:16 +0100204
Willy Tarreau97ec9692010-01-28 20:52:05 +0100205AIX 5.3 is known to work with the generic target. However, for the binary to
206also run on 5.2 or earlier, you need to build with DEFINE="-D_MSGQSUPPORT",
Willy Tarreau869f3512014-06-19 15:26:32 +0200207otherwise __fd_select() will be used while not being present in the libc, but
208this is easily addressed using the "aix52" target. If you get build errors
209because of strange symbols or section mismatches, simply remove -g from
210DEBUG_CFLAGS.
Willy Tarreau97ec9692010-01-28 20:52:05 +0100211
Willy Tarreau32e65ef2013-04-02 08:14:29 +0200212You can easily define your own target with the GNU Makefile. Unknown targets
213are processed with no default option except USE_POLL=default. So you can very
214well use that property to define your own set of options. USE_POLL can even be
215disabled by setting USE_POLL="". For example :
216
217 $ gmake TARGET=tiny USE_POLL="" TARGET_CFLAGS=-fomit-frame-pointer
218
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200219
David Carlierb5efa012015-06-01 14:21:47 +02002201.1) DeviceAtlas Device Detection
221---------------------------------
222
223In order to add DeviceAtlas Device Detection support, you would need to download
224the API source code from https://deviceatlas.com/deviceatlas-haproxy-module and
225once extracted :
226
Willy Tarreau82bd42e2015-06-02 14:10:28 +0200227 $ make TARGET=<target> USE_PCRE=1 USE_DEVICEATLAS=1 DEVICEATLAS_SRC=<path to the API root folder>
228
229Optionally DEVICEATLAS_INC and DEVICEATLAS_LIB may be set to override the path
230to the include files and libraries respectively if they're not in the source
231directory.
David Carlierb5efa012015-06-01 14:21:47 +0200232
233These are supported DeviceAtlas directives (see doc/configuration.txt) :
234 - deviceatlas-json-file <path to the DeviceAtlas JSON data file>.
235 - deviceatlas-log-level <number> (0 to 3, level of information returned by
236 the API, 0 by default).
237 - deviceatlas-property-separator <character> (character used to separate the
238 properties produced by the API, | by default).
239
240Sample configuration :
241
242 global
243 deviceatlas-json-file <path to json file>
244
245 ...
246 frontend
247 bind *:8881
248 default_backend servers
David Carlier00d7d612015-09-25 14:06:08 +0100249
250There are two distinct methods available, one which leverages all HTTP headers
251and one which uses only a single HTTP header for the detection. The former
252method is highly recommended and more accurate.
253
254
255All HTTP headers
256
257
258 http-request set-header X-DeviceAtlas-Data %[da-csv-fetch(primaryHardwareType,osName,osVersion,browserName,browserVersion)]
259
260
261Single HTTP header (e.g. User-Agent)
262
263
264 http-request set-header X-DeviceAtlas-Data %[req.fhdr(User-Agent),da-csv-conv(primaryHardwareType,osName,osVersion,browserName,browserVersion)]
265
David Carlierb5efa012015-06-01 14:21:47 +0200266
David Carlier00d7d612015-09-25 14:06:08 +0100267Please find more information about DeviceAtlas and the detection methods at https://deviceatlas.com/resources .
David Carlierb5efa012015-06-01 14:21:47 +0200268
Thomas Holmesf95aaf62015-05-29 15:21:42 +01002691.2) 51Degrees Device Detection
270-------------------------------
271
272You can also include 51Degrees for inbuilt device detection enabling attributes
273such as screen size (physical & pixels), supported input methods, release date,
274hardware vendor and model, browser information, and device price among many
275others. Such information can be used to improve the user experience of a web
276site by tailoring the page content, layout and business processes to the
277precise characteristics of the device. Such customisations improve profit by
278making it easier for customers to get to the information or services they
James Rosewella0c4c692015-09-18 17:21:37 +0100279need. Attributes of the device making a web request can be added to HTTP
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100280headers as configurable parameters.
281
James Rosewella0c4c692015-09-18 17:21:37 +0100282In order to enable 51Degrees download the 51Degrees source code from the
283official github repository :
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100284
James Rosewella0c4c692015-09-18 17:21:37 +0100285 git clone https://github.com/51Degrees/Device-Detection
Willy Tarreauc7203c72015-06-01 11:12:35 +0200286
287then run 'make' with USE_51DEGREES and 51DEGREES_SRC set. Both 51DEGREES_INC
288and 51DEGREES_LIB may additionally be used to force specific different paths
289for .o and .h, but will default to 51DEGREES_SRC. Make sure to replace
290'51D_REPO_PATH' with the path to the 51Degrees repository.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100291
James Rosewella0c4c692015-09-18 17:21:37 +010029251Degrees provide 2 different detection algorithms:
293
Willy Tarreauc7203c72015-06-01 11:12:35 +0200294 1. Pattern - balances main memory usage and CPU.
