mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-01-30 14:31:08 +01:00
901f75c4a6
Released version 1.8-rc1 with the following main changes :
- BUG/MEDIUM: server: Allocate tmptrash before using it.
- CONTRIB: trace: add the possibility to place trace calls in the code
- CONTRIB: trace: try to display the function's return value on exit
- CONTRIB: trace: report the base name only for file names
- BUILD: ssl: support OPENSSL_NO_ASYNC #define
- MINOR: ssl: build with recent BoringSSL library
- BUG/MINOR: ssl: OCSP_single_get0_status can return -1
- BUG/MINOR: cli: restore "set ssl tls-key" command
- CLEANUP: cli: remove undocumented "set ssl tls-keys" command
- IMPORT: sha1: import SHA1 functions
- MINOR: sample: add the sha1 converter
- MINOR: sample: add the hex2i converter
- MINOR: stream-int: stop checking for useless connection flags in chk_snd_conn
- MINOR: ssl: don't abort after sending 16kB
- MINOR: connection: move the cleanup of flag CO_FL_WAIT_ROOM
- MINOR: connection: add flag CO_FL_WILL_UPDATE to indicate when updates are granted
- MEDIUM: connection: make use of CO_FL_WILL_UPDATE in conn_sock_shutw()
- MINOR: raw_sock: make use of CO_FL_WILL_UPDATE
- MINOR: ssl_sock: make use of CO_FL_WILL_UPDATE
- BUG/MINOR: checks: Don't forget to release the connection on error case.
- MINOR: buffer: add the buffer input manipulation functions
- BUG/MEDIUM: prevent buffers being overwritten during build_logline() execution
- MEDIUM: cfgparse: post section callback
- MEDIUM: cfgparse: post parsing registration
- MINOR: lua: add uuid to the Class Proxy
- MINOR: hlua: Add regex class
- MINOR: http: Mark the 425 code as "Too Early".
- MEDIUM: ssl: convert CBS (BoringSSL api) usage to neutral code
- MINOR: ssl: support Openssl 1.1.1 early callback for switchctx
- MINOR: ssl: generated certificate is missing in switchctx early callback
- MEDIUM: ssl: Handle early data with OpenSSL 1.1.1
- BUILD: Makefile: disable -Wunused-label
- MINOR: ssl/proto_http: Add keywords to take care of early data.
- BUG/MINOR: lua: const attribute of a string is overridden
- MINOR: ssl: Don't abuse ssl_options.
- MINOR: update proxy-protocol-v2 #define
- MINOR: merge ssl_sock_get calls for log and ppv2
- MINOR: add ALPN information to send-proxy-v2
- MEDIUM: h1: ensure that 1xx, 204 and 304 don't have a payload body
- CLEANUP: shctx: get ride of the shsess_packet{_hdr} structures
- MEDIUM: lists: list_for_each_entry{_safe}_from functions
- REORG: shctx: move lock functions and struct
- MEDIUM: shctx: allow the use of multiple shctx
- REORG: shctx: move ssl functions to ssl_sock.c
- MEDIUM: shctx: separate ssl and shctx
- MINOR: shctx: rename lock functions
- MINOR: h1: store the status code in the H1 message
- BUG/MINOR: spoe: Don't compare engine name and SPOE scope when both are NULL
- BUG/MINOR: spoa: Update pointer on the end of the frame when a reply is encoded
- MINOR: action: Add trk_idx inline function
- MINOR: action: Use trk_idx instead of tcp/http_trk_idx
- MINOR: action: Add a function pointer in act_rule struct to check its validity
- MINOR: action: Add function to check rules using an action ACT_ACTION_TRK_*
- MINOR: action: Add a functions to check http capture rules
- MINOR: action: Factorize checks on rules calling check_ptr if defined
- MINOR: acl: Pass the ACLs as an explicit parameter of build_acl_cond
- MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages
- MINOR: spoe: Check uniqness of SPOE engine names during config parsing
- MEDIUM: spoe: Parse new "spoe-group" section in SPOE config file
- MEDIUM: spoe/rules: Add "send-spoe-group" action for tcp/http rules
