Re: cookie insert method secure

2018-06-12 Thread Aleksandar Lazic
Hi. On 12/06/2018 18:05, mlist wrote: Hi Alekandar, as I can see in the configuration documentation cookie command does not seems to support As now I use HA-Proxy version 1.8-dev0-530141f 2017/03/02 if I set "if { ssl_fc }" condition I get: [ALERT] 162/194855 (10704) : parsing

RE: HAProxy 1.8.x not serving errorfiles with H2

2018-06-12 Thread J. Casalino
Thank you! That fixed the issue. Might I suggest adding the below snippet into the "example" section of the errorfile documentation at [1]? The current example only shows the configuration itself but not what the file format should be - since it's this specific, the description given is just

Re: HAProxy 1.8.x not serving errorfiles with H2

2018-06-12 Thread Tim Düsterhus
Hi Am 12.06.2018 um 17:43 schrieb J. Casalino: > Thank you so much for your response. [1] is the simplest example of our 503 > errorfile. Based on what you're saying it sounds like we need to add some > additional information into the file. Is this documented somewhere? > it is [1]: > The

Re: dev1.9 2018/06/05 threads cpu 100% spin_lock v.s. thread_sync_barrier

2018-06-12 Thread PiBa-NL
Hi Willy, Op 12-6-2018 om 14:31 schreef Willy Tarreau: This one is not known yet, to the best of my knowledge, or at least not reported yet. Okay :) I guess ill keep an eye on if it happens again. Is there something i can do to find out more info if it happens again? Or maybe before that

RE: cookie insert method secure

2018-06-12 Thread mlist
Hi Alekandar, as I can see in the configuration documentation cookie command does not seems to support As now I use HA-Proxy version 1.8-dev0-530141f 2017/03/02 if I set "if { ssl_fc }" condition I get: [ALERT] 162/194855 (10704) : parsing [/etc/haproxy/haproxy.cfg:657] : 'cookie' supports

Re: cookie insert method secure

2018-06-12 Thread Aleksandar Lazic
Hi. On 12/06/2018 16:23, mlist wrote: Hi, there is a mechanism to specify to command like: cookie insert indirect preserve nocache httponly secure to insert secure only if the session is ssl ? So it is possible to use this command on a common http/https backend without using 2 different

cookie insert method secure

2018-06-12 Thread mlist
Hi, there is a mechanism to specify to command like: cookie insert indirect preserve nocache httponly secure to insert secure only if the session is ssl ? So it is possible to use this command on a common http/https backend without using 2 different redundant backend ? There are also

RE: HAProxy 1.8.x not serving errorfiles with H2

2018-06-12 Thread J. Casalino
Hi Cyril, Thank you so much for your response. [1] is the simplest example of our 503 errorfile. Based on what you're saying it sounds like we need to add some additional information into the file. Is this documented somewhere? [1] HTTP 503 Author is unavailable

Re: haproxy bug: healthcheck not passing after port change when statefile is enabled

2018-06-12 Thread Tim Düsterhus
Sven, Am 12.06.2018 um 17:01 schrieb Sven Wiltink: > create a systemd file > /etc/systemd/system/haproxy.service.d/60-haproxy-server_state.conf with the > following contents: > [Service] > ExecStartPre=/bin/mkdir -p /var/run/haproxy/state > ExecReload= > ExecReload=/usr/sbin/haproxy -f

haproxy bug: healthcheck not passing after port change when statefile is enabled

2018-06-12 Thread Sven Wiltink
Hello, There seems to be a bug in the loading of state files after a configuration change. When changing the destination port of a server the healthchecks never start passing if the state before the reload was down. This bug has been introduced after 1.7.9 as we cannot reproduce it on machines

Re: remaining process after (seamless) reload

2018-06-12 Thread William Dauchy
On Tue, Jun 12, 2018 at 04:33:43PM +0200, William Lallemand wrote: > Those processes are still using a lot of CPU... > Are they still delivering traffic? they don't seem to handle any traffic (at least I can't see it through strace) but that's the main difference here, using lots of CPU. > >

