Re: Server IP resolution using DNS in HAProxy

2015-07-14 Thread Baptiste
On Sun, Jul 12, 2015 at 11:38 PM, Baptiste bed...@gmail.com wrote: hi all, As you may have noticed already, HAProxy 1.6-dev2 version has integrated a new feature: server IP address resolution using DNS. Main purpose of this dev is to make HAProxy aware of a server IP change when using

Re: IP binding and standby health-checks

2015-07-14 Thread Baptiste
Nathan, The question is: why do you want to use the VIP to get connected on your backend server? Please give a try to the following source line, instead of your current one: source 0.0.0.0 usesrc 10.240.36.13 Baptiste On Tue, Jul 14, 2015 at 9:06 PM, Nathan Williams nath.e.w...@gmail.com

FIX: wrong time unit for some default DNS timers

2015-07-14 Thread Baptiste
Hi, Madison May reported that the timeout applied by the default configuration is inproperly set up. This patch fix this: - hold valid default to 10s - timeout retry default to 1s Baptiste From d84e08b599c30fb1d0d35a3715d76c331ee4c1c4 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann bed

Re: haproxy/hapee Transparent LB

2015-07-14 Thread Baptiste
on a public mailing list) :) Baptiste

Re: Contribution: change response line

2015-07-13 Thread Baptiste
in haproxy. I let the LUA experts answer you on the rest of the mail :) Baptiste

Server IP resolution using DNS in HAProxy

2015-07-12 Thread Baptiste
forward to read your feedback! Baptiste

Re: LB as a first row of defence against DDoS

2015-06-25 Thread Baptiste
Thank you for everything you do. You are one of the unsung heroes who make the guts of the Internet possible. Hehe don't feel like you're exagerating a bit here ? :-) Willy nope. Baptiste

Re: Need your help on HAProxy Load balancing algorithms

2015-06-24 Thread Baptiste
-1 Hi Vinod, First, good luck in your PhD. For load-balancing algorithm, you want to read this part of the doc: http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#balance about the source code, it's available here: http://git.haproxy.org/?p=haproxy.git Baptiste

Re: LB as a first row of defence against DDoS

2015-06-24 Thread Baptiste
are interesting on this topic. Concerning your demand, I don't understand it! Could you provide me your own configuration (or a fake one) you would like to be protected adding comment to the type of protection you expect, then I'll see what I can do. Baptiste

Re: Odd SSL performance

2015-06-18 Thread Baptiste
is impacting the HAProxy VM, which migh be mutually impacted the server VMs... Baptiste On Thu, Jun 18, 2015 at 2:41 PM, Phil Daws ux...@splatnix.net wrote: Hello Lukas: Path is as follows: Internet - HAProxy [Frontend:443 - Backend:80] - 6 x NGINX Yeah, unfortunately due to the application behind

Re: Odd SSL performance

2015-06-18 Thread Baptiste
Phil, without -k, HAProxy spends its time to compute TLS keys. Can you run 'openssl speed rsa2048' and report here the number? My guess is that it shouldn't be too far from 400 :) Baptiste On Thu, Jun 18, 2015 at 3:20 PM, Phil Daws ux...@splatnix.net wrote: Hello Baptiste: we were seeing

Re: Location of log file of haproxy

2015-06-18 Thread Baptiste
in internet) Regards, Ajay Hi Ajay, HAProxy sends logs to a syslog server. So first, ensure your syslog server and HAProxy are propertly configured. Then, reading your syslog configuration will tell you where the files could be. Baptiste

Re: [ANNOUNCE] haproxy-1.6-dev2

2015-06-18 Thread Baptiste
: http://cbonte.github.com/haproxy-dconv/configuration-1.6.html Regards, Willy It's a great release Looking forward to play with it! Note that in my lab, 1.6-dev performs slightly better than 1.5. Baptiste

Re: Disable/enable server for all backends

2015-06-17 Thread Baptiste
. Baptiste

Re: Health check of backends without explicit health-check?

