antibot js challenge opensource lua
Hi list, I have implemented an antibot js challenge for haproxy opensource https://github.com/aderumier/haproxy-botnetchallenge It's using a totp token and a stick table to track autorisations with ip-useragent. Ideas are welcome to improve the js challenge itself (currently I simply do a ror13 to avoid scrapper to simply parse the html) the haproxy enterprise antibot use a random math/bitwise challenge, not sure how to implement something like this. (This is the first time I'm using lua, so maybe the code is not perfect) Regards, Alexandre
Re: Anyone heard about DPDK?
There has been a lot of applications/stack built around DPDK last few years. Mostly because people found it easy to code stuff around DPDK and are so happy to display perf graph about their DPDK application vs plain Linux Kernel stack. My intention here would be to warn a little bit about this collective enthusiasm around DPDK. Integrating DPDK is easy and mostly fun (even if you have to learn and dig into their rte lib and mbuf related), but most of people are completely blind about security ! Ok Linux kernel and netdev is slow in respect of NIC available nowadays (10G, 40G and multiple 100G on core-networks), but using Linux TCP/IP stack you will benefit the hardcore hacking task done during last 30years by Linux netdev core guys ! this long process mostly fix and solve hardcore issues and for some : security issues. And you will certainly not be protected by a 'super fast' self proclaimed performance soft. Mostly because these applications are mostly features oriented than security or protocol full-picture, and are using this 'super fast, best of ever' argument to enforce people mind to adopt. The way DPDK is working in polling mode is certainly not the best at all. DPDK is PCI 'stealing' NIC from kernel to handle/manage itself in userspace by forcing active loop (100% CPU polling) to handle descriptors and convert to mbuf. latter you can 'forward' mbuf to Linux kernel by using KNI netdevice to use Linux Kernel machinery as a slow-path for complicated/not_focused packet-flow (most application are using KNI for ARP,DHCP,...). But most of the time application are implementing 'minimal' adjacent network features to make it work in its networking environment : and here is the problem: you are focused on perf and because of it you are making shortcut about considering potential threats... a prediction could be to see large number of network security holes opened, and specially an old bunch of security holes making a fun revival (a lot of fun with TCP) In contrast recent Linux Kernel introduced XDP and eBPF machinery that are certainly much more future proof than DPDK. First consideration in XDP design is : you only TAP in data/packet you are interested in and not making an hold-up on whole traffic. So XDP is for fast path but only for protocol or workflow identified. You program and attach an eBPF program to a specific NIC, if there is no match then packet simply continue its journey into Linux Kernel stack. XDP is a response from kernel netdev community to address DPDK users. The fact that DPDK introduced and extended PMP to support AF_XDP is certainly a sign that XDP is going/doing into the right direction. regs, Alexandre On 12/02/2019 14:04, Federico Iezzi wrote: Nowadays most VNF (virtual network function) in the telco operators are built around DPDK. Not demos, most 5G will be like that. 4G is migrating as we speak on this new architecture. There isn't any TCP stack built-it but the libraries can be used to build one. VPP has integrated DPDK in this way. Linux network stack is not designed to managed millions of packets per second, DPDK bypass it completely offloading everything in userspace. The beauty is that also the physical nic drivers are in userspace using specific DPDK drivers. Linux networking stack works in interrupt mode, DPDK is in polling mode, basically with a while true. From F5 at the dpdk summit as a relevant reference to what HAProxy does. https://dpdksummitnorthamerica2018.sched.com/event/IhiF/dpdk-on-f5-big-ip-virtual-adcs-brent-blood-f5-networks https://www.youtube.com/watch?v=6zu81p3oTeo Regards, Federico On Tue, 12 Feb 2019 at 11:08, Julien Laffaye <mailto:jlaff...@freebsd.org>> wrote: Something like http://seastar.io/ or https://fd.io/ ? :) On Mon, Feb 11, 2019 at 11:25 AM Baptiste mailto:bed...@gmail.com>> wrote: Hi, HAProxy requires a TCP stack below it. DPDK itself is not enough. Baptiste
Re: CalDav with HAProxy
Hello Sander I use HAProxy 1.6.9 and Owncloud 9.1.1. I managed to get it working by bypassing HAProxy in the initial configuration and tweaking the URLs. Here is my config (I'll be interested to see yours): *globallog 127.0.0.1local0#log 127.0.0.1local1 noticechroot /var/lib/haproxystats socket /run/haproxy/admin.sock mode 660 level adminstats timeout 30suser haproxygroup haproxydaemon# Default SSL material locationsca-base /etc/ssl/certscrt-base /etc/ssl/private# Default ciphers to use on SSL-enabled listening sockets.# For more information, see ciphers(1SSL). ssl-default-bind-ciphers EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNUL!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl-default-bind-options no-sslv3 no-tls-tickets #disable SSLv3 tune.ssl.default-dh-param 2048 #tune DH to 2048defaultslog globalmodehttpoption httplogoption dontlognulltimeout connect 5000timeout client 5 timeout server 5errorfile 400 /etc/haproxy/errors/400.httperrorfile 403 /etc/haproxy/errors/403.httperrorfile 408 /etc/haproxy/errors/408.httperrorfile 500 /etc/haproxy/errors/500.httperrorfile 502 /etc/haproxy/errors/502.httperrorfile 503 /etc/haproxy/errors/503.httperrorfile 504 /etc/haproxy/errors/504.httpfrontend publicbind *:80bind *:443 ssl crt /etc/haproxy/letsencrypt/redirect scheme https if !