- MINOR: spoe: Move message encoding in its own function
- MINOR: spoe: Add a type to qualify the message list during encoding
- MINOR: spoe: Add a generic function to encode a list of SPOE message
- MEDIUM: spoe/rules: Process "send-spoe-group" action
- BUG/MINOR: dns: Fix CLI keyword declaration
- MAJOR: dns: Refactor the DNS code
- BUG/MINOR: mailers: Fix a memory leak when email alerts are released
- MEDIUM: mailers: Init alerts during conf parsing and refactor their processing
- MINOR: mailers: Use pools to allocate email alerts and its tcpcheck_rules
- MINOR: standard: Add memvprintf function
- MINOR: log: Save alerts and warnings emitted during HAProxy startup
- MINOR: cli: Add "show startup-logs" command
- MINOR: startup: Extend the scope the MODE_STARTING flag
- MINOR: threads: Prepare makefile to link with pthread
- MINOR: threads: Add THREAD_LOCAL macro
- MINOR: threads: Add atomic-ops and plock includes in import dir
- MEDIUM: threads: Add hathreads header file
- MINOR: threads: Add mechanism to register per-thread init/deinit functions
- MINOR: threads: Add nbthread parameter
- MEDIUM: threads: Adds a set of functions to handle sync-point
- MAJOR: threads: Start threads to experiment multithreading
- MINOR: threads: Define the sync-point inside run_poll_loop
- MEDIUM: threads/buffers: Define and register per-thread init/deinit functions
- MEDIUM: threads/chunks: Transform trash chunks in thread-local variables
- MEDIUM: threads/time: Many global variables from time.h are now thread-local
- MEDIUM: threads/logs: Make logs thread-safe
- MEDIUM: threads/pool: Make pool thread-safe by locking all access to a pool
- MAJOR: threads/fd: Make fd stuffs thread-safe
- MINOR: threads/fd: Add a mask of threads allowed to process on each fd in fdtab array
- MEDIUM: threads/fd: Initialize the process mask during the call to fd_insert
- MINOR: threads/fd: Process cached events of FDs depending on the process mask
- MINOR: threads/polling: pollers now handle FDs depending on the process mask
- WIP: SQUASH WITH SYNC POINT
- MAJOR: threads/task: handle multithread on task scheduler
- MEDIUM: threads/signal: Add a lock to make signals thread-safe
- MEDIUM: threads/listeners: Make listeners thread-safe
- MEDIUM: threads/proxy: Add a lock per proxy and atomically update proxy vars
- MEDIUM: threads/server: Make connection list (priv/idle/safe) thread-safe
- MEDIUM: threads/server: Add a lock per server and atomically update server vars
- MINOR: threads/server: Add a lock to deal with insert in updates_servers list
- MEDIUM: threads/lb: Make LB algorithms (lb_*.c) thread-safe
- MEDIUM: threads/stick-tables: handle multithreads on stick tables
- MINOR: threads/sample: Change temp_smp into a thread local variable
- MEDIUM: threads/http: Make http_capture_bad_message thread-safe
- MINOR: threads/regex: Change Regex trash buffer into a thread local variable
- MAJOR: threads/applet: Handle multithreading for applets
- MAJOR: threads/peers: Make peers thread safe
- MAJOR: threads/buffer: Make buffer wait queue thread safe
- MEDIUM: threads/stream: Make streams list thread safe
- MAJOR: threads/ssl: Make SSL part thread-safe
- MEDIUM: threads/queue: Make queues thread-safe
- MAJOR: threads/map: Make acls/maps thread safe
- MEDIUM: threads/freq_ctr: Make the frequency counters thread-safe
- MEDIUM: thread/vars: Make vars thread-safe
- MEDIUM: threads/filters: Add init/deinit callback per thread
- MINOR: threads/filters: Update trace filter to add _per_thread callbacks
- MEDIUM: threads/compression: Make HTTP compression thread-safe
- MEDIUM: threads/lua: Makes the jmpbuf and some other buffers local to the current thread.
