Re: rebalance sessions when re-restarting server

2015-10-12 Thread Baptiste
Hi Stephen, you have to wait for either the client or the server to close the connection. As you said, the "sessions don't end", so your problem is by design on your application. Baptiste On Mon, Oct 12, 2015 at 5:59 PM, Walsh, Stephen <stephen.wa...@aspect.com> wrote: >

Re: Interactive stats socket broken on master

2015-10-12 Thread Baptiste
puter (Willy, I was wrong this morning, I still had the bug) and when HAProxy runs in docker too. Baptiste

Re: How to configure frontend/backend for SSL OR Non SSL Backend?

2015-10-12 Thread Baptiste
Hi Daren, Do you want/need to decipher the traffic when using SSL? Baptiste On Mon, Oct 12, 2015 at 4:24 PM, Daren Sefcik <dsef...@hightechhigh.org> wrote: > I am probably totally overlooking something but how do I configure a > frontend/backend to pass to the same server for both

Re: Try request again if response body is empty?

2015-10-11 Thread Baptiste
he same result. This type of replay may make sense in a A/B testing mode, but slightly revisited. IE use farm A until one fail occurs, then replay to farm B where we have a more verbose (hence much slower) version of the app or a "fixed" version under testing, etc... In such case, I would agree it may make sense. Baptiste

Re: Haproxy dropping request

2015-10-09 Thread Baptiste
cool :) Ok, we need configuration and log lines relative to this POST. Baptiste On Fri, Oct 9, 2015 at 3:43 PM, Bosco Mutunga <Bosco.Mutunga@jumo.world> wrote: > Those are not the actual credentials, any idea what might be wrong? > >> On 9 Oct 2015, at 16:40, Baptiste <be

Re: Haproxy dropping request

2015-10-09 Thread Baptiste
Wonderfull, Please tell afbbank to change their password ! Baptiste On Fri, Oct 9, 2015 at 3:26 PM, Bosco Mutunga <Bosco.Mutunga@jumo.world> wrote: > Hi, > > I’m experiencing a strange issue whereby Haproxy completely hangs when it > receives a certain request

Re: About maxconn and minconn

2015-10-08 Thread Baptiste
(either increase minconn and or decrease fullconn) and combined to a server which might be quite slow to answer leading HAProxy to use queues. Or you met a bug :) We need the full configuration and log lines around the sQ event (right before and right after), so we may help. Baptiste On Wed

Re: Health check and flapping

2015-10-05 Thread Baptiste
Hi, I've not forgotten you, I'm just running out of time. Baptiste On Tue, Sep 29, 2015 at 5:43 PM, <dra...@tinet.fr> wrote: > Le 2015-08-28 16:40, Baptiste a écrit : >> >> Le 28 août 2015 15:45, <dra...@tinet.fr> a écrit : >> > >> > Hello, >

Re: [PATCH 1/1] MINOR: cli: Dump all resolvers stats if no resolver

2015-10-05 Thread Baptiste
Andrew, My appologies about the proxy_find_by_name function, I was not in the right context!!! Tested and approved. Willy, you can apply :) Thanks a lot for your contribution, Andrew. Baptiste On Mon, Oct 5, 2015 at 5:47 PM, Andrew Hayworth <andrew.haywo...@getbraintree.com> wrote: &g

Re: [PATCH 1/1] MINOR: cli: Dump all resolvers stats if no resolver

2015-10-05 Thread Baptiste
s.ptr != presolvers) continue;" Please write "continue" on a new line. Please repost an updated patch and I'll give it a try before final approval. Baptiste On Sun, Oct 4, 2015 at 11:00 AM, Willy Tarreau <w...@1wt.eu> wrote: > At first glance it seems OK. Baptiste, can

Re: NOSRV error

2015-10-05 Thread Baptiste
> Citrix Brokers > > We used the Windows NLB between Citrix NS Gateway and Citrix Brokers and we > want to replace it with HAproxy. > With the HTTP frontend, we can see "HTTP/XML 479 POST /Scripts/CtxSTA.dll > HTTP/1.1". It doesn't work with HTTPS, the Netscaler gateway seems to close > the connection with FIN,ACK. Why mixing HAProxy between citrix products? As Conrad said, there are servers available for your connection. you should investigate first why the citrix brokers reject the traffic. Baptiste

Re: Converting from sticking on src-ip to custom auth header

2015-10-02 Thread Baptiste
horization) table tbl_hdr Baptiste On Thu, Oct 1, 2015 at 10:24 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > What version are you running? From memory up to 1.5.x you can have only > one table per fe/be, not sure about 1.6 I haven't tried it yet. I've seen > peop

Re: url_ip is not properly extracted in HTTP CONNECT method ?