{ ssl_fc }mode http# Define hostsacl owncloud hdr(host) -i owncloud.mydomain.com <http://owncloud.mydomain.com>## figure out which one to useuse_backend owncloud_server if owncloudbackend owncloud_servermode httphttp-request set-header X-Forwarded-Port %[dst_port]http-request add-header X-Forwarded-Proto https if { ssl_fc }rspadd Strict-Transport-Security:\ max-age=15768000;\ includeSubDomains #enable HSTS header for this backendrspadd X-XSS-Protection:\ 1;\ mode=block #enable XSS protection for this backendbalance leastconnoption httpcloseoption forwardforcookie JSESSIONID prefixserver srv01 10.10.10.101:80 <http://10.10.10.101:80> cookie A check* Thanks ! 2016-11-11 21:06 GMT+00:00 Sander Klein <roe...@roedie.nl>: > On 2016-11-11 15:28, Alexandre Besnard wrote: > > I use HAProxy as a reverse proxy to terminate SSL connections towards >> all my VMs. So far so good except with Owncloud and CalDav. >> >> When Owncloud is hidden behind HAProxy, I am not able to configure my >> CalDav account under the Calendar app in Mac OS X (it works fine on >> iOS or Android). If I bypass HAProxy and terminate the connection >> directly on Apache server on my Owncloud VM, I am able to add the >> account in the OS X Calendar, hence why I suspect HAProxy being the >> problem. >> >> When HAProxy is in front of my Owncloud VM, I can see the following >> happening in the Apache access logs: >> >> 10.10.10.118 - - [11/Nov/2016:14:12:54 +] "PROPFIND >> /.well-known/caldav HTTP/1.1" 301 577 "-" "Mac+OS+X/10.11.6 (15G1108) >> accountsd/113" >> 10.10.10.118 - - [11/Nov/2016:14:12:54 +] "PROPFIND / HTTP/1.1" >> 405 996 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" >> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /caldav/v2 >> HTTP/1.1" 405 1002 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" >> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND >> /principals/users/wikus/ HTTP/1.1" 405 1006 "-" "Mac+OS+X/10.11.6 >> (15G1108) accountsd/113" >> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /principals/ >> HTTP/1.1" 405 1002 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" >> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND >> /dav/principals/ HTTP/1.1" 405 1000 "-" "Mac+OS+X/10.11.6 (15G1108) >> accountsd/113 >> >> and I am unable to explain it…. Do we need to have a specific conf for >> CalDav ? (by the way Cardav has the same issue). >> > > Not the most helpful answer, but I have haproxy running with no special > config at all in front of owncloud. I have been using Caldav without > problems on osx 10.7-10.12 > > Can you share your config without any sensitive information? And, what > version of haproxy are you using? > > Greets, > > Sander >
CalDav with HAProxy
Hello I use HAProxy as a reverse proxy to terminate SSL connections towards all my VMs. So far so good except with Owncloud and CalDav. When Owncloud is hidden behind HAProxy, I am not able to configure my CalDav account under the Calendar app in Mac OS X (it works fine on iOS or Android). If I bypass HAProxy and terminate the connection directly on Apache server on my Owncloud VM, I am able to add the account in the OS X Calendar, hence why I suspect HAProxy being the problem. When HAProxy is in front of my Owncloud VM, I can see the following happening in the Apache access logs: 10.10.10.118 - - [11/Nov/2016:14:12:54 +] "PROPFIND /.well-known/caldav HTTP/1.1" 301 577 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" 10.10.10.118 - - [11/Nov/2016:14:12:54 +] "PROPFIND / HTTP/1.1" 405 996 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /caldav/v2 HTTP/1.1" 405 1002 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /principals/users/wikus/ HTTP/1.1" 405 1006 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /principals/ HTTP/1.1" 405 1002 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113" 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /dav/principals/ HTTP/1.1" 405 1000 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113 and I am unable to explain it…. Do we need to have a specific conf for CalDav ? (by the way Cardav has the same issue). Thank you :)
rsyslog : splitting log by backend ?
Hi, I would like to split logs by backend through rsyslog dynamicaly. something like : /var/log/haproxy_($backend).log I think it can be done with rsyslog $template like this tutorial https://tehlose.wordpress.com/2011/10/10/a-log-file-for-each-virtual-host-with-haproxy-and-rsyslog/ but I don't have any idea how to create the template to get backend name in the log. Can somebody help me ? Regards, Alexandre
Nouvelle collection Automne Hiver
Pour visualiser cet email en Html, cliquez ici : http://email.alexandre-turpault.com/a/?F=r4zqq6wqpsfqmvjp575qh29k38myzmrtdt4fwzxtbdp3y2kxv8lalpz-6453062Alexandre Turpault Si vous ne visualisez pas cet email,cliquez ici: # : http://email.alexandre-turpault.com/r/?F=r4zqq6wqpsfqmvjp575qh29k36zty6gyf22fjagmr4zcu2p33zs933q-6453062 : http://email.alexandre-turpault.com/r/?F=r4zqq6wqpsfqmvjp575qh29k36zty6gyf22fjagmr4zcu2p33zs933q-6453062 *Nouvelle Collection* Découvrez les nouveautés *Automne/Hiver 2015 !* Une nouvelle collection raffinée et délicate autour de la *Nature sublimée* ... La gamme *Essentiel **bio en coton peigné de qualité supérieure *dévoile deux nouveaux coloris : *Céleste *et *Carrare* Coussin en jacquard de *lin *et de *soie*, plaid en *laine mohair*, couvre-lit en *satin de coton *... Laissez-vous séduire par ces matières incroyablement *douces *et **luxueuses** : http://email.alexandre-turpault.com/r/?F=r4zqq6wqpsfqmvjp575qh29k34nx4p6q6jtj5g9b6az7pv48uvfydwq-6453062 : http://email.alexandre-turpault.com/r/?F=r4zqq6wqpsfqmvjp575qh29k322y7dnm2bluvuglvxtgkcka2ylycrq-6453062 --- Message envoyé avec Experian Cheetahmail http://email.alexandre-turpault.com/r/?F=r4zqq6wqpsfqmvjp575qh29k32vqywe9rxtj7j4cz54bkxnfnac986q-6453062 img src=http://email.alexandre-turpault.com/r/?F=r4zqq6wqpsfqmvjp575qh29k32hsnuw9mqxgwugqxk3azz6zgp4szbq-6453062; alt= title= width=1 height=1Pour vous désinscrire de cette liste, cliquez sur : http://email.alexandre-turpault.com/u/?F=r4zqq6wqpsfqmvjp575qh29k38myzmrtdt4fwzxtbdp3y2kxv8lalpz-6453062 ---
Soldes : derniers jours ! Vite, j'en profite !