- MEDIUM: threads/lua: Add locks around the Lua execution parts.
- MEDIUM: threads/lua: Ensure that the launched tasks runs on the same threads than me
- MEDIUM: threads/lua: Cannot acces to the socket if we try to access from another thread.
- MEDIUM: threads/xref: Convert xref function to a thread safe model
- MEDIUM: threads/tasks: Add lock around notifications
- MEDIUM: thread/spoe: Make the SPOE thread-safe
- MEDIUM: thread/dns: Make DNS thread-safe
- MINOR: threads: Add thread-map config parameter in the global section
- MINOR: threads/checks: Add a lock to protect the pid list used by external checks
- MINOR: threads/checks: Set the task process_mask when a check is executed
- MINOR: threads/mailers: Add a lock to protect queues of email alerts
- MEDIUM: threads/server: Use the server lock to protect health check and cli concurrency
- MINOR: threads: Don't start when device a detection module is used
- BUG/MEDIUM: threads: Run the poll loop on the main thread too
- BUG/MINOR: threads: Add missing THREAD_LOCAL on static here and there
- MAJOR: threads: Offically enable the threads support in HAProxy
- BUG/MAJOR: threads/freq_ctr: fix lock on freq counters.
- BUG/MAJOR: threads/time: Store the time deviation in an 64-bits integer
- BUILD: stick-tables: silence an uninitialized variable warning
- BUG/MINOR: dns: Fix SRV records with the new thread code.
- MINOR: ssl: Remove the global allow-0rtt option.
- CLEANUP: threads: replace the last few 1UL<<tid with tid_bit
- CLEANUP: threads: rename process_mask to thread_mask
- MINOR: h1: add a function to measure the trailers length
- MINOR: threads: add a portable barrier for threads and non-threads
- BUG/MAJOR: threads/freq_ctr: use a memory barrier to detect changes
- BUG/MEDIUM: threads: Initialize the sync-point
- MEDIUM: connection: start to introduce a mux layer between xprt and data
- MINOR: connection: implement alpn registration of muxes
- MINOR: mux: register the pass-through mux for any ALPN string
- MEDIUM: session: use the ALPN token and proxy mode to select the mux
- MINOR: connection: report the major HTTP version from the MUX for logging (fc_http_major)
- MINOR: connection: introduce conn_stream
- MINOR: mux: add more methods to mux_ops
- MINOR: connection: introduce the conn_stream manipulation functions
- MINOR: mux_pt: implement remaining mux_ops methods
- MAJOR: connection : Split struct connection into struct connection and struct conn_stream.
- MINOR: connection: make conn_stream users also check for per-stream error flag
- MINOR: conn_stream: new shutr/w status flags
- MINOR: conn_stream: modify cs_shut{r,w} API to pass the desired mode
- MEDIUM: connection: make conn_sock_shutw() aware of lingering
- MINOR: connection: add cs_close() to close a conn_stream
- MEDIUM: mux_pt: make cs_shutr() / cs_shutw() properly close the connection
- MEDIUM: connection: replace conn_full_close() with cs_close()
- MEDIUM: connection: make mux->detach() release the connection
- MEDIUM: stream: do not forcefully close the client connection anymore
- MEDIUM: checks: exclusively use cs_destroy() to release a connection
- MEDIUM: connection: add a destroy callback
- MINOR: session: release the listener with the session, not the stream
- MEDIUM: session: make use of the connection's destroy callback
- CONTRIB: hpack: implement a reverse huffman table generator for hpack
- MINOR: hpack: implement the HPACK Huffman table decoder
- MINOR: hpack: implement the header tables management
- MINOR: hpack: implement the decoder
