From: Willy Tarreau Date: Tue, 12 Jan 2010 09:42:19 +0000 (+0100) Subject: [DOC] remove several trailing spaces X-Git-Tag: v1.4-dev7~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d72758ded19b3d9e2f8327efb434eaa7980f192d;p=thirdparty%2Fhaproxy.git [DOC] remove several trailing spaces --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 637c2b84e8..2f16e49ad5 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -156,7 +156,7 @@ with cookie insertion. First, let's consider this HTTP request : Line Contents - number + number 1 GET /serv/login.php?lang=en&profile=2 HTTP/1.1 2 Host: www.mydomain.com 3 User-agent: my small browser @@ -202,7 +202,7 @@ The URI itself can have several forms : - a star ('*') : this form is only accepted in association with the OPTIONS method and is not relayable. It is used to inquiry a next hop's capabilities. - + - an address:port combination : 192.168.0.12:80 This is used with the CONNECT method, which is used to establish TCP tunnels through HTTP proxies, generally for HTTPS, but sometimes for @@ -254,7 +254,7 @@ An HTTP response looks very much like an HTTP request. Both are called HTTP messages. Let's consider this HTTP response : Line Contents - number + number 1 HTTP/1.1 200 OK 2 Content-length: 350 3 Content-Type: text/html @@ -288,7 +288,7 @@ The status code is always 3-digit. The first digit indicates a general status : - 5xx = error caused by the server (eg: 500, 502, 503) Please refer to RFC2616 for the detailed meaning of all such codes. The -"reason" field is just a hint, but is not parsed by clients. Anything can be +"reason" field is just a hint, but is not parsed by clients. Anything can be found there, but it's a common practice to respect the well-established messages. It can be composed of one or multiple words, such as "OK", "Found", or "Authentication Required". @@ -385,7 +385,7 @@ The following keywords are supported in the "global" section : - stats - node - description - + * Performance tuning - maxconn - maxpipes @@ -399,7 +399,7 @@ The following keywords are supported in the "global" section : - tune.maxaccept - tune.maxpollevents - tune.maxrewrite - + * Debugging - debug - quiet @@ -415,7 +415,7 @@ chroot attacker to exploit the system. This only works when the process is started with superuser privileges. It is important to ensure that is both empty and unwritable to anyone. - + daemon Makes the process fork into background. This is the recommended mode of operation. It is equivalent to the command line "-D" argument. It can be @@ -426,11 +426,11 @@ gid ID is dedicated to HAProxy or to a small set of similar daemons. HAProxy must be started with a user belonging to this group, or with superuser privileges. See also "group" and "uid". - + group Similar to "gid" but uses the GID of group name from /etc/group. See also "gid" and "user". - + log
[max level [min level]] Adds a global syslog server. Up to two global servers can be defined. They will receive logs for startups and exits, as well as all logs from proxies @@ -711,12 +711,12 @@ specified in a previous "defaults" section. keyword defaults frontend listen backend ----------------------+----------+----------+---------+--------- -acl - X X X -appsession - - X X +acl - X X X +appsession - - X X backlog X X X - -balance X - X X -bind - X X - -bind-process X X X X +balance X - X X +bind - X X - +bind-process X X X X block - X X X capture cookie - X X - capture request header - X X - @@ -1486,7 +1486,7 @@ contimeout If the server is located on the same LAN as haproxy, the connection should be immediate (less than a few milliseconds). Anyway, it is a good practice to - cover one or several TCP packet losses by specifying timeouts that are + cover one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (eg: 4 or 5 seconds). By default, the connect timeout also presets the queue timeout to the same value if this one has not been specified. Historically, the contimeout was also used to set the @@ -2141,7 +2141,7 @@ no option abortonclose the response. However, this introduces risks of congestion when lots of users do the same, and is completely useless nowadays because probably no client at all will close the session while waiting for the response. Some HTTP agents - support this behaviour (Squid, Apache, HAProxy), and others do not (TUX, most + support this behaviour (Squid, Apache, HAProxy), and others do not (TUX, most hardware-based load balancers). So the probability for a closed input channel to represent a user hitting the "STOP" button is close to 100%, and the risk of being the single component to break rare but valid traffic is extremely @@ -2156,7 +2156,7 @@ no option abortonclose during the connection establishment if the server has not yet acknowledged the connection request. This considerably reduces the queue size and the load on saturated servers when users are tempted to click on STOP, which in turn - reduces the response time for other users. + reduces the response time for other users. If this option has been enabled in a "defaults" section, it can be disabled in a specific instance by prepending the "no" keyword before it. @@ -2434,7 +2434,7 @@ option forwardfor [ except ] [ header ] is an optional argument used to disable this option for sources matching an