2015-10-02 Thread Baptiste
very fast and even faster with the conf above since you'll perform only 2 lookups instead of 6. Baptiste On Thu, Oct 1, 2015 at 2:40 PM, Pavlo Zhuk <pa...@lotusflare.com> wrote: > Workardound: > I was able to implement same funtionality with -m ip on url matching, which > is probably

Re: Client Affinity in HAProxy with MQTT Broker

2015-09-28 Thread Baptiste
Hi Sourav, Could you confirm whether you were able to make HAProxy work with MQTT?? Baptiste On Fri, Sep 11, 2015 at 2:14 PM, Baptiste <bed...@gmail.com> wrote: > Hi Sourav, > > Thanks a lot for the mail and the screenshot. > That said, usually, when we ask for a capture, w

Re: Stickiness on req.payload fails

2015-09-25 Thread Baptiste
ilos > Hi, HAProxy is not aware of packets. Your kernel is. Your kernel aggregates packets and report a buffer with data inside to HAProxy. When HAProxy does not find the information it's looking for, it waits more, until a timeout or inspect delay occurs. Baptiste

Re: Keeping conns alive on server side irrespective of client side conns

2015-09-23 Thread Baptiste
/haproxy-dconv/snapshot/configuration-1.6.html#http-reuse That said, what you want might be a real connection pool, which doesn't exist yet in HAProxy. Baptiste

Re: Sharing ACL between frontend

2015-09-22 Thread Baptiste
*** > > Hi Adrian, You might achieve the same purpose with a few lines of configuration, using maps, to assossiate a URL path to a backend, then using the dynamic backend selection. There is an example here using Host header: http://blog.haproxy.com/2015/01/26/web-application-name-to-backend-mapping-in-haproxy/ Let me know if you need help with URL path. Baptiste

Re: [ANNOUNCE] haproxy-1.6-dev5

2015-09-22 Thread Baptiste
On Mon, Sep 21, 2015 at 8:39 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Mon, Sep 21, 2015 at 08:37:36PM +0200, PiBa-NL wrote: >> Op 14-9-2015 om 23:46 schreef Willy Tarreau: >> >On Mon, Sep 14, 2015 at 10:46:00PM +0200, Baptiste wrote: >> >>The issue

Re: Cannot enable a config "disabled" server via socket command

2015-09-18 Thread Baptiste
behavior, soe everyone should be satisfied. Baptiste On Fri, Sep 18, 2015 at 5:28 AM, Pradeep Jindal <praddyjin...@gmail.com> wrote: > It'd be interesting to know the complete semantics of the feature you are > implementing. I know you understand that our use case is a valid one. And w

Re: Haproxy & Kubernetes, dynamic backend configuration

2015-09-18 Thread Baptiste
I'm totally lost with all you buzz keywords! there is no way currently to achieve this purpose. That said, we're aware of this type of requirements and are thinking about different methods to achieve this goal. That said, could you please list here what HAProxy's parameters you would like to see dynamically changeable at run time? Baptiste

Re: Haproxy & Kubernetes, dynamic backend configuration

2015-09-18 Thread Baptiste
tober, when the load generated by 1.6 release will be lower. Baptiste > > Regards, > Smana > > 2015-09-18 13:31 GMT+02:00 Baptiste <bed...@gmail.com>: >> >> On Fri, Sep 18, 2015 at 10:49 AM, Smain Kahlouch <smain...@gmail.com> >> wrote: >>

Re: Cannot enable a config "disabled" server via socket command

2015-09-18 Thread Baptiste
On Fri, Sep 18, 2015 at 12:40 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Fri, Sep 18, 2015 at 10:51:13AM +0200, Baptiste wrote: >> Please find a patch in attachment which fix the issue so you can run >> temporarly the latest code in production. >> That said, I need to d

