Cum Imbunatatim Vanzarile Online...
( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs )Click here to forward this email to a friend ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) | Click here open this email on your web browser ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) ( http://estores.ro/ro/ ) www.estores.ro ( http://estores.ro/ro/ ) * Nou ! Sistem de management al proceselor intr-o firma * Sistemul este compus dintr-o serie de module destinate tuturor departamentelor din cadrul unei firme, precum vanzari, productie, financiar-contabil etc. Informatia este operata o singura data si este accesibila oricarui modul ii este necesara, astfel se economisesc resurse si se diminueaza probabilitatea de a comite erori de operare. Aplicatia este destinata in special tipografiilor insa poate fi adaptata oricarui domeniu de activitate, datorita structurii sale. Avantaje : * Poate sa identifice punctual ruperile de ritm, si sa le aprecieze ca facand parte din categoria de am uitat sau din categoria de supraincarcare; * Are acces suplimentar la functii ale calculatorului de pret, pe axa cost/pret/discount/pret impus; --- Magazin Online ( http://estores.ro/ro/magazin-online.html ) --- ( http://estores.ro/ro/magazin-online.html ) Vrei sa vinzi produse indiferent de locatia ta in tara? eStores poate sa iti dezvolte o platforma perfecta pentru comertul electornic. Caracteristici:-Design complet personalizat-Sincronizare cu sistemul de gestiune;-Sistem de inregistrare personalizat pentru clienti;-Numar nelimitat de imagini / produs. Exemple: www.redzip.ro ( http://redzip.ro/ ) www.fmracing.ro ( http://fmracing.ro/ ) Mai multe detalii... ( http://estores.ro/ro/magazin-online.html ) --- Optimizare SEO ( http://estores.ro/ro/optimizare-seo.html ) --- ( http://estores.ro/ro/optimizare-seo.html ) Optimizare pe Brand Marketing-ul site-ului; Numar nelimitat de cuvinte cheie; Implementarea etichetelor Meta completa; Analiza concurentei;Optimizarea navigarii, imaginilor si linkurilor din site; Rezolvarea problemelor de HTML si CSS + Viteza de incarcare;Inscriere manuala in directoare WEB Romanesti si Straine; Exemple: www.jaluzele-ieftine.ro ( http://www.jaluzele-ieftine.ro/ ) Mai multe detalii... ( http://estores.ro/ro/optimizare-seo.html ) Site de Prezentare ( http://estores.ro/ro/site-prezentare.html ) ( http://estores.ro/ro/site-prezentare.html ) Design unic si original; Structura website cu 2-5 varinte lingvistice; Panou de administrare al continutului ce permite: - Crearea/ modificarea unui numar nelimitat de pagini - Administrarea imaginilor din galeria foto - Inserarea/ modificare butoanelor din meniul secundar - Formular de contact - Statistici vizitatori. Exemple : www.inforegio.ro ( http://www.inforegio.ro/ro/ ) Mai multe detalii... ( http://estores.ro/ro/site-prezentare.html ) Cu respect, Ing. Iulian POP WE BRING YOU THE FUTURE ___ Mobil: 0720031123 Tel/fax: 0362 404 903 E-mail: iul...@mydomains.ro Website: www.estores.ro Address: Str Carbunari nr 8 ___ Click here to unsubscribe ( http://client.campaignsender.ro/u.php?p=38h/rs/8w1/1jp/2zs/rs/rt ) | Click here to forward this email to a friend ( http://client.campaignsender.ro/f.php?p=38h/2zs/rs/8w1/1jp/rs )
What did option maxconn mean in keyword server? will it cause 503 status?
