[PATCH] Enable set-dst and set-dst-port at tcp-request content layer

2019-04-19 Thread Baptiste
Hi, For some reasons, 'tcp-request content' can't execute set-dst and set-dst-port. This patch fixes this issue. Note that this patch will be useful for the do-resolve action. Baptiste From c384d381dbbfa0adae04137238b4fd11593bd2bf Mon Sep 17 00:00:00 2001 From: Baptiste Assmann Date: Thu, 18

[PATCH] http-request do-resolve

2019-04-18 Thread Baptiste
Hi all, Willy, Please find attached to this email the 4 patches for the http-request do-resolve action I submitted a few months ago. I integrated all feedback from Willy and also now support tcp-request content do-resolve. Baptiste From e96ff49ee05dbdc15dc7582349e6314dcfccb20e Mon Sep 17 00:00

Re: DNS Resolver Issues

2019-03-25 Thread Baptiste
> > A reload of the HAProxy instance also forces the instances to query all > records from the resolver. > > Hi Bruno, Actually, this is true only when you don't use the 'resolvers' section or for the parameters who doesn't benefit from the resolvers section, here the 'addr' parameter. Baptiste

Re: DNS Resolver Issues

2019-03-25 Thread Baptiste
hostname which does not resolve at start up may trigger an error, like you discovered with 'addr'. @Piba, feel free to fill up a feature request on github and Cc me there, so we can discuss this point. Baptiste On Sat, Mar 23, 2019 at 2:53 PM PiBa-NL wrote: > Hi Daniel, Baptiste, > >

Re: read async auth date from file

2019-03-06 Thread Baptiste
in HAProxy's source code, written in C. If you want an SPOA in an other language, I would say "stay tuned" :) Baptiste On Sun, Mar 3, 2019 at 9:20 AM Jeff wrote: > I need to add an authorization header for a target server, e.g. >http-request add-header Authorization Bearer\ MYTOK

Re: Does anyone *really* use 51d or WURFL ?

2019-03-05 Thread Baptiste
seems to go against #1 quality of HAProxy: reliability... So you have my +1 :) Baptiste

Re: [PATCH] runtime do-resolve http action

2019-02-27 Thread Baptiste
On Fri, Jan 25, 2019 at 3:28 PM Willy Tarreau wrote: > On Fri, Jan 25, 2019 at 03:09:52PM +0100, Baptiste wrote: > > Hi Willy, > > > > Thanks for the review!!! > > I fixed most of the problems, but I have a 3 points I'd like to discuss: > > > > > + I

Re: Tune HAProxy in front of a large k8s cluster

2019-02-21 Thread Baptiste
On Wed, Feb 20, 2019 at 3:14 PM Joao Morais wrote: > > > > Em 20 de fev de 2019, à(s) 03:30, Baptiste escreveu: > > > > Hi Joao, > > > > I do have a question for you about your ingress controller design and > the "chained" frontends, summariz

Re: Tune HAProxy in front of a large k8s cluster

2019-02-20 Thread Baptiste
esult to a req.var and removing the header after that. > Wondering if 1.8 has a better option > > ~jm > > Well, set-var should do the trick, or I missed something. Baptiste

Re: Idea for the Wiki

2019-02-19 Thread Baptiste
On Tue, Feb 19, 2019 at 9:36 AM Willy Tarreau wrote: > Hi Baptiste, > > On Wed, Feb 06, 2019 at 03:55:37PM +0100, Baptiste wrote: > > I think one of the most important piece is guide lines on integrating > > HAProxy with third parties, IE: Observing HAProxy w

Re: Tune HAProxy in front of a large k8s cluster

2019-02-19 Thread Baptiste
he ability to do ssl deciphering and ssl passthrough on a single bind line is one of them. Is there anything else we could improve? I wonder if crt-list would be useful in your case: https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-crt-list Baptiste >

Re: Tune HAProxy in front of a large k8s cluster

2019-02-19 Thread Baptiste
I would use a variable instead of a header: http-request set-var(req.myvar) req.hdr(host),concat(,path) Baptiste

Re: %[] in use-server directives

2019-02-19 Thread Baptiste
amic-scaling-for-microservices-with-runtime-api/#runtime-api > > You might need to build a development version of HAProxy to take > advantage of the latest features. > > Hi Bruno, Actually, those features are stable! Baptiste

Re: Allowing more codes for `errorfile` (like 404) (that can be later re-used with `http-request deny deny_status 404`)

2019-02-11 Thread Baptiste
in both use cases above, from my point of view, it would make sense to make it return 404 out of the box (without a hack). Baptiste

Re: Anyone heard about DPDK?