Re: remaining process after (seamless) reload

2018-06-12 Thread William Lallemand
On Tue, Jun 12, 2018 at 04:00:25PM +0200, William Dauchy wrote: > Hello William L, > > On Fri, Jun 08, 2018 at 04:31:30PM +0200, William Lallemand wrote: > > That's great news! > > > > Here's the new patches. It shouldn't change anything to the fix, it only > > changes the sigprocmask to

stable-bot: WARNING: 29 bug fixes in queue for next release

2018-06-12 Thread stable-bot
Hi, This is a friendly bot that watches fixes pending for the next haproxy-stable release! One such e-mail is sent every week once patches are waiting in the last maintenance branch, and an ideal release date is computed based on the severity of these fixes and their merge date. Responses to

Re: remaining process after (seamless) reload

2018-06-12 Thread William Dauchy
Hello William L, On Fri, Jun 08, 2018 at 04:31:30PM +0200, William Lallemand wrote: > That's great news! > > Here's the new patches. It shouldn't change anything to the fix, it only > changes the sigprocmask to pthread_sigmask. In fact, I now have a different but similar issue. root 18547

Re: subscribe

2018-06-12 Thread Aleksandar Lazic
Hi. On 12/06/2018 08:19, Ray Jender wrote: Please add me to the mailing list: rayjen...@gmail.com Please add you self as described here https://www.haproxy.org/#tact Best regards Aleks

Re: regression testing for haproxy

2018-06-12 Thread Willy Tarreau
On Thu, Jun 07, 2018 at 03:29:24PM +0200, Frederic Lecaille wrote: > Well... this is patch matching with the previous text file. Now applied, thanks Fred! willy

Re: dev1.9 2018/06/05 threads cpu 100% spin_lock v.s. thread_sync_barrier

2018-06-12 Thread Willy Tarreau
Hi Pieter, On Mon, Jun 11, 2018 at 10:48:25PM +0200, PiBa-NL wrote: > Hi List, > > I've got no clue how i got into this state ;) and maybe there is nothing > wrong..(well i did resume a VM that was suspended for half a day..) > > Still thought it might be worth reporting, or perhaps its solved

subscribe

2018-06-12 Thread Ray Jender
Please add me to the mailing list: rayjen...@gmail.com

Re: haproxy and solarflare onload

2018-06-12 Thread Emeric Brun
Hi Elias, On 05/28/2018 04:08 PM, Elias Abacioglu wrote: > Hi Willy and HAproxy folks! > > Sorry for bumping this old thread. But Solarflare recently released a new > Onload version. > http://www.openonload.org/download/openonload-201805-ReleaseNotes.txt >

Re: HAProxy 1.8.x not serving errorfiles with H2

2018-06-12 Thread Willy Tarreau
Hi Cyril, On Mon, Jun 11, 2018 at 10:36:43PM +0200, Cyril Bonté wrote: > If it looks like HTTP/0.9, I tend to think that your errorfile is not > properly set. Such files must contain the status line, the headers and the > response body. > > And indeed, from a quick test, if I remove the status

Re: haproxy with QAT requires root

2018-06-12 Thread Aleksandar Lazic
Hi. On 12/06/2018 12:58, Christian Braun wrote: Hello, i am testing haproxy with a QAT card (Intel QuickAssit-Technology). I am getting "SSL handshake failure" running haproxy with user nobody and ssl-engine qat. When running haproxy with user root the card gets used and the SSL connection

haproxy with QAT requires root

2018-06-12 Thread Christian Braun
Hello, i am testing haproxy with a QAT card (Intel QuickAssit-Technology). I am getting "SSL handshake failure" running haproxy with user nobody and ssl-engine qat. When running haproxy with user root the card gets used and the SSL connection works. Is running haproxy as root required when using

Re: Connections stuck in CLOSE_WAIT state with h2

2018-06-12 Thread Willy Tarreau
Hi Milan, On Fri, Jun 08, 2018 at 01:26:41PM +0200, Milan Petruzelka wrote: > On Wed, 6 Jun 2018 at 11:20, Willy Tarreau wrote: > > > Hi Milan, > > > > On Wed, Jun 06, 2018 at 11:09:19AM +0200, Milan Petruzelka wrote: > > > Hi Willy, > > > > > > I've tracked one of connections hanging in