mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-02-01 19:13:36 +00:00
b63dbb7b2e
This one was deprecated in 2.3 and marked for removal in 2.5. It suffers too many limitations compared to threads, and prevents some improvements from being engaged. Instead of a bypassable startup error, there is now a hard error. The parsing code was removed, and very few obvious cases were as well. The code is deeply rooted at certain places (e.g. "for" loops iterating from 0 to nbproc) so it will not be that trivial to remove everywhere. The "bind" and "bind-process" parsers will have to be adjusted, though maybe not completely changed if we later want to support thread groups for large NUMA machines. Some stats socket restrictions were removed, and the doc was updated according to what was done. A few places in the doc still refer to nbproc and will have to be revisited. The master-worker code also refers to the process number to distinguish between master and workers and will have to be carefully adjusted. The MAX_PROCS macro was reset to 1, this will at least reduce the size of some remaining arrays. Two regtests were dependieng on this directive, one with an explicit "nbproc 1" and another one testing the master's CLI using nbproc 4. Both were adapted.
52 lines
1.2 KiB
INI
52 lines
1.2 KiB
INI
#
|
|
# demo config for Proxy mode
|
|
#
|
|
|
|
global
|
|
maxconn 20000
|
|
ulimit-n 16384
|
|
log 127.0.0.1 local0
|
|
uid 200
|
|
gid 200
|
|
chroot /var/empty
|
|
daemon
|
|
|
|
frontend test-proxy
|
|
bind 192.168.200.10:8080
|
|
mode http
|
|
log global
|
|
option httplog
|
|
option dontlognull
|
|
option nolinger
|
|
option http_proxy
|
|
maxconn 8000
|
|
timeout client 30s
|
|
|
|
# layer3: Valid users
|
|
acl allow_host src 192.168.200.150/32
|
|
http-request deny if !allow_host
|
|
|
|
# layer7: prevent private network relaying
|
|
acl forbidden_dst url_ip 192.168.0.0/24
|
|
acl forbidden_dst url_ip 172.16.0.0/12
|
|
acl forbidden_dst url_ip 10.0.0.0/8
|
|
http-request deny if forbidden_dst
|
|
|
|
default_backend test-proxy-srv
|
|
|
|
|
|
backend test-proxy-srv
|
|
mode http
|
|
timeout connect 5s
|
|
timeout server 5s
|
|
retries 2
|
|
option nolinger
|
|
option http_proxy
|
|
|
|
# layer7: Only GET method is valid
|
|
acl valid_method method GET
|
|
http-request deny if !valid_method
|
|
|
|
# layer7: protect bad reply
|
|
http-response deny if { res.hdr(content-type) audio/mp3 }
|