Re: Bench of haproxy

OoO En cette soirée bien amorcée du vendredi 06 mai 2011, vers 22:46, Baptiste bed...@gmail.com disait : It seems that the CPU speed of your F5 3900 is 2.4GHz with 8G of memory. The F5 is using some Cavium chip to forward requests. The main processor is mainly used for

Re: Bench of haproxy

Hi Willy! I don't answer at everything but I have read carefully what you said. Thanks for such precise tips. OoO En cette nuit nuageuse du mardi 10 mai 2011, vers 00:31, Willy Tarreau w...@1wt.eu disait : I will also test with a 10G NIC next week. However, with such small

Re: HAProxy, multicores and EC2

-- Vincent Bernat ☯ http://vincent.bernat.im Don't comment bad code - rewrite it. - The Elements of Programming Style (Kernighan Plauger)

haproxy, stud and proxy protocol

Hi! I have run some bench with stud + haproxy (1.5-dev7) and found that stud with --write-proxy parameter adds 40 ms of latency. stunnel has recently added (4.45) PROXY support too and enabling it does not add any latency. Therefore, I think the problem does not lie in HAProxy but maybe

Re: haproxy, stud and proxy protocol

. See here for the relevant code: https://github.com/bumptech/stud/blob/master/stud.c#L489 Any idea where the latency could lie? The problem was stud did not disable Nagle's algorithm on the backend side. Therefore, nothing to do with HAProxy. -- Vincent Bernat ☯ http://vincent.bernat.im

Re: haproxy, stud and proxy protocol

: https://github.com/bumptech/stud/commit/7ad212a3f8a1416b8ac997a54e2dd58840f75851 -- Vincent Bernat ☯ http://vincent.bernat.im Make input easy to prepare and output self-explanatory. - The Elements of Programming Style (Kernighan Plauger)

Re: about nbproc in conf

8881, 8882 or 8883. -- Vincent Bernat ☯ http://vincent.bernat.im prom_printf(Detected PenguinPages, getting out of here.\n); 2.0.38 /usr/src/linux/arch/sparc/mm/srmmu.c

Re: client side keep-alive (http-server-close vs httpclose)

-keepalive help working around servers misbehaving in HTTP close | mode. ` -- Vincent Bernat ☯ http://vincent.bernat.im Make sure input cannot violate the limits of the program. - The Elements of Programming Style (Kernighan Plauger)

Re: DoS vulnerability due to client-initiated renegotiation

but this seems more difficult since the renegociation can be done automatically by OpenSSL during a single SSL_read() (which is not possible in stud because of its asynchronous nature). However, maybe the connection can be closed right in the callback. I need to try out. -- Vincent Bernat ☯ http

Re: Haproxy timing issues

not hinder the performance. However, the benchmark was a bit artificial because each client will do 4 conn and will disappear forever. -- Vincent Bernat ☯ http://vincent.bernat.im # Okay, what on Earth is this one supposed to be used for? 2.4.0 linux/drivers/char/cp437.uni

Re: Haproxy timing issues

their dependencies got broken. Memory usage can be divided by 10 with OpenSSL 1.0.0. You need to ensure that you use a stud version using SSL_MODE_RELEASE_BUFFERS to take advantage of it. -- Vincent Bernat ☯ http://vincent.bernat.im Follow each decision as closely as possible with its

Re: Haproxy timing issues

smaller). An active SSL connection can take a lot more memory than a session but I don't know how much exactly. If you have long running connection, this will be more an issue than session cache. -- Vincent Bernat ☯ http://vincent.bernat.im Watch out for off-by-one errors

Re: Haproxy timing issues

patch to backport it. https://gist.github.com/1272151/b1a61124d1568eb795fa82b24b875889cbd0005c -- Vincent Bernat ☯ http://vincent.bernat.im panic(floppy: Port bolixed.); 2.2.16 /usr/src/linux/include/asm-sparc/floppy.h

Re: Haproxy timing issues

USE_SHARED_CACHE=1 9. You get your stud linked against OpenSSL 1.0.0e. Now, on your server, install libssl1.0.0_1.0.0e-2ubuntu4~bpoXXX1.deb then stud. -- Vincent Bernat ☯ http://vincent.bernat.im /* * For moronic filesystems that do not allow holes in file. * We may have

Re: Help with SSL

On Fri, 04 Nov 2011 09:41:00 +0100, Aleksandar Lazic wrote: you must use http://www.stunnel.org/static/stunnel.html protocol = proxy In this case, you need the latest stunnel (4.45).