optional argument to specify a different "X-Forwarded-For" - header name. + header name. Since HAProxy works in reverse-proxy mode, the servers see its IP address as their client address. This is sometimes annoying when the client's IP address @@ -2447,10 +2447,10 @@ option forwardfor [ except ] [ header ] that only the last occurrence of the header must be used, since it is really possible that the client has already brought one. - The keyword "header" may be used to supply a different header name to replace + The keyword "header" may be used to supply a different header name to replace the default "X-Forwarded-For". This can be useful where you might already - have a "X-Forwarded-For" header from a different application (eg: stunnel), - and you need preserve it. Also if your backend server doesn't use the + have a "X-Forwarded-For" header from a different application (eg: stunnel), + and you need preserve it. Also if your backend server doesn't use the "X-Forwarded-For" header and requires different one (eg: Zeus Web Servers require "X-Cluster-Client-IP"). @@ -2928,7 +2928,7 @@ no option redispatch It also allows to retry last connection to another server in case of multiple connection failures. Of course, it requires having "retries" set to a nonzero value. - + This form is the preferred form, which replaces both the "redispatch" and "redisp" keywords. @@ -2943,7 +2943,7 @@ option smtpchk Use SMTP health checks for server testing May be used in sections : defaults | frontend | listen | backend yes | no | yes | yes - Arguments : + Arguments : is an optional argument. It is the "hello" command to use. It can be either "HELO" (for SMTP) or "EHLO" (for ESTMP). All other values will be turned into the default command ("HELO"). @@ -3442,7 +3442,7 @@ redispatch (deprecated) It also allows to retry last connection to another server in case of multiple connection failures. Of course, it requires having "retries" set to a nonzero value. - + This form is deprecated, do not use it in any new configuration, use the new "option redispatch" instead. @@ -3486,7 +3486,7 @@ reqiallow (ignore case) will mark the request as allowed, even if any later test would result in a deny. The test applies both to the request line and to request headers. Keep in mind that URLs in request line are case-sensitive while - header names are not. + header names are not. It is easier, faster and more powerful to use ACLs to write access policies. Reqdeny, reqallow and reqpass should be avoided in new designs. @@ -3549,11 +3549,11 @@ reqideny (ignore case) will mark the request as denied, even if any later test would result in an allow. The test applies both to the request line and to request headers. Keep in mind that URLs in request line are case-sensitive while - header names are not. + header names are not. A denied request will generate an "HTTP 403 forbidden" response once the complete request has been parsed. This is consistent with what is practiced - using ACLs. + using ACLs. It is easier, faster and more powerful to use ACLs to write access policies. Reqdeny, reqallow and reqpass should be avoided in new designs. @@ -3982,7 +3982,7 @@ srvtimeout (deprecated) order to avoid complex situations to debug. Whatever the expected server response times, it is a good practice to cover at least one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 - seconds (eg: 4 or 5 seconds minimum). + seconds (eg: 4 or 5 seconds minimum). This parameter is specific to backends, but can be specified once for all in "defaults" sections. This is in fact one of the easiest solutions not to @@ -4459,7 +4459,7 @@ tcp-request inspect-delay For most protocols, it is enough to set it to a few seconds, as most clients send the full request immediately upon connection. Add 3 or more seconds to cover TCP retransmits but that's all. For some protocols, it may make sense - to use large values, for instance to ensure that the client never talks + to use large values, for instance to ensure that the client never talks before the server (eg: SMTP), or to wait for a client to talk before passing data to the server (eg: SSL). Note that the client timeout must cover at least the inspection delay, otherwise it will expire first. @@ -4549,7 +4549,7 @@ timeout contimeout (deprecated) If the server is located on the same LAN as haproxy, the connection should be immediate (less than a few milliseconds). Anyway, it is a good practice to - cover one or several TCP packet losses by specifying timeouts that are + cover one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 seconds (eg: 4 or 5 seconds). By default, the connect timeout also presets both queue and tarpit timeouts to the same value if these have not been specified. @@ -4695,7 +4695,7 @@ timeout srvtimeout (deprecated) order to avoid complex situations to debug. Whatever the expected server response times, it is a good practice to cover at least one or several TCP packet losses by specifying timeouts that are slightly above multiples of 3 - seconds (eg: 4 or 5 seconds minimum). + seconds (eg: 4 or 5 seconds minimum). This parameter is specific to backends, but can be specified once for all in "defaults" sections. This is in fact one of the easiest solutions not to @@ -4728,7 +4728,7 @@ timeout tarpit