- MEDIUM: hpack: implement basic hpack encoding
- MINOR: h2: centralize all HTTP/2 protocol elements and constants
- MINOR: h2: create a very minimalistic h2 mux
- MINOR: h2: expose tune.h2.header-table-size to configure the table size
- MINOR: h2: expose tune.h2.initial-window-size to configure the window size
- MINOR: h2: expose tune.h2.max-concurrent-streams to limit the number of streams
- MINOR: h2: create the h2c struct and allocate its pool
- MINOR: h2: create the h2s struct and the associated pool
- MINOR: h2: handle two extra stream states for errors
- MINOR: h2: add a frame header descriptor for incoming frames
- MEDIUM: h2: allocate and release the h2c context on connection init/end
- MEDIUM: h2: implement basic recv/send/wake functions
- MEDIUM: h2: dynamically allocate the demux buffer on Rx
- MEDIUM: h2: implement the mux buffer allocator
- MINOR: h2: add the connection and stream flags listing the causes for blocking
- MINOR: h2: add function h2s_id() to report a stream's ID
- MINOR: h2: small function to know when the mux is busy
- MINOR: h2: new function h2c_error to mark an error on the connection
- MINOR: h2: new function h2s_error() to mark an error on a stream
- MINOR: h2: add h2_set_frame_size() to update the size in a binary frame
- MINOR: h2: new function h2_peek_frame_hdr() to retrieve a new frame header
- MINOR: h2: add a few functions to retrieve contents from a wrapping buffer
- MINOR: h2: add stream lookup function based on the stream ID
- MINOR: h2: create dummy idle and closed streams
- MINOR: h2: add the function to create a new stream
- MINOR: h2: update the {MUX,DEM}_{M,D}ALLOC flags on buffer availability
- MEDIUM: h2: start to consider the H2_CF_{MUX,DEM}_* flags for polling
- MINOR: h2: also terminate the connection on shutr
- MEDIUM: h2: properly consider all conditions for end of connection
- MEDIUM: h2: wake the connection up for send on pending streams
- MEDIUM: h2: start to implement the frames processing loop
- MINOR: h2: add a function to send a GOAWAY error frame
- MINOR: h2: match the H2 connection preface on init
- MEDIUM: h2: enable connection polling for send when a cs wants to emit
- MEDIUM: h2: enable reading again on the connection if it was blocked on stream buffer full
- MEDIUM: h2: process streams pending for sending
- MINOR: h2: send a real SETTINGS frame based on the configuration
- MEDIUM: h2: detect the presence of the first settings frame
- MINOR: h2: create a stream parser for the demuxer
- MINOR: h2: implement PING frames
- MEDIUM: h2: decode SETTINGS frames and extract relevant settings
- MINOR: h2: lookup the stream during demuxing
- MEDIUM: h2: honor WINDOW_UPDATE frames
- MINOR: h2: implement h2_send_rst_stream() to send RST_STREAM frames
- MINOR: h2: handle CONTINUATION frames
- MEDIUM: h2: partial implementation of h2_detach()
- MEDIUM: h2: unblock a connection when its current stream detaches
- MEDIUM: h2: basic processing of HEADERS frame
- MEDIUM: h2: don't use trash to decode headers!
- MEDIUM: h2: implement the response HEADERS frame to encode the H1 response
- MEDIUM: h2: send the H1 response body as DATA frames
- MEDIUM: h2: skip the response trailers if any
- MEDIUM: h2: properly continue to parse header block when facing a 1xx response
- MEDIUM: h2: send WINDOW_UPDATE frames for connection
- MEDIUM: h2: handle request body in DATA frames
- MINOR: h2: handle RST_STREAM frames
- MEDIUM: h2: send DATA+ES or RST_STREAM on shutw/shutr
- MINOR: h2: use a common function to signal some and all streams.
