Re: Reuse backend connections

> On Jun 29, 2018, at Jun 29, 12:50 PM, Leela Kalidindi (lkalidin) > wrote: > > Not for Remote desktop protocol, it is for haproxy backend server with option > persist as in > "HAPROXY_0_BACKEND_HEAD": "\nbackend {backend}\n balance {balance}\n mode > http\n option httplog\n option

Re: Reuse backend connections

> On Jun 29, 2018, at Jun 29, 12:42 PM, Leela Kalidindi (lkalidin) > wrote: > > Bryan, > > One another follow-up question - what does persist do? Thanks! > https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#persist

Re: Reuse backend connections

> On Jun 29, 2018, at Jun 29, 12:38 PM, Leela Kalidindi (lkalidin) > wrote: > > Hi Bryan, > > Thanks a lot for the prompt response. > > Is there a such kind of thing to leave the backend connections open forever > that can serve any client request? > No, not to my knowledge. -Bryan

Re: Reuse backend connections

> On Jun 29, 2018, at Jun 29, 5:11 AM, Leela Kalidindi (lkalidin) > wrote: > > Hi, > > How can I enforce haproxy to reuse limited backend connections regardless of > number of client connections? Basically I do not want to recreate backend > connection for every front end client. > >

Re: Bug: haproxy fails to build with USE_THREAD=

Bisecting the 1.9 / master branch shows the build break (on OSX) with abeaff2d543fded7ffc14dd908d673c59d725155 is the first bad commit commit abeaff2d543fded7ffc14dd908d673c59d725155 Author: Willy Tarreau Date: Mon Feb 5 19:43:30 2018 +0100 BUG/MINOR: fd/threads: properly

Re: [ANNOUNCE] haproxy-1.8-rc1 : the last mile

> On Nov 1, 2017, at Nov 1, 3:28 AM, Aleksandar Lazic wrote: > > > There is now a shiny new docker image with the rc1. > > docker run --rm --entrypoint /usr/local/sbin/haproxy me2digital/haproxy18 -vv > For the past couple of years, I’ve also been maintaining a base docker

Re: HAProxy1.7.9-http-reuse

> On Oct 26, 2017, at Oct 26, 6:13 PM, karthikeyan.rajam...@thomsonreuters.com > wrote: > > > Yes the log indicates that. But the RTT via ping is 204 ms, with http-reuse > always/aggressive option the connection is reused & we expect a time close to > ping+ a small overhead time, the

Re: HAProxy1.7.9-http-reuse

Hello > On Oct 26, 2017, at Oct 26, 3:13 PM, karthikeyan.rajam...@thomsonreuters.com > wrote: > > Hi, > We have the set up working, the ping time from local to remote haproxy is > 204 ms. > The time taken for the web page when accessed by the browser is 410 ms. > We want the latency to be

Re: Deny with 413 request too large

>>> >>> errorfile 413 /usr/local/etc/haproxy/errors/413.http >>> http-request deny deny_status 413 if { req.body_size gt 10485760 } >>> >>> ... HAProxy complains with: >>> >>> [WARNING] 135/001448 (27) : parsing [/etc/haproxy/haproxy.cfg:15] : status >>> code 413 not handled by 'errorfile',

Re: haproxy "inter" and "timeout check", retries and "fall"

> On May 18, 2017, at May 18, 2:58 AM, Jiafan Zhou > wrote: > > Hi Bryan, > > For reference: > > >> defaults >> timeout http-request10s >> timeout queue 1m >> timeout connect 10s >> timeout client 1m >> timeout

Re: Deny with 413 request too large

> On May 15, 2017, at May 15, 6:35 PM, Joao Morais > wrote: > > This is working but sounds a hacky workaround since I’m using another status > code. If I try to use: > >errorfile 413 /usr/local/etc/haproxy/errors/413.http >http-request deny deny_status 413 if

Re: haproxy "inter" and "timeout check", retries and "fall"

> On May 13, 2017, at May 13, 10:59 PM, Jiafan Zhou > wrote: > > > Hi all, > > The version of haproxy I use is: > > # haproxy -version > HA-Proxy version 1.5.2 2014/07/12 > Copyright 2000-2014 Willy Tarreau This version is so

