fproxy is a generic tcp, load-balacing, IPv6-ready (reverse) proxy. It claims to be fast, since it avoids forking for each connection. Instead it uses the epoll framework provided by recent versions of Linux (support for splice() on Linux and kqueue on FreeBSD may come some day). Configuration is done through command line parameters only. For reconfiguration, you have to send a SIGTERM to the running instance of fproxy to exit nicely, and then start with modified parameters.
fproxy V0.41 - non-forking tcp proxy using the epoll() framework
fproxy [-o<logfile>] [-e<errorlog>] [-p<pidfile>] [-f] [-y<# bytes>]
[-t<timeout>] [-g<grace>] [-s0] [-s1] [-s2] [-s3] [-s4]
<cluster[:port]> [ ... ] -- <backend[:port]> [ ... ]
fproxy -h
-h this help ;-)
-o<logfile> use <logfile> for logging instead of /var/log/fproxy.log
-e<errorlog> use <errorlog> for error messages
instead of /var/log/fproxy.err
-p<pidfile> write process id into <pidfile>,
not into /var/run/fproxy.pid
-f do not fork and detach from controlling terminal;
do not use logfile, errorlog and pidfile
-y<# bytes> open new connection to backend servers only if the client
wrote <# bytes>, eg. use -y6 for preventing a SYN attack
against a webserver (nb. strlen("GET /\n") = 6);
-y0 disables this feature, which is also the default
-t<timeout> drop idle client connections after <timeout> seconds;
-t0 disables timeout handling, which is also the default
-g<grace> reenables a failed backend after <grace> seconds;
defaults to 60 seconds
-s0 select backends in a round robin fashion
-s1 select backend with least connections handled so far
-s2 select backend with least bytes (in + out) processed so far
-s3 select backend with least connection time consumed so far
-s4 (default) select backend in a weighted fashion, using number
of connections, processed bytes and connection time to
calculate to workload of each backend
<cluster[:port]> path to Unix socket or IPv4 or IPv6 address(es) w/ optional
tcp port on which this machine accepts connections;
port defaults to 80
<backend[:port]> path to Unix socket or IPv4 or IPv6 address(es) w/ optional
tcp port to which client connections be proxied;
port defaults to 80
send SIGHUP to reopen logfile and errorlog
send SIGTERM to exit nicely (dont accept any new client connections, wait
for active connections to be finished normally)
send SIGKILL to exit immediatelly
redirect all web traffic on localhost to three backends:
$ ./fproxy 127.0.0.1 -- 192.168.1.10 192.168.1.11 192.168.1.12
fproxy utilizes a httpd-like log format:
127.0.0.1 - - [31/Jul/2011:13:00:00 +0200] "POST 192.168.0.1" 200 848 8 940087 8where:
| 127.0.0.1 | client's ip address |
| - - | ident user and authuser are always unset |
| [31/Jul/2011:13:00:00 +0200] | date, time, and offset from UTC when the client disconnected |
| POST | request method; GET if command line argument -y is zero, POST otherwise |
| 192.168.0.1 | backend's ip address |
| 200 | status code |
| 848 | number of bytes received from the client |
| 8 | number of seconds the client was connected |
| 9400087 | number of bytes received from the backend |
| 8 | number of seconds the backend was connected |