Permalink
Browse files

Update documentations with latest haproxy versions

  • Loading branch information...
1 parent e33226d commit f43c1c28c429e804c76cd43ef360277f8da443f4 @cbonte committed Aug 15, 2016
View
6 1.4/configuration.html
@@ -5,7 +5,7 @@
<title>HAProxy version 1.4.27 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -1398,7 +1398,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -10098,7 +10098,7 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.4.27', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
6 1.4/snapshot/configuration.html
@@ -5,7 +5,7 @@
<title>HAProxy version 1.4.27 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -1398,7 +1398,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -10098,7 +10098,7 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.4.27', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
6 1.5/configuration.html
@@ -5,7 +5,7 @@
<title>HAProxy version 1.5.18 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -2273,7 +2273,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -15900,7 +15900,7 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.5.18', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
6 1.5/snapshot/configuration.html
@@ -5,7 +5,7 @@
<title>HAProxy version 1.5.18-13 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -2277,7 +2277,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -15912,7 +15912,7 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.5.18-13', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
119 1.6/configuration.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.6.6 - Configuration Manual</title>
+ <title>HAProxy version 1.6.8 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -2459,7 +2459,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -2470,11 +2470,11 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Configuration Manual</h2>
- <p><strong>version 1.6.6</strong></p>
+ <p><strong>version 1.6.8</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../img/logo-med.png" /></a><br>
willy tarreau<br>
- 2016/06/26
+ 2016/08/14
</p>
</div>
@@ -7152,23 +7152,21 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
- server's weight is applied from previous running process unless it has
has changed between previous and new configuration files.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<div class="example-desc">Minimal configuration</div><code>global
+ stats socket /tmp/socket
+ server-state-file /tmp/server_state
-Example 1:
-
-Minimal configuration:
-
- global
- stats socket /tmp/socket
- server-state-file /tmp/server_state
-
- defaults
- load-server-state-from-file global
-
- backend bk
- server s1 127.0.0.1:22 check weight 11
- server s2 127.0.0.1:22 check weight 12
+defaults
+ load-server-state-from-file global
-Then one can run :
+backend bk
+ server s1 127.0.0.1:22 check weight 11
+ server s2 127.0.0.1:22 check weight 12
+</code></pre>
+</div><pre class="text">Then one can run :
socat /tmp/socket - &lt;&lt;&lt; &quot;show servers state&quot; &gt; /tmp/server_state
@@ -7178,23 +7176,21 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
# &lt;field names skipped for the doc example&gt;
1 bk 1 s1 127.0.0.1 2 0 11 11 4 6 3 4 6 0 0
1 bk 2 s2 127.0.0.1 2 0 12 12 4 6 3 4 6 0 0
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<div class="example-desc">Minimal configuration</div><code>global
+ stats socket /tmp/socket
+ server-state-base /etc/haproxy/states
-Example 2:
-
-Minimal configuration:
-
- global
- stats socket /tmp/socket
- server-state-base /etc/haproxy/states
-
- defaults
- load-server-state-from-file local
-
- backend bk
- server s1 127.0.0.1:22 check weight 11
- server s2 127.0.0.1:22 check weight 12
+defaults
+ load-server-state-from-file local
-Then one can run :
+backend bk
+ server s1 127.0.0.1:22 check weight 11
+ server s2 127.0.0.1:22 check weight 12
+</code></pre>
+</div><pre class="text">Then one can run :
socat /tmp/socket - &lt;&lt;&lt; &quot;show servers state bk&quot; &gt; /etc/haproxy/states/bk
@@ -7885,7 +7881,7 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
the frontend or the backend does not specify it, it wants the addition to be
mandatory, so it wins.
</pre><div class="separator">
-<span class="label label-success">Examples :</span>
+<span class="label label-success">Example :</span>
<pre class="prettyprint">
<code><span class="comment"># Public HTTP address also used by stunnel on the same machine</span>
frontend www
@@ -12976,7 +12972,8 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
</pre><div class="separator">
<span class="label label-success">Example:</span>
<pre class="prettyprint">
-<div class="example-desc">server s1 app1.domain.com:80 resolvers mydns resolve-prefer ipv6</div><code></code></pre>
+<code>server s1 app1.domain.com:80 resolvers mydns resolve-prefer ipv6
+</code></pre>
</div><a class="anchor" name="resolvers"></a><a class="anchor" name="5-resolvers"></a><a class="anchor" name="5.2-resolvers"></a><a class="anchor" name="resolvers (Bind and Server options)"></a><a class="anchor" name="resolvers (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="resolvers"></a><a href="#5.2-resolvers">resolvers</a></b> <span style="color: #080">&lt;id&gt;</span></div><pre class="text">Points to an existing &quot;<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">resolvers<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#resolvers%20%28Server%20and%20default-server%20options%29">Server and default-server options</a></li><li><a href="#resolvers%20%28The%20resolvers%20section%29">The resolvers section</a></li></ul></span>&quot; section to resolve current server's
hostname.
In order to be operational, DNS resolution requires that health check is
@@ -12990,7 +12987,7 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
<pre class="prettyprint">
<code>server s1 app1.domain.com:80 check resolvers mydns
</code></pre>
-</div><pre class="text">See also chapter 5.3
+</div><pre class="text">See also <a href="#5.3">section 5.3</a>
</pre><a class="anchor" name="send-proxy"></a><a class="anchor" name="5-send-proxy"></a><a class="anchor" name="5.2-send-proxy"></a><a class="anchor" name="send-proxy (Bind and Server options)"></a><a class="anchor" name="send-proxy (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="send-proxy"></a><a href="#5.2-send-proxy">send-proxy</a></b></div><pre class="text">The &quot;<a href="#send-proxy">send-proxy</a>&quot; parameter enforces use of the PROXY protocol over any
connection established to this server. The PROXY protocol informs the other
end about the layer 3/4 addresses of the incoming connection, so that it can
@@ -13250,24 +13247,25 @@ <h3 id="chapter-5.3.2" data-target="5.3.2"><small><a class="small" href="#5.3.2"
A retry occurs on name server timeout or when the full sequence of DNS query
type failover is over and we need to start up from the default ANY query
type.
-</pre><a class="anchor" name="timeout"></a><a class="anchor" name="5-timeout"></a><a class="anchor" name="5.3.2-timeout"></a><a class="anchor" name="timeout (Bind and Server options)"></a><a class="anchor" name="timeout (The resolvers section)"></a><div class="keyword"><b><a class="anchor" name="timeout"></a><a href="#5.3.2-timeout">timeout</a></b> <span style="color: #080">&lt;event&gt;</span> <span style="color: #080">&lt;time&gt;</span></div><pre class="text"> Defines timeouts related to name resolution
- &lt;event&gt; : the event on which the &lt;time&gt; timeout period applies to.
- events available are:
- - retry: time between two DNS queries, when no response have
- been received.
- Default value: 1s
- &lt;time&gt; : time related to the event. It follows the HAProxy time format.
- &lt;time&gt; is expressed in milliseconds.
-
-Example of a resolvers section (with default values):
-
- resolvers mydns
- nameserver dns1 10.0.0.1:53
- nameserver dns2 10.0.0.2:53
- resolve_retries 3
- timeout retry 1s
- hold valid 10s
-</pre></div>
+</pre><a class="anchor" name="timeout"></a><a class="anchor" name="5-timeout"></a><a class="anchor" name="5.3.2-timeout"></a><a class="anchor" name="timeout (Bind and Server options)"></a><a class="anchor" name="timeout (The resolvers section)"></a><div class="keyword"><b><a class="anchor" name="timeout"></a><a href="#5.3.2-timeout">timeout</a></b> <span style="color: #080">&lt;event&gt;</span> <span style="color: #080">&lt;time&gt;</span></div><pre class="text">Defines timeouts related to name resolution
+ &lt;event&gt; : the event on which the &lt;time&gt; timeout period applies to.
+ events available are:
+ - retry: time between two DNS queries, when no response have
+ been received.
+ Default value: 1s
+ &lt;time&gt; : time related to the event. It follows the HAProxy time format.
+ &lt;time&gt; is expressed in milliseconds.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>resolvers mydns
+ nameserver dns1 10.0.0.1:53
+ nameserver dns2 10.0.0.2:53
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 10s
+</code></pre>
+</div></div>
<a class="anchor" id="6" name="6"></a>
<div class="page-header"><h1 id="chapter-6" data-target="6"><small><a class="small" href="#6">6.</a></small> HTTP header manipulation</h1>
</div><div><pre class="text">In HTTP mode, it is possible to rewrite, add or delete some of the request and
@@ -16068,7 +16066,6 @@ <h3 id="chapter-8.2.3" data-target="8.2.3"><small><a class="small" href="#8.2.3"
15 '{' captured_response_headers* '}' {}
16 '&quot;' http_request '&quot;' &quot;GET /index.html HTTP/1.1&quot;
-
Detailed fields description :
- &quot;client_ip&quot; is the IP address of the client which initiated the TCP
connection to haproxy. If the connection was accepted on a UNIX socket
@@ -17137,8 +17134,8 @@ <h2 id="chapter-8.9" data-target="8.9"><small><a class="small" href="#8.9">8.9.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.6.6 &ndash; Configuration Manual<br>
- <small>2016/06/26, willy tarreau</small>
+ HAProxy 1.6.8 &ndash; Configuration Manual<br>
+ <small>2016/08/14, willy tarreau</small>
</div>
</div>
<!-- /.col-lg-12 -->
@@ -17241,8 +17238,8 @@ <h2 id="chapter-8.9" data-target="8.9"><small><a class="small" href="#8.9">8.9.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.6', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.8', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
14 1.6/intro.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.6.6 - Starter Guide</title>
+ <title>HAProxy version 1.6.8 - Starter Guide</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -451,7 +451,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -462,7 +462,7 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Starter Guide</h2>
- <p><strong>version 1.6.6</strong></p>
+ <p><strong>version 1.6.8</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../img/logo-med.png" /></a><br>
<br>
@@ -2328,7 +2328,7 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.6.6 &ndash; Starter Guide<br>
+ HAProxy 1.6.8 &ndash; Starter Guide<br>
<small>, </small>
</div>
</div>
@@ -2432,8 +2432,8 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.6', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.8', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
14 1.6/management.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.6.6 - Management Guide</title>
+ <title>HAProxy version 1.6.8 - Management Guide</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -386,7 +386,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -397,7 +397,7 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Management Guide</h2>
- <p><strong>version 1.6.6</strong></p>
+ <p><strong>version 1.6.8</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../img/logo-med.png" /></a><br>
<br>
@@ -2495,7 +2495,7 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.6.6 &ndash; Management Guide<br>
+ HAProxy 1.6.8 &ndash; Management Guide<br>
<small>, </small>
</div>
</div>
@@ -2599,8 +2599,8 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.6', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.8', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
119 1.6/snapshot/configuration.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.6.6-3 - Configuration Manual</title>
+ <title>HAProxy version 1.6.8 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -2459,7 +2459,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -2470,11 +2470,11 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Configuration Manual</h2>
- <p><strong>version 1.6.6-3</strong></p>
+ <p><strong>version 1.6.8</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../../img/logo-med.png" /></a><br>
willy tarreau<br>
- 2016/06/26
+ 2016/08/14
</p>
</div>
@@ -7152,23 +7152,21 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
- server's weight is applied from previous running process unless it has
has changed between previous and new configuration files.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<div class="example-desc">Minimal configuration</div><code>global
+ stats socket /tmp/socket
+ server-state-file /tmp/server_state
-Example 1:
-
-Minimal configuration:
-
- global
- stats socket /tmp/socket
- server-state-file /tmp/server_state
-
- defaults
- load-server-state-from-file global
-
- backend bk
- server s1 127.0.0.1:22 check weight 11
- server s2 127.0.0.1:22 check weight 12
+defaults
+ load-server-state-from-file global
-Then one can run :
+backend bk
+ server s1 127.0.0.1:22 check weight 11
+ server s2 127.0.0.1:22 check weight 12
+</code></pre>
+</div><pre class="text">Then one can run :
socat /tmp/socket - &lt;&lt;&lt; &quot;show servers state&quot; &gt; /tmp/server_state
@@ -7178,23 +7176,21 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
# &lt;field names skipped for the doc example&gt;
1 bk 1 s1 127.0.0.1 2 0 11 11 4 6 3 4 6 0 0
1 bk 2 s2 127.0.0.1 2 0 12 12 4 6 3 4 6 0 0
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<div class="example-desc">Minimal configuration</div><code>global
+ stats socket /tmp/socket
+ server-state-base /etc/haproxy/states
-Example 2:
-
-Minimal configuration:
-
- global
- stats socket /tmp/socket
- server-state-base /etc/haproxy/states
-
- defaults
- load-server-state-from-file local
-
- backend bk
- server s1 127.0.0.1:22 check weight 11
- server s2 127.0.0.1:22 check weight 12
+defaults
+ load-server-state-from-file local
-Then one can run :
+backend bk
+ server s1 127.0.0.1:22 check weight 11
+ server s2 127.0.0.1:22 check weight 12
+</code></pre>
+</div><pre class="text">Then one can run :
socat /tmp/socket - &lt;&lt;&lt; &quot;show servers state bk&quot; &gt; /etc/haproxy/states/bk
@@ -7885,7 +7881,7 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
the frontend or the backend does not specify it, it wants the addition to be
mandatory, so it wins.
