Re: missing documentation on 51degrees samples

[haproxy]

Ping?

-Patrick

On 2016/10/7 13:27, Patrick Hemmer wrote:
> The documentation doesn't mention the sample fetcher `51d.all`, nor
> the converter `51d.single`. The only place they're mentioned is the
> repo README.
>
> Also the documentation for `51degrees-property-name-list` indicates it
> takes an optional single string argument (`[]`), rather than
> multiple string arguments (`...`). This led me to expect it
> was comma delimited, which ended up not working.
>
> -Patrick

deviceatlas issues

[Patrick Hemmer]

After using the addon, I've run across a few issues trying to get it
running.
The first are mostly documentation issues:
1. The example for `da-csv-conv` has `da-csv()` instead of `da-csv-conv()`.
2. The documentation lists the parameter `deviceatlas-separator`. The
param is really `deviceatlas-property-separator`.
3. The deviceatlas library seems to provide a `da-csv-fetch`, which
isn't in the documentation at all.
4. Documentation on ` deviceatlas-log-level` doesn't indicate the
maximum level. And is just not very descriptive in general. I tried
changing the value and saw no change in any logging.

But I also ran across an issue when I try to use a personalized
enterprise data file in that all lookups seem to fail. The resulting
`da-csv-conv()` just returns empty fields. The fields I'm using are
basic ones like browserName,browserVersion,osName,osVersion. The free
file (20160203_compact.json) works fine. The web UI for controlling the
file indicates the fields are selected, and when I grep the json file, I
get fields results as "sbrowserName","sbrowserVersion". So not sure why
it doesn't work.

-Patrick

External resources: [...] updates (v1.5)

[Marco Corte]

Hi everyone!

After a lot of time I noticed a strange string in the stats web 
interface for v1.6 and v1.7 (demo.haproxy.org).


The HTML

External 
resources:

http://www.haproxy.org/;>Primary site
http://www.haproxy.org/#down;>Updates (v1.5)
http://www.haproxy.org/#docs;>Online manual


What about changing

http://www.haproxy.org/#down;>Updates (v1.5)

to
http://www.haproxy.org/#down;>Updates

Or... am I missing something?

Ciao!

.marcoc

Re: SC session state with googlebot

[Arnall]

Sorry everyone, forget about this message , just a misconfiguration ...

Le 01/12/2016 à 15:25, Arnall a écrit :

Hello everyone,

i have a special case in our logs with googlebot, with some static 
files, we have a SC-- session state and of course a 503 status code :


 66.249.76.63:55140  frontend_web frontend_web/ -1/-1/-1/-1/5 
503 212 - \- SC-- 2179/2175/0/0/0 0/0 
{|static.hostname.tld|Mozilla/5.0_(compatible;_Googlebot/2.1;_+http://www.google.com/bot.html)|XX} 
"GET /img/xx.png HTTP/1.1"


i have the same thing for almost all kind of files served by 
static.hostname.tld (.css .js .woff etc ... ), only with Googlebot ( 
no problem for regular users or bingbot etc... )


Is it coming from our backends ? I've read the documentation about SC 
in chapter 8.5 but i really don't know how this combination 
googlebot+static.hostname.tld could lead to this ...


If you have any hint ...

Thanks !

SC session state with googlebot

[Arnall]

Hello everyone,

i have a special case in our logs with googlebot, with some static 
files, we have a SC-- session state and of course a 503 status code :


 66.249.76.63:55140  frontend_web frontend_web/ -1/-1/-1/-1/5 
503 212 - \- SC-- 2179/2175/0/0/0 0/0 
{|static.hostname.tld|Mozilla/5.0_(compatible;_Googlebot/2.1;_+http://www.google.com/bot.html)|XX} 
"GET /img/xx.png HTTP/1.1"


i have the same thing for almost all kind of files served by 
static.hostname.tld (.css .js .woff etc ... ), only with Googlebot ( no 
problem for regular users or bingbot etc... )


Is it coming from our backends ? I've read the documentation about SC in 
chapter 8.5 but i really don't know how this combination 
googlebot+static.hostname.tld could lead to this ...


If you have any hint ...

Thanks !

multiproc ssl recommendations

[Elias Abacioglu]

Hi,

Similar to what Christian asked about a few days ago I would like help
to summarize the recommendations for running a haproxy as a SSL LB on
a multi cpu, multi core machine.

I have a machine with two sockets equipped with Intel Xeon E5-2680 v4.
56 cores in total with HT enabled, 28 with HT disabled.

Summary(correct me where I'm wrong):
Hyperthreading - should be disabled
As for network IRQ pinning, should I not pin the NIC to core 0 of each
CPU? Should I split it up between the cores when doing SSL termination
on most cores?

global
nbproc 28 # equal to the number of none HT cores (28 in my case)
# cpu-map's equal to the number of non HT cores.
# (didn't see any cpu-map in Christians configuration, is it not
needed anymore?)
cpu-map 1 0
cpu-map 2 1
...
cpu-map 28 27

frontend https
bind :443 ssl crt /etc/ssl/xx.pem process 1

bind :443 ssl crt /etc/ssl/xx.pem process 28
# should I omitt process 1/2 and 15/16 here?

# Should I use core 0 on each CPU for backends (proc 1+15) or should I
use core 1(proc 2+16)?
backend x
bind-process 1 15
backend y
bind-process 2 16
backend z
# or should i use a bind-process like the frontend's bind?
bind-process 2
bind-process 16


I just read the release notes for haproxy 1.7. There was mention of
mixing different certificate types under "support of multi-certs".

Previously I would have a tcp-ssl that would send traffic to a ecc
backend and a rsa backend depending on req.ssl_ec_ext, which in turn
would send traffic to a frontend with two sockets, one for each
certificate type.
To something like this (hope my ascii doesn't get messed up).


+-->backend01
+--->backend-ecc+ |
frontend-tcp-ssl:443 |
+--->frontend-https+-->backend02
+--->backend-rsa + |

+-->backend03

Does this mean I can now mix RSA and ECC certificates on the same
frontend and skip the entire frontend-backend-frontend trick?

  +-->backend01
  |
frontend-https:443+-->backend02
  |
  +-->backend03

Thanks,
Elias