295 2. Trie - a very high performance detection solution which uses more main
296 memory than Pattern.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100297
298To make with 51Degrees Pattern algorithm use the following command line.
299
Willy Tarreauc7203c72015-06-01 11:12:35 +0200300 $ make TARGET=linux26 USE_51DEGREES=1 51DEGREES_SRC='51D_REPO_PATH'/src/pattern
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100301
302To use the 51Degrees Trie algorithm use the following command line.
303
Willy Tarreauc7203c72015-06-01 11:12:35 +0200304 $ make TARGET=linux26 USE_51DEGREES=1 51DEGREES_SRC='51D_REPO_PATH'/src/trie
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100305
306A data file containing information about devices, browsers, operating systems
307and their associated signatures is then needed. 51Degrees provide a free
308database with Github repo for this purpose. These free data files are located
309in '51D_REPO_PATH'/data with the extensions .dat for Pattern data and .trie for
310Trie data.
311
312The configuration file needs to set the following parameters:
313
James Rosewella0c4c692015-09-18 17:21:37 +0100314 51degrees-data-file path to the Pattern or Trie data file
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100315 51degrees-property-name-list list of 51Degrees properties to detect
Dragan Dosen93b38d92015-06-29 16:43:25 +0200316 51degrees-property-separator separator to use between values
Dragan Dosenae6d39a2015-06-29 16:43:27 +0200317 51degrees-cache-size LRU-based cache size (disabled by default)
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100318
319The following is an example of the settings for Pattern.
320
James Rosewella0c4c692015-09-18 17:21:37 +0100321 51degrees-data-file '51D_REPO_PATH'/data/51Degrees-LiteV3.2.dat
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100322 51degrees-property-name-list IsTablet DeviceType IsMobile
Dragan Dosen93b38d92015-06-29 16:43:25 +0200323 51degrees-property-separator ,
Dragan Dosenae6d39a2015-06-29 16:43:27 +0200324 51degrees-cache-size 10000
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100325
326HAProxy needs a way to pass device information to the backend servers. This is
James Rosewella0c4c692015-09-18 17:21:37 +0100327done by using the 51d converter or fetch method, which intercepts the HTTP
328headers and creates some new headers. This is controlled in the frontend
329http-in section.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100330
331The following is an example which adds two new HTTP headers prefixed X-51D-
332
333 frontend http-in
334 bind *:8081
335 default_backend servers
James Rosewella0c4c692015-09-18 17:21:37 +0100336 http-request set-header X-51D-DeviceTypeMobileTablet %[51d.all(DeviceType,IsMobile,IsTablet)]
337 http-request set-header X-51D-Tablet %[51d.all(IsTablet)]
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100338
339Here, two headers are created with 51Degrees data, X-51D-DeviceTypeMobileTablet
340and X-51D-Tablet. Any number of headers can be created this way and can be
James Rosewella0c4c692015-09-18 17:21:37 +0100341named anything. 51d.all( ) invokes the 51degrees fetch. It can be passed up to
342five property names of values to return. Values will be returned in the same
343order, seperated by the 51-degrees-property-separator configured earlier. If a
344property name can't be found the value 'NoData' is returned instead.
345
346In addition to the device properties three additional properties related to the
347validity of the result can be returned when used with the Pattern method. The
348following example shows how Method, Difference and Rank could be included as one
349new HTTP header X-51D-Stats.
350
351 http-request set-header X-51D-Stats %[51d.all(Method,Difference,Rank)]
352
353These values indicate how confident 51Degrees is in the result that that was
354returned. More information is available on the 51Degrees web site at:
355
356 https://51degrees.com/support/documentation/pattern
357
358The above 51d.all fetch method uses all available HTTP headers for detection. A
359modest performance improvement can be obtained by only passing one HTTP header
360to the detection method with the 51d.single converter. The following example
361uses the User-Agent HTTP header only for detection.
362
363 http-request set-header X-51D-DeviceTypeMobileTablet %[req.fhdr(User-Agent),51d.single(DeviceType,IsMobile,IsTablet)]
364
365Any HTTP header could be used inplace of User-Agent by changing the parameter
366provided to req.fhdr.
367
368When compiled to use the Trie detection method the trie format data file needs
369to be provided. Changing the extension of the data file from dat to trie will
370use the correct data.
