On Tue, Dec 11, 2012 at 06:27:46PM -0500, Roy Smith wrote: > Hi Willie, > > Thanks for your note. Yes, I remember you mentioning that you had plans to > do this at some point. I just didn't realize it was included in 1.5.
I think I was not very verbose on the subject precisely because I know that most people are not too much receptive about such a feature. But in some environments (finance, etc...) it is an absolute pre-requisite. > The > flexible log format is nice too. I had hard-wired a format that made sense > for us, but your way lets people pick whatever makes sense for them. That was the idea. We know it's not easy to build the perfect format at once, so users can play with the tags. We agree that the tags still require that you have the doc while configuring, but once that's done, you don't need to change this anymore. > Now that the official haproxy code has this, there's really no point in me > continuing to maintain our version. It was nice to get to write some C code > again, however. These days, I mostly live in Python. It's good to get close > to the metal once in a while, so you don't forget how computers really work. :-) Anyway, as long as your patch does the trick for you, there is no reason to migrate. > I totally agree about keeping the clocks in sync. And, I should add, running > everything in UTC. I never again want to try to remember if I'm +4 or +5, or > deal with the fact that we rolled over from summer time to winter time in the > middle of a log file :-) That's true as soon as you have two datacenters in different timezones. > We're really looking forward to the SSL support in 1.5. We currently > terminate our SSL sessions with nginx (in addition to also using nginx as our > application front-end), so our data flow looks like nginx -> haproxy -> > nginx. It'll be nice to shorten that chain. I see. It may also allow you to filter attacks on the frontend based on counters that are detected lower in the chain. > Have you experienced any issues running your SSL code on Ubuntu precise? We > tried to upgrade our SSL hosts from lucid to precise and started getting > intermittent errors with users authenticating to our application. We were > never able to figure out what was going on. We eventually solved the problem > by retreating back to lucid. We don't know if it's an nginx issue, or a > problem with the underlying SSL library. I'm curious if you've seen anything > similar? I have memories of Emeric encountering some issues on Ubuntu during his tests, though I don't know what version that was. I remember the openssl package was named 1.0.0. I really don't think it would be nginx, because nginx in general is really good quality software and its SSL stack has been used for a long time at many places. I'd really bet on a young package on the Ubuntu side instead. Cheers, Willy
