* released 1.1.7
* added option forwardfor
* added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel
* added "log global" in "listen" section.
* added a new "global" section :
- logs
- debug, quiet, daemon modes
- uid, gid, chroot, nbproc, maxconn
* added a TODO file
* updated example files
2005-12-17 12:02:59 +00:00
|
|
|
|
* x-forwarded-for
|
|
|
|
|
* impl<70>menter l'option "log global" au niveau proxy pour utiliser les logs
|
|
|
|
|
globaux.
|
|
|
|
|
* matching case-insensitive
|
2005-12-17 12:08:06 +00:00
|
|
|
|
* impl<70>menter outgoing addr
|
|
|
|
|
* loguer t_cnx, t_data, t_total
|
* released 1.1.7
* added option forwardfor
* added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel
* added "log global" in "listen" section.
* added a new "global" section :
- logs
- debug, quiet, daemon modes
- uid, gid, chroot, nbproc, maxconn
* added a TODO file
* updated example files
2005-12-17 12:02:59 +00:00
|
|
|
|
+ factoriser la fonction de log (send_log = send_syslog+warning+alert)
|
|
|
|
|
+ d<>sactivation du keep-alive (suppression des ^Connection: et ajout des Connection: close)
|
|
|
|
|
-> 4 lignes (2 del, 2 add) suffisent.
|
2005-12-17 12:08:06 +00:00
|
|
|
|
+ ne pas loguer certaines adresses IP sources
|
|
|
|
|
-> pour les health-checks uniquement -> pas de log pour les requ<71>tes
|
|
|
|
|
vides (option dontlognull)
|
* released 1.1.7
* added option forwardfor
* added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel
* added "log global" in "listen" section.
* added a new "global" section :
- logs
- debug, quiet, daemon modes
- uid, gid, chroot, nbproc, maxconn
* added a TODO file
* updated example files
2005-12-17 12:02:59 +00:00
|
|
|
|
- mesurer le tps consomm<6D> entre deux select, et fournir la conso CPU :
|
|
|
|
|
%cpu = 100 * (tpreselect(n+1)-tpostselect(n)) / (tpreselect(n+1)-tpreselect(n))
|
2005-12-18 00:34:05 +00:00
|
|
|
|
* impl<70>menter limitation fd dans la conf : setrlimit(RLIMIT_NOFILE, ...)
|
* released 1.1.7
* added option forwardfor
* added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel
* added "log global" in "listen" section.
* added a new "global" section :
- logs
- debug, quiet, daemon modes
- uid, gid, chroot, nbproc, maxconn
* added a TODO file
* updated example files
2005-12-17 12:02:59 +00:00
|
|
|
|
- impl<70>menter core/no-core dans la conf : setrlimit(RLIMIT_CORE, ...)
|
|
|
|
|
- optimiser les regex pour acc<63>l<EFBFBD>rer les matches :
|
|
|
|
|
- compter les matches
|
|
|
|
|
- si match(n) & ([n].cpt > [n-1].cpt) & ([n].action == [n-1].action), swap(n,n-1)
|
|
|
|
|
- r<>guli<6C>rement, diviser tous les compteurs (lors d'un d<>passement par exemple)
|
2005-12-17 12:14:35 +00:00
|
|
|
|
- filtrage sur l'adresse IP source, et stocker le pointeur sur la derni<6E>re regex
|
|
|
|
|
match<63>e dans la "session" pour acc<63>l<EFBFBD>rer les regex.
|
* released 1.1.7
* added option forwardfor
* added reqirep, reqidel, reqiallow, reqideny, rspirep, rspidel
* added "log global" in "listen" section.
* added a new "global" section :
- logs
- debug, quiet, daemon modes
- uid, gid, chroot, nbproc, maxconn
* added a TODO file
* updated example files
2005-12-17 12:02:59 +00:00
|
|
|
|
- gestion keep-alive
|
2005-12-17 12:14:35 +00:00
|
|
|
|
|
2005-12-17 12:32:07 +00:00
|
|
|
|
+ handle parametrable HTTP health-checks replies
|
2005-12-17 12:14:35 +00:00
|
|
|
|
- differentiate http headers and http uris
|
|
|
|
|
- support environment variables in config file
|
|
|
|
|
- support keep-alive
|
2005-12-17 12:49:52 +00:00
|
|
|
|
- support SSL
|
2005-12-17 13:02:24 +00:00
|
|
|
|
|
|
|
|
|
===================== demandes ==========================
|
|
|
|
|
ok> 1) <20>coute sur une plage de ports :
|
|
|
|
|
ok> listen XXX 1.2.3.4:21000-21060
|
|
|
|
|
ok>
|
|
|
|
|
ok> 2) <20>coutes multiples :
|
|
|
|
|
ok> listen XXX 1.2.3.4:21000
|
|
|
|
|
ok> bind 2.3.4.5:21001
|
|
|
|
|
ok> bind 2.3.4.5:21000-21060
|
|
|
|
|
ok>
|
|
|
|
|
ok> => on en arrive <20> ceci :
|
|
|
|
|
ok>
|
|
|
|
|
ok> listen XXX [ address:port ]
|
|
|
|
|
ok> bind addr:plage-port[,[addr:]plage-port]*
|
|
|
|
|
ok> bind ...