Pour visualiser cet email en Html, cliquez ici : http://email.alexandre-turpault.com/a/?F=m2ntmsnbsxjjsw8uwfmkr48k6jvzymz82mddlvgpc44m5ecjuz7xvrq-6407616Alexandre Turpault Si vous ne visualisez pas cet email,cliquez ici: # : http://email.alexandre-turpault.com/r/?F=m2ntmsnbsxjjsw8uwfmkr48k6j9jp5wbts5hx975sg8prnp5dkay6d2-6407616 : http://email.alexandre-turpault.com/r/?F=m2ntmsnbsxjjsw8uwfmkr48k6j9jp5wbts5hx975sg8prnp5dkay6d2-6407616 *DERNIERS JOURS !* Plus que quelques jours pour profiter des *dernières démarques* !Bénéficiez de *-10% supplémentaire* sur l'ensemble du site avec le code *PRIVILEGE10* ! : http://email.alexandre-turpault.com/r/?F=m2ntmsnbsxjjsw8uwfmkr48k6djqzllpeljg36q9b4d5vgbkns29ya2-6407616 : http://email.alexandre-turpault.com/r/?F=m2ntmsnbsxjjsw8uwfmkr48k6gfnpcavuhrau7tmvgy5s94x4vdk9s2-6407616 --- Message envoyé avec Experian Cheetahmail http://email.alexandre-turpault.com/r/?F=m2ntmsnbsxjjsw8uwfmkr48k6dmmf2537gdwe8vqju58z48mkk2yrm2-6407616 img src=http://email.alexandre-turpault.com/r/?F=m2ntmsnbsxjjsw8uwfmkr48k6a7ucrj29tkwfchf4tus7gaudzvfh82-6407616; alt= title= width=1 height=1Pour vous désinscrire de cette liste, cliquez sur : http://email.alexandre-turpault.com/u/?F=m2ntmsnbsxjjsw8uwfmkr48k6jvzymz82mddlvgpc44m5ecjuz7xvrq-6407616 ---
Sélection spéciale Fête des Mères : jusqu'à -40% !
Pour visualiser cet email en Html, cliquez ici : http://email.alexandre-turpault.com/a/?F=t93np3dnq5ymwxxgcvvppgkxkygamprk3uv3nu4gg9n3lzrxldzlpyz-6214876Alexandre Turpault Pour être sûr(e) de recevoir toutes nos invitations, ajoutez l'adresse suivante : newslet...@alexandre-turpault.com [lien de visualisation dans un navigateur] [lien de changement du format de reception] : http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkwn2xd3a54fb49q8uhfunkaz292cs32-6214876 : http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkwn2xd3a54fb49q8uhfunkaz292cs32-6214876 La fête des mères approche à grands pas ...: http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkwn2xd3a54fb49q8uhfunkaz292cs32-6214876 Craquez pour: http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkwn2xd3a54fb49q8uhfunkaz292cs32-6214876 *nos idées cadeaux : jusqu'à - 40% !*: http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkwn2xd3a54fb49q8uhfunkaz292cs32-6214876 * du 15 au 31 mai inclus LES PLAIDS NISSIM ET NOAILLE 262 € - 157.20 € On aime : - la *légereté* et la *transparence* - l'excellence des *matières* (soie/laine et lin) - les *franges* pour le côté «mode» Shop now LA COLLECTION ESSENTIEL AZALEE à partir de 4,20 € On aime : - le coloris *rose* plein de pep's - la *souplesse* et la *douceur* de l'éponge - le *coton BIO* certifié GOTS* Shop now * GOTS - Certification Global Organic Standard 100% coton biologique LE DRAP DE PLAGE ROUGE 79 € - 55 € On aime : - le luxe du *jacquard* bicolore - l'imprimé *frais* et *graphique* - les jolies *finitions frangées* Shop now Mon compte Notre savoir faire [lien de desinscription de la liste] --- Message envoyé avec Experian Cheetahmail http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkyw2fd2fnbjjje2ulgrtvvg6h2ta2dq-6214876 img src=http://email.alexandre-turpault.com/r/?F=t93np3dnq5ymwxxgcvvppgkxkk7tyx97hyzsks8uspwg4fka8quumeq-6214876; alt= title= width=1 height=1Pour vous désinscrire de cette liste, cliquez sur : http://email.alexandre-turpault.com/u/?F=t93np3dnq5ymwxxgcvvppgkxkygamprk3uv3nu4gg9n3lzrxldzlpyz-6214876 ---
Vent de fraîcheur sur le linge de lit !