Hi, all Here is the partial of the haproxy.cfg backend receivers mode http balance roundrobin server s0 172.16.0.202:7700 check maxconn 180 server s1 172.16.0.202:7711 check maxconn 180 I add an option maxconn after keyword server. When haproxy face high volume of requests (about 2 concurrent requests), it return many 503 page: 503 Service Unavailable No server is available to handle this request. Above message is sent by haproxy ( I found this message in ./src/proto_http.c) . why did haproxy send 503 page? I also did not understand the meaning of optioin maxconn. If I remove this option, haproxy will return only very few 503 page. Do option maxconn in above configration mean: if concurrent requests come from frontend is bigger than 180, haproxy will reject these requests and return 503? If the concurrent requests come from frontend is bigger than 180, will haproxy put these requests into a queue? If yes, can I configure the size of the queue? *Additional info* [jj@p2p3 tmp]$ echo show errors | sudo socat stdio /tmp/haproxysock Total events captured on [01/Jul/2014:18:49:29.713] : 0 *Full configuration (haproxy-1.5-dev24)* global log 127.0.0.1 local0 err ulimit-n 50 maxconn 24 nbproc 1 stats socket /tmp/haproxysock defaults log global option log-separate-errors mode http option httplog option dontlognull retries 3 option redispatch contimeout 3000 clitimeout 5 srvtimeout 5 stats uri /haproxy stats enable frontend http_frontend maxconn 24 bind *:80 mode http option forceclose option forwardfor reqrep ^([^\ :]*)\ /(.*) \1\ /receiver/\2 reqadd X-Forwarded-Proto:\ http default_backend receivers backend receivers mode http balance roundrobin server s0 172.16.0.202:7700 check maxconn 180 server s1 172.16.0.202:7711 check maxconn 180 server s2 172.16.0.202:7722 check maxconn 180 server s3 172.16.0.202:7733 check maxconn 180 server s4 172.16.0.202:7744 check maxconn 180 server s5 172.16.0.202:7755 check maxconn 180 谢谢 金杰 (Jie Jin)
Client Certificate
Hi,
I'm trying to configure HAProxy so that on one specific domain users
authenticate with a SSL Client certificate.
The Load Balancer has one public IP address and has a frontend configured
which is bind to port 443:
bind *:443 ssl crt ./haproxy/
I selected the correct backend as followed:
use_backend secure_servers if { ssl_fc_sni secure.domain.tld ssl_fc_has_crt
}
default_backend default_servers
When changing bind to verify the ssl certicate all other ssl traffic is no
longer allowed:
bind *:443 ssl crt ./haproxy/ ca-file ./ca.pem verify required
A solution would be to create another frontend with an additional public IP
address but I want to prevent this if possible.
How can I only require a SSL Client certificate on the secure.domain.tld?
Many thanks!
Martin
RE: Client Certificate
Hi Martin,
Hi,
I'm trying to configure HAProxy so that on one specific domain users
authenticate with a SSL Client certificate.
The Load Balancer has one public IP address and has a frontend
configured which is bind to port 443:
bind *:443 ssl crt ./haproxy/
I selected the correct backend as followed:
use_backend secure_servers if { ssl_fc_sni secure.domain.tld ssl_fc_has_crt }
default_backend default_servers
When changing bind to verify the ssl certicate all other ssl traffic is
no longer allowed:
bind *:443 ssl crt ./haproxy/ ca-file ./ca.pem verify required
A solution would be to create another frontend with an additional
public IP address but I want to prevent this if possible.
How can I only require a SSL Client certificate on the secure.domain.tld?
You cannot, this is not currently supported.
The only workaround here is to put another proxying layer in tcp mode in
front of your current deployment, enabling you to switch to a different
backend -- second layer frontend combination according to the SNI value
(req.ssl_sni [1] in this case, since you are not using SSL termination on the
first proxy tier).
(and you could use the recently implemented abstract namespaces for 1st tier
backend - 2nd tier frontend connection).
Regards,
Lukas
[1]
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.5-req.ssl_sni
RE: What did option maxconn mean in keyword server? will it cause 503 status?