Re: Haproxy & Kubernetes, dynamic backend configuration

2015-09-18 Thread Baptiste
s in your conf file and reload it :) Baptiste

Re: Haproxy & Kubernetes, dynamic backend configuration

2015-09-18 Thread Baptiste
On Fri, Sep 18, 2015 at 3:18 PM, Smain Kahlouch <smain...@gmail.com> wrote: >> If I may chime in here: Kubernetes supports service discovery through DNS >> SRV records for most use-cases, so the dynamic DNS support that Baptiste >> is >> currently working on would be

Re: Cannot enable a config "disabled" server via socket command

2015-09-17 Thread Baptiste
d" server works correctly with haproxy1.5. Can >>> you confirm whether its a bug in 1.6-dev4? >> >> This is due to the introduction of the SRV_ADMF_CMAINT flag, which is >> set permanently. The "enable/disable" socket command will only modify >> the SRV_ADMF_

Re: [ANNOUNCE] haproxy-1.6-dev5

2015-09-14 Thread Baptiste
d, so if you don't get a response, simply consider it lost. >> I didn't sent a patch so to speak, Remi did send a 'diff --git' but >> without the comment to put into the haproxy repository, after which >> Baptiste then wrote he would submit it after confirmation that i

Re: Chaining haproxy instances for a migration scenario

2015-09-11 Thread Baptiste
m bind :8443 ssl crt server.pem accept-proxy-v2 You can play with weight on the current site to send a few request to the newhaproxy box and increase this weight once you're confident. Baptiste

Re: Client Affinity in HAProxy with MQTT Broker

2015-09-11 Thread Baptiste
arded to a server, then all subsequent messages are going to be forwarded to this server, regardless of the next topics set over the same connection. To be routed again, a client must send next PUBLISH message over a new TCP connection. Baptiste On Thu, Sep 10, 2015 at 7:58 PM, Baptiste <

Re: Client Affinity in HAProxy with MQTT Broker

2015-09-10 Thread Baptiste
This would be doable only if the information can be retrived from the payload of the first request sent by the client. could you provide more information about how MQTT protocol works? Is there any server banner? A simple TCP dump containing an example of the message you want to route would be appreciated and allow us to deliver you an accurate answer. Baptiste

Re: haproxy resolvers, DNS query not send / result NXDomain not expected

2015-09-08 Thread Baptiste
On Tue, Sep 8, 2015 at 7:58 AM, Baptiste <bed...@gmail.com> wrote: >>> Hi, >>> >>> I wonder why the code send the TCP port in the DNS query... >>> I'm currently installing an opnsense and I'll try to reproduce the >>> problem. >>> >

Re: haproxy resolvers, DNS query not send / result NXDomain not expected

2015-09-08 Thread Baptiste
Hi Piba, Finally, Willy fixed it in a different (and smarter) way: http://git.haproxy.org/?p=haproxy.git;a=commit;h=07101d5a162a125232d992648a8598bfdeee3f3f Baptiste

Re: haproxy resolvers "nameserver: can't connect socket" (on FreeBSD)

2015-09-07 Thread Baptiste
OK >poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use kqueue. > > Hi, do you have an easy way to share an access to your FreeBSD box? Worste, case, what FreeBSD version are you using? I'll try to run one in vbox or kvm. Baptiste

Re: haproxy resolvers "nameserver: can't connect socket" (on FreeBSD)

2015-09-07 Thread Baptiste
connect() looks wrong for ipv4: > > ERRORS > The connect() system call fails if: > > [EINVAL] The namelen argument is not a valid length for the > address family. > > Ok, excellent. I wonder how this could happen :) Let me check tonight and com back to you. Baptiste

Re: Question about the status of the connection pool

2015-09-07 Thread Baptiste
e the lead over it. Baptiste

Re: Re: haproxy resolvers "nameserver: can't connect socket" (on FreeBSD)

2015-09-07 Thread Baptiste
On Mon, Sep 7, 2015 at 12:32 PM, Remi Gacogne <rgaco...@coredump.fr> wrote: > Hi, > > On 09/07/2015 10:47 AM, Baptiste wrote: >>> It fails that way: >>> >>> socket(PF_INET,SOCK_DGRAM,17)= (0x4) >>> connect(4,{ AF_INET 8.