Pour visualiser cet email en Html, cliquez ici : http://email.alexandre-turpault.com/a/?F=fnfpjy5dygnejfwjp4cwvwqpvswznekd5wth2unn95tt7n69fqqfkza-6101318Alexandre Turpault Pour être sûr(e) de recevoir toutes nos invitations, ajoutez l'adresse suivante : newslet...@alexandre-turpault.com : http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpv9zzu7cdasw8mcwp8h3f69c6uspavhq-6101318 : http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpv9zzu7cdasw8mcwp8h3f69c6uspavhq-6101318 : http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpv9zzu7cdasw8mcwp8h3f69c6uspavhq-6101318 : http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpv9zzu7cdasw8mcwp8h3f69c6uspavhq-6101318 Linge de lit: http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpv9zzu7cdasw8mcwp8h3f69c6uspavhq-6101318 Linge de bain: http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpvfumym77cv53qeaaq5j9geqks72ftha-6101318 Accessoires: http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpvsvd9dbn8ujezpgsut7qxwtdm2jyrhz-6101318 Mon compte Notre savoir faire --- Message envoyé avec Experian Cheetahmail http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpvfv8dhjm4dnllb6rqkdp4b859stmc82-6101318 img src=http://email.alexandre-turpault.com/r/?F=fnfpjy5dygnejfwjp4cwvwqpvfgunzz4vjju9tsrberjpq93z5sz6m2-6101318; alt= title= width=1 height=1Pour vous désinscrire de cette liste, cliquez sur : http://email.alexandre-turpault.com/u/?F=fnfpjy5dygnejfwjp4cwvwqpvswznekd5wth2unn95tt7n69fqqfkza-6101318 ---
A découvrir
Château la Caussade - Graves de Vayres - 2011 Belle robe brillante et limpide d’un rouge cerise soutenu. Le nez dévoile une belle complexité aromatique avec un boisé fin et harmonieux, et le fruité (noyaux de cerises). En bouche, les tannins ont une belle structure et sont élégants et soyeux. A apprécier dès aujourd’hui. 10,40€ 7,70€ http://link.majestueux-vins.fr/cav2/link.php?M=2077587N=18L=171F=T Les Hauts de Lynch Moussas - Haut-Médoc - 2010 La robe est couleur rubis sombre. Le nez est fruité et légèrement torréfié. En bouche, l'attaque est fraîche et ample. La finale se caractérise par une très belle longueur. 26,80€ 23,60€ http://link.majestueux-vins.fr/cav2/link.php?M=2077587N=18L=177F=T Accédez à cette offre Partager cette offre ! Retrouvez Les Caves sur Twitter Retrouvez Les Caves sur Google Plus Retrouvez Les Caves sur Facebook Accédez à cette offre Partager cette offre ! Retrouvez Les Caves sur Twitter Retrouvez Les Caves sur Google Plus Retrouvez Les Caves sur Facebook Vignes Frais de port offert sur le siteFrais de port offerts en France métropolitaine ! QUALITÉ GARANTIE Des vins sélectionnés par les plus grands experts du vin SATISFAIT OU REMBOURSÉ ! Des vins sélectionnés par les plus grands experts du vinPAIEMENT SÉCURISÉ en ligne. LIVRAISON OFFERTE en France TOUS NOS VINS sont vendus à l'unité. COMMANDE TRAITÉE EN 24h et livrée en moyenne sous 4 jours ouvrés. EMBALLAGES SPÉCIAUX sur mesure. Paiement par CB acceptésmcPaiement par PAYPAL logokadeosLivraison Exapack Livraison par GLS Livraison par LaPoste Le domaine : Les Hauts de Lynch Moussas Au 18ème siècle, le Château devient la propriété de la famille Lynch. Jean-Baptiste, devenu maire de Bordeaux, et Comte de l'Empire, était souvent absent à cause de ses affaires publiques : il confia donc la gestion du domaine à son frère le chevalier Michel Lynch. À la mort de Jean-Baptiste, le domaine Lynch est partagé en deux : le château Lynch-Bages et château Lynch-Moussas. Le château appartient actuellement à la famille Castéja, également propriétaire des châteaux Batailley, Trottevieille, Bergat Domaine de l'Église, Beau Site. L'abus d'alcool est dangereux pour la santé. Conformément à la loi « informatique et libertés » du 6 janvier 1978 modifiée en 2004, vous bénéficiez d'un droit d'accès et de rectification aux informations qui vous concernent, que vous pouvez exercer en vous adressant à : cont...@cavesdebordeaux.com. SAS LES CAVES 36 Chemin St Hilaire 57500 ST AVOLD. Tél. 04 75 53 01 21 MENTIONS LEGALES Désabonnement http://link.majestueux-vins.fr/cav2/unsubscribe.php?M=2077587C=9d25ac930ce299d0d5eb301ce12ba7a4L=14N=18
Enveloppez-vous de douceur !
