unsubscribe

2016-05-25 Thread Nathan Williams

Re: ssl offloading

2016-03-31 Thread Nathan Williams
stunnel's what we used before Haproxy had it built in, which worked fine, but SSL offloading in Haproxy's been excellent in our experience, so my guess would be that you could make it work with some config tuning. On Thu, Mar 31, 2016, 12:45 PM Lukas Tribus wrote: > > Hi

Re: Easy haproxy redundancy

2015-08-27 Thread Nathan Williams
: On 8/27/2015 6:52 PM, Nathan Williams wrote: There's a sysctl for that, net.ipv4.ip_nonlocal_bind. Interesting. That's one I had never seen before. I would assume that the OS does this intelligently so that when the IP address *does* suddenly appear at a later time, the application works

Re: Easy haproxy redundancy

2015-08-27 Thread Nathan Williams
On Fri, 2015-08-28 at 01:25 +, Nathan Williams wrote: Yeah, keepalived handles the gratuitous arp on failover, it works nicely. I do miss the admin tools for pacemaker though. I'm AFK, but I'll write up a full explanation of our HA setup when I'm back at a PC. Cheers, Nathan Okay

Re: Easy haproxy redundancy

2015-08-27 Thread Nathan Williams
There's a sysctl for that, net.ipv4.ip_nonlocal_bind. On Thu, Aug 27, 2015, 5:49 PM Shawn Heisey hapr...@elyograg.org wrote: On 8/24/2015 12:06 PM, Dennis Jacobfeuerborn wrote: There is no need to run a full Pacemaker stack. Just run HAProxy on both nodes and manage the virtual ips using

Re: IP address ACLs

2015-08-15 Thread Nathan Williams
We use a file for about 40 cidr blocks, and don't have any problems with load speed. Presumably large means more than that, though. We use comments as well, but they have to be at the beginning of their own line, not tagged on after the address. On Fri, Aug 14, 2015, 9:09 PM CJ Ess

Re: IP binding and standby health-checks

2015-07-16 Thread Nathan Williams
oh, i think this comment thread explains it: http://comments.gmane.org/gmane.comp.web.haproxy/20366. I'll see about assigning CAP_NET_ADMIN On Wed, Jul 15, 2015 at 4:56 PM Nathan Williams nath.e.w...@gmail.com wrote: Hi Baptiste, Sorry for the delayed response, had some urgent things come

Re: IP binding and standby health-checks

2015-07-15 Thread Nathan Williams
? Please give a try to the following source line, instead of your current one: source 0.0.0.0 usesrc 10.240.36.13 Baptiste On Tue, Jul 14, 2015 at 9:06 PM, Nathan Williams nath.e.w...@gmail.com wrote: OK, that did not seem to work, so I think the correct interpretation

Re: IP binding and standby health-checks

2015-07-14 Thread Nathan Williams
by haproxy as L4CON network timeouts. i'm going to try the addr config and report back; fingers crossed! cheers, Nathan W On Tue, Jul 14, 2015 at 5:21 AM Baptiste bed...@gmail.com wrote: On Mon, Jul 13, 2015 at 6:03 PM, Nathan Williams nath.e.w...@gmail.com wrote: Hi all, I'm hoping I can

Re: IP binding and standby health-checks

2015-07-14 Thread Nathan Williams
do you want to use the VIP to get connected on your backend server? Please give a try to the following source line, instead of your current one: source 0.0.0.0 usesrc 10.240.36.13 Baptiste On Tue, Jul 14, 2015 at 9:06 PM, Nathan Williams nath.e.w...@gmail.com wrote: OK, that did

Re: IP binding and standby health-checks

2015-07-14 Thread Nathan Williams
as up, the proxied requests to the backends came from the local IP instead of the VIP. Regards, Nathan W On Tue, Jul 14, 2015 at 8:58 AM Nathan Williams nath.e.w...@gmail.com wrote: Hi Baptiste/Jarno, Thanks so much for responding. addr does indeed look like a promising option (though

IP binding and standby health-checks

2015-07-13 Thread Nathan Williams
Hi all, I'm hoping I can get some advice on how we can improve our failover setup. At present, we have an active-standby setup. Failover works really well, but on the standby, none of the backend servers are marked as up since haproxy is bound to the VIP that is currently on the active member

Re: Haproxy 1.5 ssl redirect

2015-05-27 Thread Nathan Williams
we use redirect scheme https code 301 if !{ ssl_fc } on our SSL-only backends, many of which are accessed by multiple hostnames. if i understand correctly what you're trying to accomplish, i think that should do the trick? On Wed, May 27, 2015 at 8:38 AM Sean Patronis spatro...@add123.com wrote:

Re: socket bind error

2015-05-20 Thread Nathan Williams
arg. ok, it was SELinux... we recently re-worked how we prepare our base image and the new method seems to leave SELinux enabled... turned that off and everything's working peachy. Thanks! On Wed, May 20, 2015 at 4:16 PM Lukas Tribus luky...@hotmail.com wrote: hi all, I'm working on

socket bind error

2015-05-20 Thread Nathan Williams
hi all, I'm working on standing up a new haproxy instance to manage redis directly on our redis hosts since our main load-balancer does periodic reloads and restarts for things like OCSP stapling that good ol' amnesiac HTTP handles just fine, but longer-lived TCP connections like our redis

Re: timeout values for redis?

2015-03-24 Thread Nathan Williams
:55 PM, Nathan Williams nath.e.w...@gmail.com wrote: Hey Jim, Here's the configuration we're using for our redis pool: defaults TCP mode tcp log global option tcplog option clitcpka option srvtcpka timeout connect 5s timeout client 300s timeout server 300s source