</pre><div class="separator">
-<span class="label label-success">Examples :</span>
+<span class="label label-success">Example :</span>
<pre class="prettyprint">
<code><span class="comment"># Public HTTP address also used by stunnel on the same machine</span>
frontend www
@@ -12976,7 +12972,8 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
</pre><div class="separator">
<span class="label label-success">Example:</span>
<pre class="prettyprint">
-<div class="example-desc">server s1 app1.domain.com:80 resolvers mydns resolve-prefer ipv6</div><code></code></pre>
+<code>server s1 app1.domain.com:80 resolvers mydns resolve-prefer ipv6
+</code></pre>
</div><a class="anchor" name="resolvers"></a><a class="anchor" name="5-resolvers"></a><a class="anchor" name="5.2-resolvers"></a><a class="anchor" name="resolvers (Bind and Server options)"></a><a class="anchor" name="resolvers (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="resolvers"></a><a href="#5.2-resolvers">resolvers</a></b> <span style="color: #080">&lt;id&gt;</span></div><pre class="text">Points to an existing &quot;<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">resolvers<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#resolvers%20%28Server%20and%20default-server%20options%29">Server and default-server options</a></li><li><a href="#resolvers%20%28The%20resolvers%20section%29">The resolvers section</a></li></ul></span>&quot; section to resolve current server's
hostname.
In order to be operational, DNS resolution requires that health check is
@@ -12990,7 +12987,7 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
<pre class="prettyprint">
<code>server s1 app1.domain.com:80 check resolvers mydns
</code></pre>
-</div><pre class="text">See also chapter 5.3
+</div><pre class="text">See also <a href="#5.3">section 5.3</a>
</pre><a class="anchor" name="send-proxy"></a><a class="anchor" name="5-send-proxy"></a><a class="anchor" name="5.2-send-proxy"></a><a class="anchor" name="send-proxy (Bind and Server options)"></a><a class="anchor" name="send-proxy (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="send-proxy"></a><a href="#5.2-send-proxy">send-proxy</a></b></div><pre class="text">The &quot;<a href="#send-proxy">send-proxy</a>&quot; parameter enforces use of the PROXY protocol over any
connection established to this server. The PROXY protocol informs the other
end about the layer 3/4 addresses of the incoming connection, so that it can
@@ -13250,24 +13247,25 @@ <h3 id="chapter-5.3.2" data-target="5.3.2"><small><a class="small" href="#5.3.2"
A retry occurs on name server timeout or when the full sequence of DNS query
type failover is over and we need to start up from the default ANY query
type.
-</pre><a class="anchor" name="timeout"></a><a class="anchor" name="5-timeout"></a><a class="anchor" name="5.3.2-timeout"></a><a class="anchor" name="timeout (Bind and Server options)"></a><a class="anchor" name="timeout (The resolvers section)"></a><div class="keyword"><b><a class="anchor" name="timeout"></a><a href="#5.3.2-timeout">timeout</a></b> <span style="color: #080">&lt;event&gt;</span> <span style="color: #080">&lt;time&gt;</span></div><pre class="text"> Defines timeouts related to name resolution
- &lt;event&gt; : the event on which the &lt;time&gt; timeout period applies to.
- events available are:
- - retry: time between two DNS queries, when no response have
- been received.
- Default value: 1s
- &lt;time&gt; : time related to the event. It follows the HAProxy time format.
- &lt;time&gt; is expressed in milliseconds.
-
-Example of a resolvers section (with default values):
-
- resolvers mydns
- nameserver dns1 10.0.0.1:53
- nameserver dns2 10.0.0.2:53
- resolve_retries 3
- timeout retry 1s
- hold valid 10s
-</pre></div>
+</pre><a class="anchor" name="timeout"></a><a class="anchor" name="5-timeout"></a><a class="anchor" name="5.3.2-timeout"></a><a class="anchor" name="timeout (Bind and Server options)"></a><a class="anchor" name="timeout (The resolvers section)"></a><div class="keyword"><b><a class="anchor" name="timeout"></a><a href="#5.3.2-timeout">timeout</a></b> <span style="color: #080">&lt;event&gt;</span> <span style="color: #080">&lt;time&gt;</span></div><pre class="text">Defines timeouts related to name resolution
+ &lt;event&gt; : the event on which the &lt;time&gt; timeout period applies to.
+ events available are:
+ - retry: time between two DNS queries, when no response have
+ been received.
+ Default value: 1s
+ &lt;time&gt; : time related to the event. It follows the HAProxy time format.
+ &lt;time&gt; is expressed in milliseconds.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>resolvers mydns
+ nameserver dns1 10.0.0.1:53
+ nameserver dns2 10.0.0.2:53
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 10s
+</code></pre>
+</div></div>
<a class="anchor" id="6" name="6"></a>
<div class="page-header"><h1 id="chapter-6" data-target="6"><small><a class="small" href="#6">6.</a></small> HTTP header manipulation</h1>
</div><div><pre class="text">In HTTP mode, it is possible to rewrite, add or delete some of the request and
@@ -16068,7 +16066,6 @@ <h3 id="chapter-8.2.3" data-target="8.2.3"><small><a class="small" href="#8.2.3"
15 '{' captured_response_headers* '}' {}
16 '&quot;' http_request '&quot;' &quot;GET /index.html HTTP/1.1&quot;
-
Detailed fields description :
- &quot;client_ip&quot; is the IP address of the client which initiated the TCP
connection to haproxy. If the connection was accepted on a UNIX socket
@@ -17137,8 +17134,8 @@ <h2 id="chapter-8.9" data-target="8.9"><small><a class="small" href="#8.9">8.9.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.6.6-3 &ndash; Configuration Manual<br>
- <small>2016/06/26, willy tarreau</small>
+ HAProxy 1.6.8 &ndash; Configuration Manual<br>
+ <small>2016/08/14, willy tarreau</small>
</div>
</div>
<!-- /.col-lg-12 -->
@@ -17241,8 +17238,8 @@ <h2 id="chapter-8.9" data-target="8.9"><small><a class="small" href="#8.9">8.9.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.6-3', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.8', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
14 1.6/snapshot/intro.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.6.6-3 - Starter Guide</title>
+ <title>HAProxy version 1.6.8 - Starter Guide</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -451,7 +451,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -462,7 +462,7 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Starter Guide</h2>
- <p><strong>version 1.6.6-3</strong></p>
+ <p><strong>version 1.6.8</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../../img/logo-med.png" /></a><br>
<br>
@@ -2328,7 +2328,7 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.6.6-3 &ndash; Starter Guide<br>
+ HAProxy 1.6.8 &ndash; Starter Guide<br>
<small>, </small>
</div>
</div>
@@ -2432,8 +2432,8 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.6-3', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.8', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
14 1.6/snapshot/management.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.6.6-3 - Management Guide</title>
+ <title>HAProxy version 1.6.8 - Management Guide</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -386,7 +386,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -397,7 +397,7 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Management Guide</h2>
- <p><strong>version 1.6.6-3</strong></p>
+ <p><strong>version 1.6.8</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../../img/logo-med.png" /></a><br>
<br>
@@ -2495,7 +2495,7 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.6.6-3 &ndash; Management Guide<br>
+ HAProxy 1.6.8 &ndash; Management Guide<br>
<small>, </small>
</div>
</div>
@@ -2599,8 +2599,8 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.6-3', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.6.8', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
424 1.7/configuration.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.7-dev3 - Configuration Manual</title>
+ <title>HAProxy version 1.7-dev4 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -874,6 +874,8 @@
</div> <!-- /letter -->
<div class="letter" id="letter-A"><h4>A</h4>
+ <a class="list-group-item" href="#accept-netscaler-cip">accept-netscaler-cip</a>
+
<a class="list-group-item" href="#accept-proxy">accept-proxy</a>
<a class="list-group-item" href="#acl">acl</a>
@@ -1095,6 +1097,8 @@
<a class="list-group-item" href="#dst_conn">dst_conn</a>
+ <a class="list-group-item" href="#dst_is_local">dst_is_local</a>
+
<a class="list-group-item" href="#dst_port">dst_port</a>
</div> <!-- /letter -->
@@ -1145,6 +1149,22 @@
<a class="list-group-item" href="#fastinter">fastinter</a>
+ <a class="list-group-item" href="#fc_fackets">fc_fackets</a>
+
+ <a class="list-group-item" href="#fc_lost">fc_lost</a>
+
+ <a class="list-group-item" href="#fc_reordering">fc_reordering</a>
+
+ <a class="list-group-item" href="#fc_retrans">fc_retrans</a>
+
+ <a class="list-group-item" href="#fc_rtt">fc_rtt</a>
+
+ <a class="list-group-item" href="#fc_rttvar">fc_rttvar</a>
+
+ <a class="list-group-item" href="#fc_sacked">fc_sacked</a>
+
+ <a class="list-group-item" href="#fc_unacked">fc_unacked</a>
+
<a class="list-group-item" href="#fe_conn">fe_conn</a>
<a class="list-group-item" href="#fe_id">fe_id</a>
@@ -2059,6 +2079,8 @@
<a class="list-group-item" href="#src_inc_gpc0">src_inc_gpc0</a>
+ <a class="list-group-item" href="#src_is_local">src_is_local</a>
+
<a class="list-group-item" href="#src_kbytes_in">src_kbytes_in</a>
<a class="list-group-item" href="#src_kbytes_out">src_kbytes_out</a>
@@ -2173,6 +2195,8 @@
<a class="list-group-item" href="#ssl_fc_has_sni">ssl_fc_has_sni</a>
+ <a class="list-group-item" href="#ssl_fc_is_resumed">ssl_fc_is_resumed</a>
+
<a class="list-group-item" href="#ssl_fc_npn">ssl_fc_npn</a>
<a class="list-group-item" href="#ssl_fc_protocol">ssl_fc_protocol</a>
@@ -2447,6 +2471,10 @@
<a class="list-group-item" href="#url">url</a>
+ <a class="list-group-item" href="#url32">url32</a>
+
+ <a class="list-group-item" href="#url32+src">url32+src</a>
+
<a class="list-group-item" href="#url_dec">url_dec</a>
<a class="list-group-item" href="#url_ip">url_ip</a>
@@ -2512,7 +2540,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -2523,11 +2551,11 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Configuration Manual</h2>
- <p><strong>version 1.7-dev3</strong></p>
+ <p><strong>version 1.7-dev4</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../img/logo-med.png" /></a><br>
willy tarreau<br>
- 2016/05/10
+ 2016/08/14
</p>
</div>
@@ -6461,7 +6489,8 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
&gt;&gt;&gt; X-Haproxy-Server-State: UP 2/3; name=bck/srv2; node=lb1; weight=1/2; \
scur=13/22; qcur=0
</pre><div class="page-header"><b>See also :</b> &quot;<a href="#option%20httpchk">option httpchk</a>&quot;, &quot;<a href="#http-check%20disable-on-404">http-check disable-on-404</a>&quot;</div>
-<a class="anchor" name="http-request"></a><a class="anchor" name="4-http-request"></a><a class="anchor" name="4.2-http-request"></a><a class="anchor" name="http-request (Proxies)"></a><a class="anchor" name="http-request (Alphabetically sorted keywords reference)"></a><div class="keyword"><b><a class="anchor" name="http-request"></a><a href="#4.2-http-request">http-request</a></b> <span style="color: #800">{ allow | deny | tarpit | auth <span style="color: #008">[realm <span style="color: #080">&lt;realm&gt;</span>]</span> | redirect <span style="color: #080">&lt;rule&gt;</span> |
+<a class="anchor" name="http-request"></a><a class="anchor" name="4-http-request"></a><a class="anchor" name="4.2-http-request"></a><a class="anchor" name="http-request (Proxies)"></a><a class="anchor" name="http-request (Alphabetically sorted keywords reference)"></a><div class="keyword"><b><a class="anchor" name="http-request"></a><a href="#4.2-http-request">http-request</a></b> <span style="color: #800">{ allow | tarpit | auth <span style="color: #008">[realm <span style="color: #080">&lt;realm&gt;</span>]</span> | redirect <span style="color: #080">&lt;rule&gt;</span> |
+ deny <span style="color: #008">[deny_status <span style="color: #080">&lt;status&gt;</span>]</span> |
add-header <span style="color: #080">&lt;name&gt;</span> <span style="color: #080">&lt;fmt&gt;</span> | set-header <span style="color: #080">&lt;name&gt;</span> <span style="color: #080">&lt;fmt&gt;</span> |
capture <span style="color: #080">&lt;sample&gt;</span> <span style="color: #008">[ len <span style="color: #080">&lt;length&gt;</span> | id <span style="color: #080">&lt;id&gt;</span> ]</span> |
del-header <span style="color: #080">&lt;name&gt;</span> | set-nice <span style="color: #080">&lt;nice&gt;</span> | set-log-level <span style="color: #080">&lt;level&gt;</span> |
@@ -6495,8 +6524,10 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
pass the check. No further &quot;<a href="#http-request">http-request</a>&quot; rules are evaluated.