2019-02-11 Thread Baptiste
Hi, HAProxy requires a TCP stack below it. DPDK itself is not enough. Baptiste >

Re: Using server-template for DNS resolution

2019-02-07 Thread Baptiste
/blog/haproxy-and-consul-with-dns-for-service-discovery/ Basically, you should first create a "resolvers" section, in order to allow HAProxy to perform DNS resolution at runtime too. resolvers consul nameserver consul 127.0.0.1:8600 accepted_payload_size 8192 Then, you need to adjust your server-template line, like this: server-template amqs 10 _activemq._tcp.service.consul resolvers consul resolve-prefer ipv4 check In the example above, I am using on purpose the SRV records, because HAProxy supports it and it will use all information available in the response to update server's IP, weight and port. I hope this will help you. Baptiste

Re: Opinions about DoH (=DNS over HTTPS) as resolver for HAProxy

2019-02-06 Thread Baptiste
uot;most" complicated part would be to be able to to link the resolver scheduler to a backend. (maybe we could use this trick to do DNS over TCP too...) I will follow the thread on the github and may jump in if anybody wants to implement it :) Baptiste On Mon, Feb 4, 2019 at 10:46 PM Aleksandar

Re: Idea for the Wiki

2019-02-06 Thread Baptiste
with influxdb, HAProxy as a Kubernetes External Load-balancer, Service discovery with consul, and so on. I don't really know where to put those in the summary you proposed, but that's what I want to see in such wiki :) Baptiste On Mon, Feb 4, 2019 at 6:33 PM Willy Tarreau wrote: > Hi

Re: [PATCH] runtime do-resolve http action

2019-01-25 Thread Baptiste
ed. Now you said it, and I step back a bit, I also consider there is no value in this action, appart being clear on the action name and gives us the ability to be very cautious if we update the behavior of ACT_CUSTOM in the future. I can remove ACT_HTTP_DO_RESOLVE and add a comment in ACT_CUSTOM saying that the do-resolve action relies on this code, just in case. Baptiste

[PATCH] runtime do-resolve http action

2019-01-23 Thread Baptiste
ephemeral services. Baptiste From c3baea8c50a7dcbe4557c4a578fcbd252ffb7c56 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann Date: Tue, 30 Jan 2018 08:10:20 +0100 Subject: [PATCH 3/4] MINOR: obj_type: new object type for struct stream This patch creates a new obj_type for the struct stream

Re: DNS resolution issue with Docker swarm and HAProxy 1.8.15/1.9.0

2018-12-20 Thread Baptiste
I can provide packet captures of the > DNS > > resolution and a sample config to reproduce the problem if you are > interested. > > > > this is indeed a regression in haproxy. thanks for reporting it. > attached patch should fix it. > CC'ing Remi as the original author, and Baptiste, as DNS maintainer. > > Jérôme > Hi Lehonard, Jerome, Thanks for reporting and fixing this respectively. @Willy you can apply. Baptiste

Re: HTTP/2 to backend server fails health check when 'option httpchk' set

2018-12-16 Thread Baptiste
> single session key can be stored per server. > > Willy > > Hi, I don't know H2 well, but can't we forge an HTTP/2 query using tcp-check script? Baptiste

Re: MQTT CONNECT parsing in Lua

2018-12-11 Thread Baptiste
nt errors / failure per client and why not block them at the LB layer. Baptiste

MQTT CONNECT parsing in Lua

2018-12-10 Thread Baptiste
/haproxy_mqtt_lua I hope this will be useful to some of you. I am planning to write in native C the converter and the fetch above. Baptiste

Re: SOAP service healthcheck

2018-12-07 Thread Baptiste
Hi, You can also forge a http post with the tcp-check. This would be less hacky. Baptiste Le jeu. 6 déc. 2018 à 09:11, Māra Grīnberga a écrit : > I mean, thanks! I'll look into it! > > Mara > > On Thu, Dec 6, 2018, 10:04 Jarno Huuskonen >> Hi, >> >> On

Re: [PATCH] BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id

2018-11-29 Thread Baptiste
You can see the cipher list for both connections. I am unfortunately not familiar with reg-test, but I can have a look at it and contribute one if you want. Baptiste On Thu, Nov 29, 2018 at 9:01 AM Willy Tarreau wrote: > Hi Baptiste, > > On Wed, Nov 28, 2018 at 03:

