mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-23 23:01:24 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: proxy: Set http-reuse safe as default.

Browse Source 
Change the default for http-reuse from "never" to "safe", as it has been
the recommended setting for a few versions now and backend H2 makes little
sense without it.

Some warnings were removed from the config parser since it can dynamically
be disabled depending on the server's configuration, so there's no need to
disable it on a whole backend just for one server.
This commit is contained in:
Olivier Houchard 2018-12-14 19:37:49 +01:00 committed by Willy Tarreau
parent 2c68a462e1
commit 86006a561e
2 changed files with 22 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
doc/configuration.txt
View File

@ -4928,32 +4928,31 @@ http-reuse { never | safe | aggressive | always }
yes | no | yes | yes yes | no | yes | yes
By default, a connection established between haproxy and the backend server By default, a connection established between haproxy and the backend server
belongs to the session that initiated it. The downside is that between the which is considered safe for reuse is moved back to the server's idle
response and the next request, the connection remains idle and is not used. connections pool so that any other request can make use of it. This is the
In many cases for performance reasons it is desirable to make it possible to "safe" strategy below.
reuse these idle connections to serve other requests from different sessions.
This directive allows to tune this behavior.
The argument indicates the desired connection reuse strategy : The argument indicates the desired connection reuse strategy :
- "never" : idle connections are never shared between sessions. This is - "never" : idle connections are never shared between sessions. This mode
the default choice. It may be enforced to cancel a different may be enforced to cancel a different strategy inherited from
strategy inherited from a defaults section or for a defaults section or for troubleshooting. For example, if an
troubleshooting. For example, if an old bogus application old bogus application considers that multiple requests over
considers that multiple requests over the same connection come the same connection come from the same client and it is not
from the same client and it is not possible to fix the possible to fix the application, it may be desirable to
application, it may be desirable to disable connection sharing disable connection sharing in a single backend. An example of
in a single backend. An example of such an application could such an application could be an old haproxy using cookie
be an old haproxy using cookie insertion in tunnel mode and insertion in tunnel mode and not checking any request past the
not checking any request past the first one. first one.
- "safe" : this is the recommended strategy. The first request of a - "safe" : this is the default and the recommended strategy. The first
session is always sent over its own connection, and only request of a session is always sent over its own connection,
subsequent requests may be dispatched over other existing and only subsequent requests may be dispatched over other
connections. This ensures that in case the server closes the existing connections. This ensures that in case the server
connection when the request is being sent, the browser can closes the connection when the request is being sent, the
decide to silently retry it. Since it is exactly equivalent to browser can decide to silently retry it. Since it is exactly
regular keep-alive, there should be no side effects. equivalent to regular keep-alive, there should be no side
effects.
- "aggressive" : this mode may be useful in webservices environments where - "aggressive" : this mode may be useful in webservices environments where
all servers are not necessarily known and where it would be all servers are not necessarily known and where it would be

19
src/cfgparse.c
View File

@ -454,6 +454,7 @@ void init_default_instance()
defproxy.conn_retries = CONN_RETRIES; defproxy.conn_retries = CONN_RETRIES;
defproxy.redispatch_after = 0; defproxy.redispatch_after = 0;
defproxy.lbprm.chash.balance_factor = 0; defproxy.lbprm.chash.balance_factor = 0;
defproxy.options = PR_O_REUSE_SAFE;
defproxy.defsrv.check.inter = DEF_CHKINTR; defproxy.defsrv.check.inter = DEF_CHKINTR;
defproxy.defsrv.check.fastinter = 0; defproxy.defsrv.check.fastinter = 0;
@ -3206,24 +3207,6 @@ out_uri_auth_compat:
if ((curproxy->mode != PR_MODE_HTTP) && (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) if ((curproxy->mode != PR_MODE_HTTP) && (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR)
curproxy->options &= ~PR_O_REUSE_MASK; curproxy->options &= ~PR_O_REUSE_MASK;
if ((curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) {
if ((curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
(curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP ||
(newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
(newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP) {
ha_warning("config : %s '%s' : connections to server '%s' use the client's IP address as the source while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'usesrc' and to use the 'forwardfor' option instead.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
}
if (newsrv->pp_opts & (SRV_PP_V1|SRV_PP_V2)) {
ha_warning("config : %s '%s' : connections to server '%s' will have a PROXY protocol header announcing the first client's IP address while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'send-proxy' and to use the 'forwardfor' option instead.\n",
proxy_type_str(curproxy), curproxy->id, newsrv->id);
err_code |= ERR_WARN;
}
}
newsrv = newsrv->next; newsrv = newsrv->next;
} }