Re: Server-template and randomized DNS responses

2018-02-11 Thread Baptiste
as soon as I have more reliable information. Note: please ensure the number of server created by server-template directive (5 in your case) is above the expected number of server available in your service. Baptiste On Thu, Feb 8, 2018 at 12:32 AM, Чепайкин Михаил <mchepay...@gmail.com> wrote:

Re: Server-template and randomized DNS responses

2018-02-07 Thread Baptiste
rvice name in consul. Baptiste On Wed, Feb 7, 2018 at 2:52 PM, Чепайкин Михаил <mchepay...@gmail.com> wrote: > Hi! > > I have a Consul as service discovery tool and HAProxy as load balancer. > > In Consul registered a service running on a number of servers, and this &g

New HTTP action: DNS resolution at run time

2018-01-30 Thread Baptiste
or logging purpose, etc...). This feature should not be used "as is" to find out the server IP address since an attacker may use it to scan your network. So always combine it with some ACLs to refuse destination IP such as loopback, private subnets, HAProxy's public IP,etc... Enjoy!

Re: 1.8 resolvers - start vs. run

2018-01-08 Thread Baptiste
Unfortunately, this may not be backported into 1.8. We do backport only bug fixes and this is a feature. Baptiste On Mon, Jan 8, 2018 at 10:20 PM, Jim Freeman <sovr...@gmail.com> wrote: > Your proposal aligns with what I was thinking over the weekend. > > I'll try to be cle

Re: 1.8 resolvers - start vs. run

2018-01-08 Thread Baptiste
fallback to resolv.conf parsing. If you fill comfortable enough, please send me / the ml a patch and I can review it. If you have any questions on the design, don't hesitate to ask. Baptiste On Mon, Jan 8, 2018 at 1:56 PM, Jim Freeman <sovr...@gmail.com> wrote: > No new libs needed.

Re: Problem: Connect() failed for backend: no free ports.

2017-11-06 Thread Baptiste
haproxy. > > > Any other solution? > > Hi Michael, Maybe you could tell us more about your workload and share with us your configuration. This will help the diagnostic. Also, can you confirm you tuned some sysctls? (I mainly think about the port range one) Baptiste

Re: HAProxy as a frontend for Docker Swarm deployment

2017-11-06 Thread Baptiste
to do the http routing. Nothing is provided by Swarm mode yet for this purpose. So you must use labels, as traefik has designed it. Baptiste

Re: log-format in defaults section in 1.7

2017-11-02 Thread Baptiste
Hi, This is due to the way the configuration parser works currently. It parses those lines "atomically". We might want to move this configuration checking in the sanity checks which is executed once we launched the conf. Baptiste On Thu, Nov 2, 2017 at 11:08 PM, Thayne Mc

Re: confusion regarding usage of haproxy for large number of connections

2017-10-30 Thread Baptiste
hi You miss a "maxconn 8000" in your frontend as well. maxconn in the global section is process-wide, but it does not apply to the frontend (which is limited to 2000 connections by default). Baptiste On Fri, Oct 27, 2017 at 2:58 PM, kushal bhattacharya < bhattacharya.kush...@gma

PATCH: Lua: add UUID to the Proxy Class

2017-10-26 Thread Baptiste
Hi, I saw that the UUID was missing in the Proxy Class in Lua, so I added it. The patch is in attachment. Baptiste From 7fc0433e3f2da0e86bc5ae0cd845856ec23743b7 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann <bed...@gmail.com> Date: Thu, 26 Oct 2017 21:51:58 +0200 Subject: [PATCH] MINO

[PATCH] MINOR: server: missing chunck allocation in srv_update_status()

2017-10-24 Thread Baptiste
Hi, While testing Christopher's DNS "thread-safe" code, I found a bug in srv_update_status following a recent update (related to threads too). The patch is in attachment. Cheers From 441b65d0d7df8f84c19663f57a4ec6a35f4e8d1e Mon Sep 17 00:00:00 2001 From: Baptiste Assmann <bed...@gm

Re: Reload takes about 3 minutes

2017-10-13 Thread Baptiste
Hi Joel, You can also use the server-state file with init-addr set to last,libc. That way, if an IP address is found in the state file, HAProxy will apply it and won't perform a DNS resolution at configuration parsing time. Baptiste On Fri, Oct 13, 2017 at 4:32 PM, Joel W Kall <j...@loop54.