[PATCH] BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id

2018-11-28 Thread Baptiste
this issue. Baptiste From f2c79803c6bcb69866f54c8a5833bd0178bea64c Mon Sep 17 00:00:00 2001 From: Baptiste Assmann Date: Wed, 28 Nov 2018 15:20:25 +0100 Subject: [PATCH] BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id In ssl_sock_parse_clienthello(), the code considers that SSL

Re: haproxy bug: healthcheck not passing after port change when statefile is enabled

2018-11-06 Thread Baptiste
Hi, After debriefing internally, the fix will be much longer and may even trigger a new server-state file format. I keep you updated. Baptiste On Sun, Nov 4, 2018 at 7:11 PM Baptiste wrote: > Hi Sven, > > I reviewed the whole thing and I think the support of port in state file &g

Re: haproxy bug: healthcheck not passing after port change when statefile is enabled

2018-11-04 Thread Baptiste
it. (it's more complicated than moving the code """ if (port_str) srv->svc_port = port; """ a couple of lines above). Baptiste On Tue, Oct 9, 2018 at 10:52 AM Sven Wiltink wrote: > Hey Baptiste, > > > We noticed the SRV pa

Re: faster than load-server-state-from-file?

2018-10-09 Thread Baptiste
On Mon, Oct 8, 2018 at 7:57 PM Aleksandar Lazic wrote: > Am 08.10.2018 um 19:35 schrieb Willy Tarreau: > > On Mon, Oct 08, 2018 at 07:27:39PM +0200, Aleksandar Lazic wrote: > >> Hi Baptiste. > >> > >> Am 08.10.2018 um 16:20 schrieb Baptiste: > >>>

Re: faster than load-server-state-from-file?

2018-10-08 Thread Baptiste
rche? Ou mieux, faire un arbre qui avec en point d'entrée "/" ? Baptiste On Wed, Oct 3, 2018 at 2:00 PM Pierre Cheynier wrote: > Hi Willy, > > > Not really. Maybe we should see how the state file parser works, because > > multiple seconds to parse only 30K lines s

BUG/MINOR: fix server's resolver checking at configuration validation step

2018-09-05 Thread Baptiste
l fail too: [ALERT] 247/111027 (28758) : config : backend 'bk_pouet', server 'bla': unable to find required resolvers 'dns' [ALERT] 247/111027 (28758) : Fatal errors found in configuration. Baptiste From e618d06562a41d44c6023f2ea4f5d4a2ff306490 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann D

Re: BUG/MEDIUM: incompatibility between DNS SRV records and server-state

2018-09-05 Thread Baptiste
On Tue, Sep 4, 2018 at 5:46 PM, Willy Tarreau wrote: > On Tue, Sep 04, 2018 at 10:02:09AM +0200, Baptiste wrote: > > This patch improve the server-state file to fix this issue: the srv > record > > used to manage this server is now saved by the previous process and >

BUG/MEDIUM: incompatibility between DNS SRV records and server-state

2018-09-04 Thread Baptiste
versions). Baptiste From 42dc52b1a992212e31b67a31441036b494a3d935 Mon Sep 17 00:00:00 2001 From: Baptiste Assmann Date: Tue, 4 Sep 2018 09:57:17 +0200 Subject: [PATCH] BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file Server state file has no indication

Re: Option "verify" incompatible with "crt-list"

2018-08-20 Thread Jean-Baptiste Berthelin
Dear, I just have upgraded to the last release of HAProxy 1.8 and it's good working now. Regards Le 20/08/2018 à 13:39, Aleksandar Lazic a écrit : > Hi. > > Am 20.08.2018 um 10:20 schrieb Jean-Baptiste Berthelin: >> Hello, >> >> Since I have upgrade my Chrome webbrows

Option "verify" incompatible with "crt-list"

2018-08-20 Thread Jean-Baptiste Berthelin
oxy/domain_crt_list : /etc/haproxy/domain-com.pem [verify optional] my.domain.com /etc/haproxy/domain2-com.pem *.domain.com ~~~ The certificate provided by the haproxy server is different according to the SNI, but the "verify" option is not take in account. Is it a known bug or is there a workaround ? Best regards -- *Jean-Baptiste Berthelin*

Option "verify" incompatible avec "crt-list"

2018-08-17 Thread Jean-Baptiste Berthelin
~~ Le certificat présenté par le serveur est bien différent selon le SNI, mais l'option "verify" ne semble pas interprétée. Cordialement -- *Jean-Baptiste Berthelin*

