[PATCH] DOC: lua-api/index.rst small example fixes, spelling correction.

2015-11-08 Thread PiBa-NL

Hi List, Willy,

Attached some small example fixes, spelling correction.
Hope its ok like this :).

Regards,
PiBa-NL
From fdecc44b9bf94bfaceb9d0335ea3a185e575cd86 Mon Sep 17 00:00:00 2001
From: Pieter Baauw 
Date: Sun, 8 Nov 2015 16:38:08 +0100
Subject: [PATCH] DOC: lua-api/index.rst small example fixes, spelling
 correction.

---
 doc/lua-api/index.rst | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/doc/lua-api/index.rst b/doc/lua-api/index.rst
index c216d12..60c9725 100644
--- a/doc/lua-api/index.rst
+++ b/doc/lua-api/index.rst
@@ -406,7 +406,7 @@ Core class
 
 .. code-block:: lua
 
-  core.register_service("hello-world", "http" }, function(applet)
+  core.register_service("hello-world", "http", function(applet)
  local response = "Hello World !"
  applet:set_status(200)
  applet:add_header("content-length", string.len(response))
@@ -430,7 +430,7 @@ Core class
   Register a function executed after the configuration parsing. This is useful
   to check any parameters.
 
-  :param fuction func: is the Lua function called to work as initializer.
+  :param function func: is the Lua function called to work as initializer.
 
   The prototype of the Lua function used as argument is:
 
@@ -449,7 +449,7 @@ Core class
   main scheduler starts. For example this type of tasks can be executed to
   perform complex health checks.
 
-  :param fuction func: is the Lua function called to work as initializer.
+  :param function func: is the Lua function called to work as initializer.
 
   The prototype of the Lua function used as argument is:
 
@@ -561,7 +561,7 @@ Converters class
   * applying hash on input string (djb2, crc32, sdbm, wt6),
   * format date,
   * json escape,
-  * extracting prefered language comparing two lists,
+  * extracting preferred language comparing two lists,
   * turn to lower or upper chars,
   * deal with stick tables.
 
@@ -595,7 +595,7 @@ Channel class
   If the buffer cant receive more data, a 'nil' value is returned.
 
   :param class_channel channel: The manipulated Channel.
-  :returns: a string containig all the avalaible data or nil.
+  :returns: a string containing all the available data or nil.
 
 .. js:function:: Channel.get(channel)
 
@@ -605,7 +605,7 @@ Channel class
   If the buffer cant receive more data, a 'nil' value is returned.
 
   :param class_channel channel: The manipulated Channel.
-  :returns: a string containig all the avalaible data or nil.
+  :returns: a string containing all the available data or nil.
 
 .. js:function:: Channel.getline(channel)
 
@@ -628,7 +628,7 @@ Channel class
 
   :param class_channel channel: The manipulated Channel.
   :param string string: The data which will sent.
-  :returns: an integer containing the amount of butes copyed or -1.
+  :returns: an integer containing the amount of bytes copied or -1.
 
 .. js:function:: Channel.append(channel, string)
 
@@ -640,7 +640,7 @@ Channel class
 
   :param class_channel channel: The manipulated Channel.
   :param string string: The data which will sent.
-  :returns: an integer containing the amount of butes copyed or -1.
+  :returns: an integer containing the amount of bytes copied or -1.
 
 .. js:function:: Channel.send(channel, string)
 
@@ -649,21 +649,21 @@ Channel class
 
   :param class_channel channel: The manipulated Channel.
   :param string string: The data which will sent.
-  :returns: an integer containing the amount of butes copyed or -1.
+  :returns: an integer containing the amount of bytes copied or -1.
 
 .. js:function:: Channel.get_in_length(channel)
 
   This function returns the length of the input part of the buffer.
 
   :param class_channel channel: The manipulated Channel.
-  :returns: an integer containing the amount of avalaible bytes.
+  :returns: an integer containing the amount of available bytes.
 
 .. js:function:: Channel.get_out_length(channel)
 
   This function returns the length of the output part of the buffer.
 
   :param class_channel channel: The manipulated Channel.
-  :returns: an integer containing the amount of avalaible bytes.
+  :returns: an integer containing the amount of available bytes.
 