Re: Haproxy timing issues

. When running step 5 again it seemed to jump into an endless making of openssl :/ Meaning that it is starting to do something but it never finish, waited for ~20min. Symlink seems a wrong idea. Why doesn't it seem to do the ./Configure properly? -- Vincent Bernat ☯ http://vincent.bernat.im

Re: SSL Pass through and sticky session

. For example, with nginx, you need to configure a session cache. -- Vincent Bernat ☯ http://vincent.bernat.im Keep it right when you make it faster. - The Elements of Programming Style (Kernighan Plauger)

haproxy and interaction with VRRP

Hi! When haproxy is bound to an IP address managed by VRRP, this IP address may be absent when haproxy starts. What is the best way to handle this? 1. Start haproxy only when the host is master. 2. Use transparent mode. 3. Patch haproxy to use IP_FREEBIND option.

Re: haproxy and interaction with VRRP

On Mon, 12 Dec 2011 11:28:21 +0200, Graeme Donaldson wrote: When haproxy is bound to an IP address managed by VRRP, this IP address may be absent when haproxy starts. What is the best way to handle this?  1. Start haproxy only when the host is master.  2. Use transparent mode.  3. Patch

Re: haproxy and interaction with VRRP

On Mon, 12 Dec 2011 13:04:22 +0100, Sander Klein wrote: I started doing this because there is no nonlocal_bind option for IPv6 (or I didn't search well enough (-: ) From the source code, it seems that IPv4 non local bind sysctl also applies to IPv6. Since 2.6.30. Hmmm, then I'm going to

Re: haproxy and interaction with VRRP

On Mon, 12 Dec 2011 13:23:11 +0100, Sander Klein wrote: I started doing this because there is no nonlocal_bind option for IPv6 (or I didn't search well enough (-: ) From the source code, it seems that IPv4 non local bind sysctl also applies to IPv6. Since 2.6.30. Hmmm, then I'm going to

Re: SSL best option for new deployments

and stud have the same performance. For stunnel, you need to use OpenSSL 1.0.0c or later to fix a performance problem. With hyperthreading, I even got better results with stunnel. If you use stunnel, use at least 4.45. It features sendproxy support. -- Vincent Bernat ☯ http://vincent.bernat.im

Re: SSL best option for new deployments

think this would amend the difference with stud. -- Vincent Bernat ☯ http://vincent.bernat.im Make sure every module hides something. - The Elements of Programming Style (Kernighan Plauger)

[PATCH] [BUG] stats: handle POST request params in any order

When enabling/disabling a server with POST to the stats page, the order of the required params is important: the server name had to be first. This patch allows to handle those parameters in any order. --- src/proto_http.c | 45 + 1 files changed, 25

Re: [PATCH] [BUG] stats: handle POST request params in any order

if the parameters are already ordered. Maybe, it's not worth it. -- Vincent Bernat ☯ http://vincent.bernat.im die_if_kernel(Whee... Hello Mr. Penguin, current-tss.kregs); 2.2.16 /usr/src/linux/arch/sparc/kernel/traps.c

Re: SSL farm

how I understand it at least. Yes. And solve session problem by using some kind of persistence, for example source hashing load balancing algorithm. -- Vincent Bernat ☯ http://vincent.bernat.im panic (No CPUs found. System halted.\n); 2.4.3 linux/arch/parisc/kernel/setup.c

[PATCH] DOC: specify the default value for maxconn in the context of a proxy

Default value for maxconn in the context of a proxy is 2000 and is unrelated to any other value (like global ulimit-n or global maxconn). Without an explicit a user may think that the default value is either no limit or equal to the global maxconn value. --- doc/configuration.txt |2 ++ 1

Re: [PATCH] DOC: specify the default value for maxconn in the context of a proxy

❦ 27 juin 2012 20:13 CEST, Willy Tarreau w...@1wt.eu : Default value for maxconn in the context of a proxy is 2000 and is unrelated to any other value (like global ulimit-n or global maxconn). Without an explicit a user may think that the default value is either no limit or equal to the

Re: Haproxy stats socket with nbproc1

❦ 25 juillet 2012 12:00 CEST, Stojan Rancic (Iprom) sto...@iprom.si : is it possible to create a stats socket (or per-process stats socket) when haproxy is configured with 'nbproc=2' or higher ? Hi! I am unsure if this is possible with a socket. However, you can do it for the web interface.