PATCH / BUG: DNS configuration validation is not executed at the right moment

2018-08-10 Thread Baptiste
attachment fixes this behavior. This patch should be backported into HAProxy 1.8 as well. Baptiste From 140432e3eeff0dfd36b48310a64b908bde7cc90f Mon Sep 17 00:00:00 2001 From: Baptiste Assmann Date: Fri, 10 Aug 2018 10:56:38 +0200 Subject: [PATCH] BUG/MINOR: dns: check and link servers' resolve

Re: Question about HAProxy URL rewrites

2018-08-10 Thread Baptiste
ontend testdomain bind 172.16.0.17:80 <http://172.16.0.17/> bind 172.16.0.17:443 mode http acl redirectarchives path_beg -i /ua use_backend testbe if redirectarchives # default_backend stageweb backend testbe http-request redirect location %[path]/ code 302 unless { path_end / } http-request set-path %[path,regsub(^/ua,)] balance leastconn option forwardfor server ext1 172.17.0.18:80 <http://172.17.0.18/> check port 80 Baptiste

Re: Server State File not loading.

2018-08-08 Thread Baptiste
st result OK > select : pref=150, test result FAILED > Total: 3 (2 usable), will use epoll. > > Available filters : > [SPOE] spoe > [COMP] compression > [TRACE] trace > Using epoll() as the polling mechanism. > > > > On Wed, Aug 8, 2018 at 9:24

Re: Server State File not loading.

2018-08-08 Thread Baptiste
So I don't expect this is a bug On Thu, Aug 9, 2018 at 4:16 AM, Dustin Schuemann wrote: > I don’t believe so. > > I just have IP addresses in my backend configuration > > > So I don't expect this is a bug. Might be a misconfiguration somwhere. What does HAProxy says when you run it in debug

Re: Server State File not loading.

2018-08-08 Thread Baptiste
rom-file global > > I've verified that the servers I changed via the socket are in the state > file. > Hi Dustin, Are you using DNS resolution based on SRV records for those servers? Baptiste

Re: [PATCH][MINOR] Implement resovle-opts with 2 new options

2018-08-08 Thread Baptiste
On Wed, Aug 8, 2018 at 11:09 PM, Willy Tarreau wrote: > Hi Baptiste, > > On Wed, Aug 08, 2018 at 08:14:31PM +0200, Baptiste wrote: > > Hi Willy, > > > > Could you please also backport those patches to 1.8? > > Actually, 1.8 broke a haproxy's default behavior

Re: Possible bug: configuration check is not checking resolvers

2018-08-08 Thread Baptiste
he right check, should it not be found by the configuration > checker command?--> So we found a small little bug?;-). > > Thanks and have a nice day, > Marcos Moreno. > Hi Marcos, Thanks for reporting this! You're testing procedure is the right one and I'm a bit suprised this is happening! I can also confirm I can reproduce this behavior and I will provide a fix soon. Baptiste

Re: [PATCH][MINOR] Implement resovle-opts with 2 new options

2018-08-08 Thread Baptiste
backported, and should have been: 84221b4e9010810cf93b7ad7a31d825fa9fc26bf 741e00a820ca23d3371a10587f5014c58ac14536 e56fffd896fc29f886d5c55dc0930dc7e454b3c8 Cheers On Thu, Jul 12, 2018 at 5:57 PM, Willy Tarreau wrote: > On Thu, Jul 12, 2018 at 05:10:49PM +0200, Baptiste wrote: > &g

Re: [ANNOUNCE] haproxy-1.9-dev1

2018-08-02 Thread Baptiste
Amazing work. congrats all Baptiste

Re: haproxy doesn't reuse server connections

2018-07-27 Thread Baptiste
In other words, you may want to enable "option prefer-last-server". But in such case, you won't load-balance anymore (all requests should go to the same server. Baptiste On Fri, Jul 27, 2018 at 7:09 PM, Cyril Bonté wrote: > Hi Alessandro, > > > Le 27/07/2018 à 17:5

[PATCH][MINOR] Implement resovle-opts with 2 new options

2018-07-12 Thread Baptiste
). The first 3 patches are clean up and the code is in the 4th one. Note that I may move the other resolve-* keywords into the resolve-opts (older keywords will still be valid for backward compatibility). Baptiste From 348effd9e5182687a51b52312ac054286599af07 Mon Sep 17 00:00:00 2001 From: Baptiste

Re: Issue with parsing DNS from AWS

2018-07-12 Thread Baptiste
TCP won't help. As I stated in my previous mail, AWS DNS servers only returns 8 records per response (they are "roundrobined"), even in TCP (I did try with "drill" DNS client). So, your only way to go is to use the "hold obsolete" timer. On Thu, Jul 5, 2018 at 3:

Re: haproxy bug: healthcheck not passing after port change when statefile is enabled

2018-07-12 Thread Baptiste
into the state file. (WIP, but last mile) Once it has been merged, we'll be able to fix this issue (by applying the port only when the server is being managed by an SRV record). Baptiste On Tue, Jul 3, 2018 at 3:41 PM, Sven Wiltink wrote: > Hey Baptiste, > > > Thank you

Re: haproxy 1.9 status update

2018-07-04 Thread Baptiste
Sorry to wake up an old thread, but I'm very concerned by the lack of "architecture guide" documentation with HAProxy. Did we make any progress on this topic? Baptiste

Re: Using different sources when connecting to a server

2018-07-04 Thread Baptiste
I have a question: what would be the impact on "retries" ? At first, we could use it as of today. But later, we may want to retry from a different source IP. Baptiste

Re: Issue with parsing DNS from AWS

2018-07-03 Thread Baptiste
Ah yes, I also added the following "init-addr none" statement on the server-template line. This prevents HAProxy from using libc resolvers, which might end up in unpredictible behavior in that enviroment Baptiste On Tue, Jul 3, 2018 at 3:18 PM, Baptiste wrote: > Well, I

Re: Issue with parsing DNS from AWS

2018-07-03 Thread Baptiste
le even if the DNS server did not return it in the SRV record list. Baptiste On Tue, Jul 3, 2018 at 1:26 PM, Baptiste wrote: > Answering myself... I found my way in the menu to be able to allow port > 9000 to read the stats page and to find the public IP associated to my > "a

Re: Issue with parsing DNS from AWS

2018-07-03 Thread Baptiste
ou updated. On Tue, Jul 3, 2018 at 1:06 PM, Baptiste wrote: > Hi Jim, > > I think I have something running... > At least, terraform did not complain and I can see "stuff" in my AWS > dashoard. > Now, I have no idea how I can get connected to my running HAProxy >

Re: Issue with parsing DNS from AWS

2018-07-03 Thread Baptiste
ppreciated. Baptiste On Tue, Jul 3, 2018 at 11:39 AM, Baptiste wrote: > Hi Jim, > > Sorry for the long pause :) > I was dealing with some travel, conferences and catching up on my backlog. > So, the good news, is that this issue is now my priority :) > > I'll try to first reprodu

Re: Issue with parsing DNS from AWS

2018-07-03 Thread Baptiste
repo to help me speed up in that step). Baptiste On Mon, Jun 25, 2018 at 10:54 PM, Jim Deville wrote: > Hi Bapiste, > > > I just wanted to follow up to see if you were able to repro and perhaps > had a patch we could try? > > > Jim > -

Re: haproxy bug: healthcheck not passing after port change when statefile is enabled

2018-07-03 Thread Baptiste
state (where port is X) - update conf to v2, where port is Y reload HAProxy => X is applied, while you expect to get Y instead Baptiste On Mon, Jun 25, 2018 at 12:55 PM, Sven Wiltink wrote: > Hello, > > > So we've dug a little deeper and the issue seems to be caused by t

Re: Observations about reloads and DNS SRV records

2018-07-03 Thread Baptiste
Hi, Actually, the problem was deeper than my first thought. In its current state, statefile and SRV records are simply not compatible. I had to add a new field in the state file format to add support to this. Could you please confirm the patch attached fixes your issues? Baptiste On Mon, Jun

Re: Reverse String (or get 2nd level domain sample)?

2018-06-29 Thread Baptiste
ou extract the second word, starting at the end of the string. Baptiste On Mon, Jun 25, 2018 at 12:29 PM, Daniel Schneller < daniel.schnel...@centerdevice.com> wrote: > Hi! > > Just double checking to make sure I am not simply blind: Is there a way to > reverse a string using a samp

Re: Haproxy health check interval value is not being respected

2018-06-29 Thread Baptiste
by HAProxy) If your servers are fully operational, can you try set 'timeout check' to 1s and see what happens? and also, the output of 'haproxy -vv' would be interesting. Baptiste On Tue, Jun 26, 2018 at 7:11 PM, Adwait Gokhale wrote: > Hi Baptiste, > > Here is the haproxy configura

Re: Observations about reloads and DNS SRV records

2018-06-25 Thread Baptiste
know that I think I found the cause of the issue but I don’t have a fix yet. I’ll come back to you this week with more info and hopefully a fix. The issue seem to be in srv_init_addr(), because srv->hostname is not set (null). Baptiste