 .. js:function:: Channel.forward(channel, int)
 
@@ -1359,7 +1359,7 @@ AppletHTTP class
   This is an hello world sample code:
 
 .. code-block:: lua
-  core.register_service("hello-world", "http" }, function(applet)
+  core.register_service("hello-world", "http", function(applet)
  local response = "Hello World !"
  applet:set_status(200)
  applet:add_header("content-length", string.len(response))
-- 
1.9.5.msysgit.1



Nedd hep on Rate limit based of opened session by IP

2015-11-08 Thread Sébastien ROHAUT
Hi,

I'm trying to set a rate limit not only based on source IP, but based on
number of opened sessions (based on a JSESSIONID cookie) per IP. For
exemple, allow only 10 new sessions per IP in 3 minutes.

I need some help ? How to do that ?

Thanks,

Sebastien Rohaut


Debug mode not working?!

2015-11-08 Thread Aleksandar Lazic

Hi.

Today I have tried to debug haproxy as in the old days ;-), I was not 
able to see the communication on stderr.


I'm sure I have something missed in the past on the list to be able to 
see the output.


My steps.

curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.2.tar.gz
tar xfvz haproxy-1.6.2.tar.gz
cd haproxy-1.6.2/
make TARGET=linux2628 DEBUG=-DDEBUG_FULL USE_PCRE=1 USE_OPENSSL=1 
USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 all

cd ../

export MONITOR_BIND_PORT=7991
export HTTP_BIND_PORT=7992
export HTTPS_BIND_PORT=7993

#
haproxy-1.6.2/haproxy -f haproxy.conf -d -V
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
Sharing capture with vars
Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.
[NO MORE OUTPUT AFTER CURL CALL]
#

I connected from another Terminal to this haproxy with curl.

##
LANG=C curl -vk http://xx.xx.xx.xx:7992/
*   Trying xx.xx.xx.xx...
* Connected to xx.xx.xx.xx5 (xx.xx.xx.xx) port 7992 (#0)

GET / HTTP/1.1
Host: xx.xx.xx.xx:7992
User-Agent: curl/7.45.0
Accept: */*


* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
#

Please can anyone tell me what I have missed, thanks.

#

haproxy-1.6.2/haproxy -vv
Sharing sig_handlers with pipe
Sharing pendconn with pipe
Sharing uniqueid with session
HA-Proxy version 1.6.2 2015/11/03
Copyright 2000-2015 Willy Tarreau 

Build options :
  TARGET  = linux2628
  CPU = generic
  CC  = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
  OPTIONS = USE_LINUX_SPLICE=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 
USE_TFO=1


Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 
200


Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3.4
Compression algorithms supported : identity("identity"), 
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")

Built with OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.12 2011-01-15
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT 
IPV6_TRANSPARENT IP_FREEBIND


Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.
Using epoll() as the polling mechanism.

cat haproxy.conf
#
# please read the manual
# http://www.haproxy.org/#docs

global


  debug
  # no daemon!
  # don't use gid, uid, group or user on openshift

  ca-base .
  crt-base .

  # in docker or openshift?
  # log

  # Name of the POD or Service or ...
  # log-send-hostname
  # log-tag
  # node

  # it's magic ;-)
  ssl-default-bind-ciphers 
EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH


  ssl-default-bind-options no-sslv3

  ssl-default-server-ciphers 
EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384::EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!SHA-1:!RC4:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:@STRENGTH


  ssl-default-server-options no-sslv3

  # this file is created at build time!
  # openssl dhparam -out /usr/local/etc/haproxy/ssl/dh-param_4096 4096
  ssl-dh-param-file dh-param_4096

  # ssl-server-verify default is required

  # perf tun
  # I think this values should be carefully changed, in case you need to 
change it!


  maxconn 100
  # maxconnrate
  # maxpipes
  # maxsessrate
  # maxsslconn
  # maxsslrate