- MEDIUM: h2: handle GOAWAY frames
- MINOR: h2: centralize the check for the idle streams
- MINOR: h2: centralize the check for the half-closed(remote) streams
- MEDIUM: h2: silently ignore frames higher than last_id after GOAWAY
- MINOR: h2: properly reject PUSH_PROMISE frames coming from the client
- MEDIUM: h2: perform a graceful shutdown on "Connection: close"
- MEDIUM: h2: send a GOAWAY frame when dealing with an empty response
- MEDIUM: h2: apply a timeout to h2 connections
- BUG/MEDIUM: h2: fix incorrect timeout handling on the connection
- MEDIUM: shctx: forbid shctx to read more than expected
- MEDIUM: cache: configuration parsing and initialization
- MEDIUM: cache: store objects in cache
- MEDIUM: cache: deliver objects from cache
329 lines
15 KiB
Plaintext
329 lines
15 KiB
Plaintext
----------------------
|
||
HAProxy how-to
|
||
----------------------
|
||
version 1.8
|
||
willy tarreau
|
||
2017/10/31
|
||
|
||
|
||
1) How to build it
|
||
------------------
|
||
|
||
This is a development version, so it is expected to break from time to time,
|
||
to add and remove features without prior notification and it should not be used
|
||
in production. If you are not used to build from sources or if you are not used
|
||
to follow updates then it is recommended that instead you use the packages provided
|
||
by your software vendor or Linux distribution. Most of them are taking this task
|
||
seriously and are doing a good job at backporting important fixes. If for any
|
||
reason you'd prefer a different version than the one packaged for your system,
|
||
you want to be certain to have all the fixes or to get some commercial support,
|
||
other choices are available at :
|
||
|
||
http://www.haproxy.com/
|
||
|
||
To build haproxy, you will need :
|
||
- GNU make. Neither Solaris nor OpenBSD's make work with the GNU Makefile.
|
||
If you get many syntax errors when running "make", you may want to retry
|
||
with "gmake" which is the name commonly used for GNU make on BSD systems.
|
||
- GCC between 2.95 and 4.8. Others may work, but not tested.
|
||
- GNU ld
|
||
|
||
Also, you might want to build with libpcre support, which will provide a very
|
||
efficient regex implementation and will also fix some badness on Solaris' one.
|
||
|
||
To build haproxy, you have to choose your target OS amongst the following ones
|
||
and assign it to the TARGET variable :
|
||
|
||
- linux22 for Linux 2.2
|
||
- linux24 for Linux 2.4 and above (default)
|
||
- linux24e for Linux 2.4 with support for a working epoll (> 0.21)
|
||
- linux26 for Linux 2.6 and above
|
||
- linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy)
|
||
- solaris for Solaris 8 or 10 (others untested)
|
||
- freebsd for FreeBSD 5 to 10 (others untested)
|
||
- netbsd for NetBSD
|
||
- osx for Mac OS/X
|
||
- openbsd for OpenBSD 5.7 and above
|
||
- aix51 for AIX 5.1
|
||
- aix52 for AIX 5.2
|
||
- cygwin for Cygwin
|
||
- haiku for Haiku
|
||
- generic for any other OS or version.
|
||
- custom to manually adjust every setting
|
||
|
||
You may also choose your CPU to benefit from some optimizations. This is
|
||
particularly important on UltraSparc machines. For this, you can assign
|
||
one of the following choices to the CPU variable :
|
||
|
||
- i686 for intel PentiumPro, Pentium 2 and above, AMD Athlon
|
||
- i586 for intel Pentium, AMD K6, VIA C3.
|
||
- ultrasparc : Sun UltraSparc I/II/III/IV processor
|
||
- native : use the build machine's specific processor optimizations. Use with
|
||
extreme care, and never in virtualized environments (known to break).
|
||
- generic : any other processor or no CPU-specific optimization. (default)
|
||
|
||
Alternatively, you may just set the CPU_CFLAGS value to the optimal GCC options
|
||
for your platform.
|
||
|
||
You may want to build specific target binaries which do not match your native
|
||
compiler's target. This is particularly true on 64-bit systems when you want
|
||
to build a 32-bit binary. Use the ARCH variable for this purpose. Right now
|
||
it only knows about a few x86 variants (i386,i486,i586,i686,x86_64), two
|
||
generic ones (32,64) and sets -m32/-m64 as well as -march=<arch> accordingly.