- &quot;deny&quot; : this stops the evaluation of the rules and immediately rejects
- the request and emits an HTTP 403 error. No further &quot;<a href="#http-request">http-request</a>&quot; rules
- are evaluated.
+ the request and emits an HTTP 403 error, or optionally the status code
+ specified as an argument to &quot;deny_status&quot;. The list of permitted status
+ codes is limited to those that can be overridden by the &quot;<a href="#errorfile">errorfile</a>&quot;
+ directive. No further &quot;<a href="#http-request">http-request</a>&quot; rules are evaluated.
- &quot;tarpit&quot; : this stops the evaluation of the rules and immediately blocks
the request without responding for a delay specified by &quot;<a href="#timeout%20tarpit">timeout tarpit</a>&quot;
@@ -6793,9 +6824,52 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
<code>http-request set-src hdr(x-forwarded-for)
http-request set-src src,ipmask(24)
</code></pre>
-</div><pre class="text"> When set-src is successful, the source port is set to 0.
+</div><pre class="text"> When set-src is successful, the source port is set to 0.
- - &quot;silent-drop&quot; : this stops the evaluation of the rules and makes the
+- set-src-port &lt;expr&gt; :
+ Is used to set the source port address to the value of specified
+ expression.
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>http-request set-src-port hdr(x-port)
+http-request set-src-port int(4000)
+</code></pre>
+</div><pre class="text"> Be careful to use &quot;set-src-port&quot; after &quot;set-src&quot;, because &quot;set-src&quot; sets
+ the source port to 0.
+
+- set-dst &lt;expr&gt; :
+ Is used to set the destination IP address to the value of specified
+ expression. Useful when a proxy in front of HAProxy rewrites destination
+ IP, but provides the correct IP in a HTTP header; or you want to mask
+ the IP for privacy. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>http-request set-dst hdr(x-dst)
+http-request set-dst dst,ipmask(24)
+</code></pre>
+</div><pre class="text">- set-dst-port &lt;expr&gt; :
+ Is used to set the destination port address to the value of specified
+ expression. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>http-request set-dst-port hdr(x-port)
+http-request set-dst-port int(4000)
+</code></pre>
+</div><pre class="text"> - &quot;silent-drop&quot; : this stops the evaluation of the rules and makes the
client-facing connection suddenly disappear using a system-dependant way
that tries to prevent the client from being notified. The effect it then
that the client still sees an established connection while there's none
@@ -6891,6 +6965,7 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
del-map(<span style="color: #080">&lt;file name&gt;</span>) <span style="color: #080">&lt;key fmt&gt;</span> |
set-map(<span style="color: #080">&lt;file name&gt;</span>) <span style="color: #080">&lt;key fmt&gt;</span> <span style="color: #080">&lt;value fmt&gt;</span> |
set-var(<span style="color: #080">&lt;var-name&gt;</span>) <span style="color: #080">&lt;expr&gt;</span> |
+ <span style="color: #800">{ track-sc0 | track-sc1 | track-sc2 }</span> <span style="color: #080">&lt;key&gt;</span> <span style="color: #008">[table <span style="color: #080">&lt;table&gt;</span>]</span> |
sc-inc-gpc0(<span style="color: #080">&lt;sc-id&gt;</span>) |
sc-set-gpt0(<span style="color: #080">&lt;sc-id&gt;</span>) <span style="color: #080">&lt;int&gt;</span> |
silent-drop |
@@ -7097,7 +7172,15 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
<pre class="prettyprint">
<code>http-response set-var(sess.last_redir) res.hdr(location)
</code></pre>
-</div><pre class="text"> - sc-set-gpt0(&lt;sc-id&gt;) &lt;int&gt; :
+</div><pre class="text"> - { track-sc0 | track-sc1 | track-sc2 } &lt;key&gt; [table &lt;table&gt;] :
+ enables tracking of sticky counters from current response. Please refer to
+ &quot;http-request track-sc&quot; for a complete description. The only difference
+ from &quot;http-request track-sc&quot; is the &lt;key&gt; sample expression can only make
+ use of samples in response (eg. res.*, status etc.) and samples below
+ Layer 6 (eg. ssl related samples, see <a href="#7.3.4">section 7.3.4</a>). If the sample is
+ not supported, haproxy will fail and warn while parsing the config.
+
+ - sc-set-gpt0(&lt;sc-id&gt;) &lt;int&gt; :
This action sets the GPT0 tag according to the sticky counter designated
by &lt;sc-id&gt; and the value of &lt;int&gt;. The expected result is a boolean. If
an error occurs, this action silently fails and the actions evaluation
@@ -7310,23 +7393,21 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
- server's weight is applied from previous running process unless it has
has changed between previous and new configuration files.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<div class="example-desc">Minimal configuration</div><code>global
+ stats socket /tmp/socket
+ server-state-file /tmp/server_state
-Example 1:
-
-Minimal configuration:
-
- global
- stats socket /tmp/socket
- server-state-file /tmp/server_state
-
- defaults
- load-server-state-from-file global
-
- backend bk
- server s1 127.0.0.1:22 check weight 11
- server s2 127.0.0.1:22 check weight 12
+defaults
+ load-server-state-from-file global
-Then one can run :
+backend bk
+ server s1 127.0.0.1:22 check weight 11
+ server s2 127.0.0.1:22 check weight 12
+</code></pre>
+</div><pre class="text">Then one can run :
socat /tmp/socket - &lt;&lt;&lt; &quot;show servers state&quot; &gt; /tmp/server_state
@@ -7336,23 +7417,21 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
# &lt;field names skipped for the doc example&gt;
1 bk 1 s1 127.0.0.1 2 0 11 11 4 6 3 4 6 0 0
1 bk 2 s2 127.0.0.1 2 0 12 12 4 6 3 4 6 0 0
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<div class="example-desc">Minimal configuration</div><code>global
+ stats socket /tmp/socket
+ server-state-base /etc/haproxy/states
-Example 2:
-
-Minimal configuration:
-
- global
- stats socket /tmp/socket
- server-state-base /etc/haproxy/states
-
- defaults
- load-server-state-from-file local
-
- backend bk
- server s1 127.0.0.1:22 check weight 11
- server s2 127.0.0.1:22 check weight 12
+defaults
+ load-server-state-from-file local
-Then one can run :
+backend bk
+ server s1 127.0.0.1:22 check weight 11
+ server s2 127.0.0.1:22 check weight 12
+</code></pre>
+</div><pre class="text">Then one can run :
socat /tmp/socket - &lt;&lt;&lt; &quot;show servers state bk&quot; &gt; /etc/haproxy/states/bk
@@ -8043,7 +8122,7 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
the frontend or the backend does not specify it, it wants the addition to be
mandatory, so it wins.
</pre><div class="separator">
-<span class="label label-success">Examples :</span>
+<span class="label label-success">Example :</span>
<pre class="prettyprint">
<code><span class="comment"># Public HTTP address also used by stunnel on the same machine</span>
frontend www
@@ -11371,6 +11450,15 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
of load balancers are passed through by traffic coming from public
hosts.
+ - expect-netscaler-cip layer4 :
+ configures the client-facing connection to receive a NetScaler Client
+ IP insertion protocol header before any byte is read from the socket.
+ This is equivalent to having the &quot;<a href="#accept-netscaler-cip">accept-netscaler-cip</a>&quot; keyword on the
+ &quot;<a href="#bind">bind</a>&quot; line, except that using the TCP rule allows the PROXY protocol
+ to be accepted only for certain IP address ranges using an ACL. This
+ is convenient when multiple layers of load balancers are passed
+ through by traffic coming from public hosts.
+
- capture &lt;sample&gt; len &lt;length&gt; :
This only applies to &quot;<a href="#tcp-request%20content">tcp-request content</a>&quot; rules. It captures sample
expression &lt;sample&gt; from the request buffer, and converts it to a
@@ -11436,7 +11524,64 @@ <h2 id="chapter-4.2" data-target="4.2"><small><a class="small" href="#4.2">4.2.<
an error occurs, this action silently fails and the actions evaluation
continues.
- - &quot;silent-drop&quot; :
+ - set-src &lt;expr&gt; :
+ Is used to set the source IP address to the value of specified
+ expression. Useful if you want to mask source IP for privacy.