Re: Question about the status of the connection pool

2015-09-07 Thread Baptiste
es can benefit from such an alliance. Baptiste

Re: haproxy resolvers, DNS query not send / result NXDomain not expected

2015-09-07 Thread Baptiste
>> Hi, >> >> I wonder why the code send the TCP port in the DNS query... >> I'm currently installing an opnsense and I'll try to reproduce the >> problem. >> >> I've not used FreeBSD since 5.4 version :) >> >> Baptiste > > Hi Baptiste,

Re: haproxy resolvers, DNS query not send / result NXDomain not expected

2015-09-07 Thread Baptiste
On Mon, Sep 7, 2015 at 10:12 PM, PiBa-NL <piba.nl@gmail.com> wrote: > Hi Remi and Baptiste / haproxy users, > > Thanks for the quick fix for socket issues. > > Haproxy now starts succesfull and sends some DNS requests successfully. > However the google backend serv

Re: DNS: defaulting resolve-prefer to ipv6 can lead to unexpected results

2015-09-06 Thread Baptiste
resolve-prefer', if fail again, it fails over to the remaining family. The patches also trigger a failover if the server answers a truncated response. I'll send you the patch by tomorrow. I'll patch later to make haproxy send an OPT record to announce the number of bytes it support as UDP payload. Baptiste

Re: Using getaddrinfo_a on configuration load

2015-09-03 Thread Baptiste
is asynchronous and performs multiple resolutions in parallel). To speed up start up, the new server-state feature will apply last resolved IP to server which rely on DNS to resolve their IP addresses. All of this should be available in 1.6. In the mean time, I would recommend using a local DNS cache, such as dnsmasq. Baptiste

Re: Fix triggering of runtime DNS resolution?

2015-09-03 Thread Baptiste
Hi Conrad, Please use the two patches in attachement. Baptiste From c19188e50313616833f0a6b3d5b1373c8f5bac78 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann <bed...@gmail.com> Date: Thu, 3 Sep 2015 10:59:39 +0200 Subject: [PATCH 02/10] MINOR: BUGFIX: DNS resolution doesn't start

Re: Fix triggering of runtime DNS resolution?

2015-09-02 Thread Baptiste
On Thu, Sep 3, 2015 at 1:11 AM, Baptiste <bed...@gmail.com> wrote: > On Thu, Sep 3, 2015 at 12:56 AM, Conrad Hoffmann <con...@soundcloud.com> > wrote: >> Hello, >> >> it's kind of late and I am not 100% sure I'm getting this right, so would >&

Re: Fix triggering of runtime DNS resolution?

2015-09-02 Thread Baptiste
g | > HRB 110657B Hi Conrad, I remarked this as well. Please apply the patch in attachment and confirm it fixes this issue. I introduced this bug when trying to fix an other one: DNS resolution was supposed to start with first health check. Unfortunately, it started after hold.valid perio

Re: HAProxy - How to filter (all) Headers by Regex

2015-08-28 Thread Baptiste
an example of a 'weird' character which passed through? Baptiste

Re: Health check and flapping

2015-08-28 Thread Baptiste
/3 KO - 2/3 KO - 2/3 OK - 3/3 - Server UP Is there a way to configure the counter to reset itself in case of flapping ? Thanks. Hi there, Thanks for reporting this behavior. I'll have a look and come back to you. Baptiste

Re: getting transparent proxy to work.

2015-08-27 Thread Baptiste
servers. You can simply use any of the VIP handling the web traffic. Baptiste On Thu, Aug 27, 2015 at 4:25 AM, Igor Cicimov ig...@encompasscorporation.com wrote: Obviously you need to have a separate VIP for the 10.10.130.30 and 10.10.130.31 and use that as a DGW on the backend servers

Re: getting transparent proxy to work.