[PATCH] MEDIUM: tcp: add a v6only option for TCP sockets

With this option enabled, a TCPv6 socket will only listen for IPv6 packets. With this option absent, a TCPv6 socket will accept both IPv6 and IPv4 packets. The system setting (net.ipv6.bindv6only) is ignored because many people disagree with the default proposed by RFC 3493 (which is to listen to

Re: [PATCH] MEDIUM: tcp: add a v6only option for TCP sockets

❦ 24 novembre 2012 12:01 CET, Vincent Bernat ber...@luffy.cx : #ifdef TCP_FASTOPEN -/* parse the defer-accept bind keyword */ +/* parse the tfo bind keyword */ static int bind_parse_tfo(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err) I have embedded

Re: HAProxy, high mysql request rate and TCP source port exhaustion

❦ 12 décembre 2012 14:45 CET, Baptiste bed...@gmail.com : Maybe some of you already experimented source port exhaustion. Here is a blog post giving some information about it: http://blog.exceliance.fr/2012/12/12/haproxy-high-mysql-request-rate-and-tcp-source-port-exhaustion/ Great post!

Re: [PATCH] Add OpenSSL engine support

❦ 5 janvier 2013 09:06 CET, Willy Tarreau w...@1wt.eu : Did you get a significant performance gain with padlock ? I've not had the chance to test one yet. I don't even know if it requires an engine or not. At least with aes-ni, it's included in the native code, you don't need the engine

Re: [PATCH] Add OpenSSL engine support

❦ 10 janvier 2013 00:24 CET, Willy Tarreau w...@1wt.eu : It depends how AES-NI is compiled in your OpenSSL. On Ubuntu, AES-NI support is builtin and selected automatically. But if people are using implementations from Intel for older versions of OpenSSL, the engine needs to be selected by

Per process stats socket

Hi! Actually, the Unix stats socket is global. It is possible to pin it to some processes, but it is not possible to have one Unix socket per process. Has someone already tried to add the appropriate code to declare several Unix sockets? Thanks. -- printk(Entering UltraSMPenguin Mode...\n);

Re: proxy name filtering introduced in haproxy 1.5

❦ 17 avril 2013 01:00 CEST, Willy Tarreau w...@1wt.eu : I've just recompiled haproxy 1.5 with the latest commits. The patch containing a box to filter proxies is useful but I think we should remove the autofocus keyword from the generated html. Currently, it prevents using the keyboard to

Re: Debian/Ubuntu packages for HAProxy

❦ 6 juin 2013 10:55 CEST, Willy Tarreau w...@1wt.eu : Thank you very much for this work, I'm sure this will be appreciated a lot and will improve user experience by definitely getting rid of the old bogus versions. BTW, I am not alone on this. Debian packages are also maintained by Apollon

Re: Debian/Ubuntu packages for HAProxy

❦ 8 juin 2013 00:49 CEST, hapr...@serverphorums.com : While it's great to have more Ubuntu packages, especially for the dev version, I took a look at the Ubuntu ecosystem and basically all the packages are missing the USE_ZLIB to enable gzip compression. It will be added in the next upload.

Re: Debian/Ubuntu packages for HAProxy

❦ 8 juin 2013 00:49 CEST, hapr...@serverphorums.com : While it's great to have more Ubuntu packages, especially for the dev version, I took a look at the Ubuntu ecosystem and basically all the packages are missing the USE_ZLIB to enable gzip compression. Gzip compression has been added to

Re: Debian/Ubuntu packages for HAProxy

❦ 24 juin 2013 14:50 CEST, Hervé COMMOWICK herve.commow...@lizeo-group.com : Something i do in my personal package is to include halog tool, which is in contrib directory, would be great if you can include that too. OK, will do. -- printk(MASQUERADE: No route: Rusty's brain broke!\n);