|
||
|
||
If your system supports PCRE (Perl Compatible Regular Expressions), then you
|
||
really should build with libpcre which is between 2 and 10 times faster than
|
||
other libc implementations. Regex are used for header processing (deletion,
|
||
rewriting, allow, deny). The only inconvenient of libpcre is that it is not
|
||
yet widely spread, so if you build for other systems, you might get into
|
||
trouble if they don't have the dynamic library. In this situation, you should
|
||
statically link libpcre into haproxy so that it will not be necessary to
|
||
install it on target systems. Available build options for PCRE are :
|
||
|
||
- USE_PCRE=1 to use libpcre, in whatever form is available on your system
|
||
(shared or static)
|
||
|
||
- USE_STATIC_PCRE=1 to use a static version of libpcre even if the dynamic
|
||
one is available. This will enhance portability.
|
||
|
||
- with no option, use your OS libc's standard regex implementation (default).
|
||
Warning! group references on Solaris seem broken. Use static-pcre whenever
|
||
possible.
|
||
|
||
If your system doesn't provide PCRE, you are encouraged to download it from
|
||
http://www.pcre.org/ and build it yourself, it's fast and easy.
|
||
|
||
Recent systems can resolve IPv6 host names using getaddrinfo(). This primitive
|
||
is not present in all libcs and does not work in all of them either. Support in
|
||
glibc was broken before 2.3. Some embedded libs may not properly work either,
|
||
thus, support is disabled by default, meaning that some host names which only
|
||
resolve as IPv6 addresses will not resolve and configs might emit an error
|
||
during parsing. If you know that your OS libc has reliable support for
|
||
getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command line to enable
|
||
it. This is the recommended option for most Linux distro packagers since it's
|
||
working fine on all recent mainstream distros. It is automatically enabled on
|
||
Solaris 8 and above, as it's known to work.
|
||
|
||
It is possible to add native support for SSL using the GNU makefile, by passing
|
||
"USE_OPENSSL=1" on the make command line. The libssl and libcrypto will
|
||
automatically be linked with haproxy. Some systems also require libz, so if the
|
||
build fails due to missing symbols such as deflateInit(), then try again with
|
||
"ADDLIB=-lz".
|
||
|
||
Your are strongly encouraged to always use an up-to-date version of OpenSSL, as
|
||
found on https://www.openssl.org/ as vulnerabilities are occasionally found and
|
||
you don't want them on your systems. HAProxy is known to build correctly on all
|
||
currently supported branches (0.9.8, 1.0.0, 1.0.1, 1.0.2 and 1.1.0 at the time
|
||
of writing). Branch 1.0.2 is currently recommended for the best combination of
|
||
features and stability. Asynchronous engines require OpenSSL 1.1.0 though. It's
|
||
worth mentionning that some OpenSSL derivatives are also reported to work but
|
||
may occasionally break. Patches to fix them are welcome but please read the
|
||
CONTRIBUTING file first.
|
||
|
||
To link OpenSSL statically against haproxy, build OpenSSL with the no-shared
|
||
keyword and install it to a local directory, so your system is not affected :
|
||
|
||
$ export STATICLIBSSL=/tmp/staticlibssl
|
||
$ ./config --prefix=$STATICLIBSSL no-shared
|
||
$ make && make install_sw
|
||
|
||
When building haproxy, pass that path via SSL_INC and SSL_LIB to make and
|
||
include additional libs with ADDLIB if needed (in this case for example libdl):
|
||
|
||
$ make TARGET=linux26 USE_OPENSSL=1 SSL_INC=$STATICLIBSSL/include SSL_LIB=$STATICLIBSSL/lib ADDLIB=-ldl
|
||
|
||
It is also possible to include native support for zlib to benefit from HTTP
|
||
compression. For this, pass "USE_ZLIB=1" on the "make" command line and ensure
|
||
that zlib is present on the system. Alternatively it is possible to use libslz
|
||
for a faster, memory less, but slightly less efficient compression, by passing
|
||
"USE_SLZ=1".
|
||
|
||
Zlib is commonly found on most systems, otherwise updates can be retrieved from
|
||
http://www.zlib.net/. It is easy and fast to build. Libslz can be downloaded
|
||
from http://1wt.eu/projects/libslz/ and is even easier to build.
|
||
|
||
By default, the DEBUG variable is set to '-g' to enable debug symbols. It is
|
||
not wise to disable it on uncommon systems, because it's often the only way to
|
||
get a complete core when you need one. Otherwise, you can set DEBUG to '-s' to
|
||
strip the binary.