2015-06-17 Thread Baptiste
Hi Krishna, Usually, people use a service discovery tool to do this. Some other people use a local service to cache the check response and serve it to all haproxy servers. Baptiste On Wed, Jun 17, 2015 at 11:38 AM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: On Tue, Jun 16

Re: HAProxy Stats and SSL Problems

2015-06-15 Thread Baptiste
Which means that 2 listening sockets will get the traffic, one deciphering the traffic, and the other one not... Simply remove the ':44300' from your listen section definition. Baptiste

Re: Need help about ACLs settings

2015-06-11 Thread Baptiste
Labrut. Hi Thibault, In the second case, you don't have any default backend. So you'll get a 503 unless you are 12.34.56.78. Baptiste

Re: The cause for 504's

2015-06-11 Thread Baptiste
that your requests are having issues getting from your proxy to your backend servers. Very true, tcpdump is your friend! Have you remarked any common pattern between those 504? Same source IP, same cookie value, same URLs, same server, etc... Baptiste

Re: Need help about ACLs settings

2015-06-11 Thread Baptiste
Or enable the proxy-protocol : http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.5.html#send-proxy http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.5.html#accept-proxy Baptiste On Thu, Jun 11, 2015 at 11:56 AM, Thierry FOURNIER tfourn...@haproxy.com wrote

Re: Limiting concurrent range connections

2015-06-04 Thread Baptiste
If you could give more information about the issue, share haproxy version, compilation procedure, etc... some gdb outputs.. Baptiste On Thu, Jun 4, 2015 at 1:43 PM, Sachin Shetty sshe...@egnyte.com wrote: I did try it, it needs 1.6.dev1 and that version segfaults as soon as the request is made

Re: Limiting concurrent range connections

2015-06-04 Thread Baptiste
Hi sachin, Look my conf, I turned your tcp-request content statement into http-request. Baptiste On Thu, Jun 4, 2015 at 12:05 PM, Sachin Shetty sshe...@egnyte.com wrote: Tried it, I don¹t see the table populating at all. stick-table type string size 1M expire 10m store conn_cur acl

Re: add header or query parameter when redirecting

2015-06-03 Thread Baptiste
frontend fe_dummy_redirect bind 127.0.0.1:8001 http-request redirect prefix http://new-site.com code 301 Note that this configuration needs HAProxy 1.6 (latest snapshot). Baptiste

Re: Dynamic backend selection using maps

2015-06-03 Thread Baptiste
)] Baptiste

Re: Limiting concurrent range connections

2015-06-03 Thread Baptiste
req.hdr(X-track) if is_range is_path_throttled http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled There might be some typo, but you get the idea. Baptiste

Re: add header or query parameter when redirecting

2015-06-03 Thread Baptiste
Hi Baptiste, Unfortunately, we are not willing to upgrade to HAproxy 1.6 just yet, so we are going to use another solution for this redirect (change DNS records to resolve old hostnames to the new web server). Thank you for the info anyway, it may be useful for another time. Sylvain

Re: Limiting concurrent range connections

2015-06-03 Thread Baptiste
Yes, the url sample copies whole URL as sent by the client. Simply give it a try on a staging server and let us know the status. Baptiste On Wed, Jun 3, 2015 at 3:19 PM, Sachin Shetty sshe...@egnyte.com wrote: Thanks Baptiste - Will http-request set-header X-track %[url] help me track URL

Re: Dynamic backend selection using maps

2015-06-03 Thread Baptiste
hi Jim, hdr_end could do the trick if you include the '.' in the matching string. Baptiste On Wed, Jun 3, 2015 at 4:55 PM, Jim Gronowski jgronow...@ditronics.com wrote: I’m not very familiar with the map function, but does hdr_end(host) work in this context? If so, in order to only match

Re: Configure Haproxy to dynamically set backend server

2015-06-02 Thread Baptiste
do using faked cookie persistence and a map. It is much simpler than a lot of if/then/else in LUA. Baptiste On Tue, Jun 2, 2015 at 3:59 AM, Mrunmayi Dhume mrunmayi.dh...@yahoo.com wrote: Hello, Thanks for all your help. Any rough estimate on when the patch for doing DNS resolutions during

Re: Global least loaded server

2015-06-02 Thread Baptiste
, using the agent-check for this purpose. Baptiste

Re: Git-daemon behind HAProxy

2015-05-22 Thread Baptiste
of this application :) Baptiste

Re: Need help with HAProxy configuration mixed content http and https

2015-05-20 Thread Baptiste
you confirm this is a typo or you did not forward all your configuration? Baptiste

