[SPAM] Capacity Building Training Workshops Invitation
Re: Capacity Building Training Workshops Invitation Dates and Locations: March 16 - 20, 2015 | New York City, NY - United States March 23 - 27, 2015 | Warsaw – Poland Event website: http://earthcoalition-fund.org/ Area: Environmental, Economic, Cultural and Social Sustainability Dear Colleagues, We are delighted to invite you on behalf of the Earth Coalition Fund to the International Training Seminars in Sustainable Development that will be held on: March 16 - 20, 2015 | New York City, NY - United States March 23 - 27, 2015 | Warsaw – Poland More than 20 innovative and informative workshops sessions, interactive discussions and impactful networking prospects will comprise the Environment, Culture, Economy and Society international Seminars themed Capacity Building and Sustainability Enhancement, presented by The Earth Coalition Fund. Participants will be exposed to a variety of innovative solutions to common problems faced in the sustainable development sector and beyond, and gained tools for finding new ways to approach and solve their organization's challenges. The Earth Coalition Fund is conducting Capacity Building Training Seminars designed for people who plan to work or volunteer in community development, or who already work in this field and want to advance their careers. The Earth Coalition Fund uses as its basis, a framework of rights-based development and The Earth Coalition Fund Approach. This multi-sectoral, participatory approach focuses on the empowerment of people as both the ends and means of a genuine sustainable development process. We are training and consulting with organizations from around the world. Overview: This program uses a multi-sector, participatory approach that focuses on empowerment of people as both the ends and means of a sustainable development process. Rather than teaching prescriptive solutions to community problems, we provide you with the tools to use the community's input and vision to create options and solutions that truly meet community needs. The program helps you learn through case studies, exercises, and group discussions, providing a complete learning environment. You will learn from, and share experiences with, practitioners working in the field around the world. This program gives experienced practitioners a fresh perspective and provides novices and volunteers the training they need to be successful working in the field of development. Description: This year, we are keen on further increasing the number of participants by proposing an even more attractive, innovative and focused program that handles all the aspects of sustainable development and capacity strengthening. More than 20 courses will be offered during the training event including: Microfinance and the Role of Women, Local Communities and Climate Change Mitigation Strategies, Social Entrepreneurship and Enterprise Development, Financial Management, Fundraising Techniques etc. The complete courses list and description can be found on the program webpage at: http://earthcoalition-fund.org/seminar/trainingcourses.html We expect participants from: Governments and International Organizations, Civil Society, the Business Public and Private Sectors, Academics Institutions and Leaders and Private Individuals amongst others. Availability of attendance sponsorship: We are informing you of the availability of attendance sponsorship intended to cover the participation of delegates from organizations from middle and low income countries. The sponsorship is to encourage quality research, mobility and networking among participants. For more information and availability, please contact the Registration Desk. Registration: To register for the events, please email the Organizing Committee at registrat...@earthcoalition-fund.org for the registration modalities and requirements. You are required to confirm your participation via email before starting the registration process on the events website. Due to time constraints, interested participants are strongly advised to confirm attendance beforehand. While we anticipate your response at your earliest convenience, please do not hesitate to contact us for further information. We are looking forward to your effective participation in the forthcoming events. Sincerely, Kathleen Anderson, Ph.D Director Training and Events The Earth Coalition Fund Nonprofit Development Fund 1225 Franklin Ave. Garden City, New York 11530 Phone: +1.347.741.8235 Email: i...@earthcoalition-fund.org http://www.earthcoalition-fund.org New York - United States Désinscription / Changer d'adresse e-mail Powered par YMLP
Re: Health Probes not working with http-send-name-header
On Mon, Jan 12, 2015 at 9:03 PM, Srinivas Kotaru wrote: > Baptiste writes: > >> >> On Thu, Jan 8, 2015 at 10:16 PM, Srinivas Kotaru wrote: >> > Srinivas Kotaru ...> writes: >> > >> >> >> >> I hit similar issue of below post. Any solution yet? >> >> >> >> http://serverdown.ttwait.com/que/594669 >> >> >> >> >> > >> > >> > Sample >> > >> > backend sales_cluster >> > http-send-name-header Host >> > balance roundrobin >> > option httpchk HEAD /pingpong.html HTTP/1.1\r\n >> > http-check expect ! rstatus ^5 >> > cookie SERVERID insert indirect nocache >> > server app1.example.com app1hello-:80 check cookie server1 >> > server app2.example.com app1hello-:80 check cookie server2 >> > >> > with above config, HAProxy sending right Host headers >> > like app1.example.com and app2.example.com >> > but httpchk not sending any valid host header. I cannot put both >> > app1.example.com and app2.example.com in same httpchk statement. >> > >> > >> >> hi >> >> From the doc, it is said nowhere that this header should be sent >> during health check. >> >> There is a very dirty workaround to do what you want: is to "offload" >> monitoring into a dedicated backend (one per server). >> >> Baptiste >> >> > > > Baptiste > > It really doesn't my problem. I have lot of clients. I can't build another > monitoring solution on top of it for each stack. Even you do that, it > becomes manual failover per app basis. > > > with above example I can only check heath of one application even though > it has 2 servers. if second goes down, without proper health checkes, > HAProxy still send clietn traffic to 2nd server and get 503 errors. > > The olnly solution I can think off > > 1. http-send-name-header should send appropriate Host header to probes > ( Or) > > 2. I shoud be abel to send 2 or more httpchk host headers rather than 1. > which is current limitation. If I can set httpchk at server level rather > backend > level, it solve the problem > > Srinivas Kotaru > > so what you want ot do is content switching: one application per backend (hence a single server in your backend) with a dedicated health check and route only http requests related to this application. you don't need load-balancing at all! Baptiste