Re: another cppcheck finding

2017-10-05 Thread Baptiste
I also fixed it in a patch set to make the resolution pool dynamic :) Baptiste

[PATCH] BUG/MAJOR: tcp/http: set-dst-port action broken

2017-10-03 Thread Baptiste
Hi, A regression has been introduced into the function handling TCP/HTTP action "set-dst-port". It actually does not change the right port (changing the source port on the server side connection instead of changing the destination one). The patch in attachment fixes this issue. Bap

Re: [PATCHES] 3 patches for DNS SRV records

2017-08-22 Thread Baptiste
get to mix this with server-templates, such as: backend red server-template red 20 _http._tcp.red.default.svc.cluster.local:8080 resolvers kube inter 1s check resolve-prefer ipv4 Enjoy and report any issues!!! Baptiste

Re: requests are loadbalanced to servers in maintainance mode

2017-08-22 Thread Baptiste
urfer/haproxytool You may still have to configure one stats socket per process :) Baptiste

Re: [PATCHES] 3 patches for DNS SRV records

2017-08-11 Thread Baptiste Assmann
aking time to test and report your findings! > > On 08/11/2017 11:10 AM, Baptiste Assmann wrote: > > > > Hi All > > > > So, I enabled latest (brilliant) contribution from Olivier into my > > Kubernetes cluster and I discovered it did not work as expected. > > Af

Re: [PATCHES] 3 patches for DNS SRV records

2017-08-11 Thread Baptiste Assmann
se only... For production purpose, HAProxy Technologies contributes to the haproxy ingress implementation in kubernetes (the one you linked). This implementation is based on HAProxy stable and does not take into account the SRV records yet (should be updated later once HAProxy 1.8.0 will be available). Baptiste

[PATCHES] 3 patches for DNS SRV records

2017-08-11 Thread Baptiste Assmann
e a headless service called 'red' in my kubernetes, it points to my 'red' application) backend red   server-template red 20 _http._tcp.red.default.svc.cluster.local:8080 inter 1s resolvers kube check In one line, we can enable automatic "scalling follow-up" in HAProxy. Baptist

Re: [PATCHES] SRV record support

2017-08-09 Thread Baptiste
On Wed, Aug 9, 2017 at 4:40 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Wed, Aug 09, 2017 at 04:00:04PM +0200, Olivier Houchard wrote: > > > > Hi, > > > > After some review and tests by Baptiste, here comes an updated patchset, > > with a few bugfixes. >

Re: How does HAProxy work internally in terms of http data flow?

2017-08-01 Thread Baptiste
http-buffer-request" (since HAProxy 1.6) to collect the request body (up to a tune.bifsize size). Baptiste

Re: DNS suffix for resolver

2017-07-13 Thread Baptiste
ports fqdn. I'm seeing attraction for such type of feature and I saw myself a few use cases where it looks to be interesting to support it. I can dig into it and see if this can be done in a simple yet efficient way. I can't promise anything for 1.8 release though... Baptiste

Re: Question about "show servers state" and changing backends

2017-07-12 Thread Baptiste
atch this "server-state" feature from a different angle, because I have the feeling that if we carry on like this, we may end up with a patchwork of exceptions that may be boring to manage and understand at some point. "server-state" is supposed to be used to give a new HAProxy process the status the servers had in a previous running process. Baptiste

Re: Question about "show servers state" and changing backends

2017-07-11 Thread Baptiste
server s3 1.0.0.3:80 id 3 And then, when rotating, the servers will keep their PUID. IE: backend b_myapp [...] server s3 1.0.0.3:80 id 3 server s1 1.0.0.1:80 id 1 server s2 1.0.0.2:80 id 2 Baptiste

Re: HAProxy failover - DNS change cached by IE for a long time

2017-07-07 Thread Baptiste
Hi, Simply don't use DNS to switch from an HAProxy to an other one. Better to use a mechanism such as VRRP to move an IP address from a host to an other one: DNS does not need to be updated in such case. Keepalived on Linux may be used for this purpose. Baptiste