Re: [SPAM] backup option doesn't seem to work

2015-05-20 Thread Baptiste
state. Baptiste On Mon, May 18, 2015 at 10:12 AM, Yves Van Wert yve...@gmail.com wrote: Hi Baptiste, when i made the post to the list we were still running haproxy 1.4. I've upgraded yesterday to 1.5 but still notice the same behaviour. The backend config is : backend weblogic-tpc

Re: Remove // from URL

2015-05-20 Thread Baptiste
Hi Peter, Which HAProxy version are you running? what's your whole configuration settings? Baptiste On Wed, May 20, 2015 at 12:18 PM, Peter BUtler peter_butler1...@outlook.com wrote: Sorry, I pressed send a little early on this. MOre information backend https_mysite mode http

Re: Shutdown port when all backends are offline

2015-05-20 Thread Baptiste
Is there any way to control the frontend in that kind of way, that it does not listen on the assigned interface/port, when all backends are down? you can write your own script which reads haproxy stats socket and then stop/disable the frontend if all the backends are down. Baptiste

Re: multiple health checks

2015-05-14 Thread Baptiste
| | | sso01 sso02 || web01 web02 Hi Glenn, Are sso01 and web01 runnig on the same server / same IP address? Baptiste

Re: Issue with SSL

2015-05-13 Thread Baptiste
and report any issue? (it's simply a test and should not be used in any case as a workaround!) Baptiste

Re: haproxytool which supports HAProxy in nbproc 1 mode

2015-05-13 Thread Baptiste
Hi Pavlos, Thanks a lot for the great work! I'm going to have a look at it as soon as possible :) Baptiste On Wed, May 13, 2015 at 12:00 AM, Pavlos Parissis pavlos.paris...@gmail.com wrote: Hi all, I have pushed to github a tool which I call haproxytool that can be used to perform the most

Re: Issue with SSL

2015-05-13 Thread Baptiste
On Wed, May 13, 2015 at 2:16 PM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi Baptiste, Thank you very much for the tips. I have nbproc=8 in my configuration. Made the following changes: Added both bind and tune.bufsize changeresult - works

Re: Question on distribution not according to backend weight

2015-05-08 Thread Baptiste
is the good way to go, simply increase your maxconn, unless there is a good reason for it to be as low as 2. Baptiste

Re: Is FTP through haproxy at all viable?

2015-05-08 Thread Baptiste
to. Baptiste

Re: [haproxy]: Performance of haproxy-to-4-nginx vs direct-to-nginx

2015-05-06 Thread Baptiste
On Wed, May 6, 2015 at 7:15 AM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi Baptiste, On Wed, May 6, 2015 at 1:24 AM, Baptiste bed...@gmail.com wrote: Also, during the test, the status of various backend's change often between OK to DOWN, and then gets back to OK

Re: [SPAM] backup option doesn't seem to work

2015-05-06 Thread Baptiste
in the logfile that connections are also being sent to server03 04. Any idea on how this is possible ? thanks Yves Hi Yves, Please share you logs as well :) Baptiste

Re: Couple of questions on future support

2015-05-06 Thread Baptiste
you have here, please share your information. Baptiste On Wed, May 6, 2015 at 11:38 AM, Danijel Starman theghost...@gmail.com wrote: Hi, I believe Willy mentioned that HTTP/2 support is being worked on, I assume for 1.6 version. -- *blap* On Wed, May 6, 2015 at 11:04 AM, Krishna Kumar

Re: [haproxy]: Performance of haproxy-to-4-nginx vs direct-to-nginx

2015-05-06 Thread Baptiste
that backend from my setup and use dedicated systems, after which the original configuration without specifying source port is working, no connection flaps now. Thanks, - Krishna Kumar How much performance do you have now? Baptiste

Re: [haproxy]: Performance of haproxy-to-4-nginx vs direct-to-nginx

2015-05-05 Thread Baptiste
sysctls. Baptiste

Re: Choosing backend based on constant

2015-04-30 Thread Baptiste
Veiko, The question is how do you set your constant, what piece of information do you use from the traffic or whatever? Then we may help you. Baptiste