+ If you want to provide an IP from a HTTP header use &quot;http-request
+ set-src&quot;
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>tcp-request connection set-src src,ipmask(24)
+</code></pre>
+</div><pre class="text"> When set-src is successful, the source port is set to 0.
+
+- set-src-port &lt;expr&gt; :
+ Is used to set the source port address to the value of specified
+ expression.
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>tcp-request connection set-src-port int(4000)
+</code></pre>
+</div><pre class="text"> Be careful to use &quot;set-src-port&quot; after &quot;set-src&quot;, because &quot;set-src&quot; sets
+ the source port to 0.
+
+- set-dst &lt;expr&gt; :
+ Is used to set the destination IP address to the value of specified
+ expression. Useful if you want to mask IP for privacy in log.
+ If you want to provide an IP from a HTTP header use &quot;http-request
+ set-dst&quot;. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>tcp-request connection set-dst dst,ipmask(24)
+tcp-request connection set-dst ipv4(10.0.0.1)
+</code></pre>
+</div><pre class="text">- set-dst-port &lt;expr&gt; :
+ Is used to set the destination port address to the value of specified
+ expression. If you want to connect to the new address/port, use
+ '0.0.0.0:0' as a server address in the backend.
+
+
+ &lt;expr&gt; Is a standard HAProxy expression formed by a sample-fetch
+ followed by some converters.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>tcp-request connection set-dst-port int(4000)
+</code></pre>
+</div><pre class="text"> - &quot;silent-drop&quot; :
This stops the evaluation of the rules and makes the client-facing
connection suddenly disappear using a system-dependant way that tries
to prevent the client from being notified. The effect it then that the
@@ -12359,6 +12504,18 @@ <h2 id="chapter-5.1" data-target="5.1"><small><a class="small" href="#5.1">5.1.<
provided immediately after the setting name.
The currently supported settings are the following ones.
+</pre><a class="anchor" name="accept-netscaler-cip"></a><a class="anchor" name="5-accept-netscaler-cip"></a><a class="anchor" name="5.1-accept-netscaler-cip"></a><a class="anchor" name="accept-netscaler-cip (Bind and Server options)"></a><a class="anchor" name="accept-netscaler-cip (Bind options)"></a><div class="keyword"><b><a class="anchor" name="accept-netscaler-cip"></a><a href="#5.1-accept-netscaler-cip">accept-netscaler-cip</a></b> <span style="color: #080">&lt;magic number&gt;</span></div><pre class="text">Enforces the use of the NetScaler Client IP insertion protocol over any
+connection accepted by any of the TCP sockets declared on the same line. The
+NetScaler Client IP insertion protocol dictates the layer 3/4 addresses of
+the incoming connection to be used everywhere an address is used, with the
+only exception of &quot;<a href="#tcp-request%20connection">tcp-request connection</a>&quot; rules which will only see the
+real connection address. Logs will reflect the addresses indicated in the
+protocol, unless it is violated, in which case the real address will still
+be used. This keyword combined with support from external components can be
+used as an efficient and reliable alternative to the X-Forwarded-For
+mechanism which is not always reliable and not even always usable. See also
+&quot;tcp-request connection expect-netscaler-cip&quot; for a finer-grained setting of
+which client is allowed to use the protocol.
</pre><a class="anchor" name="accept-proxy"></a><a class="anchor" name="5-accept-proxy"></a><a class="anchor" name="5.1-accept-proxy"></a><a class="anchor" name="accept-proxy (Bind and Server options)"></a><a class="anchor" name="accept-proxy (Bind options)"></a><div class="keyword"><b><a class="anchor" name="accept-proxy"></a><a href="#5.1-accept-proxy">accept-proxy</a></b></div><pre class="text">Enforces the use of the PROXY protocol over any connection accepted by any of
the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol
are supported and correctly detected. The PROXY protocol dictates the layer
@@ -12528,8 +12685,8 @@ <h2 id="chapter-5.1" data-target="5.1"><small><a class="small" href="#5.1">5.1.<
the 'strict-sni' option may be used.
Multi-cert bundling (see &quot;<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">crt<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#crt%20%28Bind%20options%29">Bind options</a></li><li><a href="#crt%20%28Server%20and%20default-server%20options%29">Server and default-server options</a></li></ul></span>&quot;) is supported with crt-list, as long as only
-the base name is given in the crt-list. Due to the nature of bundling, all SNI
-filters given to a multi-cert bundle entry are ignored.
+the base name is given in the crt-list. SNI filter will do the same work on
+all bundled certificates.
</pre><a class="anchor" name="defer-accept"></a><a class="anchor" name="5-defer-accept"></a><a class="anchor" name="5.1-defer-accept"></a><a class="anchor" name="defer-accept (Bind and Server options)"></a><a class="anchor" name="defer-accept (Bind options)"></a><div class="keyword"><b><a class="anchor" name="defer-accept"></a><a href="#5.1-defer-accept">defer-accept</a></b></div><pre class="text">Is an optional keyword which is supported only on certain Linux kernels. It
states that a connection will only be accepted once some data arrive on it,
or at worst after the first retransmit. This should be used only on protocols
@@ -13196,7 +13353,8 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
</pre><div class="separator">
<span class="label label-success">Example:</span>
<pre class="prettyprint">
-<div class="example-desc">server s1 app1.domain.com:80 resolvers mydns resolve-prefer ipv6</div><code></code></pre>
+<code>server s1 app1.domain.com:80 resolvers mydns resolve-prefer ipv6
+</code></pre>
</div><a class="anchor" name="resolve-net"></a><a class="anchor" name="5-resolve-net"></a><a class="anchor" name="5.2-resolve-net"></a><a class="anchor" name="resolve-net (Bind and Server options)"></a><a class="anchor" name="resolve-net (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="resolve-net"></a><a href="#5.2-resolve-net">resolve-net</a></b> <span style="color: #080">&lt;network&gt;</span><span style="color: #008">[,<span style="color: #080">&lt;network<span style="color: #008">[,...]</span></span>]</span></div><pre class="text">This options prioritize th choice of an ip address matching a network. This is
useful with clouds to prefer a local ip. In some cases, a cloud high
avalailibility service can be announced with many ip addresses on many
@@ -13208,7 +13366,8 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
</pre><div class="separator">
<span class="label label-success">Example:</span>
<pre class="prettyprint">
-<div class="example-desc">server s1 app1.domain.com:80 resolvers mydns resolve-net 10.0.0.0/8</div><code></code></pre>
+<code>server s1 app1.domain.com:80 resolvers mydns resolve-net 10.0.0.0/8
+</code></pre>
</div><a class="anchor" name="resolvers"></a><a class="anchor" name="5-resolvers"></a><a class="anchor" name="5.2-resolvers"></a><a class="anchor" name="resolvers (Bind and Server options)"></a><a class="anchor" name="resolvers (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="resolvers"></a><a href="#5.2-resolvers">resolvers</a></b> <span style="color: #080">&lt;id&gt;</span></div><pre class="text">Points to an existing &quot;<span class="dropdown"><a class="dropdown-toggle" data-toggle="dropdown" href="#">resolvers<span class="caret"></span></a><ul class="dropdown-menu"><li class="dropdown-header">This keyword is available in sections :</li><li><a href="#resolvers%20%28Server%20and%20default-server%20options%29">Server and default-server options</a></li><li><a href="#resolvers%20%28The%20resolvers%20section%29">The resolvers section</a></li></ul></span>&quot; section to resolve current server's
hostname.
In order to be operational, DNS resolution requires that health check is
@@ -13222,21 +13381,23 @@ <h2 id="chapter-5.2" data-target="5.2"><small><a class="small" href="#5.2">5.2.<
<pre class="prettyprint">
<code>server s1 app1.domain.com:80 check resolvers mydns
</code></pre>
-</div><pre class="text">See also chapter 5.3
+</div><pre class="text">See also <a href="#5.3">section 5.3</a>
</pre><a class="anchor" name="send-proxy"></a><a class="anchor" name="5-send-proxy"></a><a class="anchor" name="5.2-send-proxy"></a><a class="anchor" name="send-proxy (Bind and Server options)"></a><a class="anchor" name="send-proxy (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="send-proxy"></a><a href="#5.2-send-proxy">send-proxy</a></b></div><pre class="text">The &quot;<a href="#send-proxy">send-proxy</a>&quot; parameter enforces use of the PROXY protocol over any
connection established to this server. The PROXY protocol informs the other
end about the layer 3/4 addresses of the incoming connection, so that it can
know the client's address or the public address it accessed to, whatever the
-upper layer protocol. For connections accepted by an &quot;<a href="#accept-proxy">accept-proxy</a>&quot; listener,
-the advertised address will be used. Only TCPv4 and TCPv6 address families
-are supported. Other families such as Unix sockets, will report an UNKNOWN
-family. Servers using this option can fully be chained to another instance of
-haproxy listening with an &quot;<a href="#accept-proxy">accept-proxy</a>&quot; setting. This setting must not be
-used if the server isn't aware of the protocol. When health checks are sent
-to the server, the PROXY protocol is automatically used when this option is
-set, unless there is an explicit &quot;<a href="#port">port</a>&quot; or &quot;<a href="#addr">addr</a>&quot; directive, in which case an
-explicit &quot;<a href="#check-send-proxy">check-send-proxy</a>&quot; directive would also be needed to use the PROXY
-protocol. See also the &quot;<a href="#accept-proxy">accept-proxy</a>&quot; option of the &quot;<a href="#bind">bind</a>&quot; keyword.
+upper layer protocol. For connections accepted by an &quot;<a href="#accept-proxy">accept-proxy</a>&quot; or
+&quot;<a href="#accept-netscaler-cip">accept-netscaler-cip</a>&quot; listener, the advertised address will be used. Only
+TCPv4 and TCPv6 address families are supported. Other families such as
+Unix sockets, will report an UNKNOWN family. Servers using this option can
+fully be chained to another instance of haproxy listening with an
+&quot;<a href="#accept-proxy">accept-proxy</a>&quot; setting. This setting must not be used if the server isn't
+aware of the protocol. When health checks are sent to the server, the PROXY
+protocol is automatically used when this option is set, unless there is an
+explicit &quot;<a href="#port">port</a>&quot; or &quot;<a href="#addr">addr</a>&quot; directive, in which case an explicit
+&quot;<a href="#check-send-proxy">check-send-proxy</a>&quot; directive would also be needed to use the PROXY protocol.
+See also the &quot;<a href="#accept-proxy">accept-proxy</a>&quot; and &quot;<a href="#accept-netscaler-cip">accept-netscaler-cip</a>&quot; option of the &quot;<a href="#bind">bind</a>&quot;
+keyword.
Supported in default-server: No
</pre><a class="anchor" name="send-proxy-v2"></a><a class="anchor" name="5-send-proxy-v2"></a><a class="anchor" name="5.2-send-proxy-v2"></a><a class="anchor" name="send-proxy-v2 (Bind and Server options)"></a><a class="anchor" name="send-proxy-v2 (Server and default-server options)"></a><div class="keyword"><b><a class="anchor" name="send-proxy-v2"></a><a href="#5.2-send-proxy-v2">send-proxy-v2</a></b></div><pre class="text">The &quot;<a href="#send-proxy-v2">send-proxy-v2</a>&quot; parameter enforces use of the PROXY protocol version 2
@@ -13482,24 +13643,25 @@ <h3 id="chapter-5.3.2" data-target="5.3.2"><small><a class="small" href="#5.3.2"
A retry occurs on name server timeout or when the full sequence of DNS query
type failover is over and we need to start up from the default ANY query
type.