Alexandre Turpault Pour être sûr(e) de recevoir toutes nos invitations, ajoutez l'adresse suivante : newslet...@alexandre-turpault.com Si ce message ne s'affiche pas correctement, rendez-vous à cette adresse : http://links.mailingplus.net/newsl_view.php?data=b32-4o9pd7v74vtgur7i3g38skgrl3 Pour recevoir nos prochains messages dans un autre format, rendez-vous à cette adresse : http://links.mailingplus.net/mail_profile.php?data=b32-4o9pd7v74vtgur7i3g38skgrl3 [1] [2] Mademoiselle, un modèle romantique féminin brodé d'un fin motif « Pluie de fleurs » Enveloppez-vous de douceur grâce à une matière incroyablement douce et luxueuse : la mousseline de coton Découvrir [3] [4] Coussin Tsarine Sa jolie fourrure habillera avec élégance lit et canapé [5] Plaid Vintage En baby Alpaga, il saura vous réconforter en attendant l'été ! [6] Coussin Nemours Un petit bijou de coussin capitonné, doux comme de la soie Voir les accessoires [7] [8] [9] [10] Mon compte Notre savoir faire Si vous souhaitez vous désinscrire, rendez-vous à cette adresse : http://links.mailingplus.net/mail_unsubscribe.php?data=b32-4o9pd7v74vtgur7i3g38skgrl3 [11] [12] [13] [14] [15] Liens du document: — [1] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgv18mlajbg3jf9aiqdfcsn42hle2 [2] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgusnks3p4bp6j1uiqdfcsn42hle2 [3] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgukaga57saj9go2iqdfcsn42hle2 [4] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgulehiueq8232lqiqdfcsn42hle2 [5] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgua036ertkebf1aiqdfcsn42hle2 [6] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgv56d2q77g8otu6iqdfcsn42hle2 [7] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgu8cosdqnk9893iiqdfcsn42hle2 [8] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgvkd4m3b1q94uriiqdfcsn42hle2 [9] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgvc0qs5mvqq05kmiqdfcsn42hle2 [10] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgvaduv87v0sr4kmiqdfcsn42hle2 [11] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgvhjrvlo8mlvgsiiqdfcsn42hle2 [12] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgvtpg58g24e9p5eiqdfcsn42hle2 [13] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgu4nrgffo35jn8miqdfcsn42hle2 [14] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgv6rv8kocq0fa96iqdfcsn42hle2 [15] http://links.mailingplus.net/goto/b32-4o9pd7v74vtgue8041kp3agqk2iqdfcsn42hle2
Découvrez la nouvelle collection Printemps-Été : lit, bain, table et accessoires déco !
Alexandre Turpault Collection Printemps - été 2015 Pour être sûr(e) de recevoir toutes nos invitations, ajoutez l'adresse suivante : newslet...@alexandre-turpault.com Si ce message ne s'affiche pas correctement, rendez-vous à cette adresse : http://links.mailingplus.net/newsl_view.php?data=b32-9pt1glrplafhsr7i3g38skgrl3 Pour recevoir nos prochains messages dans un autre format, rendez-vous à cette adresse : http://links.mailingplus.net/mail_profile.php?data=b32-9pt1glrplafhsr7i3g38skgrl3 [1] [2] Imprimé floral, motif géométrique, couleurs lumineuses… Un vent de fraîcheur souffle sur les nouvelles collections ! Je découvre [3] [4] [5] [6] [7] [8] [9] Mon compte Notre savoir faire Si vous souhaitez vous désinscrire, rendez-vous à cette adresse : http://links.mailingplus.net/mail_unsubscribe.php?data=b32-9pt1glrplafhsr7i3g38skgrl3 [10] [11] [12] [13] [14] Liens du document: — [1] http://links.mailingplus.net/goto/b32-9pt1glrplafht93ioaljr7knm6iqdfcsn42hle2 [2] http://links.mailingplus.net/goto/b32-9pt1glrplafhsv4uj7sauvc6deiqdfcsn42hle2 [3] http://links.mailingplus.net/goto/b32-9pt1glrplafhsljqfv1ia6lj1uiqdfcsn42hle2 [4] http://links.mailingplus.net/goto/b32-9pt1glrplafhso3b4140u61tmaiqdfcsn42hle2 [5] http://links.mailingplus.net/goto/b32-9pt1glrplafhsjiq5pvkj7p91miqdfcsn42hle2 [6] http://links.mailingplus.net/goto/b32-9pt1glrplafhtu4mbdn21gcqrqiqdfcsn42hle2 [7] http://links.mailingplus.net/goto/b32-9pt1glrplafhth0i5407r40p2eiqdfcsn42hle2 [8] http://links.mailingplus.net/goto/b32-9pt1glrplafhsn7n0m49lr0tviiqdfcsn42hle2 [9] http://links.mailingplus.net/goto/b32-9pt1glrplafhsfmv63o8k73cluiqdfcsn42hle2 [10] http://links.mailingplus.net/goto/b32-9pt1glrplafhs4vu4bj1g8hqaiiqdfcsn42hle2 [11] http://links.mailingplus.net/goto/b32-9pt1glrplafhsj2fv4reh43kaqiqdfcsn42hle2 [12] http://links.mailingplus.net/goto/b32-9pt1glrplafht9r9hq8tkk2f7iiqdfcsn42hle2 [13] http://links.mailingplus.net/goto/b32-9pt1glrplafhtiovfep05acl5miqdfcsn42hle2 [14] http://links.mailingplus.net/goto/b32-9pt1glrplafht1vqu29p8695huiqdfcsn42hle2
Profitez des soldes jusqu'à moins 70 pourcent
C'est les soldes ! Jusqu'agrave; -70 pour cent. [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33119-T.html ce message ne s'affiche pas correctement, visualisez la version en ligne. [http://link.transiping.fr/eccm2/D187124120-c7ccb432add73739a07ec02a1494abce-944-51-637.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33120-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33120-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33121-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33122-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33123-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33124-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33125-T.html profiter de cette offre, merci de valider votre adresse : [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33126-T.html [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33127-T.html validant, jrsquo;accepte de recevoir par mail les offres promotionnelles, avant-premiegrave;res et actualiteacute;s drsquo;Alexandre Turpault [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33120-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33128-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33129-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33130-T.html PALAZZO Drap 240x300 [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33128-T.html] 173,00euro; [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33128-T.html] 95,76euro; [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33131-T.html MONTAIGNE Plaid 240x220 [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33129-T.html] 249,00euro; [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33129-T.html] 174,30euro; [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33132-T.html VIVIENNE Drap 240x300 [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33133-T.html)] 144,00euro; [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33133-T.html)] 90,00euro; [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33133-T.html)] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33133-T.html)] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33134-T.html] [http://link.transiping.fr/eccm2/L187124120-944-33118-T.html Name%%amp;p=amp;cp=amp;source=R2Jamp;urlredir=http://link.transiping.fr/eccm2/L187124120-944-33135-T.html VIVIENNE Taie 65x65 [http://link.transiping.fr/eccm2/L187124120-944
Re: Spam to this list?