2015-08-20 Thread Baptiste
on the HAProxy box only. On your web server, you must change the default gateway to your HAProxy box. I you did all of this and this is still not working, then it deserves a deeper analysis of your whole platform with hands on the servers. Baptiste

Re: http-response add-header and stats enable

2015-08-19 Thread Baptiste
On Mon, Aug 17, 2015 at 10:35 AM, Lukas Erlacher erlac...@in.tum.de wrote: Hi Lukas, Actually, you're setting response headers with data available only at the request time. This is not possible in HAProxy 1.5 This will be possible in HAProxy 1.6 using the capture statement. Baptiste Hi

Re: Infinite timeout

2015-08-19 Thread Baptiste
I would say yes, but better let Willy answer this question. Note: this is very dangerous to do this! Baptiste On Wed, Aug 19, 2015 at 9:18 AM, mihaly.vukov...@t-systems.com wrote: hi, thanks the answer, I will try that. One question is still open, setting a timeout to 0 mean infinite

Re: Infinite timeout

2015-08-18 Thread Baptiste
could also set 2 defaults sections. One with timeouts, one without. Baptiste

Re: http-request set-nice

2015-08-17 Thread Baptiste
-random-delay-specific-http-requests-haproxy-lua/ Baptiste

Re: Distinguishing multiple ssl sites

2015-08-17 Thread Baptiste
Search for use-backend here: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html Baptiste On Mon, Aug 17, 2015 at 6:49 PM, Roman Gelfand rgelfa...@gmail.com wrote: I do decipher traffic at haproxy. Could you point me to a sample. On Mon, Aug 17, 2015 at 12:44 PM Baptiste bed

Re: Distinguishing multiple ssl sites

2015-08-17 Thread Baptiste
so it could be used in a rule pointing to the backend? Thanks in advance If you decipher the traffic at HAProxy layer, yes. Baptiste

Re: http-response add-header and stats enable

2015-08-17 Thread Baptiste
This will be possible in HAProxy 1.6 using the capture statement. Baptiste

Re: HAProxy reports L4TOUT in 2001ms even if using mode HTTP

2015-08-17 Thread Baptiste
, This is because your ELB has changed its IP address (this is by design). You have to run HAProxy 1.6, which includes a DNS resolution of server IPs. That way, you won't have to reload HAProxy each time ELB change its IP address. HAProxy will resolve it automatically for you. Baptiste

Re: HAProxy for Statis IP redundancy

2015-08-17 Thread Baptiste
the following article: http://blog.haproxy.com/2014/02/13/asymmetric-routing-multiple-default-gateways-on-linux-with-haproxy/ Baptiste

Re: Regarding using HAproxy for rate limiting

2015-08-17 Thread Baptiste
if { sc0_conn_cur ge 40 } Baptiste On Mon, Aug 17, 2015 at 4:53 AM, Amol mandm_z...@yahoo.com wrote: Hi Baptiste, I tried to read about SC0 and SRC, but i am not quite sure what i would gain by changing SRC to SCO for the acl paramters? did u have some example to explain? Thanks

Re: IP address ACLs

2015-08-15 Thread Baptiste
, there should not be any noticeable performance impact, since IP lookup is very quick in HAProxy (a few hundred of nano second in a tree of 1.000.000 IPs). Concerning comments, any string after a dash '#' is considered as a comment and not loaded in the ACL. Baptiste On Sat, Aug 15, 2015 at 8:28 AM

Re: getting transparent proxy to work.

2015-08-14 Thread Baptiste
change and confirm it works after this. Baptiste On Thu, Aug 13, 2015 at 10:28 PM, Rich Vigorito ri...@ocp.org wrote: A couple clarifications. What do you mean by temporary? ... this wouldnt be needed indefinitely? What ive articulated is only one site served through the 2 web servers. Our

Re: Regarding using HAproxy for rate limiting

2015-08-14 Thread Baptiste
and taking too much connections allowed by the maxconn. Baptiste

Re: getting transparent proxy to work.