|
||
|
||
For example, I use this to build for Solaris 8 :
|
||
|
||
$ make TARGET=solaris CPU=ultrasparc USE_STATIC_PCRE=1
|
||
|
||
And I build it this way on OpenBSD or FreeBSD :
|
||
|
||
$ gmake TARGET=freebsd USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
|
||
|
||
And on a classic Linux with SSL and ZLIB support (eg: Red Hat 5.x) :
|
||
|
||
$ make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
|
||
|
||
And on a recent Linux >= 2.6.28 with SSL and ZLIB support :
|
||
|
||
$ make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
|
||
|
||
In order to build a 32-bit binary on an x86_64 Linux system with SSL support
|
||
without support for compression but when OpenSSL requires ZLIB anyway :
|
||
|
||
$ make TARGET=linux26 ARCH=i386 USE_OPENSSL=1 ADDLIB=-lz
|
||
|
||
The SSL stack supports session cache synchronization between all running
|
||
processes. This involves some atomic operations and synchronization operations
|
||
which come in multiple flavors depending on the system and architecture :
|
||
|
||
Atomic operations :
|
||
- internal assembler versions for x86/x86_64 architectures
|
||
|
||
- gcc builtins for other architectures. Some architectures might not
|
||
be fully supported or might require a more recent version of gcc.
|
||
If your architecture is not supported, you willy have to either use
|
||
pthread if supported, or to disable the shared cache.
|
||
|
||
- pthread (posix threads). Pthreads are very common but inter-process
|
||
support is not that common, and some older operating systems did not
|
||
report an error when enabling multi-process mode, so they used to
|
||
silently fail, possibly causing crashes. Linux's implementation is
|
||
fine. OpenBSD doesn't support them and doesn't build. FreeBSD 9 builds
|
||
and reports an error at runtime, while certain older versions might
|
||
silently fail. Pthreads are enabled using USE_PTHREAD_PSHARED=1.
|
||
|
||
Synchronization operations :
|
||
- internal spinlock : this mode is OS-independant, light but will not
|
||
scale well to many processes. However, accesses to the session cache
|
||
are rare enough that this mode could certainly always be used. This
|
||
is the default mode.
|
||
|
||
- Futexes, which are Linux-specific highly scalable light weight mutexes
|
||
implemented in user-space with some limited assistance from the kernel.
|
||
This is the default on Linux 2.6 and above and is enabled by passing
|
||
USE_FUTEX=1
|
||
|
||
- pthread (posix threads). See above.
|
||
|
||
If none of these mechanisms is supported by your platform, you may need to
|
||
build with USE_PRIVATE_CACHE=1 to totally disable SSL cache sharing. Then
|
||
it is better not to run SSL on multiple processes.
|
||
|
||
If you need to pass other defines, includes, libraries, etc... then please
|
||
check the Makefile to see which ones will be available in your case, and
|
||
use the USE_* variables in the Makefile.
|
||
|
||
AIX 5.3 is known to work with the generic target. However, for the binary to
|
||
also run on 5.2 or earlier, you need to build with DEFINE="-D_MSGQSUPPORT",
|
||
otherwise __fd_select() will be used while not being present in the libc, but
|
||
this is easily addressed using the "aix52" target. If you get build errors
|
||
because of strange symbols or section mismatches, simply remove -g from
|
||
DEBUG_CFLAGS.
