[PATCH] examples/haproxy.init: missing brace in quiet_check()

2015-10-31 Thread jesse . defer
There is a missing curly brace in the quiet_check function of the example
init script.

 examples/haproxy.init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/haproxy.init b/examples/haproxy.init
index d02c367..f08fcb0 100644
--- a/examples/haproxy.init
+++ b/examples/haproxy.init
@@ -94,7 +94,7 @@ check() {
   $BIN -c -q -V -f $CFG
+quiet_check() {
   $BIN -c -q -f $CFG

Re: lua TXN.set_tos not work

2015-10-31 Thread Willy Tarreau
On Fri, Oct 30, 2015 at 09:25:43AM +, ??? wrote:
> if i manually modify source code and simply set tos directly. where should
> i add it.
> now I'm adding:
> # tcp_proto.c, tcp_connect_server, line 513 - 514.
> 511 if (global.tune.server_rcvbuf)
> 512 setsockopt(fd, SOL_SOCKET, SO_RCVBUF, _rcvbuf,
> sizeof(global.tune.server_rcvbuf));
> 513 int tos=0x10;
> 514 setsockopt(fd, IPPROTO_IP, IP_TOS, , sizeof(tos));
> 515 if ((connect(fd, (struct sockaddr *)>addr.to, get_addr_len(>
> addr.to)) == -1) &&
> is it correct? seems it works now, but i don't know if it will cause other
> problem.

Yes that's it.

> my goal is make all backend side connection have a specific TOS field. for
> policy routing like this:
> # ip route add default via tos 0x10.

Then you may have alternate options, you can use the "source" parameter
on servers to change the source (which will be usable from ip rule to
match the table you want), or even "interface" to specify an interface
(and possibly pick the correct route).

Your point is interesting because it tends to indicate that for your
case, a static setting per-server would make more sense than a dynamic
setting. Maybe you should add a per-server "set-tos" and "set-mark"


Re: HAProxy 1.6 in Fedora/Rawhide

2015-10-31 Thread Willy Tarreau
Hi Ryan,

On Fri, Oct 30, 2015 at 03:55:13AM -0500, Ryan O'Hara wrote:
> I've build HAProxy 1.6.1 for Rawhide (Fedora 24), but I'm not
> currently planning to add this to Fedora 23. If there is enough
> interest, I will gladly provide HAProxy 1.6.1 packages for Fedora 23,
> but they will most likely not be pushed into the updates
> repository. Long story there.
> Anyway, just wanted to let you know that builds are working and if
> there are any Fedora users that would like these packages, just send
> me an email. Cheers!

That's great stuff! It will certainly help a number of users to give
it a try.


Re: Multiplexing multiple services behind one agent (feature suggestion; patch attached)

2015-10-31 Thread Willy Tarreau
Hi James,

On Wed, Oct 28, 2015 at 10:27:22AM -0700, James Brown wrote:
> Sorry for being thickheaded, Willy, but what's your decision here ??? do you
> want me to make it per-Backend instead of per-Server, or do you want to
> merge it as-is?

Well, I think we can take it as-is then. The per-server setting doesn't
block the ability to later add a per-backend setting anyway. However you
need to fix one point in the patch : the string must be allocated per
server (so that we don't cause double-free when releasing it on exit).
Please use strdup() to allocate the string from the default server, and
please call free() on the server's string before assigning a new one, so
that we don't leak small memory chunks when setting multiple default-server
entries. Same when creating a new proxy (look for "fwdfor_hdr_name" as a
hit about where you should have to free(defproxy->agent_send). Also please
ensure that you properly assign the string from the default proxy's
default-server to the current proxy's. fwdfor_hdr_name is properly set
regarding this so you won't have to search too long.

Last point, please build your patch using "git format-patch", so that I
can simply apply it. You used "git show", which is sufficient for a review
but requires manual modifications. If you have a single patch in your
branch, you can simply use "git format-patch -1" and you'll get the patch
for the latest commit.


Re: possible crashing?

2015-10-31 Thread Willy Tarreau
Hi Donovan,

On Fri, Oct 30, 2015 at 06:39:10PM +, Donovan Meyers wrote:
> Hey all,
> I'm currently investigating some possible crashing in 1.5.14.
> I really hate to call it a crash since I've never seen haproxy crash in my
> life until now, but the process is suddenly not running and I can't figure
> out why.

Well, crashes are indeed extremely rare but sometimes a bug surfaces and
causes this. Then we fix it and emit a new version.

> I've checked syslogs and puppet logs (and now disabled puppet) and anything
> else that could stop the process for any reason. There are no messages
> related to haproxy stopping at all.

Strange, because if it crashes (segfault, bus error, abort) the kernel should
emit a line saying the process died, unless kernel.print-fatal-signals is not

> I turned haproxy logging up to debug but there's nothing in the log when it
> happens. I keep a stats page reloading on my desktop, so the log has entries
> for those requests, and then suddenly nothing.