Re: SMTPS and L7 health-checks

2015-04-29 Thread Baptiste
On Wed, Apr 29, 2015 at 9:18 AM, iain expat.i...@gmail.com wrote: On 29/04/15 04:26, Baptiste wrote: Hi, You need to enable the check-ssl on the server line. In your case haproxy sends a check in clear, while the server expects a ciphered connexion. That's correct, because I am trying

Re: SMTPS and L7 health-checks

2015-04-28 Thread Baptiste
on the SSL side do not cleanly complete. Can someone show me exactly where I am making an error in here? Hi, You need to enable the check-ssl on the server line. In your case haproxy sends a check in clear, while the server expects a ciphered connexion. Baptiste

Re: Client ip in tcp mode

2015-04-27 Thread Baptiste
Hi yves, Could you tell us which application server are you using? (For offline consulting of the answer) Baptiste Le 27 avr. 2015 07:01, Yves Van Wert yve...@gmail.com a écrit : Hi Baptiste, that did the trick ! Thank you for your assistance Yves On Sat, Apr 25, 2015 at 4:35 PM

Re: SEGV capturing tcp traffic

2015-04-25 Thread Baptiste
Hi, I reported this issue to Willy already and latest snapshot includes a fix: http://git.haproxy.org/?p=haproxy.git;a=commit;h=e91ffd093e548aa08d7ccb835fd261f3d71ffb17 run a git pull or git clone ;) Baptiste On Fri, Apr 24, 2015 at 5:58 PM, CJ Ess zxcvbn4...@gmail.com wrote: Its possible

Re: Client ip in tcp mode

2015-04-25 Thread Baptiste
Hi Yves, proxy protocol is your friend. But the server must be compatible. http://blog.haproxy.com/haproxy/proxy-protocol/ Baptiste On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote: hi list, Is there any way to get the client ip passed through to the backend servers

Re: SSL backends stopped working

2015-04-23 Thread Baptiste
this is not the root of the problem. Then we could investigate further. Baptiste

Re: SSL backends stopped working

2015-04-23 Thread Baptiste
maybe the server refuses sslv3... Can you disable sslv3 on the server side? Baptiste On Thu, Apr 23, 2015 at 3:38 PM, i...@linux-web-development.de wrote: I've checked again, but the time on those servers is correct.. On 2015-04-23 14:16, Daniel Schneller wrote: Have you checked the time

Re: Backend status changes continuously

2015-04-22 Thread Baptiste
Sometimes during the test, I also see many nf_conntrack: table full, dropping packet messages on the host system. First, increase conntrack table size with the following sysctl net.netfilter.nf_conntrack_max=655360 run your test again and report the reslut here Baptiste

Re: Backend status changes continuously

2015-04-21 Thread Baptiste
Hi Krishna, Maybe you could be more verbose on your application, architecture, etc... also which haproxy version, share your configuration, etc... Cause we can't answer you, I'm sorry! Baptiste On Tue, Apr 21, 2015 at 9:59 AM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi all

Re: Multiple defaults sections

2015-04-18 Thread Baptiste
only the timeout client being changed to 10s and for the rest to keep their initial values. If not then we would end up writing duplicate blocks. Thanks, Igor Hi Igor, A new defaults section erases all parameters already set. Then the new section update its default parameters. Baptiste

Re: SSL Acceleration

2015-04-18 Thread Baptiste
, it does not depends only on HAProxy, but also on your openssl library. If the library is able to take advantage of such device, then haproxy will perform better. Baptiste

Re: HA proxy - Need infromation

2015-04-14 Thread Baptiste
Hi Thibault, You can contact haproxy.com, we have a nice GUI and an API on top of HAProxy in our ALOHA appliance. And we speak French :) Just give a call and ask to speak to Sean (+33 1 30 67 60 74) Baptiste On Mon, Apr 13, 2015 at 4:55 PM, Thibault Labrut thibault.lab...@enioka.com wrote

Re: redis redispatch question

2015-04-14 Thread Baptiste
missing the parameter on-marked-down shutdown-sessions on your server lines. It will kill sessions established on a server when it is marked as DOWN by the health checking. Baptiste

Re: 'acl' and 'use_backend' in defaults section?