Thank you, all is said. Alex. On 05/09/14 15:07, Steven Haigh wrote: Sorry, this is a stupid suggestion. 1) The spam still makes it onto the list archives - See: http://marc.info/?l=haproxyr=1b=201409w=2 2) It dilutes the mailing list content by creating a massive drop in signal to noise (24+ spam messages in the past day?!?) 3) It causes the reputation as a mail sender of the haproxy mailing lists to be greatly reduced - meaning eventually hosts will reject mail from the list - legit or not. 4) This is a problem that has been 'solved' on other mailing lists for at least a decade. 5) It gives the impression to people wanting to use haproxy that the admin team don't know what they're doing. I've gotten more spam from this single list in the last 24 hours than I have from the total of ALL my other mailing lists in the past few months. If you aren't going to do proper spam filtering, AT LEAST do moderation of non-member posts. This single action will just about cure the spam problem. Its starting to become a joke. On 5/09/2014 9:46 PM, Sébastien WENSKE wrote: DIY: install your own anti-spam system :) I use Amavis, it works well: https://plus.google.com/+S%C3%A9bastienWENSKE/posts/T6CiUedUZzG Regards, Sebastien *De :*Kevin Maziere [mailto:ke...@kbrwadventure.com] *Envoyé :* vendredi 5 septembre 2014 13:16 *À :* Nicolas Grilly *Cc :* Lukas Tribus; Baptiste; Steven Haigh; haproxy *Objet :* Re: Spam to this list? 2014-09-05 12:28 GMT+02:00 Nicolas Grilly nico...@vocationcity.com mailto:nico...@vocationcity.com: I have no advice on what to do, but I'm a regular reader of the ML and I receive almost no spam from the ML because it is filtered in a very efficient way by the Gmail spam filter (I use Gmail). That can't be a global solution On Fri, Sep 5, 2014 at 12:17 PM, Lukas Tribus luky...@hotmail.com mailto:luky...@hotmail.com wrote: I know that people have strong opinions about this which is why previous discussions have been a bit tense, but I think we will have to discuss this again sooner or later. I got 16 SPAM mails through the ML in the last 12 hours (and 3 valid post), and the trend in the last weeks shows that this is getting worse. Now, having a some antispam solution in front of the ML requires maintenance and will inevitably lead to false positives, thats probably not what we want or have the resources to do. Restricting the list to subscribed user (subonlypost) is not a good thing either, however if the alternative is that important topics (from both subscribed and not subscribed users) are buried in tens of SPAM threads every day, I think its a small price to pay.
HAproxy and Mysql
Hello everyone, I'm looking for documentation to make a load balancer for mysql. I found this article : https://www.digitalocean.com/community/articles/how-to-use-haproxy-to-set-up-mysql-load-balancing--3 What do you think? We also perform a test with LVS load balancing for mysql. Have you feedback of this load balancer. Thank you Alexandre
Counting number given session cookies used by sticky load balancer?
Hello, I have search a while on the internet before asking this question, surprised to find nothing close to what I was trying to achieve. My goal: to monitor the number of concurrent *user* sessions going through a given haproxy server, using the fact that my user session are identified by a unique session ID which can be found in session cookies exchanged between clients and application servers (which are behind haproxy). For example, for J2EE app server we have JSESSIONID, for PHP server, whatever PHP* cookie, etc. We already use these cookies to perform session-affinity (or sticky) load balancing. Now I have not found a way to get a count of currently distinct session cookies known by haproxy fo sticky r load balancing purposes. Have I missed something obvious, is it non-trivial, or worse, impossible? Thanks, Alex. This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email. For other languages, go to http://www.3ds.com/terms/email-disclaimer
Re: domain based load balancing
Hi Willy, Thank you for that great software ! On Wed, Dec 5, 2012 at 8:11 PM, Willy Tarreau w...@1wt.eu wrote: Is there a better way of accomplishing this? Have you thought about hashing the Host header (for example) ? Just an idea, I don't know how that fits your need. Can you give an example of that idea ? Regards, Alexandre
Re: FW: SSL OCSP Stapling
On Tue, Nov 6, 2012 at 8:08 PM, Willy Tarreau w...@1wt.eu wrote: I believe the official word at one point was that OCSP stapling of chains should be accomplished by including the entire chain in the OCSP request, delivering that compound OCSP response via the TLS Certificate Status Request extension. And do you know how large this could be for average web sites ? Maybe there is a cross-over point where doing so has a more negative impact than letting the client check by itself ? CloudFlare´s announcement about OCSP (and a partnership with GlobalSign) makes they https client sites 30% faster. http://techcrunch.com/2012/11/01/cloudflare-globalsign-make-ssl-faster/
haproxy in front of Glassfish