So that looks like a crash or a kill from another process.

> The issue doesn't seem related to load; under load testing the issue doesn't
> manifest (not right away anyway) and it does manifest under no load at all.
> The config is extremely simple; I'm happy to post it if anyone's interested.
> But it's not doing anything interesting.

That can indeed help. Don't forget to anonymize it if required (eg: stats

> I've now enabled core dumps and even have it running under valgrind memcheck
> but unfortunately I haven't gotten it to happen since I did that.

OK. Please test by hand that your core dumps work (just send SIG11 to
the running process). You generally need to disable chroot, and enable
fs.suid_dumpable if you have either uid/user/gid/group in the config.

> The binary is one I compiled from source in order to build an RPM, using the
> haproxy.spec from the CentOS 6.5 haproxy-1.4.24-2.el6.src.rpm, slightly
> tweaked. For valgrind I also added CFLAGS="-g -O0".


> I really hope I can figure out that it's my fault. Barring that, I hope I
> can ferret out an issue with haproxy and contribute that to the community
> that has been so helpful to me. (Although you won't see a patch from me; I'm
> no developer! :) )

We hope so as well. A dying process is not something expected at all and
we take such issues very seriously. Note, there are some fixes pending
since 1.5.14, I should have issued 1.5.15 already but lack of time, usual
excuse, etc... The only important fix pending there is related to option
http-send-name-header, so if you're not using it, I don't think you're
experiencing a known bug.

If the bug happens rarely, you may also want to capture traffic using
tcpdump in order to be able to isolate the request(s) that causes this
issue (if at all). This can be cumbersome though since you'll have to
rotate files to avoid filling the file system.


[SPAM] Destockage : tout doit disparaitre

2015-10-31 Thread Bagages Selection
 Signaler comme indésirable  

Pour visualiser ce message au format html, cliquez ici :
ou copiez le lien dans votre navigateur Web

 Grand déstockage   
















 * jusqu’à moins 80% sur tout le site 
** livraison OFFERTE sur votre lieu de travail, ou dès 60€ en Relais Colis  


 À propos : 

Qui sommes-nous ? 
Mentions légales 
Suivez votre commande 
au 01 73 600 888 
 Pourquoi acheter chez nous ? 

Assurance voyage 
La livraison gratuite 
Les meilleurs prix d'internet 
Un service client performant 
Récupérez vos bagages à l'aéroport   
 Vos questions : 

Contacter le Service Clients 
Nos CGV 
Tarifs de livraison 

10 jours de déstockage pour la fin d’année ! 

• Le n°1 de la vente de bagages sur internet ! 
• Des bagages stylés et la qualité des plus grandes marques, aux meilleurs prix 
du net. 
• Partez serein en vacances ou en voyage d'affaires avec plus de 1000 
références à petits prix. 
• Valises, sacs de voyage, accessoires indispensables, il y en a pour tous les 
goûts et tous les budgets. 
• Nouveau : profitez du paiement en 3x sans frais, à partir de 100€. 
• De nombreux avantages : expédition sous 24h, livraison offerte sur votre lieu 
de travail, garantie 1 an offerte et promos toute l’année ! 

Confidentialité des données : conformément à la Loi Informatique et 
du 6 Janvier 1978, vous disposez d'un droit d'accès et de rectification des
données vous concernant. Vous recevez cette invitation car vous avez été en
contact avec le Service Commercial de CapDecision ou de ses partenaires. Pour ne
plus recevoir de messages de CapDecision
_label="Lien de désinscription" _type="optout">cliquez ici.

How to Externally Access PHP Application that has Internal Links to Itself

2015-10-31 Thread Susheel Jalali

Dear HAProxy Developers:

We have a PHP application server at product1.local.domain.  We are able 
to access it within company’s internal network via Apache Web server.  	
We would like to access it via public Web server at http://external.dom 
through the gateway to the application server at http:///product1/.

This application server links to itself at many places.  In the request 
generated by the application server, the /product1 in path is replaced 
with / by the application.  Those links need to be rewritten to work 
through the gateway to make it accessible from outside.	
Such as rewrite http://product1.local.domain /*.php to 

This is same as what Apache server’s mod_proxy_html serves to:
rewrite http://appserver.example.com/foo/bar.html;>foobar
to http://www.example.com/appserver/foo/bar.html;>foobar.
Is there an output filter equivalent of Apache server’s mod_proxy_html 
in HAProxy to rewrite internal links in:

(i) a PHP page?
(ii) an HTML page?

Example is Rewrite condition:  If the application links to self, then 
Rewrite rule: 	

Below are our
(1) relevant code of PHP application
(2) HAProxy configuration and
(3) logs.