Re: DNS resolver for backend with server/service with multiple IP's

2017-07-03 Thread Baptiste
g libc at configuration parsing. I saw some deployments where the host below HAProxy was not be able to resolve an IP address from a consul endpoint. Baptiste

Re: Possible regression in 1.6.12

2017-06-16 Thread Baptiste
Guys, I'll be able to have a look at this issue on Monday. I quickly read the thread, and I feel it simply look like a configuration issue. Could you confirm what is the status of it? Baptiste

Re: [PATCHES] Major DNS changes

2017-05-29 Thread Baptiste
n, Olivier or I will improve this by enforcing the resolvers to perform both A and queries and cache both response and let the requester pick-up the one he wants. For now, the cache only stores the response of the latest query... Baptiste > > > Please give it a try and report any issues you may spot :) > > > > Baptiste > > Regards > Aleks >

Re: hostname to IP converter possible?

2017-05-13 Thread Baptiste
to get srv records asap, in 1.8 if possible. Baptiste Le 13 mai 2017 07:36, "Igor Pav" <i...@fastsp.net> a écrit : Thanks, Willy. I found DNS infrastructure improved a lot this year, so I ask it again, hope it is not so stupid :-) On Sat, May 13, 2017 at 7:19 AM, Willy Tarr

Re: Bug: DNS changes in 1.7.3+ break UNIX socket stats in daemon mode with resolvers on FreeBSD

2017-05-11 Thread Baptiste
running a bit out of time for now. Baptiste

Re: Bug: DNS changes in 1.7.3+ break UNIX socket stats in daemon mode with resolvers on FreeBSD

2017-05-10 Thread Baptiste
ss while running the command on the stats socket. I don't know if that's related, but while working on making DNS resolution autonomous (they are currently triggered by health checks), I discovered a "task leak" with the way we open / close the connection in 91a964aae7a405f2752f8be22d669745caa0c16f

Re: DNS and bind statement

2017-05-04 Thread Baptiste
d by this use case. When do you need a hostname in the bind line? Do you think it would make sense to resolve it at run time, if, for example, the IP pointed by hostname changes frequently? Baptiste

Re: ModSecurity: First integration patches

2017-05-04 Thread Baptiste
ource one! And here, we see the benefits of the community behind such product. Baptiste

Re: server FQDN changes from stats socket + server-state file

2017-05-02 Thread Baptiste
Appart the bug, the new feature works smoothly! Great job, Fred @haproxy.com :p Baptiste

Re: server FQDN changes from stats socket + server-state file

2017-05-02 Thread Baptiste
> > >> Here is a new patch version which takes into an account Baptiste remarks. > > Thank you again Baptiste. > > Hi Fred, I gave a try to your code today and found a segfault at the next DNS request following the fqdn change. I attached a patch to this email

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Baptiste
On Thu, Apr 27, 2017 at 2:44 PM, Frederic Lecaille <flecai...@haproxy.com> wrote: > On 04/27/2017 12:43 PM, Baptiste wrote: > >> >> >> On Thu, Apr 27, 2017 at 11:22 AM, Frederic Lecaille >> <flecai...@haproxy.com <mailto:flecai...@haproxy.com>> w

Re: server FQDN changes from stats socket + server-state file

2017-04-27 Thread Baptiste
AProxy and second, it's up to the admin/devops/script which performs this change to ensure he is not messing up... - in srv_alloc_dns_resolution(), if strdup (or any alloc function) fails, then we should report an error to the function caller and display a message on the CLI. Baptiste

Re: HAProxy spins at 100 CPU....

2017-04-18 Thread Baptiste
lly Tarreau for his support on this interesting > system > and not HAProxy issue. > > Cheers, > Pavlos > > Hi Pavlos, Nice journey :) Baptiste

Re: resolvers default nameservers ?