Hello, I am facing some issues configuring haproxy in front of Glassfish. Today, I have an Apache server with the Glassfish load-balancer plugin redirecting to 4 instances of Glassfish. I try to replace this Apache server with haproxy. I have tried to do a load test on the 2 configurations and the results are very surprising ! I obtain around 10 000 requests by second with Apache, and only around 4 500 requests by second with haproxy… Something in my configuration must not be good, but I can't find it. So I hope you can help me on this subject. There is my haproxy.cfg : global log localhost local7 info chroot /home/haproxy/jail maxconn 1 uid 1001 gid 1001 daemon defaults mode http retries 3 option redispatch maxconn 5 timeout connect 5000 timeout client 1 timeout server 1 frontend front-web 0.0.0.0:80 log global option httplog option dontlognull default_backend glassfish backend glassfish stats uri /haproxy stats realm Statistics stats refresh 5s balance leastconn option http-server-close option forwardfor option abortonclose option httpchk server gf-1 192.168.0.1:28080 check inter 1 fastinter 5000 downinter 500 rise 50 fall 3 server gf-2 192.168.0.1:28081 check inter 1 fastinter 5000 downinter 500 rise 50 fall 3 server gf-3 192.168.0.2:28080 check inter 1 fastinter 5000 downinter 500 rise 50 fall 3 server gf-4 192.168.0.2:28081 check inter 1 fastinter 5000 downinter 500 rise 50 fall 3 Cheers Alexandre MAÏS
Re: [PATCH] bind non local ip on FreeBSD
On Mon, Nov 22, 2010 at 02:03:42PM +0100, joris dedieu wrote: Hi list, FreeBSD (and maybe other BSD) use IP_BINDANY flag to permite bind() to bind a non local ip Please note that this flag is available only since FreeBSD 8, so your patch will break haproxy builds on older versions, like FreeBSD 7.* or 6.*. (ie an ip which is not defined in an interface). In most case, you will use carp to do so, but has I needed it without carp, I make a little quick and dirty patch on 1.4.9 version. If some here think it's a good feature, I can work for a best version (maybe with a config variable test on other OS ...) Thanks for haproxy Joris diff -Nru a/Makefile.bsd b/Makefile.bsd --- a/Makefile.bsd2010-10-29 00:08:44.0 +0200 +++ b/Makefile.bsd2010-11-22 13:24:41.885445784 +0100 @@ -35,6 +35,9 @@ COPTS.openbsd = -DENABLE_POLL -DENABLE_KQUEUE LIBS.openbsd = +#FreeBSD enable non local address binding +COPTS.freebsd = -DFREEBSD_ALLOW_NON_LOCAL + # CPU dependant optimizations COPTS.generic = -O2 COPTS.i586 = -O2 -march=i586 diff -Nru a/src/proto_tcp.c b/src/proto_tcp.c --- a/src/proto_tcp.c 2010-10-29 00:08:44.0 +0200 +++ b/src/proto_tcp.c 2010-11-22 13:48:38.841413187 +0100 @@ -525,6 +525,16 @@ } } #endif +#if defined FREEBSD_ALLOW_NON_LOCAL + if(setsockopt(fd, IPPROTO_IP, IP_BINDANY,(void *) one, sizeof(one)) == -1) { + err |= ERR_RETRYABLE | ERR_ALERT; + if(getuid() 0) + msg = only root can set IP_BINDANY; + else + msg = cannot set IP_BINDANY; + goto tcp_close_return; + } +#endif if (bind(fd, (struct sockaddr *)listener-addr, listener-proto-sock_addrlen) == -1) { err |= ERR_RETRYABLE | ERR_ALERT; msg = cannot bind socket; -- In theory, there is no difference between theory and practice. But, in practice, there is.
Re: Can haproxy redirect instead of passthrough to backend?
On Mon, Aug 02, 2010 at 09:05:02AM -0700, Rich Rauenzahn wrote: I'm using haproxy (balance uri) inside an intranet to direct traffic to 4 squid servers in order to cache content normally served directly by our web server. This web server serves large files (ranging from 10's of MB to several GB) I'm worried that our haproxy server could be a network bottleneck (the NIC, not the software) and am wondering if there is a way to use an http redirect instead of passthrough -- then the actual traffic could come directly (and only) from the back end squid server and not have to also pass through the haproxy NIC. Worse yet, every packet will pass not only NIC, but in setups not involving tcp-splicing will also traverse processing level at haproxy host (at least four extra context switches, not really necessary in your setup). I have a feeling from browsing the docs that haproxy just isn't intended to be used in this kind of model. You are right. Is it possible to do this? Should I be using a different load balancer? Or does this kind of redirection have a nasty side effect I haven't thought of yet? Some years ago, at my previous work, when I had about the same setup with the squid's caching heavy content from one server, I wrote simple task-oriented load-balancer with the following algorithm: - when request comes in, balancer sends out ICP (inter-squid cache protocol) requests to all neighboring squids asking if anyone has this file cached. - if balancer gets positive reply (means cache already has this file cached) then it generates redirect to this cache. - if there were at least one negative reply during while timeout not reached then balancer generates redirect to server replied first. - if there were no replies at all - 5xx error generated. As a result: - if file requested is already cached at some squid - request redirected here and served from disk cache, not from the slow backend server. (if file cached at more than one server - faster/less loaded server gets preference in handling this request, response time is used as load indicator here). - if file requested is not cached yet - request redirected to the least loaded squid cache. - if no squid servers available - request is not served. IIRC, I never published this code, but if you are interested - drop me a letter and I will publish it at least as a reference implementation (with hardcoded server names and freebsd specifics like acceptfilter and kevent-based cycle inside). PS: this code served us for about one year, but it is not in use anymore: our bottleneck was badly designed windows-based web-server that was just not able to serve files at 130Mbit/sec. After this service was reimplemented using linux/nginx as server platform there is no real need in this code.
Re: List of sites using haproxy ?