2015-04-09 Thread Baptiste
unfortunately, for now you'll have to repeat the acl in each frontend :) Baptiste On Tue, Apr 7, 2015 at 9:14 PM, Florin Andrei flo...@andrei.myip.org wrote: I have a few ACLs that are identical for several frontends. I tried to define the ACLs in the defaults section, but I got an error

Re: limiting conn-curs per-ip using x-forwarded-for

2015-04-09 Thread Baptiste
, and to be sure we'll find the header, I've added the inspect delay which accept the request once the buffer is confirmed to contain HTTP. Baptiste On Tue, Apr 7, 2015 at 12:33 PM, Klavs Klavsen k...@vsen.dk wrote: Back from easter vacation :) Baptiste wrote on 03/25/2015 10:30 AM: Hi, some useful

Re: possible header capture corruption when timeout queue

2015-04-09 Thread Baptiste
Hi David, If you're in SQ state, it means the request never reached a server, so you can't have any response header value. Baptiste On Thu, Apr 9, 2015 at 11:11 PM, David Birdsong david.birds...@gmail.com wrote: Greetings, I hope the rewrite from C-Lua is going well... I'm looking to trace

Re: AW: forward client disconnects in http mode

2015-04-09 Thread Baptiste
Haproxy closes the connection with an RST. Baptiste Le 9 avr. 2015 16:54, Pavlos Parissis pavlos.paris...@gmail.com a écrit : On 09/04/2015 02:52 μμ, Dieter van Zeder wrote: ‎Here's the the stripped-down configuration. Http-server-close is required in order to use leastconn. The frontend

Re: CPU saturated with 250Mbps traffic on frontend

2015-04-06 Thread Baptiste
On Mon, Apr 6, 2015 at 2:54 PM, Evgeniy Sudyr eject.in...@gmail.com wrote: Btw, where Pavlos reported his test results? There in list or somewhere else? On this ML. Pavlos was running Linux ;) Baptiste

Re: Health check for backend constituted with multiple socks proxies.

2015-04-03 Thread Baptiste
, HAProxy won't do it on behalf of it. So please confirm first the browser can use any of the listed IP without using HAProxy. Then we'll dig into your issue... Baptiste On Fri, Apr 3, 2015 at 2:05 AM, Hongyi Zhao hongyi.z...@gmail.com wrote: On Thu, 02 Apr 2015 15:04:09 +0200, Baptiste wrote

Re: Agent-check not working with backend HTTPS

2015-04-02 Thread Baptiste
Hi Claudio, Yes, you can trust Vincent's job :) Baptiste On Thu, Apr 2, 2015 at 8:47 AM, Claudio Ruggieri claudio.ruggi...@inetworking.it wrote: Dear Cyril, I updated haproxy to 1.5.11 via ppa. The behaviour is what expected. All seams fine now. Vincent's ppa is maintained? Is safe to use

Re: Health check for backend constituted with multiple socks proxies.

2015-04-02 Thread Baptiste
[ hongyi.zhao AT gmail.com ] Free as in Freedom :. Hi Hongyi, What happens if you brows directly one of the IP address??? Baptiste

Re: Complete rewrite of HAProxy in Lua

2015-04-01 Thread Baptiste
I'll have to find a way to code buffer overflows in LUA! Baptiste

Re: Agent-check not working with backend HTTPS

2015-04-01 Thread Baptiste
in the packet captured? Baptiste

Re: ldap-check with Active Directory

2015-03-31 Thread Baptiste
Hi Matt, The issue with LDAP, is that it is not a banner protocol. So either you check the TCP port is well bound on the server for a simple L4 check, for L7, you don't have the choice, you must send a message and check the server's result. Baptiste On Tue, Mar 31, 2015 at 9:53 AM, Matt

Re: ldap-check with Active Directory

2015-03-31 Thread Baptiste
I think they play with their syslog server to detect a check from real traffic and prevent the syslog server to log the checks. Baptiste On Tue, Mar 31, 2015 at 11:33 AM, Matt . yamakasi@gmail.com wrote: Hi Baptiste, Yes I've seen it also and never got around large logs. What do most