2017-04-18 Thread Baptiste
g file quite easily. This gave me an idea, since you speak about automation :) We could improve the "resolvers" section parser with a couple of new features: - parsing a 'resolv.conf' file style (you provide a path to the file) to read the nameserver directives only (for now) - using environment variables Baptiste

Re: IPv6 resolvers seems not works

2017-04-11 Thread Baptiste
Hi all, Thank you Frededic!!! Willy, you can merge (and backport to 1.6) Frederic's patch please? Baptiste On Tue, Apr 11, 2017 at 10:45 AM, Павел Знаменский <kompast...@gmail.com> wrote: > Frederic, > Your patch fixes this issue. > > Thank you! > > > 2017-04

Re: server templates

2017-04-10 Thread Baptiste
plates. To make it work with DNS resolution, we need to find a way to provide a fqdn to the default-server directive. This might not be too complicated. After this, the magic will happen Great work Frederic :) Baptiste

Re: Mailing list server migration

2017-04-03 Thread Baptiste
Hi Willy, You should be "in ze cloud", so your hardware won't be EOLed :p Baptiste

Re: [PATCH] improve DNS response parsing

2017-03-25 Thread Baptiste
On Fri, Mar 24, 2017 at 11:56 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > On Thu, Mar 23, 2017 at 09:05:19PM +0100, Baptiste wrote: > > Currently, HAProxy picks up the first IP available in the response which > > matches a familiy preference or a subne

[PATCH] improve DNS response parsing

2017-03-23 Thread Baptiste
. This patch aims at improving this situation: it tries to look for an IP which is not assigned already. Baptiste From 79e032d6428bc900b12e99af64c7ce4608432c8c Mon Sep 17 00:00:00 2001 From: Baptiste <bed...@gmail.com> Date: Mon, 26 Dec 2016 23:21:08 +0100 Subject: [PATCH] MINOR: dns: improve DNS re

Re: [PATCH] BUG/MAJOR: dns: create one client UDP socket per process

2017-02-02 Thread Baptiste
(). Baptiste From 2252a644c8a82846f9cf9e26e460491c0df930f5 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann <bed...@gmail.com> Date: Thu, 2 Feb 2017 22:44:15 +0100 Subject: [PATCH 1/2] MINOR: dns: give ability to dns_init_resolvers() to close a socket when requested The function dns_init_res

Re: [PATCH] BUG/MAJOR: dns: create one client UDP socket per process

2017-01-31 Thread Baptiste
On Tue, Jan 31, 2017 at 2:14 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > On Mon, Jan 30, 2017 at 11:07:53PM +0100, Baptiste wrote: > > Hi all, > > > > Please find attached a patch to fix the issue reported by Joshua on the > ML > &

[PATCH] BUG/MAJOR: dns: create one client UDP socket per process

2017-01-30 Thread Baptiste
Hi all, Please find attached a patch to fix the issue reported by Joshua on the ML and sjiveson on discourse. I moved the initialisation of the dns_resolvers() after the fork. I can confirm now than each process has its own UDP socket to send DNS requests. Baptiste From

Re: Possible bug with haproxy 1.6.9/1.7.0: multiproc + resolvers cause DNS timeouts

2017-01-27 Thread Baptiste
Hi All, Sorry I missed it I'll see what I can do to fix it asap. Thanks for reporting. Baptiste On Thu, Jan 26, 2017 at 6:40 PM, Lukas Tribus <lu...@gmx.net> wrote: > Hello, > > > > Am 29.11.2016 um 09:53 schrieb Willy Tarreau: > >> Hi Joshua, >> >

Re: Need help to reolsve haproxy issue

2017-01-16 Thread Baptiste
Might be a systemd dependency issue, where the socket is not created before the process is started. Baptiste On Mon, Jan 16, 2017 at 4:46 PM, Aaron West <aa...@loadbalancer.org> wrote: > Hi Praveen, > > Am I right in assuming it's a socket for the stats page? Also what use

Re: Haproxy 1.7 and Ipv6-only hosts

2016-12-28 Thread Baptiste
On Fri, Dec 23, 2016 at 5:21 PM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > > On Fri, Dec 23, 2016 at 04:57:36PM +0100, Willy Tarreau wrote: > (...) > > The problem is that in order not > > to lose the port which was already parsed, we temporaril