Re: haproxy

> On May 11, 2017, at May 11, 7:51 AM, Jose Alarcon > wrote: > > Hello, > > excuseme my english is very bad, i need know how change configuration haproxy > pasive/active manually not using keepalived. > There is no standard way because that is not a feature of

Re: Haproxy 1.5.4 unable to accept new TCP request, backlog full, tens of thousands close_wait connection

> On Apr 26, 2017, at Apr 26, 2:13 AM, jaseywang wrote: > > Hi > @Willy @Cyril do you have any recommended config for ssl related setting, we > now use nbproc and cpu-map to distribute the load to each cpu, though haproxy > can work with cdn now, it's performance is not

Re: low load client payload intermittently dropped with a "cD" error (v1.7.3)

> On Apr 8, 2017, at Apr 8, 2:24 PM, Lincoln Stern > wrote: > > I'm not sure how to interpret this, but it appears that haproxy is dropping > client payload intermittently (1/100). I have included tcpdumps and logs to > show what is happening. > > Am I doing something

Re: stick-table ,show table, use field

> On Mar 30, 2017, at Mar 30, 10:19 AM, Arnall wrote: > > Hello everyone, > > when using socat to show a stick-table i have lines like this : > > # table: dummy_table, type: ip, size:52428800, used:33207 > > 0x7f202f800720: key=aaa.bbb.ccc.ddd use=0 exp=599440 gpc0=0 >

Re: [PATCH][RFC] MEDIUM: global: add a 'grace' option to cap the soft-stop time

> On Mar 15, 2017, at Mar 15, 4:44 PM, Cyril Bonté wrote: > > Several use cases may accept to abruptly close the connections when the > instance is stopping instead of waiting for timeouts to happen. > This option allows to specify a grace period which defines the maximum >

Re: Layer 7 Headers

> On Feb 6, 2017, at Feb 6, 4:24 PM, Andrew Kroenert > wrote: > > Hey Guys > > Quick one, Can anyone confirm any difference between the following header > manipulations in haproxy Well, they’re very different … the first alters the response and the second alters

Re: Queries Rearding to the Redirections According to the ports

redirect scheme https if !{ ssl_fc } > server example.com <http://example.com/> 1.0.0.1:80 <http://1.0.0.1/> > check > > #####Please Help mi to > Confiuration Chnages if any have. Give some hints to do that one

Re: Queries Rearding to the Redirections According to the ports

> On Jan 31, 2017, at Jan 31, 11:26 PM, parag bharne > wrote: > > HI, > Here our scenario where we wnat to work using haproxy > > (client) -> http://www.example.com -> (redirect) -> > https://www.example.com >

Re: How can I change the URI when forwarding to a server

> On Jan 12, 2017, at Jan 12, 5:26 AM, Jürgen Haas > wrote: > > Hi all, > > I wonder if I can change the uri that the server receives without doing > a redirect. You’re looking for http-request with set-uri or set-path + set-query:

Re: HTTP redirects while still allowing keep-alive

> On Jan 10, 2017, at Jan 10, 12:28 AM, Ciprian Dorin Craciun > wrote: > > On Tue, Jan 10, 2017 at 9:36 AM, Cyril Bonté wrote: >> This is because haproxy behaves differently depending on the the Location >> URL : >> - beginning with /, it will

Re: HTTP redirects while still allowing keep-alive

> On Jan 8, 2017, at Jan 8, 2:03 PM, Ciprian Dorin Craciun > wrote: > > Quick question: how can I configure HAProxy to redirect (via > `http-request redirect ...`) without HAProxy sending the `Connection: > close` header, thus still allowing keep-alive on this

Re: Working with Multiple HTTPS Applications with haproxy

> On Nov 23, 2016, at Nov 23, 2:35 AM, Deepak Shakya wrote: > > I want to setup haproxy to be able to proxy multiple https applications on > the same https port > > Something like this: > > Client/Browser ---(https)---> haproxy:8443/app1 ---(https)---> >

Re: Haproxy subdomain going to wrong backend

Use “reply-all” so the thread stays on the list. > On Nov 14, 2016, at Nov 14, 4:33 AM, Azam Mohammed wrote: > > Hi Bryan, > > Thanks for your email. > > I was doing a bit of testing on haproxy. > > I used hdr to match the subdomain in frontend but I got 503 "503 Service