Re: ssl sni and client certificate verification

❦ 2 juillet 2013 10:39 CEST, Hudec Peter phu...@cnc.sk : But for Debian this version is in experimental now ;( I will look if some already done for Wheezy. It's really easy to backport the version in experimental for Wheezy: dget

Re: Confused by the behaviour of calloc during init() in haproxy.c

❦ 24 juillet 2013 11:07 CEST, Willy Tarreau w...@1wt.eu : Indeed. I have no idea why we're observing these differences, and I don't know if the libc uses heuristics to decide to memset() the area or not. Unless there is an alternative malloc hooked, the libc heavily relies on the fact that

Re: Debian/Ubuntu packages for HAProxy

❦ 10 septembre 2013 10:18 CEST, Josip Lazic jo...@togs.biz : Something i do in my personal package is to include halog tool, which is in contrib directory, would be great if you can include that too. OK, will do. Do you know when you will be able to include halog? Thanks. It has been

Re: Static haproxy/openssl build error

❦ 29 septembre 2013 18:30 CEST, Willy Tarreau w...@1wt.eu : So maybe we should in fact stop setting PCREDIR to $(pcre-config --prefix), which will result in PCRE_INC/PCRE_LIB remaining silent unless PCREDIR is forced. I suspect the following patch should fix it : diff --git a/Makefile

Re: Static haproxy/openssl build error

❦ 29 septembre 2013 22:27 CEST, Vincent Bernat ber...@luffy.cx : LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ haproxy: ... $(AM_V_CCLD)$(LINK) $(haproxy_OBJECTS

Re: Static haproxy/openssl build error

❦ 30 septembre 2013 11:30 CEST, Willy Tarreau w...@1wt.eu : I would use `pcre-config --libs` and `pcre-config --cflags` instead. The user can still override this on make command line. PCRE_CFLAGS := $(shell pcre-config --cflags) PCRE_LIBS := $(shell pcre-config --libs) But these would

Re: Static haproxy/openssl build error

❦ 30 septembre 2013 13:01 CEST, Apollon Oikonomopoulos apoi...@gmail.com : My version of pcre-config (8.30, also tested with 8.31) includes: libS= if test ${prefix}/lib/x86_64-linux-gnu != /usr/lib ; then libS=-L${prefix}/lib/x86_64-linux-gnu fi Update: Debian's 8.31

Re: Debian/Ubuntu packages for HAProxy

❦ 6 juin 2013 09:08 CEST, Vincent Bernat ber...@luffy.cx : If you want to use prebuilt packages for HAProxy for Debian or Ubuntu, here is what is available: [...] Hi! You can now find the same information on this page: http://haproxy.debian.net/ HAProxy 1.5 for Wheezy has also been added

Re: Fix for rare EADDRNOTAVAIL error

❦ 22 février 2014 14:55 CET, Willy Tarreau w...@1wt.eu : It depends if you have some servers in common or not. The system will always allow multiple outgoing connections to share the same local source ip:port as long as they don't go to the same destination ip:ports since a connection is

Re: Fix for rare EADDRNOTAVAIL error

❦ 23 février 2014 10:31 CET, Willy Tarreau w...@1wt.eu : It depends if you have some servers in common or not. The system will always allow multiple outgoing connections to share the same local source ip:port as long as they don't go to the same destination ip:ports since a connection is

Re: Fix for rare EADDRNOTAVAIL error

❦ 23 février 2014 12:25 CET, Willy Tarreau w...@1wt.eu : I suppose this is in combination with SO_REUSEADDR (otherwise, bind() would fail). It's good to know: tcpESTAB 0 0 192.168.116.1:3754474.125.132.104:80 tcpESTAB 0 0

Re: Current solutions to the soft-restart-healthcheck-spread problem?

