Hi Magnus,
Please double check the floating pass rule with 'sloppy state' is in
place for the backend connection, otherwise you might notice a similar
'break' in the traffic.
http://marc.info/?l=haproxy&m=139008554829345&w=2 , you can also check
with tcpdump, what you might see is that the backend is still sending
[P.] push-ack packets, but haproxy is nolonger allowed to send [.] ack
packets.. This should also show in the firewall log. (if you have
logging for defaultrules enabled)
This floating rule will be automated in a pullrequest yet to be pulled:
https://github.com/pfsense/pfsense-packages/pull/580 . Not sure why that
hasn't been done yet..
The HAProxy included in pfSense package system is only compiled from the
official FeeBSD ports, which follow the -dev releases. The snapshots
which are available for every commit to the repository are are not
supplied through the package system. Im not sure if Willy is issuing the
dev22 anytime soon, which would then probably be available a few days
later through the pfSense package system.
A installed pfSense distribution itself does not have any compilers /
make tools included so to compile a version of HAProxy yourself. So you
must install FreeBSD 8.3 of the same architecture as your pfSense runs
x86 / x64 into a virtualmachine. Then checkout ports and compile
haproxy. Then download the snapshot from the haproxy repository, copy it
to the machine and re-compile it again. (make sure that this filecopy
isn't automatically un-done..).
Then just copy the compiled haproxy binary from the FreeBSD system to
pfSense replacing the original program after that it should work, at
least for testing... (i have done that before.)
As for config files haproxy is started with a startup parameter which
points to the configfile to load, nothing strange about that.?. And yes
changes in the gui will recreate the config files & certificate folders
and such after pressing 'apply' doesnt seem to strange to me..
Greets PiBa-NL
Magnus Thomé schreef op 31-1-2014 10:41:
Thank you for the feedback!
Right now that's the latest available (1.5-dev21) through the pfsense
package installer GUI.
I'm a bit weary to mix "package install through pfsense GUI" with "manual
install in shell from snapshot" since I have no insight in do's and don'ts
and possible implications. The GUI version of HAProxy in pfsense seem to
work a bit differently with where files are stored, how the config file is
used and overwritten and son on.
But if I possibly could get proper instructions and a "oh, that's not a
problem, I've done that before" I have no problem doing it :-) On the other
hand, maybe the needed newer build is coming to the pfsense package
installer soon, I could wait?
/Magnus
-----Original Message-----
From: Willy Tarreau [mailto:[email protected]]
Sent: den 31 januari 2014 10:29
To: Magnus Thomé
Subject: Re: File downloads stall after 40 seconds. Changing timeout
settings doesn't help
On Fri, Jan 31, 2014 at 10:12:54AM +0100, Magnus Thomé wrote:
I updated the HAProxy package from within pfsense web GUI to 1.5-dev21
pkg v
0.6.1
Don't you have a way to build the latest *snapshot* instead ? Two issues are
plaguing dev21 and were fixed after :
3ef5af3 BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into polled
ones during polling changes"
8663105 BUG: Revert "OPTIM: poll: restore polling after a poll/stop/want
sequence"
Willy