Re: Haproxy subdomain going to wrong backend

> On Nov 9, 2016, at Nov 9, 4:45 AM, Azam Mohammed wrote: > > Also we have exact same Haproxy config on QA and UAT environment and works > fine. > > QA Environment: > Haproxy Version: HA-Proxy version 1.5.4 > OS Version: CentOS release 6.3 (Final) > > UAT Environment: >

Re: Haproxy subdomain going to wrong backend

> Azam Sheikh Mohammed > IT Network & System Admin > > D a n a t > Al-Shatha Tower Office 1305, Dubai Internet City | P.O.Box: 502113, Dubai, > UAE | Tel: +971 4 368 8468 Ext. 133 | Fax: +971 4 368 8232 | Mobile: +971 > 55 498 8089 | Email: a...@danatev.com &l

Re: Haproxy subdomain going to wrong backend

> On Nov 9, 2016, at Nov 9, 4:45 AM, Azam Mohammed wrote: > > Hello, > > > > > acl url_subdomain hdr_dom(host) -i subdomain.domain.com > > acl url_test hdr_dom(host) -i > test.subdomain.domain.com

Re: ECDSA and HAProxy help

> On Oct 13, 2016, at Oct 13, 3:19 PM, Thierry Fournier > wrote: > > > The negociated cipher is "AECDH-AES256-SHA", and I don't know if this > cipher is ECDSA :) At least it seems to work. > > Thierry > That’s not a cipher that would normally be considered “good”

Re: ECDSA and HAProxy help

> On 12 Oct 2016 8:45 am, "Igor Cicimov" > wrote: > > > > On 11 Oct 2016 7:05 pm, "Thierry Fournier" > > wrote: > > > I'm currently trying to investigate about a

Re: HAProxy Build Error with TARGET

> On Sep 13, 2016, at Sep 13, 9:16 PM, Coscend@HAProxy > wrote: > > Hello HAProxy Community, > > We are upgrading from HAProxy 1.6.7 to 1.6.9 by building from source. We > would appreciate any vector on the issue we are facing with specifying > TARGET in make

Re: unique-id-header logged twice ?

> On Aug 23, 2016, at Aug 23, 5:43 PM, Jakov Sosic wrote: > > Hi guys, > > > Later I log it in Apache in custom log format: > > LogFormat "%a %l %u [%{%d/%b/%Y:%T}t,%{msec_frac}t %{%z}t] \"%r\" %>s %b > \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Unique-ID}i\""

Re: question about http request rate limit

> On Aug 15, 2016, at Aug 15, 2:00 AM, Artem Lalaiants > wrote: > > Hello, > > Can somebody the http_req_rate counter still counts requests with the > following configuration even after all the traffic starts coming through > "error" backend only? > > frontend

Re: Matching of NULL bytes impossible with rstring

> On Aug 15, 2016, at Aug 15, 4:06 AM, Ariano-Tim Donda > wrote: > > For my project it must be possible to check different bytes from \x00 to \xFF > via tcp-check expect rstring. But it is not possible to check NULL bytes. > Everything after the first NULL byte

Re: SEGV with sc_trackers

> On Aug 13, 2016, at Aug 13, 11:00 AM, Lukas Tribus wrote: > > Here's a stacktrace on Linux without compiler optimizations: > Thank you Lukas. I did forget to mention that it occurs on Linux and OS X but that I only had build/debug tools handy on OSX. -Bryan > Program

SEGV with sc_trackers

I have a config that produces a segfault when using the sc0_trackers but works when using sc0_conn_cur. I’m not 100% sure that my use is correct but I don’t think it should SEGV either way. This config produces the crash when processing a simple request from curl. The intent of the stick table

Re: [PATCH] MINOR: Fixes the build of 1.7-dev3 on OSX

I didn’t see other discussion about it, but commit 3015a2 seems to have fixed this issue. Thank you. -Bryan > On Jul 1, 2016, at Jul 1, 2:09 PM, Bryan Talbot <bryan.tal...@playnext.com> > wrote: > > >> On Jul 1, 2016, at Jul 1, 9:36 AM, 유준희 <kail...@gmail.com &

Re: [PATCH] MINOR: Fixes the build of 1.7-dev3 on OSX

> On Jul 1, 2016, at Jul 1, 9:36 AM, 유준희 wrote: > > I found below error on 90fd35c3a726e613e36ea0399507778b094181a0 with OS X > 11.5 (El capitan) Issue introduced with 93b227db9502f72f894c83708cd49c41925158b2 is the first bad commit commit

Re: authorization haproxy.