Re: Haproxy SSL Redirection issue
Hi, Le 12/01/2015 22:27, RAKESH P B a écrit : Hi All, Can I have an update on this. From what you describe and your configuration, this is not haproxy related but you should take a look on the application or on the server itself. But we can't tell you more, you didn't provide any information on them. By adding a X-Forwarded-Proto header, your server/application must take it into account. And this is where there is no standard. For example : - some applications require X-Forwarded-Proto: https - some others require that the server set an environment variables, and depending on the component, it can have different names/values, some are case sensitive, some others not (HTTPS=on, HTTPS=On, ...) - apache redirects will use a special syntax on ServerName with a https:// prefix, ... As you see, it depends on what the developers thought at the time they included SSL Offloading support. On Sun, Jan 11, 2015 at 6:56 PM, RAKESH P B mailto:pb.rakes...@gmail.com>> wrote: Please find updated configuration file. On Sun, Jan 11, 2015 at 6:53 PM, RAKESH P B mailto:pb.rakes...@gmail.com>> wrote: Hi Lukas, Thanks you for the quick response. Please find the attached Haproxy configuration. On Sun, Jan 11, 2015 at 5:21 PM, Lukas Tribus mailto:luky...@hotmail.com>> wrote: > Hi Team, > > I have an issue Haproxy SSL redirection. Whenever any request is > redirected from HAproxy , then two redirected request is send, one is > with http and other with https while URL for both request is same. > For example, > when the URL is redirected tohttps://www.example.com/to/path? , then > these two request are send >http://www.example.com/path1/path2/path3? >https://www.example.com/path1/path2/path3? Can you share the config? Lukas -- Cyril Bonté
Re: Haproxy SSL Redirection issue
Hi All, Can I have an update on this. On Sun, Jan 11, 2015 at 6:56 PM, RAKESH P B wrote: > Please find updated configuration file. > > On Sun, Jan 11, 2015 at 6:53 PM, RAKESH P B wrote: > >> Hi Lukas, >> >> Thanks you for the quick response. Please find the attached Haproxy >> configuration. >> >> On Sun, Jan 11, 2015 at 5:21 PM, Lukas Tribus >> wrote: >> >>> > Hi Team, >>> > >>> > I have an issue Haproxy SSL redirection. Whenever any request is >>> > redirected from HAproxy , then two redirected request is send, one is >>> > with http and other with https while URL for both request is same. >>> > For example, >>> > when the URL is redirected to https://www.example.com/to/path? , then >>> > these two request are send >>> > http://www.example.com/path1/path2/path3? >>> > https://www.example.com/path1/path2/path3? >>> >>> Can you share the config? >>> >>> >>> Lukas >>> >>> >> >> >> >
Re: Health Probes not working with http-send-name-header
Baptiste writes: > > On Thu, Jan 8, 2015 at 10:16 PM, Srinivas Kotaru wrote: > > Srinivas Kotaru ...> writes: > > > >> > >> I hit similar issue of below post. Any solution yet? > >> > >> http://serverdown.ttwait.com/que/594669 > >> > >> > > > > > > Sample > > > > backend sales_cluster > > http-send-name-header Host > > balance roundrobin > > option httpchk HEAD /pingpong.html HTTP/1.1\r\n > > http-check expect ! rstatus ^5 > > cookie SERVERID insert indirect nocache > > server app1.example.com app1hello-:80 check cookie server1 > > server app2.example.com app1hello-:80 check cookie server2 > > > > with above config, HAProxy sending right Host headers > > like app1.example.com and app2.example.com > > but httpchk not sending any valid host header. I cannot put both > > app1.example.com and app2.example.com in same httpchk statement. > > > > > > hi > > From the doc, it is said nowhere that this header should be sent > during health check. > > There is a very dirty workaround to do what you want: is to "offload" > monitoring into a dedicated backend (one per server). > > Baptiste > > Baptiste It really doesn't my problem. I have lot of clients. I can't build another monitoring solution on top of it for each stack. Even you do that, it becomes manual failover per app basis. with above example I can only check heath of one application even though it has 2 servers. if second goes down, without proper health checkes, HAProxy still send clietn traffic to 2nd server and get 503 errors. The olnly solution I can think off 1. http-send-name-header should send appropriate Host header to probes ( Or) 2. I shoud be abel to send 2 or more httpchk host headers rather than 1. which is current limitation. If I can set httpchk at server level rather backend level, it solve the problem Srinivas Kotaru
Re: Health Probes not working with http-send-name-header
On Thu, Jan 8, 2015 at 10:16 PM, Srinivas Kotaru wrote: > Srinivas Kotaru writes: > >> >> I hit similar issue of below post. Any solution yet? >> >> http://serverdown.ttwait.com/que/594669 >> >> > > > Sample > > backend sales_cluster > http-send-name-header Host > balance roundrobin > option httpchk HEAD /pingpong.html HTTP/1.1\r\n > http-check expect ! rstatus ^5 > cookie SERVERID insert indirect nocache > server app1.example.com app1hello-:80 check cookie server1 > server app2.example.com app1hello-:80 check cookie server2 > > with above config, HAProxy sending right Host headers > like app1.example.com and app2.example.com > but httpchk not sending any valid host header. I cannot put both > app1.example.com and app2.example.com in same httpchk statement. > > hi >From the doc, it is said nowhere that this header should be sent during health check. There is a very dirty workaround to do what you want: is to "offload" monitoring into a dedicated backend (one per server). Baptiste
Re: rspitarpit ?
