Re: [Potential Spoof] [PATCH] BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked

2019-02-20 Thread Richard Russo
While continuing to test this, I ended up with a crash in listener.c:listener_accept on a closed/closing listen socket where fdtab[fd].owner is NULL by the time the thread gets there. This is possible because the fd.c: fdlist_process_cached_events unlocks the spinlock before calling

[PATCH] BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are unlocked

2019-02-20 Thread Richard Russo
While testing haproxy 1.9 on FreeBSD 11.1, I would often find stuck threads in the old process after reload. Symptoms were 100% cpu in some threads after soft_stop, many sockets in CLOSED state in lsof, and in core dumps, the stuck threads were in fd related processes on fds that were listen

Re: Require info on ACL for rate limiting on per URL basis.

2019-02-20 Thread Jarno Huuskonen
Hi, On Wed, Feb 20, Badari Prasad wrote: > Thank you for responding. Came up with based on the inputs: > > #printf "as2monte" | mkpasswd --stdin --method=md5 > userlist AuthUsers_MONTE_AS2 > user appuser_as2 password $1$t25fZ7Oe$bjthsMcXgbCt2EJvQo8r0/ > > backend st_src_as2_monte >

Re: Tune HAProxy in front of a large k8s cluster

2019-02-20 Thread Jarno Huuskonen
Hi, On Wed, Feb 20, Baptiste wrote: > I would use a variable instead of a header: > http-request set-var(req.myvar) req.hdr(host),concat(,path) Nitpicking here: AFAIK this won't work as is, because concat expects a variable

Question about haproxy in front of coturn turnserver

2019-02-20 Thread Aleksandar Lazic
Hi. I would like to run haproxy in front of the https://github.com/coturn/coturn turnserver for nextcloud talk. Have anyone tried this or have setup-ed successfully such a config? I would like to disable the udp part on coturn `no-udp` just because for now have haproxy not the option to proxy

Re: Early connection close, incomplete transfers

2019-02-20 Thread Veiko Kukk
On 2019-02-19 06:47, Willy Tarreau wrote: This is interesting. As you observed in the trace you sent me, the lighttpd server closes just after sending the response headers. This indeed matches the "SD" log that aproxy emits. If it doesn't happen in TCP mode nor with Nginx, it means that

Re: Tune HAProxy in front of a large k8s cluster

2019-02-20 Thread Baptiste
On Wed, Feb 20, 2019 at 3:25 PM Joao Morais wrote: > > > > Em 20 de fev de 2019, à(s) 02:51, Igor Cicimov < > ig...@encompasscorporation.com> escreveu: > > > > > > On Wed, 20 Feb 2019 3:39 am Joao Morais > Hi Willy, > > > > > Em 19 de fev de 2019, à(s) 01:55, Willy Tarreau escreveu: > > > > >

Re: Tune HAProxy in front of a large k8s cluster

2019-02-20 Thread Joao Morais
> Em 20 de fev de 2019, à(s) 02:51, Igor Cicimov > escreveu: > > > On Wed, 20 Feb 2019 3:39 am Joao Morais Hi Willy, > > > Em 19 de fev de 2019, à(s) 01:55, Willy Tarreau escreveu: > > > > use_backend foo if { var(req.host) ssl:www.example.com } > > > This is a nice trick that I’m

Re: Tune HAProxy in front of a large k8s cluster

2019-02-20 Thread Joao Morais
> Em 20 de fev de 2019, à(s) 03:30, Baptiste escreveu: > > Hi Joao, > > I do have a question for you about your ingress controller design and the > "chained" frontends, summarized below: > * The first frontend is on tcp mode binding :443, inspecting sni and doing a > triage; >There is

Re: %[] in use-server directives

2019-02-20 Thread Joao Morais
> Em 19 de fev de 2019, à(s) 17:51, Bruno Henc escreveu: > > On 2/19/19 9:45 PM, Joao Morais wrote: >> >>> Em 19 de fev de 2019, à(s) 05:57, Willy Tarreau escreveu: >>> >>> In the past it was not possible >>> to dynamically create servers >> I think I misunderstood something, but... how do

Re: Idea for the Wiki

2019-02-20 Thread Willy Tarreau
On Wed, Feb 20, 2019 at 07:44:46AM +0100, Baptiste wrote: > How should we organize directories and pages? > IE for TLS offloading: > /common/acceleration/tls_offloading.md ? > I think it's quite important to agree on it now, because the folders will > be part of the URL indexed by google :) I

Re: Tune HAProxy in front of a large k8s cluster

2019-02-20 Thread Cyril Bonté
Hi all, Le 20/02/2019 à 07:17, Baptiste a écrit : I would use a variable instead of a header:   http-request set-var(req.myvar) req.hdr(host),concat(,path) Joao, note that "concat" is available since 1.9 only ;-) -- Cyril Bonté