> On Jun 15, 2016, at Jun 15, 1:35 AM, Aleksander Maltzev > wrote: > > Hello. > I use authorization haproxy. > I have a many users in haproxy.cfg userlist > how to make a personal file for user list ? Short answer: don’t do that. AFAIK, that feature is meant to

Re: Bug when loading multiple configuration files

The OP didn’t provide many details, but I am able to reproduce this too using 1.7-dev and the config files shown below. Git bisect shows the break at the commit mentioned. $> cat haproxy.cfg haproxy2.cfg global defaults timeout client 5s timeout server 5s timeout connect 5s

Re: Performance considerations for ACL order and type

> On May 17, 2016, at May 17, 3:32 PM, Sean Decker > wrote: > > I'm wondering if there are any significant performance implications for the > order of our ACLs known without doing multiple rounds of testing. Here is an > example mixing path_beg and path_reg. IMO:

Re: SNI Support for Health Check on Backend Server

le server-side > verifications by default. > > > > > > Using: "server dev05 192.168.1.10:443 check sni str( > prontotest.orthobanc.com) ssl verify none " > > > > parsing [/etc/haproxy/haproxy.cfg:62] : 'server dev-web-06' unknown > keyword 'none'. >

Re: SNI Support for Health Check on Backend Server

There is a recently reported but for this. Try putting "verify none" AFTER the "sni" keyword in your server line. -Bryan On Fri, Mar 11, 2016 at 2:08 PM, William D. Roush < william.ro...@roushtech.net> wrote: > Hey Everybody, > > > Been struggling trying to get SNI to work with health checks,

Re: Keep-alive causing latency spike

On Sat, Feb 27, 2016 at 12:24 PM, CJ Ess wrote: > Hey folks, I could use some help figuring this one out. My environment > looks like this: > > > The way I am monitoring the request latency is by averaging the Tt field > from the haproxy logs by second. > > > The Tt values

Re: gpc0_rate computing incorrectly with peer replication turned in [in 1.6.3]

On Wed, Feb 24, 2016 at 6:05 PM, James Brown wrote: > > We use a gpc0 counter for rate-limiting certain requests in our application. It was working fine with 1.5.14, but as soon as I upgraded to 1.6.3, we started seeing the gpc0_rate value go crazy – it's currently showing

stick table replication

>From the docs, it looks like stick tables entries are only replicated when they store a server-id. This makes sense if stick tables are only used for sticky-sessions shared across multiple proxy instances. Is there a way to get stick table replication to occur when the stick table is not used

Re: Feature Request for log stdout ...

Sorry I'm a bit late to this party but when running in a container it's also easy to configure haproxy to log to a unix socket and bind mount that socket to the host. in haproxy.cnf log /dev/log local2 Then when launching the container an option like "-v /var/log:/var/log" works quite well to

Re: Old instances continue to accept connections after graceful reload

I think you're just attempting to reload haproxy too fast. There are race conditions in getting the list of running pids and passing them into haproxy -- that list changes before the next proxy is started. Your test case is reloading haproxy about 10 times per second. There are several reports on

Re: Old instances continue to accept connections after graceful reload

On Fri, Feb 5, 2016 at 7:07 PM, Bryan Talbot <bryan.tal...@ijji.com> wrote: > I think you're just attempting to reload haproxy too fast. There are race > conditions in getting the list of running pids and passing them into > haproxy -- that list changes before the next proxy is st

Re: Why is req.hdr not working for me?