Re: ldap-check with Active Directory

2015-03-31 Thread Baptiste
prefer a send-as-binary REQUEST_METHOD = GET ) these and many others could be shipped with haproxy. this seems to make sense to me as they are small contained logical items Neil Hi Neil, Both contributions are interresting! Let's wait for other people feedback. Baptiste

Re: using a fetcher in wrong context, performance tip

2015-03-30 Thread Baptiste
to highlight the most important point, from my point of view: Requests/sec: 438828.20 nice job man! Baptiste

Re: ldap-check with Active Directory

2015-03-30 Thread Baptiste
you should believe it :) On Mon, Mar 30, 2015 at 11:34 PM, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: Hello Thanks so much. That worked well, I now get L7OK/0 in 0ms not sure I believe the 0ms but maybe I should Thanks again, Neil On 30 March 2015 at 22:14, Baptiste

Re: ldap-check with Active Directory

2015-03-30 Thread Baptiste
authentication tcp-check expect binary 0a0100 # bind response + result code: success tcp-check send-binary 30050201034200 # unbind request Note for myself: put this tip on the blog.. Baptiste

Re: RTMP offloading

2015-03-29 Thread Baptiste
Matt, I won't do your configuration since I have no idea what you want to do. Share what you did exactly, share more information about the issues (logs, etc...) and we may help. Baptiste On Sun, Mar 29, 2015 at 3:53 PM, Matt . yamakasi@gmail.com wrote: Hi, I have tried all, also TCP

Re: RTMP offloading

2015-03-29 Thread Baptiste
, stats page, etc...) Baptiste

Re: RTMP offloading

2015-03-29 Thread Baptiste
a hard one in this case ? Thanks, Matt Hi, Are you using mode tcp ? could you share your configuration? any error message provided by any equipement involved in your setup? Baptiste

Re: route by destination IP address

2015-03-29 Thread Baptiste
Hi, No HAProxy won't do this. Instead, if you could explain us clearly what is your problem, we may be able to help you. For now you just explain what you tried to achieve. Baptiste On Sun, Mar 29, 2015 at 3:33 PM, Abdelouahed Haitoute ahaito...@rinis.nl wrote: I think I've found the issue

Re: active/passive with no failback; stick table not 100% sticky?

2015-03-28 Thread Baptiste
, but still fairly well. Any insight on the usage of the stick table here would be appreciated! Hi Michael, Can you add the 'nopurge' option on your stick-table statement and tell us if that fixes your issue? Baptiste

Re: Availability of HAProxy on Windows Server

2015-03-27 Thread Baptiste
Use hyperv and a linux VM inside. It works pretty well :) Baptiste On Fri, Mar 27, 2015 at 12:50 PM, Simon Dick sim...@irrelevant.org wrote: I'm afraid Windows isn't a supported platform, please see http://www.haproxy.org/#plat On 26 March 2015 at 21:38, Abhijit Damle abhijit.da...@beca.com

[HAProxy Technologies] Meeting with us in SF bay Area

2015-03-26 Thread Baptiste Assmann
, the roadmap, the wish list, the ecosystem (third party tools you use around HAProxy), etc..., just send me a mail! If you simply want to drink a beer or a coffee and discuss about anything but HAProxy, this is also possible !!! Baptiste

Re: Does HAproxy support sending ServerName TLS extension to backend servers?

2015-03-26 Thread Baptiste
of the Host header, etc... So we could discuss the options here, then we'll be able to code something I guess... Baptiste

Re: limiting conn-curs per-ip using x-forwarded-for

2015-03-25 Thread Baptiste
Hi, some useful examples can be taken from this blog post: http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ Just replace src by hdr(X-Forwarded-For). Baptiste On Tue, Mar 24, 2015 at 5:58 PM, Jarno Huuskonen jarno.huusko...@uef.fi wrote: Hi

Re: how make the images directory accessible for all clients?

