|Specifies a control port where the load balancer listens for commands. See penctl.1 for a list of the commands available. The protocol is unauthenticated and the administrator is expected to restrict access using an access control list (for connections over a network) or Unix file permissions (for a Unix domain socket). Pen will normally refuse to open the control port if running as root; see -u option. If you still insist that you want to run pen as root with a control port, use "-u root".|
|Names a configuration file with commands in penctl format (see penctl.1). The file is read after processing all command line arguments, and also after receiving a HUP signal.|
|-H||Adds X-Forwarded-For header to http requests.|
|-U||Use udp protocol support|
|Allows most penctl commands to be used on the Pen command line.|
|-P||Use poll() for event notification.|
|-Q||Use kqueue() for event notification (BSD).|
|-W||Use weight for server selection.|
|-X||Adds an exit command to the control interface.|
|-a||Used in conjunction with -dd to get communication dumps in ascii rather than hexadecimal format.|
|-b sec||Servers that do not respond are blacklisted, i.e. excluded from the server selection algorithm, for the specified number of seconds (default 30).|
|-T sec||Clients are tracked for the specified number of seconds so they can be sent to the same server as the last time (default 0 = never expire clients).|
|-c N||Max number of clients (default 2048).|
|-d||Debugging (repeat -d for more). The output goes to stderr if we are running in the foreground (see -f) and to syslog (facility user, priority debug) otherwise.|
|host:port specifies the emergency server to contact if all regular servers become unavailable.|
|-f||Stay in foreground.|
|-h||Use a hash on the client IP address for the initial server selection. This makes it more predictable where clients will be connected.|
|Windows only. Install pen as a service.|
|-j dir||Run in a chroot environment.|
|Turn on logging.|
|Accept up to multi_accept incoming connections at a time.|
|Write the pid of the running daemon to file.|
|Allow the queue of pending incoming connections to grow up to a maximum of backlog entries.|
|-r||Go straight into round-robin server selection without looking up which server a client used the last time.|
|-s||Stubborn server selection: if the initial choice is unavailable, the client connection is closed without trying another server.|
|-t sec||Connect timeout in seconds (default 5).|
|Posix only. Run as a different user.|
|Windows only. Uninstall the service.|
|-x N||Max number of simultaneous connections (default 500).|
|File for status reports in HTML format.|
|Use option in penctl format.|
|Use the given certificate in PEM format.|
|Use the given key in PEM format (may be contained in cert).|
|File containing the CAs certificate.|
|Directory containing CA certificates in hashed format.|
|-Z||Use SSL compatibility mode.|
|-R||Require valid peer certificate.|
|ssl23 (default), ssl3 or tls1.|
|[host:]port OR /path/to/socket|
|The local address and port pen listens to. By default pen listens to all local addresses. Pen can also use a Unix domain socket as the local listening address.|
The address, port and maximum number of simultaneous connections for
a remote server. By default, the port is the same as the local port,
and the soft limit on the number of connections is unlimited. The hard
limit is used for clients which have accessed the server before.
The weight and prio are used for the weight- and priority-based
server selection algorithms.
Pen runs in a single process, and opens two sockets for each connection. Depending on kernel configuration, pen can run out of file descriptors.
SSL support is available if pen was built with the --with-ssl option.
GeoIP support is available if pen was built with the --with-geoip option.
Copyright (C) 2001-2015 Ulric Eriksson, <email@example.com>.
In part inspired by balance by Thomas Obermair.