Re: Recommended SSL ciphers and settings

2014-09-09 Thread pablo platt
it should work. As you can see we have no longer RC4 ciphers, cheers thomas Thanks On Mon, Sep 8, 2014 at 9:46 AM, Jarno Huuskonen jarno.huusko...@uef.fi wrote: Hi, On Sun, Sep 07, pablo platt wrote: Hi, I'm using haproxy to terminate SSL and it works for most of my users. I have

Recommended SSL ciphers and settings

2014-09-08 Thread pablo platt
Hi, I'm using haproxy to terminate SSL and it works for most of my users. I have alphassl wildcard certificate. I'm using SSL to improve WebSockets and RTMP connections of port 443. I don't have sensitive data or e-commerce. I have one user that see a warning in Chrome and can't use my website.

Re: debian repository http://haproxy.debian.net/

2014-05-23 Thread pablo platt
Something like this for haproxy will bring confident and prevent confusion and questions. http://nginx.org/en/linux_packages.html On Fri, May 23, 2014 at 8:08 PM, Willy Tarreau w...@1wt.eu wrote: On Fri, May 23, 2014 at 05:10:49PM +0200, Ghislain wrote: Le 23/05/2014 15:23, Baptiste a écrit

Re: debian repository http://haproxy.debian.net/

2014-05-23 Thread pablo platt
23, 2014 at 8:29 PM, Willy Tarreau w...@1wt.eu wrote: On Fri, May 23, 2014 at 08:22:11PM +0300, pablo platt wrote: Something like this for haproxy will bring confident and prevent confusion and questions. http://nginx.org/en/linux_packages.html We're currently preparing something more

Re: Ubuntu 14.04 package

2014-04-17 Thread pablo platt
Thank you, this is extremely helpful. On Thu, Apr 17, 2014 at 9:59 AM, Vincent Bernat ber...@luffy.cx wrote: ❦ 12 avril 2014 12:49 CEST, pablo platt pablo.pl...@gmail.com : Is there a 1.5~dev22 deb package for Ubuntu 14.04 (trusty)? I've found the following ppa but it only has package

Re: Ubuntu 14.04 package

2014-04-17 Thread pablo platt
I've just installed it with the new ubuntu trusty release. Great timing. Thank you for providing this ppa. On Thu, Apr 17, 2014 at 12:05 PM, Vincent Bernat ber...@luffy.cx wrote: ❦ 17 avril 2014 08:59 CEST, Vincent Bernat ber...@luffy.cx : Is there a 1.5~dev22 deb package for Ubuntu 14.04

Re: Recommended strategy for running 1.5 in production

2014-04-16 Thread pablo platt
An official Ubuntu dev repo will also make testing easier. It's much easier to use a apt-get than building from source and figuring out command line options. On Wed, Apr 16, 2014 at 7:05 PM, Philipp e1c1bac6253dc54a1e89ddc046585...@posteo.net wrote: Am 16.04.2014 17:40 schrieb Willy Tarreau:

Re: Recommended strategy for running 1.5 in production

2014-04-16 Thread pablo platt
:56PM +0300, Apollon Oikonomopoulos wrote: (Cc'ing the Debian maintainers as well) Hi all, On 19:28 Wed 16 Apr , Willy Tarreau wrote: On Wed, Apr 16, 2014 at 07:14:31PM +0300, pablo platt wrote: An official Ubuntu dev repo will also make testing easier. It's much easier to use

Re: Recommended strategy for running 1.5 in production

2014-04-16 Thread pablo platt
:07 PM, pablo platt wrote: The Ubuntu PPA is great but it is not 'official' and I couldn't find Ubuntu 14.04 package. https://launchpad.net/~vbernat/+archive/haproxy-1.5 https://launchpad.net/%7Evbernat/+archive/haproxy-1.5 Ubuntu 14.04 LTS will be out tomorrow which means that haproxy-1.5

Ubuntu 14.04 package

2014-04-12 Thread pablo platt
Hi, Is there a 1.5~dev22 deb package for Ubuntu 14.04 (trusty)? I've found the following ppa but it only has package for Ubuntu 13.10 and below. https://launchpad.net/~vbernat/+archive/haproxy-1.5 Is there a script to build my own deb package for the dev version? It will be great if we could

DTLS termination

2013-11-27 Thread pablo platt
Hi, Can version 1.5 terminate DTLS connections like it does for SSL? Thanks

Re: DTLS termination

2013-11-27 Thread pablo platt
Any other proxy that can terminate DTLS? Thanks On Wed, Nov 27, 2013 at 5:40 PM, Lukas Tribus luky...@hotmail.com wrote: Hi! Can version 1.5 terminate DTLS connections like it does for SSL? No; haproxy only works with TCP (HTTP or raw TCP). DTLS is for datagram protocols like UDP,

Re: Websockets and RTMP

2013-05-15 Thread pablo platt
: frontend port443 bind :443 mode tcp default_backend ssl_backend backend ssl_backend srvtimeout 65000 server nginx_server 127.0.0.1:4443 On Tue, May 14, 2013 at 2:16 PM, pablo platt pablo.pl...@gmail.com wrote: Is my config reasonable? On Sun, May 12, 2013 at 6:14 PM

Re: Websockets and RTMP

2013-05-14 Thread pablo platt
Is my config reasonable? On Sun, May 12, 2013 at 6:14 PM, Jonathan Matthews cont...@jpluscplusm.comwrote: On 12 May 2013 10:03, pablo platt pablo.pl...@gmail.com wrote: Can you please explain how to use ssl_fc? I couldn't find it in the configuration docs. Please see below the global

Re: Websockets and RTMP

2013-05-12 Thread pablo platt
media_server 127.0.0.1:1935 backend websocket_backend server websocket-server 127.0.0.1:4443 On Sat, May 11, 2013 at 10:41 PM, Baptiste bed...@gmail.com wrote: Hi Pablo, My answers inline. On Sat, May 11, 2013 at 6:20 PM, pablo platt pablo.pl...@gmail.com wrote: Hi, I need to proxy

Websockets and RTMP

2013-05-11 Thread pablo platt
Hi, I need to proxy secure websockets and RTMP (normal tcp) on the same port. In the future I'll need normal HTTP requests and static files. haproxy will pass ssl requests to backend1 and RTMP requests to backend2. Processes will be open for a long time (minutes - hours). The backends are on the