Re: Observations about reloads and DNS SRV records

2018-06-22 Thread Baptiste
the backend id. Baptiste

PATCHES: new resolve-accept-dup-ip server flag

2018-06-22 Thread Baptiste
hes in attachment, 3 of them can be backported. They are more cosmetic than anything, but it took me some time to figure out who, from the code or the comment was wrong... This feature was requested by Ryuzaki on discource. I just provide him the patches, so waiting for his feedback. Baptiste F

Re: tcp-check expect with exclamation mark

2018-06-21 Thread Baptiste
> master_sync_in_progress:1 >> > > ​Try using *rstring* intead of *string*.​ I that fails too try escaping > the column like "master_sync_in_progress\:1" > > tcp-check send QUIT\r\n >> tcp-check expect string +OK >> >> server sc-redis1_63811 10.10.68.61:63811 check >> server sc-redis1_63812 10.10.68.61:63812 check >> server sc-redis1_63813 10.10.68.61:63813 check >> >> >> Best regards, >> Dmitriy Kuzmin >> > > I'm not sure what string you're trying to match. Could you paste the output of "info replication" somewhere on pastebin or gist? Baptiste

Re: Issue with parsing DNS from AWS

2018-06-21 Thread Baptiste
and by the way, I had a quick look at the pcap file and could not find anything weird. The function you're pointing seem to say there is not enough space to store a server's dns name, but the allocated space is larger that your current records. Baptiste

Re: Issue with parsing DNS from AWS

2018-06-21 Thread Baptiste
helpful as well. > > Thanks, > Jim > Hi guys, Thanks for the report and the troubleshooting already done. Something that would help me a lot, is to be able to reproduce the issue. 2 options from here, either you provide the smallest terraform script which allows to reproduce the platform or you provide me an access to a temporary platform so I could troubleshoot live. (we can carry on this conversation off list of course). Baptiste

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2018-06-17 Thread Baptiste
Le dim. 17 juin 2018 à 14:10, Patrick Gansterer a écrit : > > > On 17 Jun 2018, at 13:36, Baptiste wrote: > > > > Can they be used to validate oauth tokens too? > > Depends on the implementation of the tokens, but if they are HMACSHA256 > signed JWT, it’s very

Re: [PATCH] MINOR: crypto: Add digest and hmac converters

2018-06-17 Thread Baptiste
_list sample_conv_kws = {ILH, { > + { "digest", sample_conv_crypto_digest, ARG1(1,STR), NULL, > SMP_T_BIN, SMP_T_BIN }, > + { "hmac", sample_conv_crypto_hmac, ARG2(2,STR,STR), NULL, > SMP_T_BIN, SMP_T_BIN }, > + { /* END */ }, > +}}; > + > +__attribute__((constructor)) > +static void __crypto_init(void) > +{ > + sample_register_convs(_conv_kws); > +} > -- > 2.17.1 > Hi, Nice ones. Can they be used to validate oauth tokens too? Note: maybe an update for configuration.txt would be helpful too. Baptiste

Re: Haproxy health check interval value is not being respected

2018-06-17 Thread Baptiste
nown bug or is it a misconfiguration of some sorts? Appreciate > your help with this. > > Thanks, > Adwait > Hi, Maybe you could share your entire configuration? That would help a lot. Baptiste

Re: [Feature request] Call fan-out to all endpoints.

2018-06-10 Thread Baptiste
time. I don't have any insight into doing that - I can just see that > it might be ... interesting :-) > > If Willy and the rest of the folks who'd have to support this in the > future feel like this feature is worth it, please take this as an > enthusiastic "yes please!" from a user! > > Jonathan > > Hi, what's the use case? Is this API gateway kind of thing? Baptiste

Re: haproxy 1.9 status update

2018-06-10 Thread Baptiste
do it, I'm afraid it's a huge task and I won't have enough time to do it. Baptiste

Re: Observations about reloads and DNS SRV records

2018-06-10 Thread Baptiste
ps://github.com/bedis/dnsserver So feel free to contribute to it or write your own :) I'm going to use it to troubleshoot the issue you reported. That said, nothing is better than other real DNS servers (bind / unbound / powerdns and others) for real production. Baptiste

Re: Observations about reloads and DNS SRV records

2018-06-10 Thread Baptiste
try and reduce up the time it > takes to populate the backend servers with addresses in an effort to lessen > the effects of #1 > > I'll work on this one as soon as I fixed the bug above/ Baptiste