On Wed, Jan 7, 2015 at 5:18 PM, Jim Freeman wrote: > We're getting some congestion from blind-shooting (or maybe just > stupid-shooting) scrapers who make (mostly bad) requests, with > occasional successes. > > We'd like to tarpit unsuccessful responses. > > Any experience on how to accomplish that ? > > ( A rspitarpit directive would be awesome ) > > > Kudos on an awesome tool, > ...jfree > hi Jim, you can count http response errors then decide to trigger a tarpit if you go over a threshold. An example can be found in this blog article, about load-balancing WAF: http://blog.haproxy.com/2012/10/16/high-performance-waf-platform-with-naxsi-and-haproxy/ Look for the http_err_rate keyword. Baptiste
Re: Stick table and http headers
On Wed, Jan 7, 2015 at 4:27 PM, Mathias Bogaert wrote: > Hi, > > Does this seem right? > > acl HAS_CF_CONNECTING_IP hdr_cnt(CF-Connecting-IP) eq 1 > acl HAS_X_FORWARDED_FOR hdr_cnt(x-forwarded-for) eq 1 > tcp-request content track-sc0 hdr_ip(CF-Connecting-IP,-1) if HTTP > HAS_CF_CONNECTING_IP > tcp-request content track-sc0 hdr_ip(x-forwarded-for,-1) if HTTP > !HAS_CF_CONNECTING_IP HAS_X_FORWARDED_FOR > > So use CF-Connecting-IP if present, X-Forwarded-For else. > > Thanks, > > Mathias Hi Mathias, I've not run your conf, but it sounds good. Baptiste
Enhancement request concerning SSL loading order of cert files
Dear all, nice to meet you (first post since a very lng time here). As far as I understand it, when using the crt option of bind directive with a directory as parameter, cert files from the specified directory are loaded... Well, good, that's great :) Today we faced an issue on two hosts working in active/passive mode which lead us to some cold sweat... The situation is the following: - HAProxy is used as an SSL termination to offload SSL trafic - Machine A is the master serving the requests when everything is ok - Machine B is the "slave" and takes the trafic when we failover (machine A maintenance period or crash and things like that) - On each host: exactly same configuration, and same certificate files located in the same location on each host (not a shared one but strictly identical copy). - we mainly have devices which are SNI aware but a minority of them is definitely not. When we failed over, the devices not able to do SNI began to stop working and as soon as we did a fallback these same devices came back to a working state. After some research we managed to see that: - machine A was sending a certificate cert1.tld per default - machine B was sending another certificate cert2.anotherTLD (which did not correspond to the request made and so the client silently failed and stopped sending traffic) It seems to be due to the use of readdir in the function ssl_sock_load_cert() located in src/ssl_sock.c. As readdir does not guarantee any order or at least not an alphabetical or time order, both the instance did not have the same answer although the configuration were exactly the same. We extracted part of the code used in ssl_sock_load_cert and effectively got two different answers on the two hosts: Host A listing retrieved from readdir(): cert1.tld ... cert2.anotherTLD ... Host B listing retrieved from readdir(): cert2.anotherTLD ... cert1.tld ... The documentation definitely talks about this in the section describing the "crt" option but as we are all human and not always reading the entire documentation would it be possible to emit a warning at HAProxy launch (something like the ones for the fact that the order matters for redirect and acl statements or the ones for deprecated options) in case it is detected that a directory has been passed to crt without any default cert file mentioned before? Or may be the listing of certs could be alphabetically sorted although it may break existing deployments and so may not be a good thing at all. I'm asking for that although I'm convinced one should read the doc because in such situations (active/passive configuration), HAProxy may behave differently although configured in the same way and so you can come back at home with a big headache when trying to debug such a situation ;). Did I mention that... I love HAProxy? Thank you all and see you for a beer or whatever you like, Raphaël P.S. HAProxy version 1.5.8 from debian wheezy backports