2015-08-13 Thread Baptiste
-transparent-proxy-mode/ Baptiste On Thu, Aug 13, 2015 at 2:29 AM, Rich Vigorito ri...@ocp.org wrote: No inside the firewall one default gateway. 10.10.130.1 The web servers and haproxy servers have one interface I believe Sent from my Verizon Wireless 4G LTE DROID Baptiste bed...@gmail.com

Re: HAProxy - Combination of SSL Termination and Pass through

2015-08-13 Thread Baptiste
mode tcp bind :443 server 10.0.0.1:443 Baptiste On Thu, Aug 13, 2015 at 4:53 AM, Sandeep Jindal sandeep...@gmail.com wrote: Hi Baptiste, Not sure if that answers my question. What you suggested is to enable SSL for HAProxy. My use case if one step further. Once HAProxy receives the SSL

Re: getting transparent proxy to work.

2015-08-12 Thread Baptiste
Do you mean your web servers have 2 interfaces, each one with its own default gateway? Baptiste Le 12 août 2015 23:10, Rich Vigorito ri...@ocp.org a écrit : Good to hear. Into the firewall 192.168.0.1 and out of the firewall 10.10.130.1 Thanks! *Sent from my Verizon Wireless 4G LTE DROID

Re: Forwarding issue

2015-08-12 Thread Baptiste
are supposed to do, what type of application are they applied to and how this application is supposed to work. Without a bit of context, it is impossible to help! Baptiste

Re: getting transparent proxy to work.

2015-08-12 Thread Baptiste
Hi Rich, Thanks a lot for this info, this is clearer now. In my first mail, I asked you to provide us the default gateway of the web servers. could you please let us know this information ? Baptiste On Wed, Aug 12, 2015 at 5:54 PM, Rich Vigorito ri...@ocp.org wrote: Also for clarification

Re: ECC certificate

2015-08-12 Thread Baptiste
:/ Baptiste

Re: getting transparent proxy to work.

2015-08-08 Thread Baptiste
the simplest one showing a client, haproxy and a server, with their respective interfaces, IPs and default gateway. Last, a TCPdump on HAProxy box showing the traffic on the interface between haproxy and the server for the IP address of the client. Baptiste

Re: REg: Connection field in HTTP header is set to close while sending to backend server

2015-08-07 Thread Baptiste
in the defaults section. And why not adding a option prefer-last-server' which may help keeping the connection alive despite the load-balancing algorithm. Baptiste

Re: Resolvers are not applied from default_server line / Incorrect default value for resolve-prefer

2015-08-04 Thread Baptiste
On Tue, Aug 4, 2015 at 11:27 PM, BBuhl b_b...@yahoo.de wrote: Baptiste bed...@gmail.com schrieb am 22:21 Dienstag, 4.August 2015: Hi Benji, Thanks a lot for your feedback! First, about the resolve-prefer, I coded it (and documented as well) first for IPv4 as a default. That said, Willy

Re: Resolvers are not applied from default_server line / Incorrect default value for resolve-prefer

2015-08-04 Thread Baptiste
admins to mix servers with an IP address and servers with a hostname in the same farm. It also allows the admin to choose on which servers you want to enable DNS resolution. If you think this makes sense to have it in the default-server, then we have to find a way to negate it per server. Baptiste

Re: Copying request headers to response header

2015-08-04 Thread Baptiste
can give a try to the http-request capture statement, to capture at the request time, then inject it back at the time of the response. Baptiste

Re: Haproxy balancing authenticated servers

2015-07-31 Thread Baptiste
Please be more accurate in your answer, otherwise we can't help you! Baptiste On Fri, Jul 31, 2015 at 3:44 PM, Francys Nivea francys.so...@neurotech.com.br wrote: Hello Baptiste, A simple one. Just wanted to send the user and pass together with each server balanced. Peace, *Francys

Re: Haproxy balancing authenticated servers

2015-07-31 Thread Baptiste
the client is dumb, simply use balance source. Baptiste On Fri, Jul 31, 2015 at 3:53 PM, Francys Nivea francys.so...@neurotech.com.br wrote: Sorry I dont have control over the balanced servers. The only information I have are IP, Port, and credentials (User and Pass of each server). I have

Re: Haproxy balancing authenticated servers

2015-07-31 Thread Baptiste
type of authentification do you use? Baptiste

Re: Capture sequencing in logs

2015-07-31 Thread Baptiste
In 1.6, %[query] should do the trick. Baptiste On Fri, Jul 31, 2015 at 1:17 AM, Phillip Decker pdecker999+hapr...@gmail.com wrote: And it only kinda works because when there is no question mark then the field will have the uri instead of being empty... On Thu, Jul 30, 2015 at 7:12 PM