Because you're ignoring the warnings that haproxy generates when you run with that configuration [WARNING] 032/111847 (11107) : parsing [./haproxy.cfg:6] : acl 'ORIGIN_PRESENT' will never match because it only involves keywords that are incompatible with 'backend http-response header rule'

Re: haproxy reloads, stale listeners, SIGKILL required

On Tue, Feb 2, 2016 at 4:11 PM, David Birdsong <david.birds...@gmail.com> wrote: > > > On Tue, Feb 2, 2016 at 7:09 PM Bryan Talbot <bryan.tal...@ijji.com> wrote: > >> On Tue, Feb 2, 2016 at 3:56 PM, David Birdsong <david.birds...@gmail.com> >> wrote: >

Re: keep-alive problems and best practices question

On Fri, Jan 22, 2016 at 3:18 AM, Piotr Rybicki wrote: > > Found it. Seems like this issue: > > http://www.serverphorums.com/read.php?10,1341691 > > >> haproxy 1.5.15, linux 3.18.24 >>> >> >> This issue was fixed in 1.5 with 3de8e7ab8 in November but there hasn't

Re: HAProxy is not able to bind

On Tue, Jan 12, 2016 at 12:23 PM, Lobron, David wrote: > Hi All, > > > > 0 > down vote > favorite > Copy-and-pasted from Stack Overflow? > > listen rtt 172.28.11.94:9500 > mode tcp > bind 172.28.11.94:9500 ssl crt /etc/haproxy/cert.pem > > [ALERT] 011/114700

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Wed, Dec 9, 2015 at 10:54 AM, Dave Zhu (yanbzhu) wrote: > > I was able to add functionality for loading multiple certs when the crt > bind option is a directory. That’s in patch 4. Patch 2 now contains 4, 5, > and 6. > > Still passing basic tests for me including the crt

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Tue, Dec 8, 2015 at 11:18 AM, Dave Zhu (yanbzhu) wrote: > Hey Bryan, > > I believe I have gotten to the bottom of the behavior that you are seeing: > > >1. 0.9.8 client cannot connect to dual cert port: This was a bug on my >part. I neglected to set a DHE keys for

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Glad you were able to get to the bottom of the crash. With the newest 5 patches, I'm still not seeing the behavior I am expecting. To make my testing and expectations hopefully more clear, I've pushed them to github (https://github.com/btalbot/dual-stack-test) From a laptop with Vagrant

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Fri, Dec 4, 2015 at 10:17 AM, Bryan Talbot <bryan.tal...@ijji.com> wrote: > On Fri, Dec 4, 2015 at 6:15 AM, Dave Zhu (yanbzhu) <yanb...@cisco.com> > wrote: > >> Hey Bryan, >> it’s strange that it’s always loading the ECC cert. I just tested the >

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Fri, Dec 4, 2015 at 6:15 AM, Dave Zhu (yanbzhu) wrote: > Hey Bryan, > it’s strange that it’s always loading the ECC cert. I just tested the code > on my end and I’m not seeing this behavior. > > I see it on OSX, I'll test on Linux today. > Back to your original problem

Re: HAProxy setup

On Fri, Dec 4, 2015 at 5:16 AM, Milos Zupancic wrote: > Hi, > > I am looking for a solution on how to setup HaProxy and Tomcat with SSL > termination + passing client certificate to the backend tomcat. > > > backend c-https > mode http > balance roundrobin >

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Thu, Dec 3, 2015 at 2:00 PM, Dave Zhu (yanbzhu) wrote: > Hey Bryan. > > I noticed that you gave HAProxy a directory. You have to give it the name > of the cert instead of the directory. > > So your config should be: > > bind :8443 ssl crt ./var/tls/localhost.pem > > > I

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

at 2:15 PM, Bryan Talbot <bryan.tal...@ijji.com> wrote: > On Thu, Dec 3, 2015 at 2:00 PM, Dave Zhu (yanbzhu) <yanb...@cisco.com> > wrote: > >> Hey Bryan. >> >> I noticed that you gave HAProxy a directory. You have to give it the name >> of the cert instead

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hi Dave. I've applied the patches but things are not working as I expected. It could be that my expectations are incorrect though. I'm expecting that with two (ECC and RSA) self-signed testing certificates deployed with the haproxy config shown below that ECC capable clients will connect and use

Re: what's the difference between rspdel and http-response del-header

On Wed, Dec 2, 2015 at 8:50 PM, Ruoshan Huang wrote: > hi, > I’m a confused about the difference between `rspdel` and > `http-response del-header`. if all I want is to delete a hdr of plain text > instead of regular expression, does `http-response del-header` perform

Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Mon, Nov 30, 2015 at 3:32 PM, Olivier Doucet wrote: > Hello, > > I'm digging out this thread, because having multiple certificate for one > single domain (SNI) but with different key types (RSA/ECDSA) can really be > a great functionality. Is there some progress ? How can

Re: Owncloud through Haproxy makes upload not possible

On Fri, Nov 20, 2015 at 1:39 AM, Piotr Kubaj wrote: > > > Unfortunately, using 1.5.15 didn't change anything. The logs are: > We can see from the logs below that the connection is aborting with CD or sH codes. The docs say: CD The client unexpectedly aborted during

Re: Owncloud through Haproxy makes upload not possible

On Wed, Nov 18, 2015 at 3:45 AM, Piotr Kubaj wrote: > Hi, > > I've got a home server with 1 public IP, on which I host a couple of my > websites. Each of them is in a separate jail. Haproxy listens on the > outgoing IP and directs the traffic to the appropriate jail. Each of

Re: HAProxy does not write 504 on keep-alive connections

On Wed, Nov 11, 2015 at 6:47 AM, Holger Just wrote: > > As a loadbalancer however, HAProxy should always return a proper HTTP > error if the request was even partially forwarded to the server. It's > probably fine to just close the connection if the connect timeout stroke >

Re: acl regex

On Wed, Nov 11, 2015 at 8:43 PM, Guillaume Bourque < guillaume.bour...@logisoftech.com> wrote: > Hi all, > > I can’t create an acl that will match this > > http://domain/?lang= > > I tried > > acl fr_top path_reg^/.lang\=$ > acl fr_top

Re: HAProxy does not write 504 on keep-alive connections

On Tue, Nov 10, 2015 at 12:04 PM, Laurent Senta wrote: > Hi there, > I think there's a bug in how HAProxy handles timeout, that'd be great if > you can confirm or help me figure out what I do wrong: > > Basically: if a server timeout happens on a keep-alive connection,

Re: Allowing 500 errors to pass through

On Tue, Nov 10, 2015 at 4:53 PM, Aristedes Maniatis wrote: > I've got a situation with haproxy 1.5.x I'm trying to understand better. > In my situation, several Apache httpd servers sit behind haproxy and behind > that are the actual application servers. httpd is using mod-jk to

Re: tcp-check with persistent session cookie ?

On Fri, Nov 6, 2015 at 1:00 PM, Sébastien ROHAUT < sebastien.rohaut@gmail.com> wrote: > Hi, > > > Is it possible to get and store the JSESSIONID cookie returned by the > tcp-check expect (or something like this), and send it with the tcp-check > send, to reuse the same session ? > > Is there

Re: haproxy daemon does not attempt to read ca-file on startup

On Thu, Oct 29, 2015 at 10:39 AM, Joseph Hammerman < jhammer...@secondmarket.com> wrote: > Hi HAProxy users list, > > I am running HAProxy version 1.5.12-1 on Ubuntu Precise Pangolin (12.04). > I have confirmed that it was compiled with OpenSSL support built in. > > I have configured an SSL

Re: haproxy daemon does not attempt to read ca-file on startup

key exchange ciphers. -Bryan > > Thanks, > Joe Hammerman > > On Thu, Oct 29, 2015 at 2:33 PM, Bryan Talbot <bryan.tal...@ijji.com> > wrote: > >> On Thu, Oct 29, 2015 at 10:39 AM, Joseph Hammerman < >> jhammer...@secondmarket.com> wrote: >> &

Re: Does Haproxy supports backend on https for reverse proxy

On Mon, Oct 5, 2015 at 12:49 PM, Kuchekar, Yogita (Yogita) < ykuche...@avaya.com> wrote: > Hi , > > > > I have installed Haproxy servere 5.1 on linux RHEL 6.1 > Assuming you mean haproxy version 1.5, then yes both scenarios are possible. I'm sure you can find many blog posts and sample

Re: Does Haproxy supports backend on https for reverse proxy

On Mon, Oct 5, 2015 at 1:42 PM, Kuchekar, Yogita (Yogita) < ykuche...@avaya.com> wrote: > Thanks for your reply.. > > > > Sorry for the typo. Version for Haproxy is 1.5. > > > > I have been trying to achieve this for a while referring to forum examples. > > My configuration is like this. Could