❦ 6 mars 2014 16:15 CET, Jonathan Matthews cont...@jpluscplusm.com : 1) On restart/reload/disabled-server-now-enabled-via-admin-interface, haproxy considers a server to be 1 health check away from going down, but considers it *initially* up. On reload, haproxy could wait for a whole round

Re: Ubuntu 14.04 package

❦ 17 avril 2014 08:59 CEST, Vincent Bernat ber...@luffy.cx : Is there a 1.5~dev22 deb package for Ubuntu 14.04 (trusty)? I've found the following ppa but it only has package for Ubuntu 13.10 and below. https://launchpad.net/~vbernat/+archive/haproxy-1.5 I will update the repository

Re: CPU increase between ss-20140329 and ss-20140425

❦ 25 avril 2014 17:22 CEST, Willy Tarreau w...@1wt.eu : - ssl: Add standardized DH parameters = 1024 bits (I still don't understand what this is about, I'm clearly far from being even an SSL novice). I have no idea whether it can be related or not, but at least you're using SSL

Re: CPU increase between ss-20140329 and ss-20140425

❦ 26 avril 2014 10:20 CEST, Willy Tarreau w...@1wt.eu : - ssl: Add standardized DH parameters = 1024 bits (I still don't understand what this is about, I'm clearly far from being even an SSL novice). I have no idea whether it can be related or not, but at least you're using

Re: CPU increase between ss-20140329 and ss-20140425

❦ 26 avril 2014 12:51 CEST, Willy Tarreau w...@1wt.eu : - leave the situation as it is now, and let users concerned with security use a static 2048 bits (or larger) static DH parameter in the certificate file ; - recommit the patch I submitted as it is, and let users concerned with the

Re: haproxy 1.5-dev24: 100% CPU Load or Core Dumped

. Ubuntu is providing debug symbols for almost everything. Tracepoints are still interesting as they can be listed and they are hand-picked. From 504504f2f8c13f077f09e0906cd7e7d3ca405acc Mon Sep 17 00:00:00 2001 From: Vincent Bernat vinc...@bernat.im Date: Wed, 7 May 2014 18:18:07 +0200 Subject: [PATCH

Re: haproxy 1.5-dev24: 100% CPU Load or Core Dumped

❦ 7 mai 2014 22:19 +0200, Willy Tarreau w...@1wt.eu : Here is a proof of concept. To test, use `make TARGET=linux2628 USE_DTRACE=1`. On Linux, you need systemtap-sdt-dev or something like that. Then, there is a quick example in example/haproxy.stp. Interesting, but just for my

Re: haproxy 1.5-dev24: 100% CPU Load or Core Dumped

❦ 7 mai 2014 22:56 +0200, Vincent Bernat ber...@luffy.cx : So the main interest of those probes are: * low overhead, they can be left in production to be here when you really need them And you enable/disable them while the program is running. -- panic (No CPUs found. System halted.\n

Re: debian repository http://haproxy.debian.net/

❦ 23 mai 2014 17:10 +0200, Ghislain gad...@aqueos.com : /etc/apt/preferences.d/haproxy Package: haproxy Pin: origin haproxy.debian.net, version 1.5* Pin-Priority: 995 Package: * Pin: origin haproxy.debian.net Pin-Priority: -10 For me, pinning on both origin and version doesn't work. I

Re: debian repository http://haproxy.debian.net/

❦ 23 mai 2014 20:22 +0300, pablo platt pablo.pl...@gmail.com : Something like this for haproxy will bring confident and prevent confusion and questions. http://nginx.org/en/linux_packages.html haproxy.debian.net is just a static page. We could host it on haproxy.net if it helps (and apply

Re: [ANNOUNCE] haproxy-1.5-dev26 (and hopefully last)

❦ 28 mai 2014 18:11 +0200, Willy Tarreau w...@1wt.eu : Feedback welcome as usual, When compiling with -Werror=format-security (which is a common settings on a Debian-based distribution), we get: src/dumpstats.c:3059:4: error: format not a string literal and no format arguments

Re: [ANNOUNCE] haproxy-1.5-dev26 (and hopefully last)

❦ 28 mai 2014 22:59 +0200, Willy Tarreau w...@1wt.eu : When compiling with -Werror=format-security (which is a common settings on a Debian-based distribution), we get: src/dumpstats.c:3059:4: error: format not a string literal and no format arguments [-Werror=format-security]

Re: [ANNOUNCE] haproxy-1.5-dev26 (and hopefully last)

❦ 28 mai 2014 23:16 +0200, Willy Tarreau w...@1wt.eu : src/dumpstats.c:3059:4: error: format not a string literal and no format arguments [-Werror=format-security] chunk_appendf(trash, srv_hlt_st[1]); /* DOWN (agent) */ ^ srv_hlt_st[1] is DOWN %s/%s, so this is not even a