unit if the number is suffixed by the unit, as specified at the top of this document. If unspecified, the same value as the backend's connection timeout ("timeout connect") is used, for backwards compatibility with older versions - with no "timeout tapit" parameter. + with no "timeout tapit" parameter. See also : "timeout connect", "contimeout". @@ -4792,7 +4792,7 @@ use_backend unless must decode several protocols on a unique port, one of them being HTTP. See also: "default_backend", "tcp-request", and section 7 about ACLs. - + 5. Server and default-server options ----------------- @@ -4896,7 +4896,7 @@ downinter ---------------------------------+----------------------------------------- DOWN 100% (non-transitional) | "downinter" if set, "inter" otherwise. ---------------------------------+----------------------------------------- - + Just as with every other time-based parameter, they can be entered in any other explicit unit among { us, ms, s, m, h, d }. The "inter" parameter also serves as a timeout for health checks sent to servers if "timeout check" is @@ -5171,7 +5171,7 @@ Notes related to these keywords : - req* statements are applied after "block" statements, so that "block" is always the first one, but before "use_backend" in order to permit rewriting - before switching. + before switching. 7. Using ACLs @@ -5428,7 +5428,7 @@ fe_sess_rate(frontend) tcp-request inspect-delay 100ms tcp-request content accept if ! too_fast tcp-request content accept if WAIT_END - + be_sess_rate be_sess_rate(backend) Returns true when the sessions creation rate on the backend matches the @@ -5614,7 +5614,7 @@ url_port "http_proxy". Note that if the port is not specified in the request, port 80 is assumed. -hdr +hdr hdr(header) Note: all the "hdr*" matching criteria either apply to all headers, or to a particular header whose name is passed between parenthesis and without any @@ -6079,7 +6079,7 @@ with a star ('*') after the field name below. >>> Feb 6 12:14:14 localhost \ haproxy[14389]: 10.0.1.2:33317 [06/Feb/2009:12:14:14.655] http-in \ static/srv1 10/0/30/69/109 200 2750 - - ---- 1/1/1/1/0 0/0 {1wt.eu} \ - {} "GET /index.html HTTP/1.1" + {} "GET /index.html HTTP/1.1" Field Format Extract from the example above 1 process_name '[' pid ']:' haproxy[14389]: @@ -6098,7 +6098,7 @@ with a star ('*') after the field name below. 14 '{' captured_request_headers* '}' {haproxy.1wt.eu} 15 '{' captured_response_headers* '}' {} 16 '"' http_request '"' "GET /index.html HTTP/1.1" - + Detailed fields description : - "client_ip" is the IP address of the client which initiated the TCP @@ -6622,7 +6622,7 @@ easier finding and understanding. by network routing issues between the client and haproxy, or by a keep-alive session between the server and the client terminated first by the client. - + cD The client did not send nor acknowledge any data for as long as the "timeout client" delay. This is often caused by network failures on the client side, or the client simply leaving the net uncleanly. @@ -6844,14 +6844,14 @@ in the logs. haproxy[2022]: 127.0.0.1:34020 [09/Aug/2004:20:30:46] proxy-out \ proxy-out/cache1 0/0/0/182/+182 200 +279 - - ---- 0/0/0/0/0 0/0 \ {w.ods.org||} {Formilux/0.1.8|3495|||} \ - "GET http://trafic.1wt.eu/ HTTP/1.1" + "GET http://trafic.1wt.eu/ HTTP/1.1" >>> Aug 9 20:30:46 localhost \ haproxy[2022]: 127.0.0.1:34028 [09/Aug/2004:20:30:46] proxy-out \ proxy-out/cache1 0/0/2/126/+128 301 +223 - - ---- 0/0/0/0/0 0/0 \ {www.sytadin.equipement.gouv.fr||http://trafic.1wt.eu/} \ {Apache|230|||http://www.sytadin.} \ - "GET http://www.sytadin.equipement.gouv.fr/ HTTP/1.1" + "GET http://www.sytadin.equipement.gouv.fr/ HTTP/1.1" 8.9. Examples of logs @@ -6896,7 +6896,7 @@ reading. Their sole purpose is to explain how to decipher them. to return the 502 and not the server. >>> haproxy[18113]: 127.0.0.1:34548 [15/Oct/2003:15:18:55.798] px-http \ - px-http/ -1/-1/-1/-1/8490 -1 0 - - CR-- 2/2/2/0/0 0/0 "" + px-http/ -1/-1/-1/-1/8490 -1 0 - - CR-- 2/2/2/0/0 0/0 "" => the client never completed its request and aborted itself ("C---") after 8.5s, while the proxy was waiting for the request headers ("-R--"). @@ -6918,7 +6918,7 @@ reading. Their sole purpose is to explain how to decipher them. >>> haproxy[18989]: 10.0.0.1:34552 [15/Oct/2003:15:26:31.462] px-http \ px-http/srv1 3183/-1/-1/-1/11215 503 0 - - SC-- 205/202/202/115/3 \ - 0/0 "HEAD / HTTP/1.0" + 0/0 "HEAD / HTTP/1.0" => The request took 3s to complete (probably a network problem), and the connection to the server failed ('SC--') after 4 attempts of 2 seconds @@ -6991,12 +6991,12 @@ page. Both means provide a CSV format whose fields follow. (tcp rst) or "No route to host" (icmp) L6OK -> check passed on layer 6 L6TOUT -> layer 6 (SSL) timeout - L6RSP -> layer 6 invalid response - protocol error + L6RSP -> layer 6 invalid response - protocol error L7OK -> check passed on layer 7 L7OKC -> check conditionally passed on layer 7, for example 404 with disable-on-404 L7TOUT -> layer 7 (HTTP/SMTP) timeout - L7RSP -> layer 7 invalid response - protocol error + L7RSP -> layer 7 invalid response - protocol error L7STS -> layer 7 response error, for example HTTP 5xx 37. check_code: layer5-7 code, if available 38. check_duration: time in ms took to finish last health check