Hi, I add an option maxconn after keyword server. When haproxy face high volume of requests (about 2 concurrent requests), it return many 503 page Of course it will. You would like to serve 2 concurrent requests, but your 6 servers only support 180 concurrent connections each. Do the math: 6 x 180 = 1080 concurrent request can be served in your configuration, of course you will see a lot of 503 errors. why did haproxy send 503 page? Because all backend servers are busy serving 180 concurrent requests, as per your configuration. You have instructed HAProxy not the send more than 180 request per server, and that is exactly what HAProxy is doing (queueing the request until timeout queue [2] expires and then sending 503 errors). I also did not understand the meaning of optioin maxconn. If I remove this option, haproxy will return only very few 503 page. Please read the documentation about maxconn fully [1] then. Do option maxconn in above configration mean: if concurrent requests come from frontend is bigger than 180, haproxy will reject these requests and return 503? It means: each server can handle up to 180 concurrent requests and HAproxy will not send more request to the server, but either use a different server (if there are), or queue it until timeout queue [2] expires, or contimeout as it is in your case (3 seconds). If yes, can I configure the size of the queue? 180 *is* your per server queue size, and its exactly the limitation you are hitting. Additional info [jj@p2p3 tmp]$ echo show errors | sudo socat stdio /tmp/haproxysock Total events captured on [01/Jul/2014:18:49:29.713] : 0 You gonna need to configure the stats socket properly, show errors requires operator or admin privileges on the socket [2] (level admin). Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#maxconn%20%28Server%20and%20default-server%20options%29 [2] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#timeout%20queue [3] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2-show%20errors
RE: Build failed on OS X
Hi, Hi, list Tried to build with USE_STATIC_PCRE=1 but failed, error: .. ebtree/ebistree.o -L/usr/local/Cellar/pcre/8.35/lib -Wl,-Bstatic -lpcreposix -lpcre -Wl,-Bdynamic ld: unknown option: -Bstatic clang: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [haproxy] Error 1 Seems Apple's ld doesn't support mixing static and dynamic libraries very well, how could I get around of this? Configure/Build pcre with --enable-shared=no, so you don't need USE_STATIC_PCRE. Regards, Lukas
RE: single or many haproxy instances
Not sure why you would run multiple HAProxy in one node. I don't understand what you want to do. But... Look into using Consul to help load balance/cluster your HAProxy instances. That is what we are doing. Simple and works great. Think of Consul as a Global load balancing service that works internally. Consul will look at all your instances (HAProxy or whatever) and round-robin or weight load balance to all of them based on health checks you plug in. I don't know if this would solve your prob though. * Justin Franks Lead Operations Engineer SaaS, Cloud, Data Centers Infrastructure Lithium Technologies, Inc 225 Bush St., 15th Floor San Francisco, CA 94104 tel: +1 415 757 3100 x3219 From: Xu (Simon) Chen xche...@gmail.com Sent: Monday, June 30, 2014 7:38 AM To: HAProxy Subject: single or many haproxy instances Hi folks, I am writing a simple load balancer as a service to automate haproxy configuration while providing a simple API to users, who only need to give a few simple specifications of the load balancer they want. I am trying to decide whether to run multiple haproxy instances or a single instance on a particular node. I currently use jinja2 template to combine all services into a single haproxy configuration file and run a single instance of haproxy. Every time, when a service spec is changed, I run check config mode, and only reload the config if the test passes. But I fear that a single incorrect service spec would prevent everyone else from updating their services, unless I maintain some last-known good config for every service. Managing one haproxy instance for every service solves this problem, but I might end up with too many processes on a single box. Any recommendations on which way to go? Is there a recommended max number of haproxy instances per node/core? Thanks. -Simon
Re: single or many haproxy instances
My understanding, and I could very well be wrong. Is that HAProxy is not SMP aware, it's single threaded and will not automatically take advantage of systems with multiple CPU's or cores. Other than the OS scheduler moving things around. Running multiple instances allows you to peg each instance to a particular CPU, core. Is this correct? On Tue, Jul 1, 2014 at 12:54 PM, Justin Franks justin.fra...@lithium.com wrote: Not sure why you would run multiple HAProxy in one node. I don't understand what you want to do. But... Look into using Consul to help load balance/cluster your HAProxy instances. That is what we are doing. Simple and works great. Think of Consul as a Global load balancing service that works internally. Consul will look at all your instances (HAProxy or whatever) and round-robin or weight load balance to all of them based on health checks you plug in. I don't know if this would solve your prob though. * Justin Franks Lead Operations Engineer SaaS, Cloud, Data Centers Infrastructure Lithium Technologies, Inc 225 Bush St., 15th Floor San Francisco, CA 94104 tel: +1 415 757 3100 x3219 -- *From:* Xu (Simon) Chen xche...