On Fri, Jul 30, 2010 at 03:14:00PM +0200, Willy Tarreau wrote: [1] a few URLs indicating what some sites are using : whos.amung.us: http://whos.amung.us/acknowledgements/ stackoverflow: http://blog.stackoverflow.com/2010/01/stack-overflow-network-configuration/ reddit: http://code.reddit.com/browser/srv/haproxy/haproxy.conf imgur: http://www.reddit.com/r/IAmA/comments/9tlwi?sort=hot twitter: http://www.slideshare.net/netik/billions-of-hits-scaling-twitter fedora: https://admin.fedoraproject.org/haproxy/proxy1/ ravelry: http://codemonkey.ravelry.com/2008/03/10/load-balancing/ olark: http://blog.olark.com/?page=4 Willy, thanks. May be it makes sense to have this list published somewhere at haproxy homepage, just to eliminate further questions like this one ? :) PS: and, one more note: what I see in this mailing list is the much better support than I getting from our load balancer vendor. Thanks once more :)
subscribe
line aggregation
Hi! I would like to know if it is possible to aggregate DSL lines using haproxy. cheers
Re: line aggregation
Well, I also need more details in the answer about what is exactly possible. for me aggregate DSL lines means that: DSL1---| | box | --LAN DSL2---| Any computer will be able to get WAN bandwidth from the second DSL line even if the first DSL line is saturated. And, why not, any computer on the LAN would be able to get the total bandwidth from both accumulated DSL lines. Certainly it won't be able to get a single connection at the total bandwidth, but will maybe be able to initiate multiple TCP connections at a total bandwidth corresponding to the accumulated bandwidth of both DSL lines I hope I am clear enough, Sorry for my english. cheers John Marrett a écrit : While I can't answer your question I definitely can tell you that anyone who will be able to answer it will need a LOT more details. What exactly do you mean by aggregate DSL lines? -JohnF
RE: HAPROXY in zLinux is presenting Segmentation fault
Willy, I have gdb but I dont know how to use it. Could you say me how to invoke haproxy command using it? I have used the SIGQUIT signal. The result is as follow: holb001:~/haproxy-1.3.22 # haproxy -f /etc/haproxy/haproxy.cfg -db Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. Using sepoll() as the polling mechanism. Dumping pools usage. - Pool pipe (32 bytes) : 0 allocated (0 bytes), 0 used, 2 users [SHARED] - Pool capture (64 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool task (144 bytes) : 2 allocated (288 bytes), 2 used, 1 users [SHARED] - Pool hdr_idx (832 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool requri (1024 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool session (1040 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool buffer (16512 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] Total: 7 pools, 288 bytes allocated, 288 used. I hope the information above helps you to identify whats going on. ___ Alexandre Date: Sat, 24 Oct 2009 09:53:00 +0200 From: w...@1wt.eu To: alexandresum...@hotmail.com CC: haproxy@formilux.org Subject: Re: HAPROXY in zLinux is presenting Segmentation fault Hi alexandre, On Thu, Oct 22, 2009 at 01:52:05PM +, alexandre oliveira wrote: Willy, I did what you have suggested. thanks. (...) holb001:~/haproxy-1.3.22 # haproxy -vv HA-Proxy version 1.3.22 2009/10/14 Copyright 2000-2009 Willy Tarreau w...@1wt.eu Build options : TARGET = linux26 CPU = generic CC = gcc CFLAGS = -O2 -g OPTIONS = Default settings : maxconn = 2000, maxpollevents = 200 Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. OK pretty much common. holb001:~ # uname -a Linux holb001 2.6.16.60-0.37_f594963d-default #1 SMP Mon Mar 23 13:39:48 UTC 2009 s390x s390x s390x GNU/Linux Less common ;-) (...) # Ive started haproxy and did a test. The result is as follow: holb001:~/haproxy-1.3.22 # haproxy -f /etc/haproxy/haproxy.cfg -db Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. Using sepoll() as the polling mechanism. :uat.accept(0005)=0007 from [192.168.0.10:4047] 0001:uat.accept(0005)=0009 from [192.168.0.10:4048] 0002:uat.accept(0005)=000b from [192.168.0.10:4049] 0003:uat.accept(0005)=000d from [192.168.0.10:4050] 0004:uat.accept(0005)=000f from [192.168.0.10:4051] 0001:uat.srvcls[0009:000a] 0001:uat.clicls[0009:000a] 0001:uat.closed[0009:000a] :uat.srvcls[0007:0008] :uat.clicls[0007:0008] :uat.closed[0007:0008] Segmentation fault Pretty fast to die... I really don't like that at all, that makes me think about some uninitialized which has a visible effect on your arch only. Remeber that this server is a zLinux, I mean, it runs under a mainframe. yes, but that's not an excuse for crashing. Do you have gdb on this machine ? Would it be possible then to run haproxy inside gdb and check where it dies, and with what variables, pointers, etc... ? Suggestions? Oh yes I'm thinking about something. Could you send your process a SIGQUIT while it's waiting for a connection ? This will dump all the memory pools, and we'll see if some of them are merged. It is possible that some pointers are initialized and never overwritten on other archs, but reused on yours due to different structure sizes. This happened once already. So just do killall -QUIT haproxy and send the output. It should look like this : Dumping pools usage. - Pool pipe (16 bytes) : 0 allocated (0 bytes), 0 used, 2 users [SHARED] - Pool capture (64 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool task (80 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool hdr_idx (416 bytes) : 0 allocated (0 bytes), 0 used, 2 users [SHARED] - Pool session (816 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool requri (1024 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] - Pool buffer (32864 bytes) : 0 allocated (0 bytes), 0 used, 1 users [SHARED] Total: 7 pools, 0 bytes allocated, 0 used. Thanks ! Willy _ Windows 7: It helps you do more. Explore Windows 7. http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen3:102009
HAProxy + Stunnel cookbook
I want to install HAProxy with SSL support but I dont know how to do exactly. I have read the documentation but I was not able to install them. Does exist some cookbook to install HAProxy + Stunnel in order to enable HTTPS? Thanks in advance. ___ Alexandre _ Lauren found her dream laptop. Find the PC that’s right for you. http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290