The logs show,
(i) HTTP code=304 till line #4
(ii) the prefix /product1 gets deleted after line#4 (see line #5 in 
logs) and hence gets redirected to default backend (HTTP code = 503). 
How could we change the HTTP request to include prefix /product1 to the 
rest of the path for all connections?

(1) PHP Application

,*" cols="*" 
frameborder="NO" border="0" framespacing="0">
  name="Filler Top" scrolling="no" noresize frameborder="NO">
  scrolling="auto" frameborder="NO">

(2) HAProxy configuration
In logs, the prefix /product1 gets deleted after a few lines (see line#4 
in logs below).  How could we change the HTTP request to include prefix 
/product1 to the rest of the path for all connections?

http-request set-header Host 
reqirep ^([^\ ]*)\ /Product1/?([^\ ]*)\ (.*)$   \1\ /\2\ \3

acl hdr_location res.hdr(Location) -m found
rspirep ^Location:\ 
(https?://Product1.vm0.internal.domain(:[0-9]+)?)?(/.*) Location:\ 
/Product1\3 if hdr_location

acl hdr_set_cookie_dom res.hdr(Set-cookie) -m sub Domain= 
rspirep ^(Set-Cookie:.*)\ Domain=Product1.vm0.internal.domain(.*) 
\1\ Domain=\2 if hdr_set_cookie_dom

acl hdr_set_cookie_path res.hdr(Set-cookie) -m sub Path=
rspirep ^(Set-Cookie:.*)\ Path=(.*) \1\ Path=/Product1\2 if 

server Product1.vm0 Product1.vm0.internal.domain:80 cookie p1-p check

(3) Info.Log
Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET 
/Product1/interface/login/login_frame.php?site=default HTTP/1.1" 200 
1159 "" "" 62551 160 "webapps-frontend~" "subdomain_p1-backend" 
"Product1.vm0" 28 0 1 13 42  1 1 0 1 0 0 0 "" ""
Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET 
/Product1/interface/login/login_frame.php?site=default HTTP/1.1" 200 
1159 "" "" 62551 160 "webapps-frontend~" "subdomain_p1-backend" 
"Product1.vm0" 28 0 1 13 42  1 1 0 1 0 0 0 "" ""
Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET /Product1/interface/themes/login.css 
HTTP/1.1" 304 129 "" "" 62551 202 "webapps-frontend~" 
"subdomain_p1-backend" "Product1.vm0" 10 0 1 0 11  1 1 0 1 0 0 0 "" ""
#4:  Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET /Product1/interface/themes/login.css 
HTTP/1.1" 304 129 "" "" 62551 202 "webapps-frontend~" 
"subdomain_p1-backend" "Product1.vm0" 10 0 1 0 11  1 1 0 1 0 0 0 "" ""
#5:  Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET /interface/login/filler.php HTTP/1.1" 
503 213 "" "" 62551 214 "webapps-frontend~" "webapps-backend" "" 
2 -1 -1 -1 2 SC-- 2 2 0 0 0 0 0 "" ""
Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET /interface/login/filler.php HTTP/1.1" 
503 213 "" "" 62551 214 "webapps-frontend~" "webapps-backend" "" 
2 -1 -1 -1 2 SC-- 2 2 0 0 0 0 0 "" ""
Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET /interface/login/login_title.php 
HTTP/1.1" 503 213 "" "" 62557 222 "webapps-frontend~" "webapps-backend" 
"" 4 -1 -1 -1 4 SC-- 3 3 0 0 0 0 0 "" ""
Oct 30 18:25:42 localhost haproxy[18120]: - - 
[30/Oct/2015:23:25:42 +] "GET /interface/login/login_title.php 
HTTP/1.1" 503 213 "" "" 62557 222 "webapps-frontend~" "webapps-backend" 
"" 4 -1 -1 -1 4 SC-- 3 3 0 0 0 0 0 "" ""

Thank you.


-- --
Susheel Jalali
Coscend Communications Solutions


[SPAM] Excellent Champagne Dehours au prix le moins cher du net + livraison 0 euro

2015-10-31 Thread Netvin
 Signaler comme indésirable

Pour visualiser ce message au format html, cliquez ici :
ou copiez le lien dans votre navigateur Web

LIVRAISON OFFERTE  (sans minimum d'achat)  + PRIX LE MOINS CHER DU NET* 

 bordeaux  bourgogne  champagne  autres rÉgions  spiritueux 

 **  " Fruité, frais, parfait dès l'apéritif " ** 
Julien - Caviste NETVIN Paris 12ème 


 Champagne  DEHOURS 
"Brut Réserve" 

 20 ,90€ 
 la bouteille au lieu de 24,90€  !