Re: regression testing for haproxy

2018-06-09 Thread Baptiste
Hi Fred, Amazing work. Looking forward to write some of those :) According to you, would it be compicated to automate tests on the DNS resolvers, the stats socket, etc... I mean, anything which is not really HTTP? Baptiste

Re: consistently hash cookie to a header

2018-06-09 Thread Baptiste
pp [...] balance hdr(X-Cook-Uuid) hash-type consistent sdbm http-request set-header X-Cook-Uuid %[req.cook(UUID)] http-request set-header X-Cook-Uuid-Hashed %[req.hdr(X-Cook-Uuid),sdbm] Simply adjust hash-type algorithm to the right converter name. More on converter: http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.1-sdbm Baptiste

Re: Observations about reloads and DNS SRV records

2018-06-06 Thread Baptiste
e the limitations I discovered. My > knowledge of C (and the internal workings of HAproxy) is not great > otherwise this would probably be a patch submission for #1 :) > > Tait > > I'll check that for you. (In the mean time, please keep on answering to Aleksandar emails, the more info I'll have, the best). Baptiste

Re: haproxy 1.9 status update

2018-06-04 Thread Baptiste
Hi, Thanks all for the amazing work :) I just like to focus on a particular point: - wiki : we all know that the architecture guide is obsolete, everyone > wants to refresh it and nobody can because it's a tedious task that > no single person can address, and nobody anymore knows all

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

2018-05-29 Thread Baptiste
this and you get my Ack :) And thanks for your patience and your retransmits. Baptiste On Tue, May 29, 2018 at 9:16 PM, Ben Draut wrote: > This should be it. The only outstanding item was a couple of: > > if (... != NULL) > free(...) > > at the bottom. Willy said he'd fix t

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

2018-05-29 Thread Baptiste
Hi, I'm a bit lost: could you please re-send me the latest version of this patch? Baptiste On Thu, May 24, 2018 at 5:02 PM, Ben Draut wrote: > Willy, I think you've reviewed this one already. :) I fixed a few > things after your review, then you said you just wanted to wait > for

Re: Cannot handle more than 1,000 clients / s

2018-05-11 Thread Baptiste
cess, like this in your frontend: bind :80 process 1 bind :80 process 2 ... Maybe one of your process is being saturated and you don't see it . The configuration above will ensure an even load distribution of the incoming connections to the HAProxy process. Baptiste On Fri, May 11, 2018

Re: [Lua] Using txn.c:

2018-05-08 Thread Baptiste
On Tue, May 8, 2018 at 8:17 PM, Baptiste <bed...@gmail.com> wrote: > Hi All, Thierry, > > I'm trying to use the converter 'table_http_req_cnt()' from a Lua script, > but I'm not successful and so I wonder how I'm supposed to use the > converter class (txn.c:)... > &g

[Lua] Using txn.c:

2018-05-08 Thread Baptiste
-class Like for the fetches class: https://www.arpalert.org/src/haproxy-lua-api/1.8/index.html#fetches-class Any help would be appreciated. (HAProxy 1.8, HTTP action context, where I want to pass a string to the converter table_http_req_cnt to read some data from my table). Baptiste

Re: resolvers - resolv.conf fallback

2018-04-17 Thread Baptiste
ture, and we reserve > >> 'use-system-resolvers' for the feature that Jonathan described? > > > > Perfect! "parse" is quite explicit at least! > > Works for me :-) > > Great, amazing!!! Ben, could you provide a patch using native code? (no third party libraries) Baptiste

Re: DNS resolver and mixed case responses

2018-04-17 Thread Baptiste
Hi all, Thanks a lot for your various investigations! As a conclusion, HAProxy's behavior is "as expected". Baptiste

Re: DNS resolver and mixed case responses

2018-04-09 Thread Baptiste
So, it seems that responses that does not match the case should be dropped: https://twitter.com/PowerDNS_Bert/status/983254222694240257 Baptiste

Re: DNS resolver and mixed case responses

2018-04-09 Thread Baptiste
is ASCII. > > Section 4.1 "DNS Output Case Preservation" mentions this: "No "case > conversion" or "case folding" is done during such output operations, > thus "preserving" case." > > Regrads, > Dennis > > Hi All, Let me ask some advices to our friends of PowerDNS :) Baptiste

Re: resolvers - resolv.conf fallback

2018-04-09 Thread Baptiste
in conjunction with nameserver directives in the resolvers section - HAProxy should emit a warning message when parsing a configuration which has no resolv.conf neither nameserver directives enabled Is that correct? Baptiste