@gmail.com *Sent:* Monday, June 30, 2014 7:38 AM *To:* HAProxy *Subject:* single or many haproxy instances Hi folks, I am writing a simple load balancer as a service to automate haproxy configuration while providing a simple API to users, who only need to give a few simple specifications of the load balancer they want. I am trying to decide whether to run multiple haproxy instances or a single instance on a particular node. I currently use jinja2 template to combine all services into a single haproxy configuration file and run a single instance of haproxy. Every time, when a service spec is changed, I run check config mode, and only reload the config if the test passes. But I fear that a single incorrect service spec would prevent everyone else from updating their services, unless I maintain some last-known good config for every service. Managing one haproxy instance for every service solves this problem, but I might end up with too many processes on a single box. Any recommendations on which way to go? Is there a recommended max number of haproxy instances per node/core? Thanks. -Simon -- *Zachary Buckholz* E: zachary.buckh...@pearson.com T: 480-457-7789 PearsonAlways Learning Learn more at www.pearson.com
Using the socket interface to access ACLs
Hello I am trying to modify ACLs via the socket interface. When I try to do something like 'get acl', I get an error: Missing ACL identifier and/or key. How do I find the ACL identifier or key for a specific ACL? I see the list of ACLs when i do a 'show acl', but unsure which of these values is the file or key: # id (file) description 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 Thanks
Re: Using the socket interface to access ACLs
On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez william.jime...@itsoninc.com wrote: Hello I am trying to modify ACLs via the socket interface. When I try to do something like 'get acl', I get an error: Missing ACL identifier and/or key. How do I find the ACL identifier or key for a specific ACL? I see the list of ACLs when i do a 'show acl', but unsure which of these values is the file or key: # id (file) description 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 Thanks Hi William, In order to be able to update ACL content, they must load their content from a file. The file name will be considered as a 'reference' you can point to when updating content. Don't forget to update simultaneously the content from an ACL and from the flat file to make HAProxy reload reliable :) Baptiste
Re: Using the socket interface to access ACLs
Hi Baptiste, thank you for the response. I'm afraid I still don't follow.
Say I have the an ACL that I want to toggle from its current state (as
defined in the flat file) to 'always_false'. I can see it exists from the
output of the 'show acl' command:
# irc://chat.freenode.net:6667/# id (file) description
0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
So to modify it I assume I would run something using 'add acl'. I thought
you mentioned it needs to be defined in a file so I tried:
# haproxyctl add acl myacl
'add acl' expects two parameters: ACL identifier and pattern.
where 'myacl' is a file containing:
acl redir_true always_true
Hope that helps clarify the situation. What am I doing wrong?
Thanks in advance,
William
On Tue, Jul 1, 2014 at 2:00 PM, Baptiste bed...@gmail.com wrote:
On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez
william.jime...@itsoninc.com wrote:
Hello
I am trying to modify ACLs via the socket interface. When I try to do
something like 'get acl', I get an error:
Missing ACL identifier and/or key.
How do I find the ACL identifier or key for a specific ACL? I see the
list
of ACLs when i do a 'show acl', but unsure which of these values is the
file
or key:
# id (file) description
0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20
2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22
Thanks
Hi William,
In order to be able to update ACL content, they must load their
content from a file.
The file name will be considered as a 'reference' you can point to
when updating content.
Don't forget to update simultaneously the content from an ACL and from
the flat file to make HAProxy reload reliable :)
Baptiste
--
William Jimenez
Systems Engineer, Operations
ItsOn, Inc.
650-241-8470 {us/pacific}
Re: Using the socket interface to access ACLs
On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez
william.jime...@itsoninc.com wrote:
Hi Baptiste, thank you for the response. I'm afraid I still don't follow.
Say I have the an ACL that I want to toggle from its current state (as
defined in the flat file) to 'always_false'. I can see it exists from the
output of the 'show acl' command:
# id (file) description
0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
So to modify it I assume I would run something using 'add acl'. I thought
you mentioned it needs to be defined in a file so I tried:
# haproxyctl add acl myacl
'add acl' expects two parameters: ACL identifier and pattern.
where 'myacl' is a file containing:
acl redir_true always_true
Hope that helps clarify the situation. What am I doing wrong?
