HAProxy - Load balancer
Find a file
Willy Tarreau b232b554f2 DEV: patchbot: update: add an awk backend to persist review edits
The backport review page keeps the human edits (verdict overrides and
notes) only in the loaded DOM: they are lost on reload and never shared
between reviewers. This adds the server side of the shared persistence
design: update.awk, a GNU awk CGI script which stores these edits into
one file per major branch (e.g. "3.5") inside a dedicated git
repository, one line per touched commit:

    <commit_id> [state <n|u|w|y>] [notes "<quoted notes>"]

The overlay only ever stores human edits keyed on the commit id; the AI
verdict and explanation stay in the generated HTML. Commit ids are
length-agnostic and matched by symmetric prefix (first match wins), so
the current 8-char pipeline and a future 12-char one both work without
any migration.

POST applies line-oriented directives ("<cid> state <n|u|w|y|revert>",
"<cid> notes <text to append>"), none of which carries a base value:
states are last-write-wins and notes are append-only (capped to 500
chars per push and sanitised so that no newline may ever enter a stored
line), which keeps concurrent edits conflict-free. Broken directives,
fields or lines are silently ignored, never fatal, and lines not being
modified are preserved byte-for-byte so that admin hand-edits survive.
Writers are serialised by a mkdir lock at an obvious place (<repo>/lock)
with PID-gated crash takeover via atomic rename, the file itself is
replaced by an atomic rename from a temp file inside the lock dir, and
every resulting state is committed to git, which acts as the event log
(git blame/log -L provide the full history). A crash at any point leaves
at worst a stale lock (reclaimed on the next write) or a valid but
uncommitted tree (folded into the next commit), never a broken file.

The takeover races are covered: the staleness decision and the takeover
rename are not one atomic operation, so the thief verifies after the
rename, discarding the stolen dir only if it still carries the pid that
was judged dead and renaming it back in place untouched otherwise; the
victim redoes the whole locked cycle from a fresh read when its final
rename fails, since nothing was applied to the branch file yet; a writer
finding its own pid in the lock adopts it as stale; and the release only
removes the lock after checking that it still contains our own pid.

A few awk specifics are worth noting: external commands (git, mkdir,
mv) go through /bin/sh, so everything interpolated into a command line
is shell-quoted (single-quote is escaped and the argument placed inside
single quotes); the -b (bytes) flag keeps all string operations byte-
based regardless of the locale; and a manual argv parsing due to gawk
silently consumes a leading "-r" argument, ignoring ours.

Also note that gawk uses a file cache for getline() and co, which opens
lots of traps so we need to be extremely careful about properly closing
files if we want to check for changes (e.g. lock's pid file).

Finally, writing through a redirection whose target cannot be opened is
a fatal awk error terminating the script without even a response, so the
writes into the (stealable) lock dir are arranged to resist a takeover:
the pid is written through the shell, where a vanished dir is a plain
command failure, and the temp file is opened the very instant the lock
is acquired, its descriptor surviving a later theft. The update.cgi
wrapper considers any >0 return code as a failure and returns a generic
error as it will indicate that the awk script itself couldn't produce
a valid response.

For now, only the POST ("save changes") action is implemented.
2026-07-07 14:45:32 +02:00
.github CI: github: remove OpenTracing leftovers 2026-06-26 16:45:38 +02:00
addons MAJOR: ot: remove deprecated OpenTracing support 2026-06-26 11:27:07 +02:00
admin CLEANUP: admin/halog: improve handling of memory allocation errors 2026-05-31 10:30:00 +02:00
dev DEV: patchbot: update: add an awk backend to persist review edits 2026-07-07 14:45:32 +02:00
doc MEDIUM: quic: remove deprecated keywords 2026-07-06 17:19:24 +02:00
examples EXAMPLES: lua/acme: fix acme-gandi-livedns.lua configuration example 2026-06-15 13:50:22 +02:00
include BUG/MEDIUM: mux_quic: complete stream shutdown for read channel 2026-07-06 10:19:12 +02:00
reg-tests REGTESTS: server: add test for 'set server name' CLI command 2026-07-01 09:32:30 +02:00
scripts MAJOR: ot: remove deprecated OpenTracing support 2026-06-26 11:27:07 +02:00
src MEDIUM: quic: remove deprecated keywords 2026-07-06 17:19:24 +02:00
tests TESTS: quic: add unit-tests for QUIC TX part 2025-09-08 14:49:03 +02:00
.gitattributes MINOR: Configure the cpp userdiff driver for *.[ch] in .gitattributes 2021-02-22 18:17:57 +01:00
.gitignore MINOR: tevt/dev: Add term_events tool 2025-01-31 10:41:50 +01:00
.mailmap DOC: update Tim's address in .mailmap 2021-09-16 09:14:14 +02:00
.travis.yml MEDIUM: mworker: remove USE_SYSTEMD requirement for -Ws 2024-11-20 12:07:38 +01:00
BRANCHES CLEANUP: tree-wide: fix typos in user-invisible files 2026-05-13 17:03:48 +02:00
BSDmakefile BUILD: makefile: commit the tiny FreeBSD makefile stub 2023-05-24 17:17:36 +02:00
CHANGELOG [RELEASE] Released version 3.5-dev1 2026-06-25 16:53:19 +02:00
CONTRIBUTING CLEANUP: assorted typo fixes in the code and comments 2025-04-02 11:12:20 +02:00
INSTALL BUILD: makefile: add a new generic target "tiny" 2026-07-03 16:33:27 +02:00
LICENSE LICENSE: add licence exception for OpenSSL 2012-09-07 13:52:26 +02:00
MAINTAINERS MAJOR: spoe: Let the SPOE back into the game 2024-05-22 09:04:38 +02:00
Makefile BUILD: makefile: add a new generic target "tiny" 2026-07-03 16:33:27 +02:00
README.md CI: github: replace cirrus by a vmactions/freebsd-vm job 2026-06-03 11:20:31 +02:00
SUBVERS BUILD: use format tags in VERDATE and SUBVERS files 2013-12-10 11:22:49 +01:00
VERDATE [RELEASE] Released version 3.5-dev1 2026-06-25 16:53:19 +02:00
VERSION [RELEASE] Released version 3.5-dev1 2026-06-25 16:53:19 +02:00

HAProxy

AWS-LC Illumos NetBSD CrossCompile FreeBSD VTest

HAProxy logo

HAProxy is a free, very fast and reliable reverse-proxy offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

Installation

The INSTALL file describes how to build HAProxy. A list of packages is also available on the wiki.

Getting help

The discourse and the mailing-list are available for questions or configuration assistance. You can also use the slack or IRC channel. Please don't use the issue tracker for these.

The issue tracker is only for bug reports or feature requests.

Documentation

The HAProxy documentation has been split into a number of different files for ease of use. It is available in text format as well as HTML. The wiki is also meant to replace the old architecture guide.

Please refer to the following files depending on what you're looking for:

  • INSTALL for instructions on how to build and install HAProxy
  • BRANCHES to understand the project's life cycle and what version to use
  • LICENSE for the project's license
  • CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory:

License

HAProxy is licensed under GPL 2 or any later version, the headers under LGPL 2.1. See the LICENSE file for a more detailed explanation.