Re: Observations about reloads and DNS SRV records

2018-06-07 Thread Tait Clarridge
Hi Baptiste, thanks for the response. On Wed, Jun 6, 2018 at 6:32 PM Baptiste wrote: > > This should not happen and it's a known issue that we're working on. > > Excellent, figured you guys were probably already aware of it. Let me know if I can assist in testing. > > Actually, I tested many

Re: regression testing for haproxy

2018-06-07 Thread Frederic Lecaille
On 06/07/2018 03:14 PM, Frederic Lecaille wrote: Hi all, We have recently worked in colloboration with Poul-Henning Kamp to use varnishtest regression testing (script driven) tool for Varnish HTTP Cache so that to modify it and make it capable of also test haproxy. Note that here we are

regression testing for haproxy

2018-06-07 Thread Frederic Lecaille
Hi all, We have recently worked in colloboration with Poul-Henning Kamp to use varnishtest regression testing (script driven) tool for Varnish HTTP Cache so that to modify it and make it capable of also test haproxy. Note that here we are speaking about *regression* testing which has

Re: haproxy-1.8.8 seamless reloads failing with abns@ sockets

2018-06-07 Thread Willy Tarreau
On Thu, Jun 07, 2018 at 03:32:31PM +0300, Jarno Huuskonen wrote: > My minimal test config with the patch works (on top of > 1.8.9): (doing reloads/curl in loop). Thanks, not surprising anyway ;-) Now merged. Willy

Re: haproxy-1.8.8 seamless reloads failing with abns@ sockets

2018-06-07 Thread Jarno Huuskonen
Hi Olivier / Willy, On Thu, Jun 07, Olivier Houchard wrote: > Hi Willy, > > On Thu, Jun 07, 2018 at 11:45:39AM +0200, Willy Tarreau wrote: > > Hi Olivier, > > > > On Wed, Jun 06, 2018 at 06:40:05PM +0200, Olivier Houchard wrote: > > > You're right indeed, that code was not written with abns

RE: Set-Cookie Secure

2018-06-07 Thread Roberto Cazzato
Hi, your code, as the original: acl https_sess ssl_fc acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure rspirep ^(set-cookie:.*) \1;\ Secure if https_sess !secured_cookie works only for cookies inserted by backends server: (Backend set cookie) -> ( haproxy intercept Set-Cookie and add

Re: haproxy-1.8.8 seamless reloads failing with abns@ sockets

2018-06-07 Thread Olivier Houchard
Hi Willy, On Thu, Jun 07, 2018 at 11:45:39AM +0200, Willy Tarreau wrote: > Hi Olivier, > > On Wed, Jun 06, 2018 at 06:40:05PM +0200, Olivier Houchard wrote: > > You're right indeed, that code was not written with abns sockets in mind. > > The attached patch should fix it. It was created from

Re: remaining process after (seamless) reload

2018-06-07 Thread Willy Tarreau
On Thu, Jun 07, 2018 at 11:50:45AM +0200, William Lallemand wrote: > /* block signal delivery during processing */ > +#ifdef USE_THREAD > + pthread_sigmask(SIG_SETMASK, _sig, _sig); > +#else > sigprocmask(SIG_SETMASK, _sig, _sig); > +#endif I think for the merge we'd rather put a

Re: remaining process after (seamless) reload

2018-06-07 Thread William Lallemand
Hi guys, Sorry for the late reply, I manage to reproduce and fix what seams to be the bug. The signal management was not handled correctly with threads. Could you try those patches and see if it fixes the problem? Thanks. -- William Lallemand >From d695242fb260538bd8db323715d627c4a9deacc7

Re: haproxy-1.8.8 seamless reloads failing with abns@ sockets

2018-06-07 Thread Willy Tarreau
Hi Olivier, On Wed, Jun 06, 2018 at 06:40:05PM +0200, Olivier Houchard wrote: > You're right indeed, that code was not written with abns sockets in mind. > The attached patch should fix it. It was created from master, but should > apply to 1.8 as well. > > Thanks ! > > Olivier > >From

Re: maxsslconn vs maxsslrate

2018-06-07 Thread Mihir Shirali
Hi Alexander, I have looked at the link. What I am looking for is an answer to the difference between maxsslconn and maxsslrate. The former does not result in CPU savings while the latter does. Again the former does result in large number of tcp connection resets while the latter does not. What

Re: maxsslconn vs maxsslrate

2018-06-07 Thread Aleksandar Lazic
On 07/06/2018 14:30, Mihir Shirali wrote: We have a large number of ip phones connecting to this port. They could be as large as 80k. They request for a file from a custom application. haproxy front ends the tls connection and then forwards the request to the application's http port. Have you

Re: maxsslconn vs maxsslrate

2018-06-07 Thread Mihir Shirali
We have a large number of ip phones connecting to this port. They could be as large as 80k. They request for a file from a custom application. haproxy front ends the tls connection and then forwards the request to the application's http port. HA-Proxy version 1.8.8 2018/04/19 Copyright 2000-2018

Re: maxsslconn vs maxsslrate

2018-06-07 Thread Aleksandar Lazic
Hi Mihir. On 07/06/2018 10:27, Mihir Shirali wrote: Hi Team, We use haproxy to front tls for a large number of endpoints, haproxy prcesses the TLS session and then forwards the request to the backend application. What we have noticed is that if there are a large number of connections from