  # defaults to 2
  # tune.ssl.cachesize

  # default defaults to 300 (5 min)
  # tune.ssl.lifetime

  # greater than  1024 bits are not supported
  # by Java 7 and earlier clients
  # tune.ssl.default-dh-param 4096

# peers !!
# peers ssl-sessions
#   Service disovering for the other haproxies in the cloud
#   peer  :

listen haproxy-monitor
  bind *:${MONITOR_BIND_PORT}
  mode health
  option httpchk

defaults
  timeout connect 5s
  timeout client 30s
  timeout server 30s

  # Long timeout for WebSocket connections.
  timeout tunnel 1h

  # balance ?
  # rate-limit sessions
  option forwardfor
  option http-ignore-probes
  option splice-auto
  option log-separate-errors
  option ssl-hello-chk

frontend http-in
  bind *:${HTTP_BIND_PORT} accept-proxy tfo
  mode http

  tcp-request inspect-delay 5s
  tcp-request content accept if HTTP

  use_backend test01

frontend https-in
  

Re: [PATCH] MEDIUM: mailer: try sending a mail up to 3 times

2015-11-08 Thread PiBa-NL

Forgot to include list, sorry.

Op 8-11-2015 om 17:33 schreef PiBa-NL:

Hi Ben, Willy, Simon,

Ben, thanks for the review.
Hoping 'release pressure' has cleared for Willy i'm resending the 
patch now, with with your comments incorporated.


CC, to Simon as maintainer of mailers part so he can give approval (or 
not).


The original reservations i had when sending this patch still apply. 
See the "HOWEVER." part in the bottom mail.


Hoping it might get merged to improve mailer reliability. So no 
'server down' email gets lost..

Thanks everyone for your time :) .

Regards,
PiBa-NL

Op 22-9-2015 om 16:43 schreef Ben Cabot:

Hi PiBa-NL,

Malcolm has asked me to take a look at this.  While I don't know
enough to answer the questions about the the design and implementation
I have tested the patch. In my testing it works well and I have a
couple of comments.

I had a warning when building, struct email_alert *alert; should be
before process_chk(t); or gcc moans (Warning: ISO C90 forbids mixed
declarations and code).
Ive moved the stuct to the top of the if statement where it was before 
my patch. I expect that to fix the warning.


It makes in total 4 attempts to send the mail where I believe it 
should be 3?

If the total desired attempts is 3 It looks like "if (check->fall < 3)
{ " should be "if (check->fall < 2)" with "check->fall++;" inside the
if statement. I may be wrong I've only briefly looked.
Yes it did '3 retries'. Ive changed to make it a total of '3 attempts' 
which is more like a normal 3x SYN packet when opening a failing 
connection.

While testing this I've realised it would also be nice to log when the
email fails to send after 3 attempts but that is a job for another
day.

Thanks for submitting this as its helpful for us, also for helping
with my patch.  I am still waiting for Willy to come back to me about
mine as well. As he is in the middle of a release I expect he is very
busy at the moment so I'll wait a while before giving him a poke and
following up. Hopefully I've been of some help to you.

Thanks for testing!

Kind Regards,
Ben

On 4 August 2015 at 20:35, PiBa-NL  wrote:

bump?
 Doorgestuurd bericht 
Onderwerp:  request for comment - [PATCH] MEDIUM: mailer: retry 
sending

a mail up to 3 times
Datum:  Sun, 26 Jul 2015 21:08:41 +0200
Van:PiBa-NL 
Aan:HAproxy Mailing Lists 



Hi guys,

Ive created a small patch that will retry sending a mail 3 times if it
fails the first time.
Its seems to work in my limited testing..

HOWEVER.
-i have not checked for memoryleaks, sockets not being closed properly
(i dont know how to..)
-is setting current and last steps to null the proper way to reset the
step of rule evaluation?
-CO_FL_ERROR is set when there is a connection error.. this seems to be
the proper check.
-but check->conn->flags & 0xFF  is a bit of s guess from observing the
flags when it could connect but the server did not respond 
properly.. is

there a other better way?
-i used the 'fall' variable to track the number of retries.. should i
have created a separate 'retries' variable?

Thanks for any feedback you can give me.

Best regards,
PiBa-NL













Haproxy module for ZeroMQ

2015-11-08 Thread Abdul Hakeem
Hello,

Does anyone know about a Haproxy module for ZeroMQ ?
Basically what I am hoping to achieve is load balance HTTP/Websockets traffic
using ZHTTP and ZWS or use a plain ZeroMQ IPC to communicate with the backend
servers.

