Re: Using server-template for DNS resolution

2019-02-07 Thread Baptiste
On Fri, Feb 8, 2019 at 6:09 AM Igor Cicimov wrote: > On Fri, Feb 8, 2019 at 2:29 PM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Hi, >> >> I have a Jetty frontend exposed for couple of ActiveMQ servers behind SSL >> terminating Haproxy-1.8.18. They share same storage and state

Re: Using server-template for DNS resolution

2019-02-07 Thread Igor Cicimov
On Fri, Feb 8, 2019 at 2:29 PM Igor Cicimov wrote: > Hi, > > I have a Jetty frontend exposed for couple of ActiveMQ servers behind SSL > terminating Haproxy-1.8.18. They share same storage and state via lock file > and there is only one active AMQ at any given time. I'm testing this now > with

Using server-template for DNS resolution

2019-02-07 Thread Igor Cicimov
Hi, I have a Jetty frontend exposed for couple of ActiveMQ servers behind SSL terminating Haproxy-1.8.18. They share same storage and state via lock file and there is only one active AMQ at any given time. I'm testing this now with dynamic backend using Consul DNS resolution: # dig +short

Re: H2: interoperability issue due to lack of CONTINUATION frame support

2019-02-07 Thread Lukas Tribus
Hello, On Sat, 1 Sep 2018 at 20:02, Lukas Tribus wrote: > > Hi Willy, > > > haproxy is currently unable to handle CONTINUATION [1] frames (see > commit 61290ec77 - [2]). > > If a client emits a CONTINUATION frame, we will break the connection > and send GOAWAY due to INTERNAL_ERROR. This of

[PATCH] CONTRIB: contrib/prometheus-exporter: Add a Prometheus exporter for HAProxy

2019-02-07 Thread Christopher Faulet
Hi, This patch adds a new component in contrib. It is a Prometheus exporter for HAProxy. It is developed as a "service", i.e. an applet which can be called from a "use-service" rule. To build HAProxy with this component, you should use the Makefile variable "EXTRA_OBJS": $> make

Re: possible use of unitialized value in v2.0-dev0-274-g1a0fe3be

2019-02-07 Thread Willy Tarreau
On Wed, Feb 06, 2019 at 07:12:31PM +0100, Tim Düsterhus wrote: (...) > Thus I believe this is a false-positive. I should have read the whole thread, it would have saved me a reply :-) Willy

Re: possible use of unitialized value in v2.0-dev0-274-g1a0fe3be

2019-02-07 Thread Willy Tarreau
Hello, On Wed, Feb 06, 2019 at 02:28:27PM -0200, Ricardo Nabinger Sanchez wrote: > Hello, > > scan-build found a 28-step path where an unitialized value could be used in > h2s_htx_bck_make_req_headers(). > > Here is a shortened version: > > 4378 idx = htx_get_head(htx); // returns the

Re: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Willy Tarreau
On Thu, Feb 07, 2019 at 06:37:28PM +0100, Willy Tarreau wrote: > > I'll try with h2c and see if I can put it between client and haproxy. > > Then I suspect that you'll see haproxy either emit RST_STREAM or emit > too large a frame and this frame get rejected. So after checking the code, I can

Re: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Willy Tarreau
On Thu, Feb 07, 2019 at 06:44:01PM +0200, Jarno Huuskonen wrote: > At least on my test case haproxy listens http2 and uses http/1.1 > to backend server > (example config and example backend server (in go) are in earlier > mail: https://www.mail-archive.com/haproxy@formilux.org/msg32727.html >

Re: http-use-htx and IIS

2019-02-07 Thread Marco Corte
Il 2019-02-07 17:50 Marco Corte ha scritto: A configuration similar to the following lets the GETs work properly, but the POST fails after the server timeout (session state "SD" in haproxy logs): Sorry. I was wrong. It is a capital "S" S : the TCP session was unexpectedly aborted by

http-use-htx and IIS

2019-02-07 Thread Marco Corte
Hello! I am testing haproxy version 1.9.4 on Ubuntu 18.04. With the "option http-use-htx", haproxy shows a strange behaviour when the real server is IIS and if the users' browsers try to do a POST. A configuration similar to the following lets the GETs work properly, but the POST fails

Re: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Jarno Huuskonen
Hi, On Thu, Feb 07, Willy Tarreau wrote: > On Thu, Feb 07, 2019 at 04:50:12PM +0200, Jarno Huuskonen wrote: > > Hi, > > > > On Thu, Feb 07, Steve GIRAUD wrote: > > > Thanks Jarno for the investigation. > > > > No problem. > > > > > The large header is only on response and there is only one

RE: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Steve GIRAUD
Thanks for your precious answer, I might have an idea. The default H2 max-frame-size is 16kB (by the spec). It is possible that your server ignores the setting and tries to push a frame size that is larger than the agreed limit, which becomes a protocol violation. For information, we use IIS10

Re: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Willy Tarreau
Hi, On Thu, Feb 07, 2019 at 04:50:12PM +0200, Jarno Huuskonen wrote: > Hi, > > On Thu, Feb 07, Steve GIRAUD wrote: > > Thanks Jarno for the investigation. > > No problem. > > > The large header is only on response and there is only one large header > > (18k). > > > > haproxy + ssl + http2

Re: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Jarno Huuskonen
Hi, On Thu, Feb 07, Steve GIRAUD wrote: > Thanks Jarno for the investigation. No problem. > The large header is only on response and there is only one large header (18k). > > haproxy + ssl + http2+ tune.bufsize:32768 --> request fails Did you check with curl or chrome if you get the same

RE: RSA Conference 2019 Attendees List

2019-02-07 Thread Nile Smith
Hi, Just following up. I know you're busy. Just give me a 1,2 or 3 1. Send data counts and pricing. 2. I could potentially use your solution, but in future. 3. Leave me alone, stalker. Regards, Nile Smith Demand Generation Executive From: Nile Smith

RE: HAProxy returns a 502 error when ssl offload and response has a large header

2019-02-07 Thread Steve GIRAUD
Hi, Thanks Jarno for the investigation. The large header is only on response and there is only one large header (18k). haproxy + ssl + http2+ tune.bufsize:32768 --> request fails haproxy + ssl + http1.1 + tune.bufsize:32768 --> request ok If I request my backend directly in h2 + ssl but

Re: [ANNOUNCE] haproxy-1.9.4

2019-02-07 Thread Aleksandar Lazic
Am 06.02.2019 um 17:19 schrieb Willy Tarreau: > Hi Aleks, > > On Wed, Feb 06, 2019 at 05:16:58PM +0100, Aleksandar Lazic wrote: >> Maybe this patch was to late for 1.9.4 please can you consider to add it >> to 2.0 and later 1.9.5, thanks. >> >>