|
||
|
||
You can easily define your own target with the GNU Makefile. Unknown targets
|
||
are processed with no default option except USE_POLL=default. So you can very
|
||
well use that property to define your own set of options. USE_POLL can even be
|
||
disabled by setting USE_POLL="". For example :
|
||
|
||
$ gmake TARGET=tiny USE_POLL="" TARGET_CFLAGS=-fomit-frame-pointer
|
||
|
||
|
||
1.1) Device Detection
|
||
---------------------
|
||
|
||
HAProxy supports several device detection modules relying on third party
|
||
products. Some of them may provide free code, others free libs, others free
|
||
evaluation licenses. Please read about their respective details in the
|
||
following files :
|
||
|
||
doc/DeviceAtlas-device-detection.txt for DeviceAtlas
|
||
doc/51Degrees-device-detection.txt for 51Degrees
|
||
doc/WURFL-device-detection.txt for Scientiamobile WURFL
|
||
|
||
|
||
2) How to install it
|
||
--------------------
|
||
|
||
To install haproxy, you can either copy the single resulting binary to the
|
||
place you want, or run :
|
||
|
||
$ sudo make install
|
||
|
||
If you're packaging it for another system, you can specify its root directory
|
||
in the usual DESTDIR variable.
|
||
|
||
|
||
3) How to set it up
|
||
-------------------
|
||
|
||
There is some documentation in the doc/ directory :
|
||
|
||
- intro.txt : this is an introduction to haproxy, it explains what it is
|
||
what it is not. Useful for beginners or to re-discover it when planning
|
||
for an upgrade.
|
||
|
||
- architecture.txt : this is the architecture manual. It is quite old and
|
||
does not tell about the nice new features, but it's still a good starting
|
||
point when you know what you want but don't know how to do it.
|
||
|
||
- configuration.txt : this is the configuration manual. It recalls a few
|
||
essential HTTP basic concepts, and details all the configuration file
|
||
syntax (keywords, units). It also describes the log and stats format. It
|
||
is normally always up to date. If you see that something is missing from
|
||
it, please report it as this is a bug. Please note that this file is
|
||
huge and that it's generally more convenient to review Cyril Bont<6E>'s
|
||
HTML translation online here :
|
||
|
||
http://cbonte.github.io/haproxy-dconv/configuration-1.6.html
|
||
|
||
- management.txt : it explains how to start haproxy, how to manage it at
|
||
runtime, how to manage it on multiple nodes, how to proceed with seamless
|
||
upgrades.
|
||
|
||
- gpl.txt / lgpl.txt : the copy of the licenses covering the software. See
|
||
the 'LICENSE' file at the top for more information.
|
||
|
||
- the rest is mainly for developers.
|
||
|
||
There are also a number of nice configuration examples in the "examples"
|
||
directory as well as on several sites and articles on the net which are linked
|
||
to from the haproxy web site.
|
||
|
||
|
||
4) How to report a bug
|
||
----------------------
|
||
|
||
It is possible that from time to time you'll find a bug. A bug is a case where
|
||
what you see is not what is documented. Otherwise it can be a misdesign. If you
|
||
find that something is stupidly design, please discuss it on the list (see the
|
||
"how to contribute" section below). If you feel like you're proceeding right
|
||
and haproxy doesn't obey, then first ask yourself if it is possible that nobody
|
||
before you has even encountered this issue. If it's unlikely, the you probably
|
||
have an issue in your setup. Just in case of doubt, please consult the mailing
|
||
list archives :
|
||
|
||
http://marc.info/?l=haproxy
|
||
|
||
Otherwise, please try to gather the maximum amount of information to help
|
||
reproduce the issue and send that to the mailing list :
|
||
|
||
haproxy@formilux.org
|
||
|
||
Please include your configuration and logs. You can mask your IP addresses and
|
||
passwords, we don't need them. But it's essential that you post your config if
|
||
you want people to guess what is happening.
|
||
|
||
Also, keep in mind that haproxy is designed to NEVER CRASH. If you see it die
|
||
without any reason, then it definitely is a critical bug that must be reported
|
||
and urgently fixed. It has happened a couple of times in the past, essentially
|
||
on development versions running on new architectures. If you think your setup
|
||
is fairly common, then it is possible that the issue is totally unrelated.
|
||
Anyway, if that happens, feel free to contact me directly, as I will give you
|
||
instructions on how to collect a usable core file, and will probably ask for
|
||
other captures that you'll not want to share with the list.
|
||
|
||
|
||
5) How to contribute
|
||
--------------------
|
||
|
||
Please carefully read the CONTRIBUTING file that comes with the sources. It is
|
||
mandatory.
|
||
|
||
-- end
|