|
|
|
|
|
ok> ...
|
|
|
|
|
ok>
|
|
|
|
|
ok> => proxy->listen_fd et proxy->listen_addr doivent <20>tre
|
|
|
|
|
ok> mis dans des listes
|
|
|
|
|
ok> => OK pour listen, impl<70>menter le BIND.
|
|
|
|
|
ok>
|
|
|
|
|
ok> 3) reconnexion sur le m<>me port sur le serveur :
|
|
|
|
|
ok>
|
|
|
|
|
ok> server XXX 1.2.3.4[:port]
|
|
|
|
|
ok> si <port> n'est pas sp<73>cifi<66>, on utilise le m<>me port que celui qui a re<72>u
|
|
|
|
|
ok> la connexion. Dans ce cas, il faut pouvoir forcer le port du health-check
|
|
|
|
|
ok> par un nouveau parametre "port".
|
|
|
|
|
ok>
|
|
|
|
|
ok> => <20>a permet les forwardings de plages :
|
|
|
|
|
ok>
|
|
|
|
|
ok> listen XXX
|
|
|
|
|
ok> bind 1.2.3.4:10000-11000
|
|
|
|
|
ok> server 1.2.3.5
|
|
|
|
|
ok>
|
|
|
|
|
4) param<61>tres par d<>faut :
|
|
|
|
|
cr<63>er une section "defaults" qui pr<70>cise les param<61>tres par d<>faut pour les
|
|
|
|
|
sections suivantes, concernant les param<61>tres suivants :
|
|
|
|
|
ok- les logs
|
|
|
|
|
ok- les modes (tcp/http)
|
|
|
|
|
ok- le balancing (round-robin/source)
|
|
|
|
|
ok- les time-outs
|
|
|
|
|
ok- maxconn
|
|
|
|
|
ok- redisp
|
|
|
|
|
ok- les options
|
|
|
|
|
ok- le retry
|
|
|
|
|
ok- les checks
|
2005-12-17 13:08:03 +00:00
|
|
|
|
ok- les cookies/captures
|
2005-12-17 13:02:24 +00:00
|
|
|
|
- les options des serveurs ?
|
|
|
|
|
- les filtres et regex ?
|
|
|
|
|
|
2006-04-10 18:34:25 +00:00
|
|
|
|
* impl<70>menter "balance source" pour faire un hash sur la source.
|
2005-12-17 13:08:03 +00:00
|
|
|
|
permettre de sp<73>cifier un masque sur lequel s'applique le hachage,
|
|
|
|
|
ainsi qu'une option pour hacher en fonction de l'adresse dans le
|
2005-12-17 23:48:48 +00:00
|
|
|
|
champ "x-forwarded-for". Probl<62>me pour le support des pannes: ce
|
|
|
|
|
type de hash est utile l<> o<> la persistence par cookie ne peut pas
|
|
|
|
|
s'appliquer, donc comment faire pour assurer un maximum de persistence
|
|
|
|
|
en cas de panne ?
|
2005-12-17 13:02:24 +00:00
|
|
|
|
|
|
|
|
|
6) possibilit<69> d'un process s<>par<61> par listen :
|
|
|
|
|
listen XXX
|
|
|
|
|
fork [ group_id ]
|
|
|
|
|
|
2005-12-17 23:48:48 +00:00
|
|
|
|
le fait de sp<73>cifier group_id fera que toutes les instances utilisant le
|
|
|
|
|
m<>me identifiant de groupe seront g<>r<EFBFBD>es par un m<>me processus.
|
2005-12-17 13:02:24 +00:00
|
|
|
|
|
2005-12-17 13:08:03 +00:00
|
|
|
|
-> plus souple et plus compr<70>hensible de faire des sections par processus,
|
2005-12-17 23:48:48 +00:00
|
|
|
|
ce qui r<>soud <20>galement le cas ci-dessous. Ex:
|
|
|
|
|
process_group X
|
|
|
|
|
nbproc X
|
|
|
|
|
uid X
|
|
|
|
|
chroot X
|
|
|
|
|
listen ...