Thanks in advance,
William
On Tue, Jul 1, 2014 at 2:00 PM, Baptiste bed...@gmail.com wrote:
On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez
william.jime...@itsoninc.com wrote:
Hello
I am trying to modify ACLs via the socket interface. When I try to do
something like 'get acl', I get an error:
Missing ACL identifier and/or key.
How do I find the ACL identifier or key for a specific ACL? I see the
list
of ACLs when i do a 'show acl', but unsure which of these values is the
file
or key:
# id (file) description
0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20
2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22
Thanks
Hi William,
In order to be able to update ACL content, they must load their
content from a file.
The file name will be considered as a 'reference' you can point to
when updating content.
Don't forget to update simultaneously the content from an ACL and from
the flat file to make HAProxy reload reliable :)
Baptiste
--
William Jimenez
Systems Engineer, Operations
ItsOn, Inc.
650-241-8470 {us/pacific}
Hi William,
In your configuration, you should load your acl like this:
acl myacl hdr(Host) -f /path/to/myhosthdr.acl
then your file acl reference will be myhosthdr.acl.
Baptiste
Re: Using the socket interface to access ACLs
Hi Baptiste
I tried:
# haproxyctl del acl myacl
This command expects two parameters: ACL identifier and key.
then i tried this
# haproxyctl del acl myacl 0
Unknown map identifier. Please use #id or file.
as well as the inverse ('0 myacl')
I do see the acl listed though:
# haproxyctl show acl
# id (file) description
0 (/root/myacl) pattern loaded from file '/root/myacl' used by acl at file
'/etc/haproxy/haproxy.cfg' line 19
1 () acl 'hdr' file '/etc/haproxy/haproxy.cfg' line 19
2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
Also a redirect stmt that uses the aforementioned threw an error when I
defined it like you suggested:
[ALERT] 180/204636 (5765) : parsing [/etc/haproxy/haproxy.cfg:31] : error
detected in frontend 'x' while parsing redirect rule : error in condition:
no such ACL : 'redir_true'.
-William
On Tue, Jul 1, 2014 at 2:42 PM, Baptiste bed...@gmail.com wrote:
On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez
william.jime...@itsoninc.com wrote:
Hi Baptiste, thank you for the response. I'm afraid I still don't follow.
Say I have the an ACL that I want to toggle from its current state (as
defined in the flat file) to 'always_false'. I can see it exists from the
output of the 'show acl' command:
# id (file) description
0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
So to modify it I assume I would run something using 'add acl'. I thought
you mentioned it needs to be defined in a file so I tried:
# haproxyctl add acl myacl
'add acl' expects two parameters: ACL identifier and pattern.
where 'myacl' is a file containing:
acl redir_true always_true
Hope that helps clarify the situation. What am I doing wrong?
Thanks in advance,
William
On Tue, Jul 1, 2014 at 2:00 PM, Baptiste bed...@gmail.com wrote:
On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez
william.jime...@itsoninc.com wrote:
Hello
I am trying to modify ACLs via the socket interface. When I try to do
something like 'get acl', I get an error:
Missing ACL identifier and/or key.
How do I find the ACL identifier or key for a specific ACL? I see the
list
of ACLs when i do a 'show acl', but unsure which of these values is
the
file
or key:
# id (file) description
0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20
2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22
Thanks
Hi William,
In order to be able to update ACL content, they must load their
content from a file.
The file name will be considered as a 'reference' you can point to
when updating content.
Don't forget to update simultaneously the content from an ACL and from
the flat file to make HAProxy reload reliable :)
Baptiste
--
William Jimenez
Systems Engineer, Operations
ItsOn, Inc.
650-241-8470 {us/pacific}
Hi William,
In your configuration, you should load your acl like this:
acl myacl hdr(Host) -f /path/to/myhosthdr.acl
then your file acl reference will be myhosthdr.acl.
Baptiste
--
William Jimenez
Systems Engineer, Operations
ItsOn, Inc.
650-241-8470 {us/pacific}
Re: Issue with ssl_c_sha1
Willy,
Thanks for you help. Your suggestion worked! What tripped me was the lack
of an example involving ssl_c_sha1 in the documentation. The easiest way
to improve would be to the line you sent me to the list of other SSL
examples.