-</pre><a class="anchor" name="timeout"></a><a class="anchor" name="5-timeout"></a><a class="anchor" name="5.3.2-timeout"></a><a class="anchor" name="timeout (Bind and Server options)"></a><a class="anchor" name="timeout (The resolvers section)"></a><div class="keyword"><b><a class="anchor" name="timeout"></a><a href="#5.3.2-timeout">timeout</a></b> <span style="color: #080">&lt;event&gt;</span> <span style="color: #080">&lt;time&gt;</span></div><pre class="text"> Defines timeouts related to name resolution
- &lt;event&gt; : the event on which the &lt;time&gt; timeout period applies to.
- events available are:
- - retry: time between two DNS queries, when no response have
- been received.
- Default value: 1s
- &lt;time&gt; : time related to the event. It follows the HAProxy time format.
- &lt;time&gt; is expressed in milliseconds.
-
-Example of a resolvers section (with default values):
-
- resolvers mydns
- nameserver dns1 10.0.0.1:53
- nameserver dns2 10.0.0.2:53
- resolve_retries 3
- timeout retry 1s
- hold valid 10s
-</pre></div>
+</pre><a class="anchor" name="timeout"></a><a class="anchor" name="5-timeout"></a><a class="anchor" name="5.3.2-timeout"></a><a class="anchor" name="timeout (Bind and Server options)"></a><a class="anchor" name="timeout (The resolvers section)"></a><div class="keyword"><b><a class="anchor" name="timeout"></a><a href="#5.3.2-timeout">timeout</a></b> <span style="color: #080">&lt;event&gt;</span> <span style="color: #080">&lt;time&gt;</span></div><pre class="text">Defines timeouts related to name resolution
+ &lt;event&gt; : the event on which the &lt;time&gt; timeout period applies to.
+ events available are:
+ - retry: time between two DNS queries, when no response have
+ been received.
+ Default value: 1s
+ &lt;time&gt; : time related to the event. It follows the HAProxy time format.
+ &lt;time&gt; is expressed in milliseconds.
+</pre><div class="separator">
+<span class="label label-success">Example:</span>
+<pre class="prettyprint">
+<code>resolvers mydns
+ nameserver dns1 10.0.0.1:53
+ nameserver dns2 10.0.0.2:53
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 10s
+</code></pre>
+</div></div>
<a class="anchor" id="6" name="6"></a>
<div class="page-header"><h1 id="chapter-6" data-target="6"><small><a class="small" href="#6">6.</a></small> HTTP header manipulation</h1>
</div><div><pre class="text">In HTTP mode, it is possible to rewrite, add or delete some of the request and
@@ -14257,7 +14419,7 @@ <h3 id="chapter-7.3.1" data-target="7.3.1"><small><a class="small" href="#7.3.1"
dotted form (eg: 255.255.255.0) or in CIDR form (eg: 24).
</pre><a class="anchor" name="json"></a><a class="anchor" name="7-json"></a><a class="anchor" name="7.3.1-json"></a><a class="anchor" name="json (Using ACLs and fetching samples)"></a><a class="anchor" name="json (Converters)"></a><div class="keyword"><b><a class="anchor" name="json"></a><a href="#7.3.1-json">json</a></b>(<span style="color: #008">[<span style="color: #080">&lt;input-code&gt;</span>]</span>)</div><pre class="text">Escapes the input string and produces an ASCII ouput string ready to use as a
JSON string. The converter tries to decode the input string according to the
-&lt;input-code&gt; parameter. It can be &quot;ascii&quot;, &quot;utf8&quot;, &quot;utf8s&quot;, &quot;utf8&quot;&quot; or
+&lt;input-code&gt; parameter. It can be &quot;ascii&quot;, &quot;utf8&quot;, &quot;utf8s&quot;, &quot;utf8p&quot; or
&quot;utf8ps&quot;. The &quot;ascii&quot; decoder never fails. The &quot;utf8&quot; decoder detects 3 types
of errors:
- bad UTF-8 sequence (lone continuation byte, bad number of continuation
@@ -14284,9 +14446,9 @@ <h3 id="chapter-7.3.1" data-target="7.3.1"><small><a class="small" href="#7.3.1"
</pre><div class="separator">
<span class="label label-success">Example:</span>
<pre class="prettyprint">
-<code>capture request header user-agent len 150
-capture request header Host len 15
-log-format {&quot;ip&quot;:&quot;%[src]&quot;,&quot;user-agent&quot;:&quot;%[capture.req.hdr(1),json(&quot;utf8s&quot;)]&quot;}
+<code>capture request header Host len 15
+capture request header user-agent len 150
+log-format '{&quot;ip&quot;:&quot;%[src]&quot;,&quot;user-agent&quot;:&quot;%[capture.req.hdr(1),json(utf8s)]&quot;}'
</code></pre>
</div><pre class="text">Input request from client 127.0.0.1:
GET / HTTP/1.0
@@ -14876,12 +15038,56 @@ <h3 id="chapter-7.3.3" data-target="7.3.3"><small><a class="small" href="#7.3.3"
when the socket is considered saturated. This offers the ability to assign
different limits to different listening ports or addresses. See also the
&quot;<a href="#fe_conn">fe_conn</a>&quot; and &quot;<a href="#be_conn">be_conn</a>&quot; fetches.
+</pre><a class="anchor" name="dst_is_local"></a><a class="anchor" name="7-dst_is_local"></a><a class="anchor" name="7.3.3-dst_is_local"></a><a class="anchor" name="dst_is_local (Using ACLs and fetching samples)"></a><a class="anchor" name="dst_is_local (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="dst_is_local"></a><a href="#7.3.3-dst_is_local">dst_is_local</a></b> : boolean</div><pre class="text">Returns true if the destination address of the incoming connection is local
+to the system, or false if the address doesn't exist on the system, meaning
+that it was intercepted in transparent mode. It can be useful to apply
+certain rules by default to forwarded traffic and other rules to the traffic
+targetting the real address of the machine. For example the stats page could
+be delivered only on this address, or SSH access could be locally redirected.
+Please note that the check involves a few system calls, so it's better to do
+it only once per connection.
</pre><a class="anchor" name="dst_port"></a><a class="anchor" name="7-dst_port"></a><a class="anchor" name="7.3.3-dst_port"></a><a class="anchor" name="dst_port (Using ACLs and fetching samples)"></a><a class="anchor" name="dst_port (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="dst_port"></a><a href="#7.3.3-dst_port">dst_port</a></b> : integer</div><pre class="text">Returns an integer value corresponding to the destination TCP port of the
connection on the client side, which is the port the client connected to.
This might be used when running in transparent mode, when assigning dynamic
ports to some clients for a whole application session, to stick all users to
a same server, or to pass the destination port information to a server using
an HTTP header.
+</pre><a class="anchor" name="fc_rtt"></a><a class="anchor" name="7-fc_rtt"></a><a class="anchor" name="7.3.3-fc_rtt"></a><a class="anchor" name="fc_rtt (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_rtt (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_rtt"></a><a href="#7.3.3-fc_rtt">fc_rtt</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the Round Trip Time (RTT) measured by the kernel for the client
+connection. &lt;unit&gt; is facultative, by default the unit is milliseconds. &lt;unit&gt;
+can be set to &quot;ms&quot; for milliseconds or &quot;us&quot; for microseconds. If the server
+connection is not established, if the connection is not TCP or if the
+operating system does not support TCP_INFO, for example Linux kernels before
+2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_rttvar"></a><a class="anchor" name="7-fc_rttvar"></a><a class="anchor" name="7.3.3-fc_rttvar"></a><a class="anchor" name="fc_rttvar (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_rttvar (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_rttvar"></a><a href="#7.3.3-fc_rttvar">fc_rttvar</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the Round Trip Time (RTT) variance measured by the kernel for the
+client connection. &lt;unit&gt; is facultative, by default the unit is milliseconds.
+&lt;unit&gt; can be set to &quot;ms&quot; for milliseconds or &quot;us&quot; for microseconds. If the
+server connection is not established, if the connection is not TCP or if the
+operating system does not support TCP_INFO, for example Linux kernels before
+2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_unacked"></a><a class="anchor" name="7-fc_unacked"></a><a class="anchor" name="7.3.3-fc_unacked"></a><a class="anchor" name="fc_unacked (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_unacked (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_unacked"></a><a href="#7.3.3-fc_unacked">fc_unacked</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the unacked counter measured by the kernel for the client connection.
+If the server connection is not established, if the connection is not TCP or
+if the operating system does not support TCP_INFO, for example Linux kernels
+before 2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_sacked"></a><a class="anchor" name="7-fc_sacked"></a><a class="anchor" name="7.3.3-fc_sacked"></a><a class="anchor" name="fc_sacked (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_sacked (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_sacked"></a><a href="#7.3.3-fc_sacked">fc_sacked</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the sacked counter measured by the kernel for the client connection.
+If the server connection is not established, if the connection is not TCP or
+if the operating system does not support TCP_INFO, for example Linux kernels
+before 2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_retrans"></a><a class="anchor" name="7-fc_retrans"></a><a class="anchor" name="7.3.3-fc_retrans"></a><a class="anchor" name="fc_retrans (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_retrans (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_retrans"></a><a href="#7.3.3-fc_retrans">fc_retrans</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the retransmits counter measured by the kernel for the client
+connection. If the server connection is not established, if the connection is
+not TCP or if the operating system does not support TCP_INFO, for example
+Linux kernels before 2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_fackets"></a><a class="anchor" name="7-fc_fackets"></a><a class="anchor" name="7.3.3-fc_fackets"></a><a class="anchor" name="fc_fackets (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_fackets (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_fackets"></a><a href="#7.3.3-fc_fackets">fc_fackets</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the fack counter measured by the kernel for the client
+connection. If the server connection is not established, if the connection is
+not TCP or if the operating system does not support TCP_INFO, for example
+Linux kernels before 2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_lost"></a><a class="anchor" name="7-fc_lost"></a><a class="anchor" name="7.3.3-fc_lost"></a><a class="anchor" name="fc_lost (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_lost (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_lost"></a><a href="#7.3.3-fc_lost">fc_lost</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the lost counter measured by the kernel for the client
+connection. If the server connection is not established, if the connection is
+not TCP or if the operating system does not support TCP_INFO, for example
+Linux kernels before 2.4, the sample fetch fails.
+</pre><a class="anchor" name="fc_reordering"></a><a class="anchor" name="7-fc_reordering"></a><a class="anchor" name="7.3.3-fc_reordering"></a><a class="anchor" name="fc_reordering (Using ACLs and fetching samples)"></a><a class="anchor" name="fc_reordering (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fc_reordering"></a><a href="#7.3.3-fc_reordering">fc_reordering</a></b>(<span style="color: #080">&lt;unit&gt;</span>) : integer</div><pre class="text">Returns the reordering counter measured by the kernel for the client
+connection. If the server connection is not established, if the connection is
+not TCP or if the operating system does not support TCP_INFO, for example
+Linux kernels before 2.4, the sample fetch fails.
</pre><a class="anchor" name="fe_id"></a><a class="anchor" name="7-fe_id"></a><a class="anchor" name="7.3.3-fe_id"></a><a class="anchor" name="fe_id (Using ACLs and fetching samples)"></a><a class="anchor" name="fe_id (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="fe_id"></a><a href="#7.3.3-fe_id">fe_id</a></b> : integer</div><pre class="text">Returns an integer containing the current frontend's id. It can be used in
backends to check from which backend it was called, or to stick all users
coming via a same frontend to the same server.
