Re: Loading multiple TLS certificates

2019-05-14 Thread Robin H. Johnson
On Mon, May 13, 2019 at 09:10:15PM +, Gibson, Brian (IMS) wrote: > > For the first time, I have a client that refused to let me use a wildcard > certificate. > So I submitted 6 separate CSRs and now have 6 separate certificates and 6 > separate keys. > The intermediate certificates all

[PATCH] MINOR: skip get_gmtime where tm is unused

2019-04-10 Thread Robin H. Johnson
For LOG_FMT_TS (%Ts), the tm variable is not used, so save some cycles on the call to get_gmtime. Backport: 1.9 1.8 Signed-off-by: Robin H. Johnson --- src/log.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/log.c b/src/log.c index f8d3414e2..39e472b33 100644 --- a/src/log.c +++ b/src

[PATCH 3/3] MEDIUM: lua: expose safe fetch/conv via val_args_flags

2018-12-15 Thread Robin H. Johnson
- distcc_param - bool - meth - json - field - word - regsub Initial-Discovery: Yue Zhu Signed-off-by: Robin H. Johnson Signed-off-by: Robin H. Johnson --- src/hlua.c | 28 +++- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/src/hlua.c b/src/hlua.c index a9d126b53

[PATCH 1/3] MINOR: samples: Prep for val_args_flags

2018-12-15 Thread Robin H. Johnson
.*kw_list.*ILH' -A5000 \ | sed -r -n '/struct sample_(conv|fetch)_kw_list\>/,/};/p' Initial-Discovery: Yue Zhu Signed-off-by: Robin H. Johnson Signed-off-by: Robin H. Johnson --- include/types/sample.h | 6 + src/51d.c | 4 +- src/backend.c | 28 ++--- src/connectio

[PATCH 2/3] MEDIUM: samples: add val_args_flags

2018-12-15 Thread Robin H. Johnson
-Discovery: Yue Zhu Signed-off-by: Robin H. Johnson Signed-off-by: Robin H. Johnson --- include/types/sample.h | 22 -- src/51d.c | 2 ++ src/hlua.c | 3 +++ src/map.c | 1 + src/payload.c | 2 ++ src/proto_http.c | 1

Re: [PATCH] BUG/MEDIUM: Expose all converters & fetches

2018-12-13 Thread Robin H. Johnson
On Fri, Dec 07, 2018 at 01:14:47PM +0100, Willy Tarreau wrote: > I had a quick look, some converters use check_operator() which creates > a variable upon each invocation of the parsing function. Some people > might inadvertently get caught by using these ones to look up cookie > values or session

rsync deny & healthcheck

2018-12-11 Thread Robin H. Johnson
Seeing the MQTT CONNECT parsing recently, I thought to share my draft work in rsync balancing: - Lua to generate deny messages for rate-limited clients - tcp-check to check rsync health https://gist.github.com/robbat2/2c8414bd617c013be12cb9b41830e010 I want to try and finish my lua-check code,

[PATCH] BUG/MEDIUM: Expose all converters & fetches

2018-12-06 Thread Robin H. Johnson
m/haproxy/haproxy/commit/594afe76e4694d9faf281ae87f2d026506f7a9d9#diff-fc1678dd7de891cf951a19f59a9a7375R4003 [5] https://gist.github.com/robbat2/6c75f78e0d857b6d8649d591bc44c452 Initial-Discovery: Yue Zhu Tracing: Robin H. Johnson Signed-off-by: Robin H. Johnson Signed-off-by: Robin H. Johnson --- src/hlua.c | 15 ---

Re: Design Proposal: http-agent-check, explict health checks & inline-mode

2018-10-29 Thread Robin H. Johnson
On Sat, Oct 27, 2018 at 01:52:29PM +0200, Aleksandar Lazic wrote: > > Right now, if you want to use load feedback for weights, you either need > > something entirely out-of-band from the servers back to HAProxy, or you > > have to use the agent-check option and run a separate health agent. > >

design proposal: lua-agent-check

2018-10-26 Thread Robin H. Johnson
As a followup to the http-agent-check design idea, I wondered if implementing a general-case lua-agent-check mode would be beneficial. lua-agent-check keyword would take one parameter, the name of a function that can be called to determine the health of a server. The finer details about the

Design Proposal: http-agent-check, explict health checks & inline-mode

2018-10-26 Thread Robin H. Johnson
Hi, This is something I have a vague recollection of existing somewhere, but didn't find any leads in documentation or source. Right now, if you want to use load feedback for weights, you either need something entirely out-of-band from the servers back to HAProxy, or you have to use the

url_param not matching key-only params (also testcases for fetchers)

2018-07-16 Thread Robin H. Johnson
I looked in tests & reg-tests, but didn't see any clear way to add tests for verifying that fetchers work correctly. I think my co-worker found an edge-case on smp_fetch_url_param/smp_fetch_param. Trying to identify URLs that have a URL parameter set, that MIGHT not have a value. This is

Limiting bandwidth of connections

2017-05-10 Thread Robin H. Johnson
Hi, I'm wondering about the status of bandwidth limiting that was originally planned for 1.6. In the archives I see discussions in 2012 & 2013; Willy's responses: 2012-04-17 planned for 1.6: https://www.mail-archive.com/haproxy@formilux.org/msg07096.html 2013-05-01 planned for 1.6:

Re: Introduction and small changes to HAProxy for adding custom errorfiles for 401 and 407 http status page

2017-02-11 Thread Robin H. Johnson
On Sat, Feb 11, 2017 at 07:17:20PM +0100, Michael Hamburger wrote: > If you nonetheless like a git patch I will try to send one. Please do send a patch, it's a LOT easier to review, and if it's good, it can be applied with your name on it :-). If you have all of your changes in a single commit,

Re: [PATCH] MEDIUM: ssl: Add TLS-PSK client and server side support

2017-02-03 Thread Robin H. Johnson
On Fri, Feb 03, 2017 at 02:19:29AM +0100, Nenad Merdanovic wrote: > +psk-file > + Enables use of PSK cipher suites with PSKs stored in the specified file. > + The entries should be in form "identity:key", one per line. > + Rather than new file handling routine, could you instead hook this into

Re: HAProxy Lua Map.end & reserved keywords

2017-01-12 Thread Robin H. Johnson
On Wed, Jan 11, 2017 at 12:17:26PM +0100, Willy Tarreau wrote: > On Mon, Jan 09, 2017 at 08:47:17PM +0000, Robin H. Johnson wrote: > > Maybe Willy would considering changing the name of the matches to 'prefix' > > & 'suffix' instead of 'beg' & 'end', and just keep beg/e

Re: HAProxy Lua Map.end & reserved keywords

2017-01-09 Thread Robin H. Johnson
On Mon, Jan 09, 2017 at 07:49:40PM +0100, thierry.fourn...@arpalert.org wrote: > > I see two potential ways forward: > > a) Map['end'] # works right now, but ugly > > b) Map.match_end # intent is much clearer > Hi, thank for you comment ! You're absolutely right. This keyword > doesn't run because

HAProxy Lua Map.end & reserved keywords

2017-01-09 Thread Robin H. Johnson
TL;DR: 'end' is a reserved Lua keyword, and cannot be used as a structure member as in Map.end. Need to change the naming of constants maybe? http://www.arpalert.org/src/haproxy-lua-api/1.7/index.html#map-class > -- Create and load map > geo = Map.new("geo.map", Map.ip); Now if you want to use

[PATCH v2] MINOR: cfgparse: Allow disable of stats

2017-01-02 Thread Robin H. Johnson
' option just disables the stats without generating the warning message; it uses the exact same means to disable the stats as used by the warning path. Changes since v1: Free uri_auth structure as suggested by Willy Tarreau <w...@1wt.eu>. X-Backport: 1.7 Signed-off-by: Robin H. Johnson

Re: [PATCH] MINOR: http: custom status reason.

2017-01-02 Thread Robin H. Johnson
On Mon, Jan 02, 2017 at 11:47:36AM +0100, Willy Tarreau wrote: > On Sun, Jan 01, 2017 at 01:10:52PM -0800, Robin H. Johnson wrote: > > The older 'rsprep' directive allows modification of the status reason. > > > > Extend 'http-response set-status' to take an optional string

[PATCH-1.6] MINOR: http: custom status reason.

2017-01-01 Thread Robin H. Johnson
set_status Signed-off-by: Robin H. Johnson <robb...@gentoo.org> (cherry picked from commit 4ce5080b32cfc8591f5639e740a1a83079e9a308) --- doc/configuration.txt | 9 ++--- doc/lua-api/index.rst | 11 +++ include/proto/proto_http.h | 2 +- includ

[PATCH-1.7] MINOR: http: custom status reason.

2017-01-01 Thread Robin H. Johnson
set_status Signed-off-by: Robin H. Johnson <robb...@gentoo.org> (cherry picked from commit 4ce5080b32cfc8591f5639e740a1a83079e9a308) --- doc/configuration.txt | 9 ++--- doc/lua-api/index.rst | 11 +++ include/proto/proto_http.h | 2 +- includ

git.haproxy.org down?

2017-01-01 Thread Robin H. Johnson
fatal: unable to access 'http://git.haproxy.org/git/haproxy.git/': Failed to connect to git.haproxy.org port 80: Connection refused -- Robin Hugh Johnson E-Mail : robb...@orbis-terrarum.net Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG

[PATCH] MINOR: http: custom status reason.

2017-01-01 Thread Robin H. Johnson
set_status Signed-off-by: Robin H. Johnson <robb...@gentoo.org> --- doc/configuration.txt | 9 ++--- doc/lua-api/index.rst | 11 +++ include/proto/proto_http.h | 2 +- include/types/action.h | 1 + include/types/applet.h |

[RFC] Setting custom reasons with http-response: optional param vs new directive

2016-12-29 Thread Robin H. Johnson
'rsprep' allows modification of the reason text, for custom status reasons. 'http-response set-status' however just uses the hard-coded reason for each status code. Should set-status get an additional optional second parameter of a string, or should we add a set-reason directive instead? The

[PATCH] MINOR: cfgparse: Allow disable of stats

2016-12-15 Thread Robin H. Johnson
' option just disables the stats without generating the warning message; it uses the exact same means to disable the stats as used by the warning path. This patch should be back-ported to 1.7. Signed-off-by: Robin H. Johnson <robb...@gentoo.org> --- doc/configuration.txt | 12 +++