Thanks,
‹aydan
On 5/28/14, 5:47 PM, Willy Tarreau w...@1wt.eu wrote:
Hi,
On Wed, May 28, 2014 at 08:47:11PM +, Yumerefendi, Aydan wrote:
Hi,
I am trying to extract the sha1 hash of the client certificate and to
pass it
to the backend server. My configuration has this line:
http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1]
However, this does not seem to produce a string of the form aabbcc...
as
the examples I've seen on the web. Instead, it appears to write the raw
sha1
hash bytes. The downstream server, node.js, appears to treat these
value as
utf8 strings.
Indeed, the doc says it's binary, so if you want it in hex, you just need
to
chain the hex converter :
http-request set-header X-SSL-Client-SHA1
%{+Q}[ssl_c_sha1,hex]
The binary form is more suited to stick tables for example as it takes
half
of the space.
Do you think we could improve the doc one way or another to make this
easier
to find ? Maybe with more examples ? Do not hesitate to suggest
adaptations
or even patches!
Regards,
Willy
dns resoluton and caching
We are using haproxy to route traffic to several AWS services that are behind an ELB and noticed the following behavior: - haproxy resolves the ELB address at startup and routes traffic just fine (not sure if haproxy uses the first IP or all resolved IPs and round-robins between them, though) - however, Amazon uses short TTL for ELB DNS entries, 60s or so. If the ELB is modified, due to load, or internal reconfiguration, Amazon can modify the ELB DNS mapping - once the IP(s) mapped to the ELB are completely replaced, relative to the initially resolved ones at startup, haproxy fails to route traffic and returns status 503 Is there a way to configure haproxy to respect DNS TTL when resolving dns names? If not, is there something you can recommend that would allow us to deal with this problem? Our current plan is to stop using DNS for the ELB and instead to use its ip addresses. We'll then periodically do DNS resolutions and once we detect a change, we'll rewrite the configuration and have haproxy reload it. Thanks for you help and for this great product! -aydan
Re: What did option maxconn mean in keyword server? will it cause 503 status?
Hi, Lukas Many thanks , you are awesome. It's my fault that did not read the documentation carefully. I enlarged the timeout queue. No 503 page returned, but the total sessions in frontend accumulated quickly, which means most of the requests are queued by haproxy. I will try to add more servers to run backend server. 谢谢 金杰 (Jie Jin) On Tue, Jul 1, 2014 at 9:50 PM, Lukas Tribus luky...@hotmail.com wrote: Hi, I add an option maxconn after keyword server. When haproxy face high volume of requests (about 2 concurrent requests), it return many 503 page Of course it will. You would like to serve 2 concurrent requests, but your 6 servers only support 180 concurrent connections each. Do the math: 6 x 180 = 1080 concurrent request can be served in your configuration, of course you will see a lot of 503 errors. why did haproxy send 503 page? Because all backend servers are busy serving 180 concurrent requests, as per your configuration. You have instructed HAProxy not the send more than 180 request per server, and that is exactly what HAProxy is doing (queueing the request until timeout queue [2] expires and then sending 503 errors). I also did not understand the meaning of optioin maxconn. If I remove this option, haproxy will return only very few 503 page. Please read the documentation about maxconn fully [1] then. Do option maxconn in above configration mean: if concurrent requests come from frontend is bigger than 180, haproxy will reject these requests and return 503? It means: each server can handle up to 180 concurrent requests and HAproxy will not send more request to the server, but either use a different server (if there are), or queue it until timeout queue [2] expires, or contimeout as it is in your case (3 seconds). If yes, can I configure the size of the queue? 180 *is* your per server queue size, and its exactly the limitation you are hitting. Additional info [jj@p2p3 tmp]$ echo show errors | sudo socat stdio /tmp/haproxysock Total events captured on [01/Jul/2014:18:49:29.713] : 0 You gonna need to configure the stats socket properly, show errors requires operator or admin privileges on the socket [2] (level admin). Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#maxconn%20%28Server%20and%20default-server%20options%29 [2] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#timeout%20queue [3] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2-show%20errors