|
2005-12-17 13:08:03 +00:00
|
|
|
|
|
2005-12-17 13:02:24 +00:00
|
|
|
|
7) g<>rer un chroot/uid/gid diff<66>rents par process :
|
|
|
|
|
listen XXX
|
|
|
|
|
chroot /truc
|
|
|
|
|
uid 123
|
|
|
|
|
gid 456
|
|
|
|
|
|
|
|
|
|
8) beaucoup de param<61>tres pourraient <20>tre sp<73>cifiques aux serveurs et non
|
|
|
|
|
aux instances. Exemples :
|
2005-12-18 00:34:05 +00:00
|
|
|
|
* adresse IP source pour atteindre le serveur
|
|
|
|
|
- m<>thode de health-check (proto, ...)
|
|
|
|
|
* m<>thode de health-check (port)
|
2005-12-17 13:02:24 +00:00
|
|
|
|
- poids
|
|
|
|
|
- alerte en cas de disparition
|
|
|
|
|
- le nombre max de sessions <20> lui envoyer
|
|
|
|
|
|
2005-12-17 13:08:03 +00:00
|
|
|
|
ok> 9) ajouter des param<61>tres optionnels <20> l'option "httpchk" permettant
|
|
|
|
|
ok> de forcer la m<>thode, la version HTTP et des headers.
|
|
|
|
|
ok> ex: option httpchk -> OPTIONS / HTTP/1.0
|
|
|
|
|
ok> option httpchk /test -> OPTIONS /test HTTP/1.0
|
|
|
|
|
ok> option httpchk HEAD / HTTP/1.0\nHost:\ www -> tel quel
|
2005-12-17 23:48:48 +00:00
|
|
|
|
|
|
|
|
|
Todo for 1.1
|
|
|
|
|
============
|
|
|
|
|
* "no more server" alert
|
|
|
|
|
* config check
|
|
|
|
|
- anti-flapping
|
|
|
|
|
|
|
|
|
|
Todo for 1.2
|
|
|
|
|
============
|
|
|
|
|
- direct <server> <regex> <match>
|
|
|
|
|
- new config syntax allowing braces to be able to shorten lines
|
|
|
|
|
- insert/learn/check/log unique request ID, and add the ability
|
|
|
|
|
to block bad responses.
|
|
|
|
|
- IPv6 :
|
|
|
|
|
* listen [ip4.ip4.ip4.ip4]:port[-port]
|
|
|
|
|
* listen [ip6::...ip6]/port[-port]
|
|
|
|
|
- server xxx ipv4 | ipv4: | ipv4:port[-port] | ipv6/ | ipv6/port[-port]
|
2005-12-18 00:03:27 +00:00
|
|
|
|
* appcookie
|
2006-04-10 18:34:25 +00:00
|
|
|
|
* weighted round robin
|
2005-12-18 00:00:37 +00:00
|
|
|
|
- option to shutdown(listen_sock) when max connections reached
|
2005-12-18 00:09:15 +00:00
|
|
|
|
* epoll
|
2006-05-02 21:45:50 +00:00
|
|
|
|
- replace the event scheduler with an O(log(N)) one. The timer queue will
|
|
|
|
|
need a tree with a known end (to speed up queueing of latest events), and
|
|
|
|
|
no entry for eternity.
|
2005-12-18 00:13:11 +00:00
|
|
|
|
- refine memory management so that the request buffer is only allocated in
|
|
|
|
|
cli_read() and response buffer during srv_read(). This would protect against
|
|
|
|
|
attacks with thousands connections : 20000 connections consume 340 MB RSS and
|
|
|
|
|
1.3 GB VSZ on Linux. Data should be in a separate buffer to prevent any
|
|
|
|
|
activity on the buffer's pointers from touching the buffer page itself.
|
|
|
|
|
- make buffer size configurable in global options
|
2005-12-18 00:34:05 +00:00
|
|
|
|
* monitor number of simultaneous sessions in logs (per srv/inst/global)
|
2006-04-10 19:01:39 +00:00
|
|
|
|
* ignore leading empty lines in HTTP requests
|
2006-05-02 21:45:50 +00:00
|
|
|
|
+ limit the per-server number of sessions and queue incoming connections
|
|
|
|
|
=> still needs refinement (actions at servers UP/DOWN, timeouts)
|
|
|
|
|
- new 'timeout' keyword to set all timeouts (including the queue)
|
|
|
|
|
- ability to intercept an URI to report statistics
|
|
|
|
|
- ability to intercept an URI to return 404
|
|
|
|
|
- embedded error pages loaded in memory at startup time (eg: for expired time
|
|
|
|
|
in connection queue)
|
2005-12-18 00:34:05 +00:00
|
|
|
|
|