MEDIUM: proxy: Set http-reuse safe as default.

Change the default for http-reuse from "never" to "safe", as it has been
the recommended setting for a few versions now and backend H2 makes little
sense without it.

Some warnings were removed from the config parser since it can dynamically
be disabled depending on the server's configuration, so there's no need to
disable it on a whole backend just for one server.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 9ff6755b334bac076f98e844ffbd02068b891963..9fca4bd18edd3d207d82a406b69fe98d2de34d53 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -4928,32 +4928,31 @@ http-reuse { never | safe | aggressive | always }
                                yes    |    no    |   yes  |   yes
 
   By default, a connection established between haproxy and the backend server
-  belongs to the session that initiated it. The downside is that between the
-  response and the next request, the connection remains idle and is not used.
-  In many cases for performance reasons it is desirable to make it possible to
-  reuse these idle connections to serve other requests from different sessions.
-  This directive allows to tune this behavior.
+  which is considered safe for reuse is moved back to the server's idle
+  connections pool so that any other request can make use of it. This is the
+  "safe" strategy below.
 
   The argument indicates the desired connection reuse strategy :
 
-    - "never"  : idle connections are never shared between sessions. This is
-                 the default choice. It may be enforced to cancel a different
-                 strategy inherited from a defaults section or for
-                 troubleshooting. For example, if an old bogus application
-                 considers that multiple requests over the same connection come
-                 from the same client and it is not possible to fix the
-                 application, it may be desirable to disable connection sharing
-                 in a single backend. An example of such an application could
-                 be an old haproxy using cookie insertion in tunnel mode and
-                 not checking any request past the first one.
-
-    - "safe"   : this is the recommended strategy. The first request of a
-                 session is always sent over its own connection, and only
-                 subsequent requests may be dispatched over other existing
-                 connections. This ensures that in case the server closes the
-                 connection when the request is being sent, the browser can
-                 decide to silently retry it. Since it is exactly equivalent to
-                 regular keep-alive, there should be no side effects.
+    - "never"  : idle connections are never shared between sessions. This mode
+                 may be enforced to cancel a different strategy inherited from
+                 a defaults section or for troubleshooting. For example, if an
+                 old bogus application considers that multiple requests over
+                 the same connection come from the same client and it is not
+                 possible to fix the application, it may be desirable to
+                 disable connection sharing in a single backend. An example of
+                 such an application could be an old haproxy using cookie
+                 insertion in tunnel mode and not checking any request past the
+                 first one.
+
+    - "safe"   : this is the default and the recommended strategy. The first
+                 request of a session is always sent over its own connection,
+                 and only subsequent requests may be dispatched over other
+                 existing connections. This ensures that in case the server
+                 closes the connection when the request is being sent, the
+                 browser can decide to silently retry it. Since it is exactly
+                 equivalent to regular keep-alive, there should be no side
+                 effects.
 
     - "aggressive" : this mode may be useful in webservices environments where
                  all servers are not necessarily known and where it would be

diff --git a/src/cfgparse.c b/src/cfgparse.c
index c4db29c1558f0276d2f2aa138b06ca8f78fd47b1..ed09a4e64bb0ebf359c97b3a358ce270f11fa2fe 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -454,6 +454,7 @@ void init_default_instance()
        defproxy.conn_retries = CONN_RETRIES;
        defproxy.redispatch_after = 0;
        defproxy.lbprm.chash.balance_factor = 0;
+       defproxy.options = PR_O_REUSE_SAFE;
 
        defproxy.defsrv.check.inter = DEF_CHKINTR;
        defproxy.defsrv.check.fastinter = 0;
@@ -3206,24 +3207,6 @@ out_uri_auth_compat:
                        if ((curproxy->mode != PR_MODE_HTTP) && (curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR)
                                curproxy->options &= ~PR_O_REUSE_MASK;
 
-                       if ((curproxy->options & PR_O_REUSE_MASK) != PR_O_REUSE_NEVR) {
-                               if ((curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
-                                   (curproxy->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP ||
-                                   (newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CLI ||
-                                   (newsrv->conn_src.opts & CO_SRC_TPROXY_MASK) == CO_SRC_TPROXY_CIP) {
-                                       ha_warning("config : %s '%s' : connections to server '%s' use the client's IP address as the source while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'usesrc' and to use the 'forwardfor' option instead.\n",
-                                                  proxy_type_str(curproxy), curproxy->id, newsrv->id);
-                                       err_code |= ERR_WARN;
-                               }
-
-
-                               if (newsrv->pp_opts & (SRV_PP_V1|SRV_PP_V2)) {
-                                       ha_warning("config : %s '%s' : connections to server '%s' will have a PROXY protocol header announcing the first client's IP address while http-reuse is enabled and allows the same connection to be shared between multiple clients. It is strongly advised to disable 'send-proxy' and to use the 'forwardfor' option instead.\n",
-                                                  proxy_type_str(curproxy), curproxy->id, newsrv->id);
-                                       err_code |= ERR_WARN;
-                               }
-                       }
-
                        newsrv = newsrv->next;
                }