Regards,
Abdul Hakeem





Re: [PATCH] MEDIUM: mailer: try sending a mail up to 3 times

2015-11-08 Thread PiBa-NL
Forgot to include list, sorry. And then the attachment dropped of.. 
Resending.

Op 8-11-2015 om 17:33 schreef PiBa-NL:

Hi Ben, Willy, Simon,

Ben, thanks for the review.
Hoping 'release pressure' has cleared for Willy i'm resending the 
patch now, with with your comments incorporated.


CC, to Simon as maintainer of mailers part so he can give approval (or 
not).


The original reservations i had when sending this patch still apply. 
See the "HOWEVER." part in the bottom mail.


Hoping it might get merged to improve mailer reliability. So no 
'server down' email gets lost..

Thanks everyone for your time :) .

Regards,
PiBa-NL

Op 22-9-2015 om 16:43 schreef Ben Cabot:

Hi PiBa-NL,

Malcolm has asked me to take a look at this.  While I don't know
enough to answer the questions about the the design and implementation
I have tested the patch. In my testing it works well and I have a
couple of comments.

I had a warning when building, struct email_alert *alert; should be
before process_chk(t); or gcc moans (Warning: ISO C90 forbids mixed
declarations and code).
Ive moved the stuct to the top of the if statement where it was before 
my patch. I expect that to fix the warning.


It makes in total 4 attempts to send the mail where I believe it 
should be 3?

If the total desired attempts is 3 It looks like "if (check->fall < 3)
{ " should be "if (check->fall < 2)" with "check->fall++;" inside the
if statement. I may be wrong I've only briefly looked.
Yes it did '3 retries'. Ive changed to make it a total of '3 attempts' 
which is more like a normal 3x SYN packet when opening a failing 
connection.

While testing this I've realised it would also be nice to log when the
email fails to send after 3 attempts but that is a job for another
day.

Thanks for submitting this as its helpful for us, also for helping
with my patch.  I am still waiting for Willy to come back to me about
mine as well. As he is in the middle of a release I expect he is very
busy at the moment so I'll wait a while before giving him a poke and
following up. Hopefully I've been of some help to you.

Thanks for testing!

Kind Regards,
Ben

On 4 August 2015 at 20:35, PiBa-NL  wrote:

bump?
 Doorgestuurd bericht 
Onderwerp:  request for comment - [PATCH] MEDIUM: mailer: retry 
sending

a mail up to 3 times
Datum:  Sun, 26 Jul 2015 21:08:41 +0200
Van:PiBa-NL 
Aan:HAproxy Mailing Lists 



Hi guys,

Ive created a small patch that will retry sending a mail 3 times if it
fails the first time.
Its seems to work in my limited testing..

HOWEVER.
-i have not checked for memoryleaks, sockets not being closed properly
(i dont know how to..)
-is setting current and last steps to null the proper way to reset the
step of rule evaluation?
-CO_FL_ERROR is set when there is a connection error.. this seems to be
the proper check.
-but check->conn->flags & 0xFF  is a bit of s guess from observing the
flags when it could connect but the server did not respond 
properly.. is

there a other better way?
-i used the 'fall' variable to track the number of retries.. should i
have created a separate 'retries' variable?

Thanks for any feedback you can give me.

Best regards,
PiBa-NL










From 18fd2740b7c9f511e03afe9ebb8237f6a640a141 Mon Sep 17 00:00:00 2001
From: Pieter Baauw 
Date: Sun, 26 Jul 2015 20:47:27 +0200
Subject: [PATCH] MEDIUM: mailer: retry sending a mail up to 3 times