Re: HAProxy - Combination of SSL Termination and Pass through

2015-07-31 Thread Baptiste
and how? Regards Sandeep Jindal 201 604 5277 Hi Sandeep, Simply create your certificate with openssl, and enable enable 'ssl' and 'crt /path/to/your/cert' on your bind line in your HAProxy frontend. Baptiste

Re: http-response set-mark with value from http-response header field

2015-07-31 Thread Baptiste
or hexadecimal format (prefixed by 0x) It does not expect a log format variable as your trying to do. Baptiste On Sun, Jul 26, 2015 at 1:00 PM, Vinay Y S vinay...@gmail.com wrote: Actually I suppose the syntax could be same as sample fetches. For example: http-response set-tos %[res.hdr_val(X-Tos

Re: Problems compiling HAProxy with Lua Support

2015-07-24 Thread Baptiste
Hi Baptiste, can you apply the patch to current git master? Thanks! Bjoern Hi, Only Willy can do this :) I'm nothing else than a humble contributor. Baptiste

Re: tcp-request + gpc ACLs

2015-07-23 Thread Baptiste
Hi Baptiste, thanks you for answering. At the moment i'm testing 1.6 to bring it in production soon. Do you have an example config snippet for your suggestion? Hi, Unfortunately, not. Baptiste

Re: Service down with TCP

2015-07-22 Thread Baptiste
troubleshooting steps have you already performed? Have you dug into systemd? NOTE: Please don't use a translator with your HAProxy configuration. That's why now, haproxy is in fashion tcp instead of mode tcp. Baptiste

Re: tcp-request + gpc ACLs

2015-07-22 Thread Baptiste
the data into a blacklist purpose stick table with an expire argument, then use the in_table converter to know if a request is blacklisted or not. When you use sc0_* function, you refresh the data in the table. Baptiste

Re: Haproxy 1.5.9 logging

2015-07-21 Thread Baptiste
Simply use the same statement to choose the severity level based on ACLs. It works on both http-request and http-response. Baptiste On Sun, Jul 19, 2015 at 10:53 AM, Haim Ari haim@startapp.com wrote: Thank you it works. What would be the best way to separate each log type to different

Re: FW: SSL offloading in HAProxy

2015-07-17 Thread Baptiste
Hi, SSL offloading in front of IMAPs (port 993) is supported. If you try to do STARTTLS over IMAP, it is not supported. Baptiste On Wed, Jul 15, 2015 at 10:38 AM, Cohen Galit galit.co...@comverse.com wrote: Hello HAProxy team, I see that the SSL offloading for http protocol is already

Re: ocsp

2015-07-17 Thread Baptiste
Hi Marc-Antoine, no idea, sorry. Maybe some of our SSL experts may help :) Baptiste On Wed, Jul 15, 2015 at 11:06 AM, Marc-Antoine marc-antoine.b...@ovh.net wrote: Hi, nobody knows plz ? On Thu, 9 Jul 2015 13:06:59 +0200, Marc-Antoine marc-antoine.b...@ovh.net wrote : Hi all, I have

Re: Load Balancing the Load Balancer

2015-07-17 Thread Baptiste
the simplest solution able to solve my issues. I mean your choice to take in sync haproxy.cfg file between 2 or more haproxy LB (rsync, custom script, etc.) rsync or scp... I mean, it's not only a cfg file, but also your SSL certificates, your ACLs, MAPs, etc... Baptiste

Re: Rewrite cookie path cookie domain

2015-07-17 Thread Baptiste
=%[capture.req.hdr(0)] # put your if statements as you want / need You can create as many http-response rules as you need to update first the domain, then the path. Baptiste Anyone can help me? Tnx, rr 2015-07-14 21:34 GMT+02:00 Baptiste bed...@gmail.com: Please repost your question. I

Re: Server IP resolution using DNS in HAProxy

2015-07-17 Thread Baptiste
On Wed, Jul 15, 2015 at 8:28 AM, Marco Corte ma...@marcocorte.it wrote: Il 14/07/2015 22:11, Baptiste ha scritto: - when parsing the configuration, HAProxy uses libc functions and resolvers provided by the operating system = if the server can't be resolved at this step, then HAProxy can't