 " La Maison Dehours est devenu l'une des figures de proue des champagnes de 


 Guide Bettane & Desseauve 2015 

 J'en profite  ›  


 le choix 
 500 références disponibles sur le site
 Sélection rigoureuse 
depuis 1970  
 le conseil 
 4 boutiques à Paris 
Conseil & dégustation   
 le service 
 Commande livrée 
chez vous ou 
dans nos boutiques   
 la livraison 
 dès 300 € d’achat 
et dans nos 4 boutiques  
 la sÉcuritÉ 
 Paiement sécurisé 
Filiale d’un grand 
groupe viticole 

Contactez-nous  Qui sommes-nous Rejoignez-nous  
05 56 95 54 98 
Lundi > Vendredi : 
9h00-12h30 / 13h30 -17h00   Filiale d’un grand groupe 
viticole bordelais 
4 boutiques à Paris 

* Prix constatés au 28 octobre 2015 

Les Vins Guy Jeunemaître - Netvin.com 

Conformément à l'article 34 de la Loi Informatique et Liberté 

Re: How to Externally Access PHP Application that has Internal Links to Itself

2015-10-31 Thread Aleksandar Lazic

Dear Susheel Jalali.

Am 31-10-2015 08:43, schrieb Susheel Jalali:

Dear HAProxy Developers:


This is same as what Apache server’s mod_proxy_html serves to:
rewrite http://appserver.example.com/foo/bar.html;>foobar
to http://www.example.com/appserver/foo/bar.html;>foobar.
Is there an output filter equivalent of Apache server’s mod_proxy_html
in HAProxy to rewrite internal links in:
(i) a PHP page?
(ii) an HTML page?


you use http://open-emr.org



follow up


Have I assumed right and was you able to step forward?

BR Aleks

LUA, 'retry' failed requests

2015-10-31 Thread PiBa-NL

Hi Thierry, haproxy-list,

I've created another possibly interesting lua script, and it works :) 
(mostly). (on my test machine..)

When i visit the website i always see the 'Hello 
World' page. So in that regard this is usable, it is left to the browser 
to send the request again, not sure how safe this is in regard to 
mutations being send twice. It should probably check for POST requests 
and then just return the error without replacing it with a redirect.. 
Not sure if that would catch all problem cases..

Ive created a lua service that counts how many requests are made, and 
returns a error status every 5th request.
Second there is a lua response script that checks the status, and 
replaces it by a redirect if it sees the faulty status 500.
This does currently result in the connection being closed and reopened 
probably due to the txn.res:send().?.

Though i am still struggling with what is and isn't supposed to be possible.
For example the scripts below are running in 'mode http' and mostly just 
changing 'headers'.
I expected to be able to simply read the status by calling 
txn.f:status() but this always seems to result in 'null'.

Manually parsing the response buffer duplicate works but seems ugly..

txn.f:status()  <  it doesnt result in the actual status.
txn.res:set()  < if used in place of send() causes 30 second delay
txn.done()  < dumps core. (im not sure when ever to call it? the script 
below seems to match the description that this function has.?.)

Am i trying to do it wrong?

p.s. Is 'health checking' using lua possible? The redis example looks 
like a health 'ping'.. It could possibly be much much more flexible then 
the tcp-check send  / tcp-check expect routines..

I'm currently testing with HA-Proxy version 1.7-dev0-e4c4b7d and the 
following configuration files:

 haproxy.cfg ###
timeout connect3
timeout server3
timeout client3
frontend TEST-lua-count
http-request use-service lua.lua-count

frontend TEST-lua-retry-serverror
http-request lua.retrystorerequest
http-response lua.retryerrors
default_backend hap_9002_http_ipvANY

backend hap_9002_http_ipvANY

### luascript_lua-count5error ###
core.register_action("retryerrors" , { "http-res" }, function(txn)
local clientip = txn.f:src()
txn:Info("  LUA client " .. clientip)

local s = txn.f:status() -- doesnt work?
if s == null then
core.Info("LUA txn.s:status RETURNED: NULL, fallback needed ??")
local req = txn.res:dup()
local statusstr = string.sub(req, 10, 13)
s = tonumber(statusstr)
core.Info("LUA status " .. s)

if s ~= 200 then
txn:Info("LUA REDIRECT IT ! " .. s)

local url = txn:get_priv()
local response = ""
response = response .. "HTTP/1.1 302 Moved\r\n"
response = response .. "Location: " .. url .."\r\n"
response = response .. "\r\n"

--txn.res:set(response) -- causes 30 second delay..
--txn:done() --dumps core..

core.register_action("retrystorerequest" , { "http-req" }, function(txn)
local url = txn.f:url()

core.register_service("lua-count", "http", function(applet)
   if test == null then
  test = 0
   test = test + 1
   local response = ""
   if test % 5 == 0 then
  response = "Error " .. test
  response = "Hello World !" .. test
   applet:add_header("content-length", string.len(response))
   applet:add_header("content-type", "text/plain")