@@ -14981,9 +15187,10 @@ <h3 id="chapter-7.3.3" data-target="7.3.3"><small><a class="small" href="#7.3.3"
IP and works on both IPv4 and IPv6 tables. On IPv6 tables, IPv4 addresses are
mapped to their IPv6 equivalent, according to RFC 4291. Note that it is the
TCP-level source address which is used, and not the address of a client
-behind a proxy. However if the &quot;<a href="#accept-proxy">accept-proxy</a>&quot; bind directive is used, it can
-be the address of a client behind another PROXY-protocol compatible component
-for all rule sets except &quot;<a href="#tcp-request%20connection">tcp-request connection</a>&quot; which sees the real address.
+behind a proxy. However if the &quot;<a href="#accept-proxy">accept-proxy</a>&quot; or &quot;<a href="#accept-netscaler-cip">accept-netscaler-cip</a>&quot; bind
+directive is used, it can be the address of a client behind another
+PROXY-protocol compatible component for all rule sets except
+&quot;<a href="#tcp-request%20connection">tcp-request connection</a>&quot; which sees the real address.
</pre><div class="separator">
<span class="label label-success">Example:</span>
<pre class="prettyprint">
@@ -15068,6 +15275,13 @@ <h3 id="chapter-7.3.3" data-target="7.3.3"><small><a class="small" href="#7.3.3"
acl abuse src_http_req_rate gt 10
acl kill src_inc_gpc0 gt 0
tcp-request connection reject if abuse kill
+</pre><a class="anchor" name="src_is_local"></a><a class="anchor" name="7-src_is_local"></a><a class="anchor" name="7.3.3-src_is_local"></a><a class="anchor" name="src_is_local (Using ACLs and fetching samples)"></a><a class="anchor" name="src_is_local (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="src_is_local"></a><a href="#7.3.3-src_is_local">src_is_local</a></b> : boolean</div><pre class="text">Returns true if the source address of the incoming connection is local to the
+system, or false if the address doesn't exist on the system, meaning that it
+comes from a remote machine. Note that UNIX addresses are considered local.
+It can be useful to apply certain access restrictions based on where the
+client comes from (eg: require auth or https for remote machines). Please
+note that the check involves a few system calls, so it's better to do it only
+once per connection.
</pre><a class="anchor" name="src_kbytes_in"></a><a class="anchor" name="7-src_kbytes_in"></a><a class="anchor" name="7.3.3-src_kbytes_in"></a><a class="anchor" name="src_kbytes_in (Using ACLs and fetching samples)"></a><a class="anchor" name="src_kbytes_in (Fetching samples at Layer 4)"></a><div class="keyword"><b><a class="anchor" name="src_kbytes_in"></a><a href="#7.3.3-src_kbytes_in">src_kbytes_in</a></b>(<span style="color: #008">[<span style="color: #080">&lt;table&gt;</span>]</span>) : integer</div><pre class="text">Returns the total amount of data received from the incoming connection's
source address in the current proxy's stick-table or in the designated
stick-table, measured in kilobytes. If the address is not found, zero is
@@ -15275,15 +15489,13 @@ <h3 id="chapter-7.3.4" data-target="7.3.4"><small><a class="small" href="#7.3.4"
certificate is not present in the current connection but may be retrieved
from the cache or the ticket. So prefer &quot;<a href="#ssl_c_used">ssl_c_used</a>&quot; if you want to check if
current SSL session uses a client certificate.
-</pre><a class="anchor" name="ssl_fc_has_sni"></a><a class="anchor" name="7-ssl_fc_has_sni"></a><a class="anchor" name="7.3.4-ssl_fc_has_sni"></a><a class="anchor" name="ssl_fc_has_sni (Using ACLs and fetching samples)"></a><a class="anchor" name="ssl_fc_has_sni (Fetching samples at Layer 5)"></a><div class="keyword"><b><a class="anchor" name="ssl_fc_has_sni"></a><a href="#7.3.4-ssl_fc_has_sni">ssl_fc_has_sni</a></b> : boolean</div><pre class="text"> This checks for the presence of a Server Name Indication TLS extension (SNI)
- in an incoming connection was made over an SSL/TLS transport layer. Returns
- true when the incoming connection presents a TLS SNI field. This requires
- that the SSL library is build with support for TLS extensions enabled (check
- haproxy -vv).
-
-ssl_fc_is_resumed: boolean
- Returns true if the SSL/TLS session has been resumed through the use of
- SSL session cache or TLS tickets.
+</pre><a class="anchor" name="ssl_fc_has_sni"></a><a class="anchor" name="7-ssl_fc_has_sni"></a><a class="anchor" name="7.3.4-ssl_fc_has_sni"></a><a class="anchor" name="ssl_fc_has_sni (Using ACLs and fetching samples)"></a><a class="anchor" name="ssl_fc_has_sni (Fetching samples at Layer 5)"></a><div class="keyword"><b><a class="anchor" name="ssl_fc_has_sni"></a><a href="#7.3.4-ssl_fc_has_sni">ssl_fc_has_sni</a></b> : boolean</div><pre class="text">This checks for the presence of a Server Name Indication TLS extension (SNI)
+in an incoming connection was made over an SSL/TLS transport layer. Returns
+true when the incoming connection presents a TLS SNI field. This requires
+that the SSL library is build with support for TLS extensions enabled (check
+haproxy -vv).
+</pre><a class="anchor" name="ssl_fc_is_resumed"></a><a class="anchor" name="7-ssl_fc_is_resumed"></a><a class="anchor" name="7.3.4-ssl_fc_is_resumed"></a><a class="anchor" name="ssl_fc_is_resumed (Using ACLs and fetching samples)"></a><a class="anchor" name="ssl_fc_is_resumed (Fetching samples at Layer 5)"></a><div class="keyword"><b><a class="anchor" name="ssl_fc_is_resumed"></a><a href="#7.3.4-ssl_fc_is_resumed">ssl_fc_is_resumed</a></b> : boolean</div><pre class="text">Returns true if the SSL/TLS session has been resumed through the use of
+SSL session cache or TLS tickets.
</pre><a class="anchor" name="ssl_fc_npn"></a><a class="anchor" name="7-ssl_fc_npn"></a><a class="anchor" name="7.3.4-ssl_fc_npn"></a><a class="anchor" name="ssl_fc_npn (Using ACLs and fetching samples)"></a><a class="anchor" name="ssl_fc_npn (Fetching samples at Layer 5)"></a><div class="keyword"><b><a class="anchor" name="ssl_fc_npn"></a><a href="#7.3.4-ssl_fc_npn">ssl_fc_npn</a></b> : string</div><pre class="text">This extracts the Next Protocol Negotiation field from an incoming connection
made via a TLS transport layer and locally deciphered by haproxy. The result
is a string containing the protocol name advertised by the client. The SSL
@@ -15931,6 +16143,14 @@ <h3 id="chapter-7.3.6" data-target="7.3.6"><small><a class="small" href="#7.3.6"
See &quot;<a href="#urlp">urlp</a>&quot; above. This one extracts the URL parameter &lt;name&gt; in the request
and converts it to an integer value. This can be used for session stickiness
based on a user ID for example, or with ACLs to match a page number or price.
+</pre><a class="anchor" name="url32"></a><a class="anchor" name="7-url32"></a><a class="anchor" name="7.3.6-url32"></a><a class="anchor" name="url32 (Using ACLs and fetching samples)"></a><a class="anchor" name="url32 (Fetching HTTP samples (Layer 7))"></a><div class="keyword"><b><a class="anchor" name="url32"></a><a href="#7.3.6-url32">url32</a></b> : integer</div><pre class="text">This returns a 32-bit hash of the value obtained by concatenating the first
+Host header and the whole URL including parameters (not only the path part of
+the request, as in the &quot;<a href="#base32">base32</a>&quot; fetch above). This is useful to track per-URL
+activity. A shorter hash is stored, saving a lot of memory. The output type
+is an unsigned integer.
+</pre><a class="anchor" name="url32+src"></a><a class="anchor" name="7-url32+src"></a><a class="anchor" name="7.3.6-url32+src"></a><a class="anchor" name="url32+src (Using ACLs and fetching samples)"></a><a class="anchor" name="url32+src (Fetching HTTP samples (Layer 7))"></a><div class="keyword"><b><a class="anchor" name="url32+src"></a><a href="#7.3.6-url32%2Bsrc">url32+src</a></b> : binary</div><pre class="text">This returns the concatenation of the &quot;<a href="#url32">url32</a>&quot; fetch and the &quot;<a href="#src">src</a>&quot; fetch. The
+resulting type is of type binary, with a size of 8 or 20 bytes depending on
+the source address family. This can be used to track per-IP, per-URL counters.
</pre></div>
<a class="anchor" id="7.4" name="7.4"></a>
<h2 id="chapter-7.4" data-target="7.4"><small><a class="small" href="#7.4">7.4.</a></small> Pre-defined ACLs</h2>
@@ -16133,8 +16353,9 @@ <h3 id="chapter-8.2.2" data-target="8.2.2"><small><a class="small" href="#8.2.2"
connection to haproxy. If the connection was accepted on a UNIX socket
instead, the IP address would be replaced with the word &quot;unix&quot;. Note that
when the connection is accepted on a socket configured with &quot;<a href="#accept-proxy">accept-proxy</a>&quot;
- and the PROXY protocol is correctly used, then the logs will reflect the
- forwarded connection's information.
+ and the PROXY protocol is correctly used, or with a &quot;<a href="#accept-netscaler-cip">accept-netscaler-cip</a>&quot;
+ and the NetScaler Client IP insetion protocol is correctly used, then the
+ logs will reflect the forwarded connection's information.
- &quot;client_port&quot; is the TCP port of the client which initiated the connection.
If the connection was accepted on a UNIX socket instead, the port would be
@@ -16306,14 +16527,14 @@ <h3 id="chapter-8.2.3" data-target="8.2.3"><small><a class="small" href="#8.2.3"
15 '{' captured_response_headers* '}' {}
16 '&quot;' http_request '&quot;' &quot;GET /index.html HTTP/1.1&quot;
-
Detailed fields description :
- &quot;client_ip&quot; is the IP address of the client which initiated the TCP
connection to haproxy. If the connection was accepted on a UNIX socket
instead, the IP address would be replaced with the word &quot;unix&quot;. Note that
when the connection is accepted on a socket configured with &quot;<a href="#accept-proxy">accept-proxy</a>&quot;
- and the PROXY protocol is correctly used, then the logs will reflect the
- forwarded connection's information.
+ and the PROXY protocol is correctly used, or with a &quot;<a href="#accept-netscaler-cip">accept-netscaler-cip</a>&quot;
+ and the NetScaler Client IP insetion protocol is correctly used, then the
+ logs will reflect the forwarded connection's information.
- &quot;client_port&quot; is the TCP port of the client which initiated the connection.