Re: Update of SSL certificate on haproxy.org

2016-12-28 Thread Baptiste
On Wed, Dec 28, 2016 at 11:50 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > On Wed, Dec 28, 2016 at 09:32:07AM +0100, Baptiste wrote: > > I personally use a shell script (acme.sh https://github.com/Neilpang/ > acme.sh) > > to setup my certificates wit

Re: Update of SSL certificate on haproxy.org

2016-12-28 Thread Baptiste
Thanks for notifying me! > Willy > > Hi Willy, I personally use a shell script (acme.sh https://github.com/Neilpang/acme.sh) to setup my certificates with let's encrypt. I run it in my init script, before HAProxy starts up to replace my certs in-place. It's good enough for me, since the certs will be updated automatically if required after each conf change. I planned to release this script on gitlab at some point, and this could be the right moment :) Baptiste

Re: dynamic configuration via DNS SRV records

2016-12-19 Thread Baptiste
all "nice to have" > to teach haproxy to accept notify messages and update automatically. (You > don't need to do the zone transfer, you just need to receive the message > for the new SOA and reply with the correct response.) > > For now, it will be able to enforce HAProxy to perform

Re: dynamic configuration via DNS SRV records

2016-12-19 Thread Baptiste
DNS query to fill up servers in the backend. As Willy explained already, there will be a discussion on the ML too, because the design is not that simple and we expect the people with experience like you to help us on this stage! Baptiste On Mon, Dec 19, 2016 at 6:29 AM, jerry <je...@soundho

Re: [PATCH] MINOR: dns: support advertising UDP message size.

2016-12-15 Thread Baptiste
to implement the TCP stuff :) I'm clearly very open to this type of feature, because I guess that some other people will have the same requirements. Please note that for now, we are limited to 16KB (or a tune.bufsize) to parse the DNS response. Do you think this is enough? Thanks a lot, > Conra

Re: [ANNOUNCE] haproxy-1.7.0

2016-11-25 Thread Baptiste
Congrats all Baptiste

Re: Backend: Multiple A records

2016-11-25 Thread Baptiste
On Fri, Nov 25, 2016 at 8:08 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Tim, > > On Fri, Nov 25, 2016 at 02:34:49AM +0100, Tim Düsterhus wrote: > > Hi > > > > On 28.08.2016 19:57, Baptiste wrote: > > > This should happen soon, for 1.7. > &

Re: confusion over dns resolution

2016-11-07 Thread Baptiste
Fell free to propose a patch with the way you want it to be worded. Baptiste On Fri, Nov 4, 2016 at 4:15 PM, komu wairagu <komu...@gmail.com> wrote: > Hi Baptiste, > > That's very helpful. > > I wish we could add your examples section to the official > documentation b

Re: confusion over dns resolution

2016-11-04 Thread Baptiste
eriod is greater than , then next DNS resolution will be after X times , X being the rounded ratio between and DNS resolution period With some examples: - inter = 2s, DNS hold valid = 1s, then DNS resolution will happen every 2s - inter = 2s, DNS hold valid = 5s, then DNS resolution will happen every 6s - inter = 2s, DNS hold valid = 10s, then DNS resolution will happen every 10s Baptiste

Re: [PATCH] DOC: stats: provide state details for show servers state

2016-11-02 Thread Baptiste
hese values, so that might be > fine. > Hi, That's the reason why we "designed" the doc like this :) (and dev should now think to update the doc each time they change the flags). Baptiste

Re: Dynamic backend changes without restarting

2016-09-29 Thread Baptiste
one? > > Thanks! > Hi Hayden, How do you reload your HAProxy configuration? You should save pids in a file and give them as argument to '-sf' haproxy statement. Then HAProxy won't drop any existing connections! Baptiste

Re: resolvers section: nameservers required?