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

On Fri, Oct 2, 2015 at 1:48 PM, Daren Sefcik wrote: > I Hope this is the right place to ask for help..if not please flame me and > send me on my way > > So I had haproxy 1.5 installed (as a front end for a cluster of squid > proxies) on a low end Dell server with

Re: Implementing HAProxy First Time: Conditional backend issue

On Wed, Sep 30, 2015 at 12:37 PM, Susheel Jalali wrote: > Dear HAProxy Developers community: > > After incorporating inputs from some of you, we tested with an updated > haproxy.cfg (see below). Product-1 is still not accessible > Without the complete haproxy

Re: Implementing HAProxy First Time: Conditional backend issue

"GET > /favicon.ico HTTP/1.1" 200 4603 "" "" 53639 813 "webapps-frontend" > "webapps-backend" "Product1" 30 0 0 3 34 1 1 0 0 0 0 0 "" "" > > > > Sincerely, > Susheel Jalali > Coscend Commun

Re: How to access Web products by their names in access url

On Tue, Sep 22, 2015 at 12:06 AM, Susheel Jalali < susheel.jal...@coscendcommunications.com> wrote: > Access URL > http://CoscendCommunications.com/Product1 > > > > Thank you. > > - > > frontend apps-frontend > > bind

Re: Send the same traffic to multiple backends

Unless there is some LUA magic that can support this in the latest 1.6 development builds: no, that's not possible. -Bryan On Thu, Sep 10, 2015 at 8:18 PM, Unknown User wrote: > Is there a way to send the same traffic to multiple backends (sort of like > a tee),

Re: Can HAProxy loadbalance multiple requests send through single TCP connection

TCP really has no notion of "messages", it's all just bytes. So no, this would not be possible with plain TCP. -Bryan On Wed, Sep 2, 2015 at 12:05 PM, Prabu rajan wrote: > Hi Team, > > Our client to HAProxy establishes single TCP connection and continues to > send

Re: getting transparent proxy to work.

On Thu, Aug 20, 2015 at 4:05 PM, Rich Vigorito ri...@ocp.org wrote: Reading this: http://blog.haproxy.com/2012/06/05/preserve-source-ip-address-despite-reverse-proxies/​ about PROXY protocol, what needs to happen for PROXY protocol to be recognized by the web server? The webserver needs to

Re: getting transparent proxy to work.

On Wed, Aug 19, 2015 at 3:26 PM, Rich Vigorito ri...@ocp.org wrote: I should also clarify the goal of using this approach was to do TLS from router to haproxy and onto webservers but to preserve the client IP. The other thought I had was to SSL terminate on haproxy box and initiate new TLS

Re: HAProxy Logging

2015-07-20 2:47 GMT-07:00 sven.mau...@t-systems.com: Dear Sir and Madam, I am interested in your application HA Proxy. But first I have some question. Is it possible that the HA Proxy writes log files in the home directory with the same ownership like the HA Proxy? haproxy logs using

Re: SSL handshake failure when setting up no-tlsv10

On Wed, May 20, 2015 at 9:39 AM, Amol mandm_z...@yahoo.com wrote: Thanks you for responding and i wanted to share some more from my findings when i set *ssl-default-bind-options no-sslv3 force-tlsv12* $ sudo vi /etc/haproxy/haproxy.cfg :~$ sudo /etc/init.d/haproxy restart *

Re: SSL handshake failure when setting up no-tlsv10

On Wed, May 20, 2015 at 10:40 AM, Lukas Tribus luky...@hotmail.com wrote: yes i figured since it is a ubuntu 10.04 machine it has old version of openssl so i looked around for upgrading the openssl and found this link

Re: SSL handshake failure when setting up no-tlsv10

On Mon, May 11, 2015 at 1:46 PM, Amol mandm_z...@yahoo.com wrote: Hi I am using Haproxy (1.5.9) and trying to resolve a PCI compliance issue with TLS v1.0, but when i set the following options in global section of the haproxy.cfg i am getting an error in my haproxy.log and the webpage does