If the connection was accepted on a UNIX socket instead, the port would be
@@ -16579,6 +16800,7 @@ <h3 id="chapter-8.2.4" data-target="8.2.4"><small><a class="small" href="#8.2.4"
| | %ST | status_code | numeric |
| | %T | gmt_date_time | date |
| | %Tc | Tc | numeric |
+ | | %Td | Td = Tt - (Tq + Tw + Tc + Tr) | numeric |
| | %Tl | local_date_time | date |
| H | %Tq | Tq | numeric |
| H | %Tr | Tr | numeric |
@@ -17426,8 +17648,8 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.7-dev3 &ndash; Configuration Manual<br>
- <small>2016/05/10, willy tarreau</small>
+ HAProxy 1.7-dev4 &ndash; Configuration Manual<br>
+ <small>2016/08/14, willy tarreau</small>
</div>
</div>
<!-- /.col-lg-12 -->
@@ -17530,8 +17752,8 @@ <h2 id="chapter-9.2" data-target="9.2"><small><a class="small" href="#9.2">9.2.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.7-dev3', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.7-dev4', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
14 1.7/intro.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.7-dev3 - Starter Guide</title>
+ <title>HAProxy version 1.7-dev4 - Starter Guide</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -451,7 +451,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -462,7 +462,7 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Starter Guide</h2>
- <p><strong>version 1.7-dev3</strong></p>
+ <p><strong>version 1.7-dev4</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../img/logo-med.png" /></a><br>
<br>
@@ -2328,7 +2328,7 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.7-dev3 &ndash; Starter Guide<br>
+ HAProxy 1.7-dev4 &ndash; Starter Guide<br>
<small>, </small>
</div>
</div>
@@ -2432,8 +2432,8 @@ <h2 id="chapter-4.4" data-target="4.4"><small><a class="small" href="#4.4">4.4.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.7-dev3', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.7-dev4', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
116 1.7/management.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.7-dev3 - Management Guide</title>
+ <title>HAProxy version 1.7-dev4 - Management Guide</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -401,7 +401,7 @@
You can use <strong>left</strong> and <strong>right</strong> arrow keys to navigate between chapters.<br>
</p>
<p class="text-right">
- <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-58</b> on <b>2016/07/04</b></small>
+ <small>Converted with <a href="https://github.com/cbonte/haproxy-dconv">haproxy-dconv</a> v<b>0.3.1-60</b> on <b>2016/08/15</b></small>
</p>
</div>
<!-- /.sidebar -->
@@ -412,7 +412,7 @@
<div class="text-center">
<h1>HAProxy</h1>
<h2>Management Guide</h2>
- <p><strong>version 1.7-dev3</strong></p>
+ <p><strong>version 1.7-dev4</strong></p>
<p>
<a href="http://www.haproxy.org/" title="HAProxy Home Page"><img src="../img/logo-med.png" /></a><br>
<br>
@@ -668,26 +668,30 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
list of options is :
-- &lt;cfgfile&gt;* : all the arguments following &quot;--&quot; are paths to configuration
- file to be loaded and processed in the declaration order. It is mostly
- useful when relying on the shell to load many files that are numerically
- ordered. See also &quot;-f&quot;. The difference between &quot;--&quot; and &quot;-f&quot; is that one
- &quot;-f&quot; must be placed before each file name, while a single &quot;--&quot; is needed
- before all file names. Both options can be used together, the command line
- ordering still applies. When more than one file is specified, each file
- must start on a section boundary, so the first keyword of each file must be
- one of &quot;global&quot;, &quot;defaults&quot;, &quot;peers&quot;, &quot;listen&quot;, &quot;frontend&quot;, &quot;backend&quot;, and
- so on. A file cannot contain just a server list for example.
-
- -f &lt;cfgfile&gt; : adds &lt;cfgfile&gt; to the list of configuration files to be
- loaded. Configuration files are loaded and processed in their declaration
- order. This option may be specified multiple times to load multiple files.
- See also &quot;--&quot;. The difference between &quot;--&quot; and &quot;-f&quot; is that one &quot;-f&quot; must
- be placed before each file name, while a single &quot;--&quot; is needed before all
- file names. Both options can be used together, the command line ordering
- still applies. When more than one file is specified, each file must start
- on a section boundary, so the first keyword of each file must be one of
- &quot;global&quot;, &quot;defaults&quot;, &quot;peers&quot;, &quot;listen&quot;, &quot;frontend&quot;, &quot;backend&quot;, and so
- on. A file cannot contain just a server list for example.
+ file/directory to be loaded and processed in the declaration order. It is
+ mostly useful when relying on the shell to load many files that are
+ numerically ordered. See also &quot;-f&quot;. The difference between &quot;--&quot; and &quot;-f&quot; is
+ that one &quot;-f&quot; must be placed before each file name, while a single &quot;--&quot; is
+ needed before all file names. Both options can be used together, the
+ command line ordering still applies. When more than one file is specified,
+ each file must start on a section boundary, so the first keyword of each
+ file must be one of &quot;global&quot;, &quot;defaults&quot;, &quot;peers&quot;, &quot;listen&quot;, &quot;frontend&quot;,
+ &quot;backend&quot;, and so on. A file cannot contain just a server list for example.
+
+ -f &lt;cfgfile|cfgdir&gt; : adds &lt;cfgfile&gt; to the list of configuration files to be
+ loaded. If &lt;cfgdir&gt; is a directory, all the files (and only files) it
+ contains are added in lexical order (using LC_COLLATE=C) to the list of
+ configuration files to be loaded ; only files with &quot;.cfg&quot; extension are
+ added, only non hidden files (not prefixed with &quot;.&quot;) are added.
+ Configuration files are loaded and processed in their declaration order.
+ This option may be specified multiple times to load multiple files. See
+ also &quot;--&quot;. The difference between &quot;--&quot; and &quot;-f&quot; is that one &quot;-f&quot; must be
+ placed before each file name, while a single &quot;--&quot; is needed before all file
+ names. Both options can be used together, the command line ordering still
+ applies. When more than one file is specified, each file must start on a
+ section boundary, so the first keyword of each file must be one of
+ &quot;global&quot;, &quot;defaults&quot;, &quot;peers&quot;, &quot;listen&quot;, &quot;frontend&quot;, &quot;backend&quot;, and so on.
+ A file cannot contain just a server list for example.
-C &lt;dir&gt; : changes to directory &lt;dir&gt; before loading configuration
files. This is useful when using relative paths. Warning when using
@@ -726,7 +730,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
getaddrinfo() exist on various systems and cause anomalies that are
difficult to troubleshoot.
- -dM[&lt;byte&gt;] : forces memory poisonning, which means that each and every
+ -dM[&lt;byte&gt;] : forces memory poisoning, which means that each and every
memory region allocated with malloc() or pool_alloc2() will be filled with
&lt;byte&gt; before being passed to the caller. When &lt;byte&gt; is not specified, it
defaults to 0x50 ('P'). While this slightly slows down operations, it is
@@ -809,7 +813,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
-vv : display the version, build options, libraries versions and usable
pollers. This output is systematically requested when filing a bug report.
-A safe way to start HAProxy from an init file consists in forcing the deamon
+A safe way to start HAProxy from an init file consists in forcing the daemon
mode, storing existing pids to a pid file and using this pid file to notify
older processes to finish before leaving :
@@ -898,7 +902,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
- build options : they are relevant to people who build their packages
themselves, they can explain why things are not behaving as expected. For
example the development version above was built for Linux 2.6.28 or later,
- targetting a generic CPU (no CPU-specific optimizations), and lacks any
+ targeting a generic CPU (no CPU-specific optimizations), and lacks any
code optimization (-O0) so it will perform poorly in terms of performance.
- libraries versions : zlib version is reported as found in the library
@@ -912,7 +916,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
missed. PCRE provides very fast regular expressions and is highly
recommended. Certain of its extensions such as JIT are not present in all
versions and still young so some people prefer not to build with them,
- which is why the biuld status is reported as well. Regarding the Lua
+ which is why the build status is reported as well. Regarding the Lua
scripting language, HAProxy expects version 5.3 which is very young since
it was released a little time before HAProxy 1.6. It is important to check
on the Lua web site if some fixes are proposed for this branch.
@@ -965,7 +969,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
SIGTTIN signal to the old processes to instruct them to resume operations just
as if nothing happened. The old processes will then restart listening to the
ports and continue to accept connections. Not that this mechanism is system
-dependant and some operating systems may not support it in multi-process mode.
+dependent and some operating systems may not support it in multi-process mode.
If the new process manages to bind correctly to all ports, then it sends either
the SIGTERM (hard stop in case of &quot;-st&quot;) or the SIGUSR1 (graceful stop in case
@@ -991,7 +995,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
this almost forever. Linux has been supporting this in version 2.0 and
dropped it around 2.2, but some patches were floating around by then. It
was reintroduced in kernel 3.9, so if you are observing a connection
- failure rate above the one mentionned above, please ensure that your kernel
+ failure rate above the one mentioned above, please ensure that your kernel
is 3.9 or newer, or that relevant patches were backported to your kernel
(less likely).
@@ -1006,7 +1010,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
this RST. A second case concerns the ACK from the client on a local socket
that was in SYN_RECV state just before the close. This ACK will lead to an
RST packet while the haproxy process is still not aware of it. This one is
- harder to get rid of, though the firewall filtering rules mentionned above
+ harder to get rid of, though the firewall filtering rules mentioned above
will work well if applied one second or so before restarting the process.
For the vast majority of users, such drops will never ever happen since they
@@ -1036,7 +1040,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
present. Unfortunately it was often miscalculated resulting in connection
failures when approaching maxconn instead of throttling incoming connection
while waiting for the needed resources. For this reason it is important to
-remove any vestigal &quot;ulimit-n&quot; setting that can remain from very old versions.
+remove any vestigial &quot;ulimit-n&quot; setting that can remain from very old versions.
Raising the number of file descriptors to accept even moderate loads is
mandatory but comes with some OS-specific adjustments. First, the select()
@@ -1046,7 +1050,7 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
1024 file descriptors, HAProxy now refuses to start in this case in order to
avoid any issue at run time. On all supported operating systems, poll() is
available and will not suffer from this limitation. It is automatically picked
-so there is nothing ot do to get a working configuration. But poll's becomes
+so there is nothing to do to get a working configuration. But poll's becomes
very slow when the number of file descriptors increases. While HAProxy does its
best to limit this performance impact (eg: via the use of the internal file
descriptor cache and batched processing), a good rule of thumb is that using
@@ -1376,12 +1380,12 @@ <h1 id="chapter-summary" data-target="summary">Summary</h1>
server state change consecutive to a health check. Please consult HAProxy's
configuration manual for more information regarding all possible log settings.
-It is convenient to chose a facility that is not used by other deamons. HAProxy
+It is convenient to chose a facility that is not used by other daemons. HAProxy
examples often suggest &quot;local0&quot; for traffic logs and &quot;local1&quot; for admin logs
because they're never seen in field. A single facility would be enough as well.
Having separate logs is convenient for log analysis, but it's also important to
remember that logs may sometimes convey confidential information, and as such
-they must not be mixed with other logs that may accidently be handed out to
+they must not be mixed with other logs that may accidentally be handed out to
unauthorized people.
For in-field troubleshooting without impacting the server's capacity too much,
@@ -1589,7 +1593,7 @@ <h2 id="chapter-9.1" data-target="9.1"><small><a class="small" href="#9.1">9.1.<
to group some values together because it is unique among its class. All
internal identifiers are keys. Some names can be listed as keys if they
are unique (eg: a frontend name is unique). In general keys come from the
- configuration, eventhough some of them may automatically be assigned. For
+ configuration, even though some of them may automatically be assigned. For
most purposes keys may be considered as equivalent to configuration.
C The value comes from the configuration. Certain configuration values make
@@ -1799,7 +1803,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
&lt;map&gt; is a file and is shared with a map, this map will contain also a new
pattern entry.
