"Fossies" - the Fresh Open Source Software Archive

Member "Pound-3.0.2/README.md" (28 Nov 2021, 19447 Bytes) of package /linux/www/Pound-3.0.2.tgz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the latest Fossies "Diffs" side-by-side code changes report for "README.md": 3.0.1_vs_3.0.2.

###POUND - REVERSE-PROXY AND LOAD-BALANCER###

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s). Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no warranty, it’s free to use, copy and give away.

###WHAT POUND IS:###

  1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.

  2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.

  3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.

  4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.

  5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.

Pound is a very small program, easily audited for security problems. It can run as setuid/setgid and/or in a chroot jail. Pound does not access the hard-disk at all (except for reading certificate file(s) on start, if required) and should thus pose no security threat to any machine.

###WHAT POUND IS NOT:###

  1. Pound is not a Web server: by itself, Pound serves no content - it contacts the back-end server(s) for that purpose.

  2. Pound is not a Web accelerator: no caching is done - every request is passed “as is” to a back-end server.

###STATUS###

As of release 1.0 Pound is declared to be production-quality code.

Quite a few people have reported using Pound successfully in production environments. The largest volume reported to date is a site with an average of about 30M requests per day, peaking at over 600 requests/sec.

Pound was successfully used in production with a variety of Web servers, including Apache, IIS, Zope, WebLogic, Jakarta/Tomcat, iPlanet, etc. In general Pound passes requests and responses back and forth unchanged, so we have no reason to think that any web server would be incompatible.

Client browsers that were tested:

Given that Pound is in production and no problems were reported, we have no reason to believe that other browsers would present a problem. A few issues were observed with problematic SSL implementations, most notably with Opera 6, but these should be OK in the present version.

###INSTALLATION###

Probably the easiest way to install Pound is to use a pre-compiled package if you can find one. While Apsis offers no such packages, they are available for quite a few systems (Suse, Debian and derivatives such as Ubuntu), as well as some private packages.

Failing that you should install from sources.

Required packages:

The uthash and hpack libraries are included as packages for them are usually not included in distributions.

Optional, but recommended packages:

These packages will be automatically used by Pound if available.

Download the latest version Pound-3.0.2.tgz file and unpack it. The archive is signed.

My signature is available here.

Alternately see below for stable versions.

Pound uses CMake for its build, so just do the usual:

cd build
cmake ..
make

###COPYRIGHT###

Pound is copyrighted by Apsis GmbH and is distributed under the terms of the GNU Public License. Basically, this means that you can use it free of charge, copy it, distribute it (provided the copyright is maintained and the full package is distributed), modify it, or line a bird-cage with it.

We would be happy to hear from you if you use it and suggestions and improvements are gladly accepted.

###CONTACT###

Robert Segall
Apsis GmbH
P O Box
CH-8707 Uetikon am See
Switzerland
+41-44-920 4904

###MAILING LIST###

Pound has its own mailing list now: go here to subscribe. You will receive confirmation and instructions in the reply.

All messages are available and indexed (searcheable) in the archive.

The mailing list is the primary support forum for Pound - please post there any questions you may have. The developpers’ address is given here for information purposes only.

###LOGO###

We would be grateful if you would include the Pound logo Pound logo with a link to Apsis GmbH somewhere on your web page.

###SESSIONS###

Pound has the ability to keep track of sessions between a client browser and a back-end server. Unfortunately, HTTP is defined as a stateless protocol, which complicates matters: many schemes have been invented to allow keeping track of sessions, none of which works perfectly. Even worse, sessions are critical in order to allow web-based applications to function correctly - it is vital that once a session is established all subsequent requests from the same browser be directed to the same back-end server.

The way this is supported in Pound is by keeping track of the association between an originating IP address and a specific Backend. This is done at the Service level, and the directive Session defines for how long this association is kept.

A note on cookie injection: some applications have no session-tracking mechanism at all but would still like to have the client always directed to the same back-end time after time. Some reverse proxies use a mechanism called “cookie injection” in order to achieve this: a cookie is added to the back-end responses and tracked by the reverse proxy.

Pound was designed to be as transparent as possible, and this mechanism is not supported.

###THREADS AND LIMITS###

A few people ran into problems when installing Pound because of the various threading models and how they interact with system-imposed limits. Please keep in mind the following requirements:

Please note that your kernel needs to be configured to support the required resources - the above are just the shell commands.

###SIMILAR SYSTEMS###

Quite a few people asked “What is wrong with Apache/Squid/ stunnel/your_favorite? Do we really need another proxy system?”. The simple answer is that there is nothing wrong - they are all excellent systems that do their jobs very well. The reasoning behind Pound is however slightly different:

Taking these criteria into consideration, it is easy to see why the other systems mentioned above do not fit:

###OTHER ISSUES###

The following problems were reported by various people who use pound:

###ACKNOWLEDGMENTS###

All the others who tested Pound and told me about their results.

###STABLE VERSIONS###

###EXPERIMENTAL VERSIONS###