Re: [ANNOUNCE] haproxy-1.5-dev26 (and hopefully last)

❦ 29 mai 2014 01:04 +0200, Willy Tarreau w...@1wt.eu : const char * hello means hello is a pointer to a const char. You may want to say const char * const hello. But gcc doesn't seem to handle it either (but clang does). Yes it does but it doesn't change its verdict. The test is really

Re: ssl compression

❦ 23 juin 2014 18:14 +0200, Markus Rietzler w...@mrietzler.de : to switch off tls compression (because of beast/crime attack) with tls v1.0 and compression. can i deactivate it in haproxy too? haproxy disables SSL compression and there is no flag to enable it. However, disabling SSL

Re: xmpp loadbalancing 300k+ active connections?

❦ 30 juin 2014 15:54 +0200, Klavs Klavsen k...@vsen.dk : As far as I can gather - that would mean it will run out of ports, when it hits about 64k connections being open. But perhaps ports can be reused, if they are used against different backends ? (ie. the max open connection amount in

Re: Multi-processes and stats

❦ 6 juillet 2014 19:00 +0200, Pavlos Parissis pavlos.paris...@gmail.com : It works and I can get up to 34K transactions/sec as reported by siege, I am quite happy with that. But the statistics are not correct. The stats pages reports 1/12th of sessions. With your configuration, a request to

Re: how to sync HaProxy config with ZooKeeper

❦ 9 juillet 2014 14:28 GMT, Зайцев Сергей Александрович s.zayt...@r-style.com : I want to automatically udpate HaProxy's configuration depending on my app's state. I mean, that when I have a number of components running, I update my ZooKeeper configuration as soon as new node joins the

Re: What are the problems building/running/maintaining haproxy on windows?

❦ 17 juillet 2014 16:36 +0400, Aleksandr Vinokurov aleksandr@gmail.com : I'm asked to evaluate possible pitfalls about subj. Can you point me to any info? Without a POSIX layer like Cygwin, this is unlikely to work. With Cygwin, poll() is mapped to select() so you won't be able to handle

Re: Question about graceful restart and SO_REUSEPORT

❦ 23 juillet 2014 16:48 +0200, Nicolas Grilly nico...@vocationcity.com : If I'm correct on the above, then I don't understand why the problem is limited to connections during the 3WHS. Why established connections are not lost? Why are they transferred correctly from the old to the new

Re: Spam to this list?

❦ 5 septembre 2014 20:38 +0300, Juho Mäkinen j...@unity3d.com : Restricting the list to subscribed user (subonlypost) is not a good thing either May I ask why this is not a good thing? I see no valid reason why not subscribed members should be allowed to post. The subscription

Re: gitignore in tarballs

❦ 7 octobre 2014 14:18 +0200, Willy Tarreau w...@1wt.eu : I waited about a month. Here is a pull request and you can see the diff also https://github.com/haproxy/haproxy/pull/3 OK, I didn't notice that haproxy-* would automatically ignore doc/haproxy-* simply because there are currently

Re: Better understanding of nbproc vs distributing interrupts for cpu load management

❦ 25 novembre 2014 16:46 +0100, Emeric Brun eb...@haproxy.com : Indeed on haproxy.com appliances, we made the choice to dedicate several cores/CPUs for NICs interrupts (manual bind, no usage of irqbalance) and to dedicate one other for the haproxy process with nbproc=1. On a related topic,

Re: rand(x) output limited to x/2

❦ 8 décembre 2014 11:30 -0600, Vivek Malik vivek.ma...@gmail.com : I am using rand(x) in configuration to make some routing decisions. I am basically load balancing between backends and using the following configuration use_backend bk_1 { rand(100) le 50 } default_backend bk_2 However,

Re: rand(x) output limited to x/2

❦ 8 décembre 2014 23:20 +0100, Vincent Bernat ber...@luffy.cx : Assuming that RAND_MAX is always a power of two - 1, 32 could be replaced by a precomputed value of ffs(RAND_MAX+1)-1. ebtree defines a fls64() function which seems best suited (RAND_MAX+1 could overflow). Here is a proposed