2016-09-20 Thread Baptiste
n HAProxy won't perform any DNS resolution at run time. I think you're right and we should report a Warning in such case. Baptiste

Re: envoy LB is now an open source project

2016-09-16 Thread Baptiste
eers, > Pavlos > > > Hi Pavlos, There is as well traeffik [1] and and fabio [2]. Baptiste [1]: https://github.com/containous/traefik [2]: https://github.com/eBay/fabio

Re: [PATCH] New DNS parser

2016-09-12 Thread Baptiste
On Sun, Sep 11, 2016 at 8:03 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > On Thu, Sep 08, 2016 at 09:50:04PM +0200, Baptiste wrote: > > I heavily tested the code, but I'd like more people to test it in their > own > > environment. > > Just

[PATCH] New DNS parser

2016-09-08 Thread Baptiste
ing servers in a backend based on records read in a DNS responses. Conrad: I have a quick and dirty and not finished patch to read and store SRV records. If you want to use it for your own dev, please let me know. Baptiste From 2d196c70952be351508e3ee154d6c57d5cefee2e Mon Sep 17 00:00:00 2001 F

[PATCH] Allow setting a server's port via the CLI

2016-09-04 Thread Baptiste
the configuration file, but now we need to find it when preparing the health check, at run time. Baptiste From 6bb6d7ae5045c4ff76cf9d87ee25e600b52c4e27 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann <bed...@gmail.com> Date: Mon, 13 Jun 2016 14:15:41 +0200 Subject: [PATCH 2/5] MAJOR: check: fi

Re: Backend: Multiple A records

2016-08-31 Thread Baptiste
On Wed, Aug 31, 2016 at 3:37 PM, Tim Düsterhus <t...@bastelstu.be> wrote: > Hi > > On 30.08.2016 22:10, Baptiste wrote: > > Worst case, set X to 10 and you're good ;) > > > > That would not help if slots are not freed and IP addresses change > randomly. But

Re: Backend: Multiple A records

2016-08-30 Thread Baptiste
able to push away old IPs it sounds like it will meet my > requirements perfectly. I won't have control over the IP addresses assigned > in the DNS. > > We may be good then, which is nice :) Baptiste

Re: Backend: Multiple A records

2016-08-30 Thread Baptiste
a A record disappear from the response, the corresponding server will get down. If a new server is added and we provisioned less than X, then a new server is provisioned. This X "upper" limit is to ensure compatibility with all HAProxy features (such as hash LBing algorithms). Could you let me know if that meets your requirements? (we can still change this description). Baptiste

Re: Backend: Multiple A records

2016-08-28 Thread Baptiste
Hi, This should happen soon, for 1.7. Baptiste Le 27 août 2016 23:33, "Tim Düsterhus" <t...@bastelstu.be> a écrit : > Hello > > I want to run HAProxy 1.6.8 with a backend server that may have multiple > A records corresponding to different containers. > > Dur

[PATCH] MAJOR: HAProxy 1.7 obsoletes a 'service port"-less server in a listen section

2016-08-11 Thread Baptiste
decided to obsolete this feature, cause it's useless now and because it prevented a simple and reliable way to change the server port (patches on their way). It's a MAJOR change which might break some configurations. Baptiste From 4ac38c5f2e22ff1294efbaabe9b632474924412d Mon Sep 17 00:00:00 2001

[PATCHES] 2 new functions for standard.c

2016-08-11 Thread Baptiste
Hi the list, Willy, Please find in attachment a couple of patches to add a couple of IP related functions: - ipcmp to compare 2 ipcmp, à la strcmp - ipcpy to copy an IP address, à la strcpy Baptiste From 85868161bd3ee2b60a8964645dde48b891315e73 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann

Re: question related to setting up tcp relay

2016-08-11 Thread Baptiste
Hi, A few interesting pages for you: http://haproxy.com/doc/hapee/1.5/traffic_management/tls.html http://haproxy.com/doc/hapee/1.5/deployment_guides/tls_layouts.html Please note that 404 sounds more a server issue :) Baptiste On Thu, Aug 11, 2016 at 9:03 AM, Rajiv <rgandh...@gmail.