Re: resolvers - resolv.conf fallback

2018-04-03 Thread Baptiste
d natively in HAProxy - (for Lukas) what do you think is better, a configuration option to trigger parsing of resolv.conf or as proposed, if no nameserver are found, we use resolv.conf as a failback? As the maintainer of the DNS code in HAProxy, don't hesitate to ask me any questions. Baptiste

Re: DNS resolver and mixed case responses

2018-04-03 Thread Baptiste
gers the issue: > (Note the reply CaSe does not match query. I can also provide a simple > Python server that performs uppercase in its reply, for replication of > this.) > --- > $ dig @127.0.0.1 -p 1153 example.com > > ;; QUESTION SECTION: > ;EXAMPLE.COM. IN A > > ;; ANSWER SECTION: > EXAMPLE.COM. 60 IN A 127.0.0.1 > > > > Thanks for any assistance, > Dale Smith > > Hi Dale, Thanks for the report! Please share your patch here and I'll have a look, so we could merge it. Baptiste

Re: BUG/MINOR: dns: false positive downgrade of accepted_payload_size

2018-02-26 Thread Baptiste
On Thu, Feb 22, 2018 at 2:04 AM, Lukas Tribus <lu...@ltri.eu> wrote: > Hello Baptiste, > > > > On 21 February 2018 at 19:59, Lukas Tribus <lu...@ltri.eu> wrote: > > Baptiste, I don't think you'd find the symptoms I have in mind > > acce

Re: BUG/MINOR: dns: false positive downgrade of accepted_payload_size

2018-02-21 Thread Baptiste
On Wed, Feb 21, 2018 at 11:07 AM, Lukas Tribus <lu...@ltri.eu> wrote: > Hello Baptiste, > > > On 21 February 2018 at 08:45, Baptiste <bed...@gmail.com> wrote: > >> Is this downgrade at good thing in the first place? Doesn't it hide > >> configuration and

Re: BUG/MINOR: dns: false positive downgrade of accepted_payload_size

2018-02-20 Thread Baptiste
Hi Lukas, Le 19 févr. 2018 23:37, "Lukas Tribus" <lu...@ltri.eu> a écrit : Hello Baptiste, On 19 February 2018 at 18:59, Baptiste <bed...@gmail.com> wrote: > Hi guys, > > While working with consul, I discovered a "false positive"

BUG/MINOR: dns: false positive downgrade of accepted_payload_size

2018-02-19 Thread Baptiste
Hi guys, While working with consul, I discovered a "false positive" corner case which triggers a downgrade of the accepted_payload_size. This patch fixes this issue by ensuring that we downgrade this value only when the resolution status is a timeout. Bap

Re: Timeout tuning for websocket proxy

2018-02-16 Thread Baptiste
st practice is to implement an application layer "ping" every 1 minute and set the timeout tunnel to 61s. Baptiste

Re: Plans for 1.9

2018-02-12 Thread Baptiste
DNS over TCP :)

Re: Server-template and randomized DNS responses

2018-02-12 Thread Baptiste
ot related to Mike's case, but deserves a fix. I'll work on it asap. Baptiste On Mon, Feb 12, 2018 at 10:17 AM, Baptiste <bed...@gmail.com> wrote: > Continuing on my investigation I found an other interesting piece of > information: > I run haproxy and my consul environment in a dock

Re: Server-template and randomized DNS responses

2018-02-12 Thread Baptiste
is starting Now I can reproduce the bug, I'm going to investigate what's happening and provide a fix asap. Thanks a gain Mike for reporting!!! Baptiste On Mon, Feb 12, 2018 at 10:17 AM, Baptiste <bed...@gmail.com> wrote: > Continuing on my investigation I found an other interest

Re: Server-template and randomized DNS responses

2018-02-12 Thread Baptiste
if there are too many sensitive information) Baptiste On Mon, Feb 12, 2018 at 9:25 AM, Baptiste <bed...@gmail.com> wrote: > First, I confirm the following bug in consul 1.0.5: > - start a X instances of a service > - scale the service to X+Y (with Y > 1) > ==> then consul crashes..

Re: Server-template and randomized DNS responses

2018-02-12 Thread Baptiste
1 -p 8600 -t SRV _mfm-monitor-opentsdb ._tcp.service.consul Baptiste On Mon, Feb 12, 2018 at 8:27 AM, Чепайкин Михаил <mchepay...@gmail.com> wrote: > Im on Consul 1.0.2. > > Why do you think this issue is about serving SRV over UDP, rather than > about different order o

  1   2   3   4   5   6   7   8   9   10   >