Re: rand(x) output limited to x/2

is an updated patch: From ec4e0abebcb2258cba550820b316d30137310a52 Mon Sep 17 00:00:00 2001 From: Vincent Bernat vinc...@bernat.im Date: Wed, 10 Dec 2014 10:31:37 +0100 Subject: [PATCH] BUG/MEDIUM: sample: fix random number upper-bound random() will generate a number between 0 and RAND_MAX. POSIX mandates

Re: 1.5.9 crashes every 4 hours, like clockwork

❦ 11 décembre 2014 17:03 GMT, David Adams dr...@yahoo.com : I tried this. I ran it like this: /usr/local/sbin/haproxy -db -f /etc/haproxy/haproxy.cfg which obviously didn't return as the process ran. Then at the crashtime (a few seconds past 17:00), that process terminated and the

Re: 1.5.9 crashes every 4 hours, like clockwork

❦ 12 décembre 2014 02:08 GMT, David Adams dr...@yahoo.com : I ran strace on it just before CRASHTIME. It stopped on cue, with an exit code of 134. The strace output is here: haproxy strace - Pastebin.com As you'll see, it looks very strange - immediately after a series of futex calls

Re: Problems about Hot Configuration of Haproxy

❦ 22 janvier 2015 11:47 +0800, hu.zhang hu.zh...@dev.bessystem.com : Thank you for your quick reply. I did a test in this way. I found the maximum connection time into 3S. Our client is particularly concerned about the http response time. Do you have another way to add/remove the servers?

Job around HAProxy

/20a4d774095eecfd8cb9 -- Vincent Bernat — vincent.ber...@exoscale.ch ❬❱ http://www.exoscale.ch

Re: Active/Active

❦ 16 février 2015 14:31 +0100, Lukas Tribus luky...@hotmail.com : As I understand wikipedia - it is discouraged to use ECMP for loadbalancing.. Load balancing by per-packet multipath routing is generally deprecated due to the impact of rapidly changing latency, packet reordering.. Nobody

Re: Active/Active

❦ 16 février 2015 14:07 +0100, Klavs Klavsen k...@vsen.dk : You use ECMP for load-balancing between different servers in a single PoP/DC and anycast to route the request to the nearest PoP/DC. As I understand wikipedia - it is discouraged to use ECMP for loadbalancing.. Load balancing by

Re: Debian (wheezy) official backport stuck at 1.5.8?

❦ 10 mars 2015 15:48 GMT, Jonathan Matthews cont...@jpluscplusm.com : http://backports.debian.org/wheezy-backports/overview/ reports that it's up to date with 1.5, but is only making 1.5.8 available. Does anyone have any insight into why this might be and how/if one might help the situation?

Re: How can i get haproxy reload its configuration

❦ 24 mars 2015 07:45 -0400, jeff saremi jeffsar...@hotmail.com : #!/bin/sh pidfile=/data/haproxy.pidhaproxy -db \ -f /haproxy-1.5.8/haproxy.cfg -p $pidfile \ -sf $(cat $pidfile) The shell does variable substitution first, then execute the line. Hence, $pidfile is expanded to , not

Re: [PATCH 2/2] DOC: Document the new tls-ticket-keys bind keyword

❦ 24 février 2015 15:17 +0100, Nenad Merdanovic nmer...@anine.io : +tls-ticket-keys keyfile + Sets the TLS ticket keys file to load the keys from. The keys need to be 48 + bytes long, encoded with base64 (ex. openssl rand -base64 48). Number of keys + is specified by the TLS_TICKETS_NO

Re: MIB

❦ 25 février 2015 16:17 +0100, Mathieu Sergent mathieu.sergent...@gmail.com : I want to know if a MIB for HAProxy is available ? IT depends what you call a MIB. Aloha (the packaged HAProxy by HAProxy Tech) comes with a MIB: https://www.haproxy.com/download/aloha/mibs/EXCELIANCE-MIB.txt But

Re: conntrack recommendations

❦ 7 mai 2015 13:11 +0100, Neil - HAProxy List maillist-hapr...@iamafreeman.com : I'm after a 'definitivish' reference for setting up conntrack I've been hit by having too small table on some new VMs as ubuntu, by default, sizes the table by memory size. Before that I was completely