Re: Build fail on alpine linux

2016-08-08 Thread Baptiste
On Mon, Aug 8, 2016 at 2:09 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Mon, Aug 08, 2016 at 02:05:58PM +0200, Baptiste wrote: > > It won't, I'm sending you a patch soon to define _GNU_SOURCE in > proto_tcp.c > > :) > > (which seems to "fix" the problem

Re: Build fail on alpine linux

2016-08-08 Thread Baptiste
On Mon, Aug 8, 2016 at 1:50 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Mon, Aug 08, 2016 at 01:28:07PM +0200, Baptiste wrote: > > Here you go: > > # fgrep -r tcp_info /usr/include/* > > /usr/include/linux/tcp.h:struct tcp_info { > > /usr/include/netin

Re: Build fail on alpine linux

2016-08-08 Thread Baptiste
On Mon, Aug 8, 2016 at 12:30 PM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Baptiste, > > On Mon, Aug 08, 2016 at 12:21:54PM +0200, Baptiste wrote: > > Hi All, > > > > I test my HAProxy code in docker containers over alpine Linux and I can't > > build the ha

Build fail on alpine linux

2016-08-08 Thread Baptiste
y help would be much appreciated since I don't know where to dig anymore and I don't want to use ubuntu in my containers.. Baptiste

Re: Help

2016-08-03 Thread Baptiste
Hi, It supports it, just need the right version: http://blog.haproxy.com/haproxy/proxy-protocol/ Baptiste On Tue, Aug 2, 2016 at 11:59 PM, Jeff Palmer <j...@palmerit.net> wrote: > OK, then you'll need to enable the PROXY protocol in exim assuming it > supports the protocol. &g

Re: haproxy's resolver send queries with "response" flag

2016-07-03 Thread Baptiste
M: dns: > unbreak DNS resolver after header fix". > http://www.haproxy.org/git?p=haproxy-1.6.git;a=commit;h=5f60de08667c3472d95cc20b87753e9fd8520057 > > Willy, maybe we should release 1.6.6 before the end of june, after some > pending issues are fixed. > > > -- > Cyril Bonté > Hi, This patch generated a lot of noise on the ML :/ Baptiste

Re: [PATCH] Allow setting server port via admin socket.

2016-07-03 Thread Baptiste
of this patch allows changing the port through the socket like you did. Baptiste On Wed, Jun 29, 2016 at 1:08 AM, Conrad Hoffmann <con...@soundcloud.com> wrote: > Hi, > > Attached patch allows setting a server's port in addition to the address > via the admin socket, e.g.

Re: Re: [PATCH] MINOR: dns: support advertising UDP message size.

2016-07-03 Thread Baptiste
> It's very nice having support for EDNS0, but IMHO it shouldn't be > enabled by default if it doesn't fallback. Hi Remi, My intention was to not enable this feature by default. Baptiste

Re: [PATCH][RFC] CLEANUP: dns: use struct dns_header for parsing

2016-06-25 Thread Baptiste
Hi Conrad, Thx for your patch, I'll review it later. Willy, please dont apply it for now since I have pending patches which touch this part of the code. Baptiste Le 25 juin 2016 19:11, "Conrad Hoffmann" <con...@soundcloud.com> a écrit : > Hi, > > while poking around in

Re: dynamically choosing back-end port

2016-05-10 Thread Baptiste
where mapfile contains > hosta.domain.com 1001 > hostb.domain.com 1002 > > or similar. > > Is there any facility which would allow this, including the new(er) Lua > capabilities? > > Thanks, in advance Hi Derek, Could you please explain us your use case? Baptiste

Re: Way to reject connections when http request greater than a value

2016-04-27 Thread Baptiste
rver's maxconn is compatible with keep-alive mode. Baptiste

Re: Synchronization state backend servers, between two nodes HAProxy.

2016-04-24 Thread Baptiste
t stdio > How to make that P2 synchronized state servers? > > Many thanks. > > > Hi Aleksey, Well, if I were you I would make the stats socket listening on a private IP address and run the command over the network to both HAProxy servers. Baptiste

Re: "show servers state" shows nothing?

2016-04-24 Thread Baptiste
, but not if I run it "bare" (which the > manual suggests should print out states for all backends). > > Any thoughts? > > -- > James Brown > Engineer Hi, Could you share the relevent part of the configuration? Baptiste

Re: Regarding client side keep-alive

2016-04-22 Thread Baptiste
he frontend and the backend. > Also, has anybody had any issues with http-server-close in high traffic > environments? Like lingering connections, connections not closed properly > etc. This feature has been available for many years and it is very stable for many years too :) You can use without any issue. Baptiste

Re: TTL-based DNS resolution ?