Re: Server health check being called from each pool

You're looking for track http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#track -Bryan On Fri, May 1, 2015 at 5:34 PM, Michael Bushey corw...@gmail.com wrote: I have a master-master-master MySQL DB cluster, but run into deadlocks if writes from one web node are across multiple

Re: stats uri doesn't inherit from defaults sections

On Thu, Apr 9, 2015 at 7:03 AM, Jonathan Matthews cont...@jpluscplusm.com wrote: Hi all - A bit of lunchtime playing around today has exposed the fact that a stats uri in a defaults section has no effect on backends to which the defaults section /should/ apply. Stats-serving backends only

Re: cannot bind to socket error

You need to set net.ipv4.ip_nonlocal_bind=1 to allow processes to bind to an IP address not currently on the host. -Bryan On Thu, Apr 2, 2015 at 2:19 PM, Tim Dunphy bluethu...@gmail.com wrote: Hey folks, I'm setting up HAProxy and keepalived on 2 nodes today. And I'm able to start HAProxy

Re: Print http log to stdout?

On Thu, Apr 2, 2015 at 1:28 PM, Douglas Borg douglas.b...@readytalk.com wrote: Willy Tarreau w at 1wt.eu writes: On Fri, Dec 13, 2013 at 03:43:51AM +0800, Igor wrote: In verbose mode, is it possible to print http log to stdout? No it's not possible. Do you think it could be useful ?

Re: [PATCH 2/2] DOC: Document the new tls-ticket-keys bind keyword

If a site has N haproxy hosts, how should new ticket-keys be distributed (and processes reloaded) and avoid the race condition of some hosts using the new keys before those keys are on all hosts? Seems that not all hosts would be updated at exactly the same time and that until all hosts are

Re: [PATCH 2/2] DOC: Document the new tls-ticket-keys bind keyword

On Wed, Feb 25, 2015 at 12:09 PM, Lukas Tribus luky...@hotmail.com wrote: If a site has N haproxy hosts, how should new ticket-keys be distributed (and processes reloaded) and avoid the race condition of some hosts using the new keys before those keys are on all hosts? You distribute the

Re: Timeouts + Active sessions

On Tue, Feb 24, 2015 at 1:39 AM, Francois Lagier francois.lag...@gmail.com wrote: Hello everyone, I am currently trying to tune my HaProxy architecture (65k queries per seconds, low latency requirement (50ms), with 12 servers using multi-core (4 cores per server)) and I have a couple of

Re: What is the hardware requirement for haproxy?

The hardware requirements for haproxy itself are very modest and nearly anything will work. The requirements really depend on how much and what sort of traffic you need to handle. Network card and CPU speed are the most important hardware factors for performance though. -Bryan On Mon, Jan 19,

Re: haproxy-systemd-wrapper with -sf causes it to exit and print usage info

I think that the recommended way to restart when using the wrapper is to signal with a HUP or USR2 to the wrapper which will take care of the soft-restart of haproxy itself. I believe that a HUP will just cause haproxy to be restarted while the USR2 will reload both haproxy and the wrapper binary

Re: Significant number of 400 errors..

There are clearly a lot of junk bytes in those URI which are not allowed by the HTTP specs. If you really want to be passing unencoded binary control characters, spaces, and nulls to your backends in HTTP request and header lines, then HTTP mode is probably not going to work for you. TCP mode

Re: Default monitor fail setup

Can you share a config that shows the implicit monitor fail behavior and the haproxy version it happens on? I've tried the config below on a couple of 1.4 and 1.5 versions and they behave the same for me. All return 200 unless the explicit monitor fail directive is present. global defaults

Re: DNS

/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ -Bryan thanks, Jon Hoffart On Oct 22, 2014, at 3:20 PM, Bryan Talbot bryan.tal...@playnext.com wrote: On Wed, Oct 22, 2014 at 1:50 PM, Jon Hoffart jon.hoff...@medoraco.com wrote: Hello

Re: hardcoded ssloptions

I think he wants to globally disable SSLv3 (by removing support at compile time) so it can't be accidentally enabled in an errant bind option. There's no way to disable SSLv3 globally in the haproxy config. -Bryan On Wed, Oct 29, 2014 at 12:24 PM, Lukas Tribus luky...@hotmail.com wrote:

  1   2   >