Re: Gracefull shutdown

❦ 5 avril 2015 09:33 GMT, Cohen Galit galit.co...@comverse.com : Hello HAProxy team, How can I perform a graceful shutdown to HAProxy? I mean, not by killing process with pid. You can send the USR1 signal. HAProxy will stop once all connections have been closed. -- The devil can cite

Re: Spam

❦ 23 juin 2015 11:32 +0200, Hoggins! fucks...@wheres5.com : On my opinion, the problem is not the antispam filter, it's the right to communicate on that mailing-list. How come a mail such as 3207947...@qq.com is allowed to post things about those damn LED bulbs ? Isn't there a simple way to

Re: Feature freeze for 1.6

❦ 1 juin 2015 12:24 +0200, Willy Tarreau w...@1wt.eu : Yep, there's the git tree here and you can get a snapshot there : http://git.1wt.eu/web?p=libslz.git http://git.1wt.eu/web?p=libslz.git;a=snapshot;sf=tgz For some reason, I am unable to clone the repository: $ GIT_CURL_VERBOSE=1

Re: Feature freeze for 1.6

❦ 1 juin 2015 09:46 +0200, Willy Tarreau w...@1wt.eu : - support for stateless zip compression with libslz (merged) : this doesn't waste memory anymore and compresses about 3 times faster than zlib, at a lower compression ratio. Do you not provide a shared library on purpose? Will

Re: Feature freeze for 1.6

❦ 1 juin 2015 12:24 +0200, Willy Tarreau w...@1wt.eu : On Mon, Jun 01, 2015 at 11:32:18AM +0200, Vincent Bernat wrote: ??? 1 juin 2015 09:46 +0200, Willy Tarreau w...@1wt.eu : - support for stateless zip compression with libslz (merged) : this doesn't waste memory anymore

Re: Haproxy and http chunked trailers

❦ 22 juillet 2015 17:22 +0530, Sachin Shetty sshe...@egnyte.com : We have started using Http trailers in http chunked request. Http trailers are pretty well defined in the spec but seems like not widely used. Are they supported by browsers? Last time I checked, this was not the case (at least

Re: Problems compiling HAProxy with Lua Support

❦ 23 juillet 2015 08:41 +0200, Willy Tarreau w...@1wt.eu : I suppose that either -ldl could be added to OPTIONS_LDFLAGS append, like this is done for -lm. Or USE_DL section could be moved towards the end. I think the first solution is better since libdl seems to be a dependency of lua.

Re: Segfault when parsing a configuration file

❦ 11 juillet 2015 14:20 +0200, Lukas Tribus luky...@hotmail.com : Thanks for the detailed repro. This bug is fixed in release 1.5.10 by commit ed061c0590 (BUG/MEDIUM: config: do not propagate processes between stopped processes) [1]. Quoting from the commit: Immo Goltz reported a case of

Re: Problems compiling HAProxy with Lua Support

❦ 13 juillet 2015 19:58 +0200, Vincent Bernat ber...@luffy.cx : I suppose that either -ldl could be added to OPTIONS_LDFLAGS append, like this is done for -lm. Or USE_DL section could be moved towards the end. I think the first solution is better since libdl seems to be a dependency of lua

Re: Problems compiling HAProxy with Lua Support

❦ 13 juillet 2015 19:16 +0200, bjun...@gmail.com bjun...@gmail.com : make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=yes LUA_LIB=/opt/lua53/lib/ LUA_INC=/opt/lua53/include/ LDFLAGS=-ldl resulting error: . . . gcc -ldl -o haproxy src/haproxy.o src/sessionhash.o

Re: Problems compiling HAProxy with Lua Support

❦ 21 juillet 2015 00:55 +0200, thierry.fourn...@arpalert.org : On my computer (debian), the classic command line build used on the last dev version with your patch uses the -ldl two times: make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 \ USE_LUA=1

Re: ip_nonlocal_bind=1 set but sometimes get "cannot bind socket" on reload (-sf)

❦ 29 octobre 2015 15:16 -0400, Chris Riley  : > Reloading haproxy: [ALERT] 301/141300 (25939) : Starting proxy > haproxy-stats: cannot bind socket [192.168.10.27:80] > [ALERT] 301/141300 (25939) : Starting proxy haproxy-fe1: cannot bind > socket [192.168.200.100:80] >

  1   2   3   >