Currently only 1 connection attempt (syn packet) was send, this patch increases 
that to 3 attempts. This to make it less likely them mail is lost due to a 
single lost packet.
---
 src/checks.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/checks.c b/src/checks.c
index e77926a..335eb9a 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1408,7 +1408,7 @@ static struct task *server_warmup(struct task *t)
  *
  * It can return one of :
  *  - SF_ERR_NONE if everything's OK and tcpcheck_main() was not called
- *  - SF_ERR_UP if if everything's OK and tcpcheck_main() was called
+ *  - SF_ERR_UP if everything's OK and tcpcheck_main() was called
  *  - SF_ERR_SRVTO if there are no more servers
  *  - SF_ERR_SRVCL if the connection was refused by the server
  *  - SF_ERR_PRXCOND if the connection has been limited by the proxy (maxconn)
@@ -3065,6 +3065,7 @@ static struct task *process_email_alert(struct task *t)
LIST_DEL(>list);
 
check->state |= CHK_ST_ENABLED;
+   check->fall = 0;
}
 
}
@@ -3074,6 +3075,17 @@ static struct task *process_email_alert(struct task *t)
if (!(check->state & CHK_ST_INPROGRESS) && check->tcpcheck_rules) {
struct email_alert *alert;
 
+   if ((check->conn->flags & CO_FL_ERROR) || // connection failed, 
try again
+   (check->conn->flags & 0xFF) // did not reach the 

[SPAM] Flipkart | Happy Diwali Sale + Extra Rs3000 Off + Shipping Across India.

2015-11-08 Thread Diwali Sale
Title: ::Flipkart::





   If you're having trouble viewing this email, please 



  


  


  

  
  

  


  

  

  
  

  
  

  


  

 
  

  
  

  
  

  


  


  


   

  
  

  
  

  


  

  
  

  
  

  
  

  


  

   
  

  
  

  
  
  


  


  
Disclaimer : This email is being sent by Loyalty Commerce Pvt Ltd and not from Flipkart.com
  

  
  

  
  


You have received this mailer from us because you indicated that you would like to receive special offers.
  To unsubscribe from this offer, please click here to unsubscribe.







Re: Echo server in Lua

2015-11-08 Thread Thrawn
Thanks, Baptiste.
I've had a go at setting that up, but found an issue in the process: I can't 
build HAProxy with Lua support unless I install the OpenSSL headers. Which I 
don't have any particular interest in doing, since I don't need SSL support.I 
notice that there was a patch in March to be able to build without actually 
enabling OpenSSL, but can there also be patching to allow it to be entirely 
absent from the system?
By the way, I'm not sure how much JIT optimisation is done in Lua, but it's 
probably fastest to inline the code?
core.register_action("echo", { "http-req" }, function (txn)
    txn.res:send("HTTP/1.0 200 OK\r\nServer: haproxy-lua/echo\r\nContent-Type: 
text/html\r\nContent-Length: " .. buffer:len() .. "\r\nConnection: 
close\r\n\r\n" .. txn.f:src())    txn.done()end)
Regards
Thrawn

  bed...@gmail.com  


 On Wednesday, 4 November 2015, 17:56, Baptiste  wrote:
   

 On Tue, Nov 3, 2015 at 5:53 AM, Thrawn  wrote:
> Now that HAProxy has Lua support, I'm looking at the possibility of setting 
> up an echo server, which simply responds with the observed remote address of 
> the client (currently implemented in PHP as  $_SERVER['REMOTE_ADDRESS']; ?>).
>
>
> Does anyone have a suggestion of the most efficient possible implementation 
> of this? If possible, it should handle millions of clients polling it 
> regularly, so speed is essential.
>
>
> Thanks
>

Hi,

content of echo.lua file:
-- a simple echo server
-- it generates a response whose body contains the client IP address
core.register_action("echo", { "http-req" }, function (txn)
        local buffer = ""
        local response = ""

        buffer = txn.f:src()

        response = response .. "HTTP/1.0 200 OK\r\n"
        response = response .. "Server: haproxy-lua/echo\r\n"
        response = response .. "Content-Type: text/html\r\n"
        response = response .. "Content-Length: " .. buffer:len() .. "\r\n"
        response = response .. "Connection: close\r\n"
        response = response .. "\r\n"
        response = response .. buffer

        txn.res:send(response)
        txn:done()
end)

content of haproxy's configuration:

global
  log 127.0.0.1 local0
  lua-load echo.lua

frontend echo
  bind *:10004
  mode http
  http-request lua.echo


Don't forget to setup timeouts, etc...

Baptiste