2016-04-16 Thread Baptiste
> if you have any other questions or concerns and we will be happy to assist > you. > " > > Regards, > > -- > Ben Hi Ben, Could you share your configuration? I have the feeling here you're mixing too issues: DNS resolution at run time and the ability to expand backend with more servers. Baptiste

Re: Multiple front ends listening to the same address/port -- want a config error

2016-04-12 Thread Baptiste
>poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Thanks, > Shawn > Hi Shawn, This is not an error, this type of configuration is valid. You should write a script which check this on your own. Baptiste

Re: KA-BOOM! Hit MaxConn despite higher setting in config file

2016-04-04 Thread Baptiste
One is process-wide, one is per frontend and both counts for a maximum accepted incoming connections. Baptiste On Mon, Apr 4, 2016 at 9:07 PM, CJ Ess <zxcvbn4...@gmail.com> wrote: > Funny you should mention that, I pushed out the revised config and > immediately got warning about s

Re: Question about Keep-Alive behaviour

2016-04-04 Thread Baptiste
Hi Craig, This is partially handled by the "http-reuse" featureof HAProxy 1.6. A real connection pool is on its way, it's a requirement for HTTP/2. That said, no idea when we'll have it. Baptiste On Thu, Mar 31, 2016 at 5:11 PM, Craig McLure <cr...@mclure.eu> wrote: > Hi B

Re: KA-BOOM! Hit MaxConn despite higher setting in config file

2016-04-03 Thread Baptiste
gotchas I need to take care of? >>> >>> I notice that ulimit-n and maxsock both show 4495 despite "ulimit -n" for the user showing 65536 (which is probably half of what I really want since each "session" is going to consume two sockets) >>> >>> I'm using haproxy 1.5.12 >>> >> > So add a maxconn in your global section. Your process is limited by default to 2000 connections forwarded. Baptiste

Re: Q: about HTTP/2

2016-04-01 Thread Baptiste
> Thank you very much. > > Best regards > Aleks > Do you guys, on the ML, really need HTTP/2? If so what's your deadline?? Baptiste

Re: Add servers without disruption

2016-03-30 Thread Baptiste
parsed by dconv to produce the HTML output. Baptiste

Re: Add servers without disruption

2016-03-30 Thread Baptiste
n many other third party features relying on this info.. Baptiste

Re: IDEA: initial-state up/down option for servers

2016-03-30 Thread Baptiste
erver option) - the default behaviour > remains unchanged: > https://github.com/beamly/haproxy-1.6/commit/9e7ad68a0c6582a38591eb27626fdb31bb5f8c18 > > I’m wondering if this is something that could be considered for a future > haproxy release? > > Many thanks, > Chris Excellent work Chris!! We dreamed this feature for some time and you did it :) Baptiste

Re: Add servers without disruption

2016-03-29 Thread Baptiste
ial-state" patch proposed by Chris, and some of them would to allow "dynamic" addition of server in the farm at run time using the stats socket. This may be possible, but may not be compatible with all type of load-balancing algorithm and features. Stay tuned :) Baptiste

Re: "Bus error" in dns_build_query on SPARC/Solaris 10

2016-03-29 Thread Baptiste
ostname contains an >> odd number of symbols! > > So, it should be easy to fix. Baptiste, do you want a patch or are my > explanations enough? > -- > Make sure special cases are truly special. > - The Elements of Programming Style (Kernighan & Plauger) Hi Vincent,

Re: "Bus error" in dns_build_query on SPARC/Solaris 10

2016-03-26 Thread Baptiste
ovide more information? I have no access to sparc machines, so it will be complicated to reproduce the problem. Could it be related to an endianess mismatch ? Baptiste

Re: Exchange 2013 / NTLM Connections

2016-03-24 Thread Baptiste
beginning of the connection, then regular traffic passing through. Baptiste

<    1   2   3   4   5   6   7   8   9   10   >