Re: Server IP resolution using DNS in HAProxy

2015-07-17 Thread Baptiste
, it needs the most accurate information and as fast as possible. You don't want to tune your local bind or powerdns just for HAProxy and prevent any other service to operate as usual. Baptiste

Re: Server IP resolution using DNS in HAProxy

2015-07-17 Thread Baptiste
flexible enough for this purpose without being intrusive in the underlying operating system. Baptiste -Robin- Nenad Merdanovic wrote on 7/15/2015 08:56: Hello Robin, On 07/15/2015 08:49 AM, Robin Geuze wrote: Tbh I don't really see the point of configuring the resolvers in haproxy when

Re: How to disable backend servers without health check

2015-07-17 Thread Baptiste
/unixsurfer/haproxytool Cheers, Pavlos +1 to Pavlos' tool for this type of task Baptiste

Re: cookie prefix strange behavior

2015-07-17 Thread Baptiste
a redirect to a page which cleans up the cookie then redirect the user to the login page. Baptiste On Fri, Jul 17, 2015 at 5:49 PM, mlist ml...@apsystems.it wrote: We found this behavior does not appears if we manually clean cookie in the browser. There is a configuration option to invalidate

Re: IP binding and standby health-checks

2015-07-17 Thread Baptiste
Hi Nathan, The 'usesrc' keyword triggers this error. It needs root privileges. (just checked in the source code) Baptiste On Thu, Jul 16, 2015 at 5:13 PM, Nathan Williams nath.e.w...@gmail.com wrote: oh, i think this comment thread explains it: http://comments.gmane.org

DOC: usesrc root privileges

2015-07-17 Thread Baptiste
Hi, The documentation is missing the usesrc requirements about root privileges. This patch add this information in the doc. Baptiste From 8537d9b6c136a270c79670ebccf972a11fa86af7 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann bed...@gmail.com Date: Fri, 17 Jul 2015 21:59:42 +0200 Subject

Re: Server IP resolution using DNS in HAProxy

2015-07-17 Thread Baptiste
is that you don't need to reload HAProxy to change your X value ;) I would welcome a contribution about SRV record type. That said, before this, I have to rewrite part of the response parser to store the response in a real DNS packet structure instead of keeping data in a buffer. Baptiste

Re: Mailer does not work

2015-07-15 Thread Baptiste
on port 10025 and confirm HAProxy tries to get connected to the SMTP server? Baptiste

Re: haproxy/hapee Transparent LB

2015-07-15 Thread Baptiste
On Tue, Jul 14, 2015 at 7:55 PM, Baptiste bed...@gmail.com wrote: On Tue, Jul 14, 2015 at 7:15 PM, Bearly Breathin bearly.breet...@gmail.com wrote: I at a bit of a loss… Last week I tried, quite unsuccessfully, to make haproxy work as I understand it should after reading the docs, FAQs

Re: IP binding and standby health-checks

2015-07-14 Thread Baptiste
and slave HAProxy servers. Baptiste

Re: Haproxy 1.5.9 logging

2015-07-14 Thread Baptiste
Aim, Simply use the statement http-request set-log-level, like: http-request set-log-level silent unless { path_beg -i /testing } Baptiste

Re: Rewrite cookie path cookie domain

2015-07-14 Thread Baptiste
Please repost your question. I can't see it in my mail history. Baptiste On Tue, Jul 14, 2015 at 3:33 PM, rickytato rickytato rickyt...@r2consulting.it wrote: Anyone can help me? I keep using Nginx? 2015-07-07 10:46 GMT+02:00 rickytato rickytato rickyt...@r2consulting.it: 1.5.12 2015-07

Re: IP binding and standby health-checks

2015-07-14 Thread Baptiste
? FWIW, we're using haproxy 1.5.4 and kernel 4.0.4 on CentOS 7. Some features require root privileges, that said, from a documentation point of view, It doesn't seem the 'source' keyword like I asked you to set it up is one of them. Can you start it up with strace ?? Baptiste Regards, Nathan W

<    1   2   3   4   5   6   7   8   9   10   >