Re: [PATCH] MEDIUM/RFC: Implement time-based server latency metrics

[Krishna Kumar (Engineering)]

Hi Willy,

Sorry to bother you again, but a quick note in case you have
forgotten this patch/email-thread.

Regards,
- Krishna


On Thu, Jan 5, 2017 at 12:53 PM, Willy Tarreau  wrote:

> Hi Krishna,
>
> On Thu, Jan 05, 2017 at 11:15:46AM +0530, Krishna Kumar (Engineering)
> wrote:
> > Hi Willy,
> >
> > If required, I can try to make the "hard-coded periods" changes too, but
> > want
> > to hear your opinion as the code gets very complicated, and IMHO, may not
> > give correct results depending on when the request is made. All the other
> > changes are doable.
> >
> > Hoping to hear from you on this topic, please let me know your opinion.
>
> I've started to think about it but had to stop, I'm just busy dealing with
> some painful bugs so it takes me more time to review code additions. I'm
> intentionally keeping your mail marked unread in order to get back to it
> ASAP.
>
> Thanks,
> Willy
>

set ssl ocsp-response working only if we already have an ocsp record

[Olivier Doucet]

Hello,

I'm actually implementing OCSP stapling on my haproxy instance.

It seems we can update ocsp (with set ssl ocsp-response on socket) only if
a previous OCSP record exist.

For example :
Case #1
- start haproxy without any ocsp file
- set ssl ocsp-response $(base64 file.ocsp)
=>
OCSP single response: Certificate ID does not match any certificate or
issuer.

Case #2
- start haproxy with ocsp file
- set ssl ocsp-response [ with same OCSP response file ]
=> "OCSP Response updated!"

Is this an expected behaviour ?

Olivier

Re: Gzip compression and transfer: chunked

[Christopher Faulet]

Le 23/01/2017 à 11:54, Vladimir Mihailenco a écrit :

Hi,

I am using haproxy as load balancer/reverse proxy for Rails/Go
application. I am upgrading from working Haproxy 1.6 config to 1.7.2.
And it looks like I need to change my existing config, because Haproxy
1.7 truncates responses from Rails/Rack application.

With Haproxy 1.6 and enabled compression
- i can load full HTML (200kb)
- HTML is not compressed
- Transfer-encoding: "chunked"
- no Content-Length header

With same config Haproxy 1.7
- only first 14kb are avalable
- no Transfer-encoding
- Content-Length: 14359

With Haproxy 1.7 and compression disabled
- full HTML is available
- HTML is not compressed
- Transfer-encoding: "chunked"
- no Content-Length header

Any recommendations? Should I disable compression from Rails/Rack app?


Hi,

Could you share your configurations, the both please ? And if possible, 
the request/response headers for all scenarios. The compression was 
rewritten in 1.7. So it is possible that something was broken.


Headers returned by your backend could be useful too.

--
Christopher

Gzip compression and transfer: chunked

[Vladimir Mihailenco]

Hi,

I am using haproxy as load balancer/reverse proxy for Rails/Go application.
I am upgrading from working Haproxy 1.6 config to 1.7.2. And it looks like
I need to change my existing config, because Haproxy 1.7 truncates
responses from Rails/Rack application.

With Haproxy 1.6 and enabled compression
- i can load full HTML (200kb)
- HTML is not compressed
- Transfer-encoding: "chunked"
- no Content-Length header

With same config Haproxy 1.7
- only first 14kb are avalable
- no Transfer-encoding
- Content-Length: 14359

With Haproxy 1.7 and compression disabled
- full HTML is available
- HTML is not compressed
- Transfer-encoding: "chunked"
- no Content-Length header

Any recommendations? Should I disable compression from Rails/Rack app?

Re: Need help to reolsve haproxy issue

[Praveen Koppula]

 Sorry for the late reply, I was on unplanned leave.

What I observed in my investigation, when I commented below line it's
working as expected. Means even after reboot the machine the haproxy
service get started automatically.
#stats socket /etc/haproxy/haproxysock level admin
I'm not sure what is the significance of this line.
Can we proceed with this in our configuration or will it cause any
issues further?

NOTE : I couldn't find haproxy-wrapper under below location
/usr/sbin> ls -ltr *haproxy*
-rwxr-xr-x 1 root root  35152 Sep  3  2014 haproxy-halog
-rwxr-xr-x 1 root root 788672 Sep  3  2014 haproxy
lrwxrwxrwx 1 root root 19 Jan  9 01:47 rchaproxy -> /etc/init.d/haproxy

Thanks in advance.

On Mon, Jan 16, 2017 at 11:43 AM, Aaron West  wrote:
> I've not personally had any issues with systemd which I know doesn't mean
> there isn't any... However, on closer inspection, it gets started through a
> wrapper "haproxy-systemd-wrapper" for me :
>
> [Unit]
> Description=HAProxy Load Balancer
> After=network.target
>
> [Service]
> ExecStartPre=/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
> ExecStart=/usr/local/sbin/haproxy-systemd-wrapper -f
> /etc/haproxy/haproxy.cfg -$
> ExecReload=/bin/kill -USR2 $MAINPID
> KillMode=mixed
> Restart=always
>
> [Install]
> WantedBy=multi-user.target
>
> So definitely check if you are using that wrapper or not if systemd is being
> used.
>
> Otherwise, my feeling is that for whatever reason you cannot access the
> socket previously created due to permissions... I mean I can get the same
> error trying to start HAproxy as an unprivileged user who cannot write to
> the file/directory.
>
> Aaron West
>
> Loadbalancer.org Limited
> +44 (0)330 380 1064
> www.loadbalancer.org
>
> On 16 January 2017 at 16:21, Baptiste  wrote:
>>
>> Might be a systemd dependency issue, where the socket is not created
>> before the process is started.
>>
>> Baptiste
>>
>> On Mon, Jan 16, 2017 at 4:46 PM, Aaron West 
>> wrote:
>>>
>>> Hi Praveen,
>>>
>>> Am I right in assuming it's a socket for the stats page? Also what user
>>> is starting HAproxy because maybe it doesn't have permissions to create the
>>> socket?
>>>
>>> We might need your whole config or at least the GLOBAL section...
>>>
>>> Aaron West
>>>
>>> Loadbalancer.org Limited
>>> +44 (0)330 380 1064
>>> www.loadbalancer.org
>>>
>>> On 16 January 2017 at 15:38, Praveen Koppula
>>>  wrote:

 Some content was missing. Adding again.

 When we reboot our machine (Where haproxy installed) teh haproxy going
 to be down and it's not starting after machine boot.
 When we force to start haproxy service getting below error.
 Error: Starting haproxy [ALERT] 047/083514 : Starting frontend GLOBAL:
 error when trying to preserve previous UNIX socket
 [/etc/haproxy/haproxysock] startproc: exit status of parent of
 /usr/sbin/haproxy: 1 Failed

 On Mon, Jan 16, 2017 at 10:32 AM, Praveen Koppula
  wrote:
>
> Can you please help me on this.
>
> Haproxy version is : 1.5.4-2.1
>
> Thanks in advance


>>>
>>
>