2015-03-25 Thread Baptiste
Hi Fraj, You need to re-order your configuration and slightly update it: acl white_list src 127.0.0.1 192.168.1.0/24 acl restricted_page path_beg /images http-request allow if restricted_page http-request allow if white_list http-request deny Baptiste On Wed, Mar 25, 2015 at 10:18 AM

Re: using backend node details in acls/response manipulation

2015-03-25 Thread Baptiste
be forced in HAProxy's configuration using the directive 'id'. You may even be able to convert a backend id to a string using a map: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#map Baptiste On Tue, Mar 24, 2015 at 8:36 PM, Martin Nikolov martin.martinniko...@gmail.com wrote: Hi

Re: Haproxy Consuing CPU 100% : need a fix

2015-03-19 Thread Baptiste
(HW, VM, capacity, etc...). Baptiste

Re: Haproxy Consuing CPU 100% : need a fix

2015-03-19 Thread Baptiste
on cpu/ram/nic, etc... Also, please remove this statement: option http-server-close replace by the two following ones: option http-keep-alive option prefer-last-server Baptiste

Re: Haproxy Consuing CPU 100% : need a fix

2015-03-19 Thread Baptiste
between each HTTP request. You should get much better performance, but it depends on your traffic pattern. Baptiste On Thu, Mar 19, 2015 at 6:30 PM, Baptiste bed...@gmail.com wrote: On Thu, Mar 19, 2015 at 1:37 PM, Saurab t saurabh.tiwari@gmail.com wrote: Hello Willy, Thanks you

Re: send/accept-proxy over unix socket not working

2015-03-18 Thread Baptiste
haproxy group haproxy Same on server line: server clear /var/lib/haproxy/test send-proxy user haproxy group haproxy Hope this helps. Baptiste

Re: Haproxy 1.5 ssl redirect

2015-03-18 Thread Baptiste
Hi Sean, You may find some useful information here: http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ and here: http://blog.haproxy.com/2013/02/26/ssl-offloading-impact-on-web-applications/ Baptiste On Wed, Mar 18, 2015 at 3:39 PM, Sean Patronis spatro

Re: Haproxy 1.5 ssl redirect

2015-03-18 Thread Baptiste
Hi Sean! You're welcome :) I still have in my TODO list to contact you about your AVI network experience ;) Talk to you soon. Baptiste On Wed, Mar 18, 2015 at 7:06 PM, Sean Patronis spatro...@add123.com wrote: Baptiste, Thanks for the links, I had run across them earlier this morning in my

Re: building haproxy with lua support

2015-03-17 Thread Baptiste
-2015 Lua.org, PUC-Rio Thanks! -Joe Hi Joe, You're missing an LDFLAGS=-ldl. More information on this blog page, including some quickstart code example: http://blog.haproxy.com/2015/03/12/haproxy-1-6-dev1-and-lua/ Baptiste

Re: lua api

2015-03-17 Thread Baptiste
called in a lua script: http://blog.haproxy.com/2015/03/12/haproxy-1-6-dev1-and-lua/ Bascally, in your lua script, you can recover the client Ip address like this: local clientip = txn.f:src() Baptiste

Re: Support For Postfix

2015-03-16 Thread Baptiste
Hi, thanks for the reply 2.9.6 Proxy protocol is available in Postfix since version 2.10: http://blog.haproxy.com/haproxy/proxy-protocol/ Baptiste

Re:

2015-03-16 Thread Baptiste
to persistence. More information on this blog post: http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ There is no rule, either A or B could get more requests. Baptiste

Re: Support For Postfix

2015-03-16 Thread Baptiste
Let me rephrase this: your version of postfix is too old and does not include the proxy protocol. Please use postfix 2.10 or above. Baptiste On Mon, Mar 16, 2015 at 4:26 PM, adcd gmail adcd...@gmail.com wrote: I read this but I dont understand how it is related to postfix not knowing

RE: send/accept-proxy over unix socket not working

2015-03-16 Thread Baptiste
this is due to either chroot or rights on the socket. Check the user and mode parameters of both your bind and server descritption. Also ensure the unix socket is available in a chroot environment, if any. Baptiste

Re: frequent NOSRV/SC log hits behind AWS ELB

2015-03-10 Thread Baptiste
HAProxy. Soon, HAProxy will perform DNS resolution to kept updated on the fly of server IP address changes. Baptiste

Re: Peers with long hostnames

2015-03-04 Thread Baptiste
. What do people think ? Willy Hello, I do agree!! Baptiste

<    1   2   3   4   5   6   7   8   9   10   >