371
372 51degrees-data-file '51D_REPO_PATH'/data/51Degrees-LiteV3.2.trie
373
374When used with Trie the Method, Difference and Rank properties are not
375available.
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100376
377The free Lite data file contains information about screen size in pixels and
378whether the device is a mobile. A full list of available properties is located
379on the 51Degrees web site at:
380
James Rosewella0c4c692015-09-18 17:21:37 +0100381 https://51degrees.com/resources/property-dictionary
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100382
383Some properties are only available in the paid for Premium and Enterprise
James Rosewella0c4c692015-09-18 17:21:37 +0100384versions of 51Degrees. These data sets not only contain more properties but
Thomas Holmesf95aaf62015-05-29 15:21:42 +0100385are updated weekly and daily and contain signatures for 100,000s of different
386device combinations. For more information see the data options comparison web
387page:
388
389 https://51degrees.com/compare-data-options
390
391
Willy Tarreaub1a34b62010-05-09 22:37:12 +02003922) How to install it
393--------------------
394
395To install haproxy, you can either copy the single resulting binary to the
396place you want, or run :
397
398 $ sudo make install
399
400If you're packaging it for another system, you can specify its root directory
401in the usual DESTDIR variable.
402
403
4043) How to set it up
405-------------------
406
407There is some documentation in the doc/ directory :
408
Willy Tarreaud8e42b62015-08-18 21:51:36 +0200409 - intro.txt : this is an introduction to haproxy, it explains what it is
410 what it is not. Useful for beginners or to re-discover it when planning
411 for an upgrade.
412
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200413 - architecture.txt : this is the architecture manual. It is quite old and
414 does not tell about the nice new features, but it's still a good starting
415 point when you know what you want but don't know how to do it.
416
417 - configuration.txt : this is the configuration manual. It recalls a few
418 essential HTTP basic concepts, and details all the configuration file
419 syntax (keywords, units). It also describes the log and stats format. It
420 is normally always up to date. If you see that something is missing from
Willy Tarreau74774c02014-04-23 00:57:08 +0200421 it, please report it as this is a bug. Please note that this file is
422 huge and that it's generally more convenient to review Cyril Bonté's
423 HTML translation online here :
424
425 http://cbonte.github.io/haproxy-dconv/configuration-1.5.html
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200426
427 - haproxy-en.txt / haproxy-fr.txt : these are the old outdated docs. You
428 should never need them. If you do, then please report what you didn't
429 find in the other ones.
430
431 - gpl.txt / lgpl.txt : the copy of the licenses covering the software. See
432 the 'LICENSE' file at the top for more information.
433
434 - the rest is mainly for developers.
435
436There are also a number of nice configuration examples in the "examples"
437directory as well as on several sites and articles on the net which are linked
438to from the haproxy web site.
439
440
4414) How to report a bug
442----------------------
443
444It is possible that from time to time you'll find a bug. A bug is a case where
445what you see is not what is documented. Otherwise it can be a misdesign. If you
446find that something is stupidly design, please discuss it on the list (see the
447"how to contribute" section below). If you feel like you're proceeding right
448and haproxy doesn't obey, then first ask yourself if it is possible that nobody
449before you has even encountered this issue. If it's unlikely, the you probably
450have an issue in your setup. Just in case of doubt, please consult the mailing
451list archives :
452
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200453 http://marc.info/?l=haproxy
454
455Otherwise, please try to gather the maximum amount of information to help
456reproduce the issue and send that to the mailing list :
457
458 haproxy@formilux.org
459
460Please include your configuration and logs. You can mask your IP addresses and
461passwords, we don't need them. But it's essential that you post your config if
462you want people to guess what is happening.
463
464Also, keep in mind that haproxy is designed to NEVER CRASH. If you see it die
465without any reason, then it definitely is a critical bug that must be reported
466and urgently fixed. It has happened a couple of times in the past, essentially
467on development versions running on new architectures. If you think your setup
468is fairly common, then it is possible that the issue is totally unrelated.
469Anyway, if that happens, feel free to contact me directly, as I will give you
470instructions on how to collect a usable core file, and will probably ask for
471other captures that you'll not want to share with the list.
472
473
4745) How to contribute
475--------------------
476
Willy Tarreau11e334d92015-09-20 22:31:42 +0200477Please carefully read the CONTRIBUTING file that comes with the sources. It is
478mandatory.
Willy Tarreaub1a34b62010-05-09 22:37:12 +0200479
willy tarreau78345332005-12-18 01:33:16 +0100480-- end