</pre><a class="anchor" name="clear"></a><a class="anchor" name="9-clear"></a><a class="anchor" name="9.3-clear"></a><a class="anchor" name="clear (Statistics and monitoring)"></a><a class="anchor" name="clear (Unix Socket commands)"></a><a class="anchor" name="clear counters"></a><a class="anchor" name="9-clear counters"></a><a class="anchor" name="9.3-clear counters"></a><a class="anchor" name="clear counters (Statistics and monitoring)"></a><a class="anchor" name="clear counters (Unix Socket commands)"></a><div class="keyword"><b><a class="anchor" name="clear counters"></a><a href="#9.3-clear%20counters">clear counters</a></b></div><pre class="text">Clear the max values of the statistics counters in each proxy (frontend &amp;
-backend) and in each server. The cumulated counters are not affected. This
+backend) and in each server. The accumulated counters are not affected. This
can be used to get clean counters after an incident, without having to
restart nor to clear traffic counters. This command is restricted and can
only be issued on sockets configured for levels &quot;operator&quot; or &quot;admin&quot;.
@@ -1874,7 +1878,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
In the case where an agent check is being run as a auxiliary check, due
to the agent-check parameter of a server directive, new checks are only
-initialised when the agent is in the enabled. Thus, disable agent will
+initialized when the agent is in the enabled. Thus, disable agent will
prevent any new agent checks from begin initiated until the agent
re-enabled using enable agent.
@@ -2167,7 +2171,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
its own line. By default, the format contains only two columns delimited by a
colon (':'). The left one is the field name and the right one is the value.
It is very important to note that in typed output format, the dump for a
-single object is contigous so that there is no need for a consumer to store
+single object is contiguous so that there is no need for a consumer to store
everything at once.
When using the typed output format, each line is made of 4 columns delimited
@@ -2271,7 +2275,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
- third line and next ones contain data;
- each line starting by a sharp ('#') is considered as a comment.
-Since multiple versions of the ouptput may co-exist, below is the list of
+Since multiple versions of the output may co-exist, below is the list of
fields and their order per file format version :
1:
be_id: Backend unique id.
@@ -2353,7 +2357,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
output field. Each value stands on its own line with process number, element
number, nature, origin and scope. This same format is available via the HTTP
stats by passing &quot;;typed&quot; after the URI. It is very important to note that in
-typed output format, the dump for a single object is contigous so that there
+typed output format, the dump for a single object is contiguous so that there
is no need for a consumer to store everything at once.
When using the typed output format, each line is made of 4 columns delimited
@@ -2537,9 +2541,11 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
| fgrep 'key=' | cut -d' ' -f2 | cut -d= -f2 &gt; abusers-ip.txt
( or | awk '/key/{ print a[split($2,a,&quot;=&quot;)]; }' )
</code></pre>
-</div><a class="anchor" name="show"></a><a class="anchor" name="9-show"></a><a class="anchor" name="9.3-show"></a><a class="anchor" name="show (Statistics and monitoring)"></a><a class="anchor" name="show (Unix Socket commands)"></a><a class="anchor" name="show tls-keys"></a><a class="anchor" name="9-show tls-keys"></a><a class="anchor" name="9.3-show tls-keys"></a><a class="anchor" name="show tls-keys (Statistics and monitoring)"></a><a class="anchor" name="show tls-keys (Unix Socket commands)"></a><div class="keyword"><b><a class="anchor" name="show tls-keys"></a><a href="#9.3-show%20tls-keys">show tls-keys</a></b></div><pre class="text">Dump all loaded TLS ticket keys. The TLS ticket key reference ID and the
-file from which the keys have been loaded is shown. Both of those can be
-used to update the TLS keys using &quot;<a href="#set%20ssl%20tls-key">set ssl tls-key</a>&quot;.
+</div><a class="anchor" name="show"></a><a class="anchor" name="9-show"></a><a class="anchor" name="9.3-show"></a><a class="anchor" name="show (Statistics and monitoring)"></a><a class="anchor" name="show (Unix Socket commands)"></a><a class="anchor" name="show tls-keys"></a><a class="anchor" name="9-show tls-keys"></a><a class="anchor" name="9.3-show tls-keys"></a><a class="anchor" name="show tls-keys (Statistics and monitoring)"></a><a class="anchor" name="show tls-keys (Unix Socket commands)"></a><div class="keyword"><b><a class="anchor" name="show tls-keys"></a><a href="#9.3-show%20tls-keys">show tls-keys</a></b> <span style="color: #008">[id|*]</span></div><pre class="text">Dump all loaded TLS ticket keys references. The TLS ticket key reference ID
+and the file from which the keys have been loaded is shown. Both of those
+can be used to update the TLS keys using &quot;<a href="#set%20ssl%20tls-key">set ssl tls-key</a>&quot;. If an ID is
+specified as parameter, it will dump the tickets, using * it will dump every
+keys from every references.
</pre><a class="anchor" name="shutdown"></a><a class="anchor" name="9-shutdown"></a><a class="anchor" name="9.3-shutdown"></a><a class="anchor" name="shutdown (Statistics and monitoring)"></a><a class="anchor" name="shutdown (Unix Socket commands)"></a><a class="anchor" name="shutdown frontend"></a><a class="anchor" name="9-shutdown frontend"></a><a class="anchor" name="9.3-shutdown frontend"></a><a class="anchor" name="shutdown frontend (Statistics and monitoring)"></a><a class="anchor" name="shutdown frontend (Unix Socket commands)"></a><div class="keyword"><b><a class="anchor" name="shutdown frontend"></a><a href="#9.3-shutdown%20frontend">shutdown frontend</a></b> <span style="color: #080">&lt;frontend&gt;</span></div><pre class="text">Completely delete the specified frontend. All the ports it was bound to will
be released. It will not be possible to enable the frontend anymore after
this operation. This is intended to be used in environments where stopping a
@@ -2646,7 +2652,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
processing time. Logs will also report a certain number of retries. For this
reason, port ranges should be avoided in multi-process configurations.
-Since HAProxy uses SO_REUSEPORT and supports having multiple independant
+Since HAProxy uses SO_REUSEPORT and supports having multiple independent
processes bound to the same IP:port, during troubleshooting it can happen that
an old process was not stopped before a new one was started. This provides
absurd test results which tend to indicate that any change to the configuration
@@ -2759,13 +2765,13 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
When an issue seems to randomly appear on a new version of HAProxy (eg: every
second request is aborted, occasional crash, etc), it is worth trying to enable
-memory poisonning so that each call to malloc() is immediately followed by the
+memory poisoning so that each call to malloc() is immediately followed by the
filling of the memory area with a configurable byte. By default this byte is
0x50 (ASCII for 'P'), but any other byte can be used, including zero (which
will have the same effect as a calloc() and which may make issues disappear).
-Memory poisonning is enabled on the command line using the &quot;-dM&quot; option. It
+Memory poisoning is enabled on the command line using the &quot;-dM&quot; option. It
slightly hurts performance and is not recommended for use in production. If
-an issue happens all the time with it or never happens when poisoonning uses
+an issue happens all the time with it or never happens when poisoning uses
byte zero, it clearly means you've found a bug and you definitely need to
report it. Otherwise if there's no clear change, the problem it is not related.
@@ -2808,7 +2814,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
to disable Nagle in order to work around their design, keeping in mind that any
other proxy in the chain may similarly be impacted. If tcpdump reports that data
leave immediately but the other end doesn't see them quickly, it can mean there
-is a congestionned WAN link, a congestionned LAN with flow control enabled and
+is a congested WAN link, a congested LAN with flow control enabled and
preventing the data from leaving, or more commonly that HAProxy is in fact
running in a virtual machine and that for whatever reason the hypervisor has
decided that the data didn't need to be sent immediately. In virtualized
@@ -2832,7 +2838,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
were lost in the network stack because the application doesn't process them
fast enough. This can happen during some attacks as well. Tx-Drp means that
the output queues were full and packets had to be dropped. When using TCP it
-should be very rare, but will possibly indicte a saturated outgoing link.
+should be very rare, but will possibly indicate a saturated outgoing link.
</pre></div>
<a class="anchor" id="13" name="13"></a>
<div class="page-header"><h1 id="chapter-13" data-target="13"><small><a class="small" href="#13">13.</a></small> Security considerations</h1>
@@ -2842,7 +2848,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
vulnerability were to be discovered, its compromise would not affect the rest
of the system.
-In order to perfom a chroot, it first needs to be started as a root user. It is
+In order to perform a chroot, it first needs to be started as a root user. It is
pointless to build hand-made chroots to start the process there, these ones are
painful to build, are never properly maintained and always contain way more
bugs than the main file-system. And in case of compromise, the intruder can use
@@ -2861,7 +2867,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
HAProxy may require to be run as root in order to :
- bind to an interface for outgoing connections
- bind to privileged source ports for outgoing connections
- - transparently bind to a foreing address for outgoing connections
+ - transparently bind to a foreign address for outgoing connections
Most users will never need the &quot;run as root&quot; case. But the &quot;start as root&quot;
covers most usages.
@@ -2891,7 +2897,7 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
<br>
<hr>
<div class="text-right">
- HAProxy 1.7-dev3 &ndash; Management Guide<br>
+ HAProxy 1.7-dev4 &ndash; Management Guide<br>
<small>, </small>
</div>
</div>
@@ -2995,8 +3001,8 @@ <h2 id="chapter-9.3" data-target="9.3"><small><a class="small" href="#9.3">9.3.<
</script><script type="text/javascript">
try {
var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 4);
-piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.7-dev3', 'page');
-piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-58', 'page');
+piwikTracker.setCustomVariable (1, 'HaproxyVersion', 'version 1.7-dev4', 'page');
+piwikTracker.setCustomVariable (2, 'HaproxyDconvVersion', '0.3.1-60', 'page');
piwikTracker.trackPageView();
piwikTracker.enableLinkTracking();
} catch( err ) {}
View
212 1.7/snapshot/configuration.html
@@ -2,10 +2,10 @@
<html lang="en">
<head>
<meta charset="utf-8" />
- <title>HAProxy version 1.7-dev3-69 - Configuration Manual</title>
+ <title>HAProxy version 1.7-dev4 - Configuration Manual</title>
<link href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" />
<link href="//bootswatch.com/cerulean/bootstrap.min.css" rel="stylesheet" />
- <link href="../../css/page.css?0.3.1-58" rel="stylesheet" />
+ <link href="../../css/page.css?0.3.1-60" rel="stylesheet" />
</head>
<body>
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
@@ -1097,6 +1097,8 @@
<a class="list-group-item" href="#dst_conn">dst_conn</a>
+ <a class="list-group-item" href="#dst_is_local">dst_is_local</a>
+
<a class="list-group-item" href="#dst_port">dst_port</a>
</div> <!-- /letter -->
@@ -1147,6 +1149,22 @@
<a class="list-group-item" href="#fastinter">fastinter</a>
+ <a class="list-group-item" href="#fc_fackets">fc_fackets</a>
+
+ <a class="list-group-item" href="#fc_lost">fc_lost</a>
+
+ <a class="list-group-item" href="#fc_reordering">fc_reordering</a>
+
+ <a class="list-group-item" href="#fc_retrans">fc_retrans</a>
+
+ <a class="list-group-item" href="#fc_rtt">fc_rtt</a>
+
+ <a class="list-group-item" href="#fc_rttvar">fc_rttvar</a>
+
+ <a class="list-group-item" href="#fc_sacked">fc_sacked</a>
+
+ <a class="list-group-item" href="#fc_unacked">fc_unacked</a>
+
<a class="list-group-item" href="#fe_conn">fe_conn</a>
<a class="list-group-item" href="#fe_id">fe_id</a>
@@ -2061,6 +2079,8 @@
<a class="list-group-item" href="#src_inc_gpc0">src_inc_gpc0</a>