openshift router with haproxy 1.8 and h2

2017-11-29 Thread Aleksandar Lazic
Hi all. I have build today the openshift router with the brand new haproxy 1.8.0 and 'alpn h2,http/1.1' https://gitlab.com/aleks001/openshift-ocp-router-hap18/blob/master/containerfiles/var/lib/haproxy/conf/haproxy-config.template#L223

Re: [PATCH] BUG/MINOR: when master-worker is in daemon mode, detach from tty

2017-11-29 Thread PiBa-NL
Hi William, When you have time, please take a look below & attached :) . Op 29-11-2017 om 1:28 schreef William Lallemand: Hi Pieter, diff --git a/src/haproxy.c b/src/haproxy.c index c3c8281..a811577 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -2648,6 +2648,13 @@ int main(int argc, char

Re: [PATCH] BUG/MINOR: Check if master-worker pipe getenv succeeded, also allow pipe fd 0 as valid.

2017-11-29 Thread PiBa-NL
Hi William, Op 29-11-2017 om 1:15 schreef William Lallemand: Hi Pieter, The getenv returning NULL should never happen, but the test is wrong, it should have been a strtol with an errno check instead of an atol. However that's overkill in this case, we just need to check the return value of

Re: Sticky-table contents is not distributed among peers

2017-11-29 Thread Максим Куприянов
Oh, I've found in documentation that "The pushed values overwrite remote ones without aggregation." So identical src as a key is possibly not a good choice at all. I've tried `hostname` as a key, but still see only one entry with it's local hostname in tables on each host. Maybe I'm doing

Seamless Restarts/Reloads in haproxy and master/worker-mode 1.8.

2017-11-29 Thread Markus Rietzler
i have upgraded to version 1.8. and so far everything works. i have to questions about the new features: 1) seamless reload one of the new features ist seamless restarts. it is also said, that even an version upgrade should work. how do i achieve this? at the moment my startup script is very

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-29 Thread Olivier Houchard
On Mon, Nov 27, 2017 at 06:19:41PM +0100, Emmanuel Hocdet wrote: > > Maybe the best is to add a new flag per conn_stream, CS_FL_WAITING_FOR_HS or > > something, instead of relying on CO_FL_EARLY_DATA. > > I think I'm going to do something like that. > > I think it's a good idea, two different

Re: HLS loadbalancing

2017-11-29 Thread Moemen MHEDHBI
Hi HLS seems to be based on standard HTTP requests, so although I don't know the details of the HLS protocol, I think HAProxy can do the Job. You can use the diferent HAProxy timeouts to deal with long HTTP sessions and you can rely on any HTTP header, cookie, .. to route requests to the

Sticky-table contents is not distributed among peers

2017-11-29 Thread Максим Куприянов
Hi! First of all I'd like to thank you for such a great software, as Haproxy is. It is really one of the best opensource projects. And I'm your happy user for many years :) But now, I need help in troubleshooting. Recently I've tried to use distributed sticky-tables, but for some reason they're

Re: [BUG] haproxy 1.8-last/master-worker/peers

2017-11-29 Thread Willy Tarreau
On Wed, Nov 29, 2017 at 02:29:56PM +0100, Willy Tarreau wrote: > On Wed, Nov 29, 2017 at 11:54:28AM +0100, Willy Tarreau wrote: > > On Wed, Nov 29, 2017 at 10:41:18AM +0100, Willy Tarreau wrote: > > > > Apparently this is reproducible without the master-worker, upon a > > > > reload with a local

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-29 Thread Willy Tarreau
Hi Manu, On Wed, Nov 29, 2017 at 12:40:46PM +0100, Emmanuel Hocdet wrote: > Can you consider the first patch (included here). > As Olivier said, the fix for ssl_fc_has_early need more works. OK now merged and backported, thanks! Willy

Re: [PATCH]: BUILD FreeBSD and cpu afifnity

2017-11-29 Thread Willy Tarreau
On Wed, Nov 29, 2017 at 11:10:50AM +, David CARLIER wrote: > I intentionally did two separated patches about FreeBSD and > USE_CPU_AFFINITY. The first is just to fix a build issue, the second to > enable it by default. > The first patch might need to be backported to 1.8. Thank you David,

Re: [BUG] haproxy 1.8-last/master-worker/peers

2017-11-29 Thread Willy Tarreau
On Wed, Nov 29, 2017 at 11:54:28AM +0100, Willy Tarreau wrote: > On Wed, Nov 29, 2017 at 10:41:18AM +0100, Willy Tarreau wrote: > > > Apparently this is reproducible without the master-worker, upon a reload > > > with a local peer, > > > the previous process doesn't leave. > > > > I can now

Re: [PATCH] BUG/MINOR: ssl: fix CO_FL_EARLY_DATA removal with http mode

2017-11-29 Thread Emmanuel Hocdet
Hi Willy, Can you consider the first patch (included here). As Olivier said, the fix for ssl_fc_has_early need more works. Can be backported to 1.8 ++ Manu 0001-BUG-MINOR-ssl-CO_FL_EARLY_DATA-removal-is-managed-by.patch Description: Binary data

[PATCH]: BUILD FreeBSD and cpu afifnity

2017-11-29 Thread David CARLIER
Hi, I intentionally did two separated patches about FreeBSD and USE_CPU_AFFINITY. The first is just to fix a build issue, the second to enable it by default. The first patch might need to be backported to 1.8. Hope it s good. Kind regards. From 52603a51797dafbd197de2558631ff134176cb5e Mon Sep

Re: [BUG] haproxy 1.8-last/master-worker/peers

2017-11-29 Thread Willy Tarreau
On Wed, Nov 29, 2017 at 10:41:18AM +0100, Willy Tarreau wrote: > > Apparently this is reproducible without the master-worker, upon a reload > > with a local peer, > > the previous process doesn't leave. > > I can now reproduce it. It happens that my previous failed tests didn't > trigger it

Re: [BUG] haproxy 1.8-last/master-worker/peers

2017-11-29 Thread Willy Tarreau
On Tue, Nov 28, 2017 at 05:08:53PM +0100, William Lallemand wrote: > On Tue, Nov 28, 2017 at 02:56:55PM +0100, William Lallemand wrote: > > On Tue, Nov 28, 2017 at 12:22:04PM +0100, Emmanuel Hocdet wrote: > > > ok, i should have something strange because it's easy to reproduce in my > > >

Slow download speeds on SSL v/s plain http

2017-11-29 Thread Sachin Shetty
Hi, We have been using haproxy in our production systems for a long time. Recently we spotted a slowdown in downloads in SSL compared to plain http. We are able to reproduce this in a test setup which has no other traffic. We have nbproc set according to the number of cpus Haproxy has two front