Exhaustive explanation, thank you.
On Wed, Nov 7, 2012 at 11:25 PM, Cyril Bonté wrote:
> Hi all,
> Le 07/11/2012 16:19, Baptiste a écrit :
>
> For those who are interested, here is an article on HAProxy and
>> Websockets.
>> (it includes the health check as well)
>>
>
> And here is the link (y
Hi all,
Le 07/11/2012 16:19, Baptiste a écrit :
For those who are interested, here is an article on HAProxy and Websockets.
(it includes the health check as well)
And here is the link (you forgot it in your mail ;-) )
http://blog.exceliance.fr/2012/11/07/websockets-load-balancing-with-haproxy/
OCSP is obviously enabled, but not ocsp stapling.
On 11/07/2012 05:18 PM, joris dedieu wrote:
> 2012/11/7 Hervé COMMOWICK :
>> As of now, on client side, it is only working on IE9 (not before not
>> after) and Opera, not so common...
>
> It's enable in Firefox for a long time (Edit / Preference /
2012/11/7 Hervé COMMOWICK :
> As of now, on client side, it is only working on IE9 (not before not
> after) and Opera, not so common...
It's enable in Firefox for a long time (Edit / Preference / Advanced /
Encryption / Validation or search ocsp in about:config).
See : https://bugzilla.mozilla.org
For those who are interested, here is an article on HAProxy and Websockets.
(it includes the health check as well)
cheers
On Tue, Nov 6, 2012 at 2:06 PM, Vladimir Dronnikov wrote:
> Works like a charm, thank you!
>
>
> On Tue, Nov 6, 2012 at 4:36 PM, Baptiste wrote:
>>
>> Hi,
>>
>> I don't know
> Anyway, as the issue has currently vanished. This can be closed! I will
> now try to update an other server and play with the brand new
> compression :)
Good news.
Don't hesitate to report your feedback here.
cheers
Argh sorry for the noise.
I was bisecting and... I cannot reproduce anymore this issue!
I do not understand why...
I have nothing special in the logs. I only saw the request passed to the
backend, no error shown.
Anyway, as the issue has currently vanished. This can be closed! I will
now try to
by the way, do you have a few log line showing the issue to share?
cheers
On Wed, Nov 7, 2012 at 2:20 PM, Baptiste wrote:
> Hi,
>
> Could you add a option http-server-close in your frontend???
>
> cheers
>
> On Wed, Nov 7, 2012 at 1:48 PM, Guillaume Castagnino wrote:
>> Hi,
>>
>> I just up
Hi,
Could you add a option http-server-close in your frontend???
cheers
On Wed, Nov 7, 2012 at 1:48 PM, Guillaume Castagnino wrote:
> Hi,
>
> I just updated my haproxy to the current HEAD
> (08289f12f9a13ea06cf4a16a1211e82e003af218).
> I now have acl issues: the hdr_dom matching seems to b
I'm all for the idea of OCSP stapling at some point, but if this is
indeed still the current state of the world, then stapling continues
to be broken and probably should take lower priority to things that
are not broken, e.g. client cert info passing, or less broken, e.g.
OCSP checking of client ce
Signed-off-by: Marc-Antoine Perennou
---
doc/haproxy-en.txt | 1 +
doc/haproxy-fr.txt | 1 +
doc/haproxy.1 | 4
include/types/global.h | 1 +
src/haproxy.c | 31 +++
5 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/doc
Hi,
I'm trying to use haproxy with systemd.
It cannot be done with a raw haproxy for now, because when "reloading" the
configuration file
with haproxy -sf , the former process gets killed, so the service enters a
"failed" state
and thus kills all its children, resulting in no haproxy running.
In
Hi,
I just updated my haproxy to the current HEAD
(08289f12f9a13ea06cf4a16a1211e82e003af218).
I now have acl issues: the hdr_dom matching seems to be ignored. This
was working perfectly fine with the previous build I used
(1bc4aab2902d732530ccbd098d30e519aab3abdd)
The configuration is quite si
As of now, on client side, it is only working on IE9 (not before not
after) and Opera, not so common...
Look this : http://www.imperialviolet.org/2012/02/05/crlsets.html for
Google's thoughts
Short : "On this basis, we're currently planning on disabling online
revocation checks in a future version
On Tue, Nov 6, 2012 at 11:08 PM, Willy Tarreau wrote:
>
> > I would say the periodic-request aspect of it is pretty trivial; you add a
> > timer to the event loop that expires in some configurable amount of time,
> > e.g. a bit before the last OCSP response expires, and you cache the result
> > un
On Wed, Nov 7, 2012 at 8:07 AM, Willy Tarreau wrote:
> Hi Karel,
>
> On Wed, Nov 07, 2012 at 05:55:15AM +0100, Karel Sedlá??ek wrote:
>> I was hoping that feature branch would start with the code you mentioned.
>> For my use case, just piping the data into the backend is more than
>> sufficient, a
On Tue, Nov 6, 2012 at 8:08 PM, Willy Tarreau wrote:
>
>> I believe the official word at one point was that OCSP stapling of chains
>> should be accomplished by including the entire chain in the OCSP request,
>> delivering that compound OCSP response via the TLS Certificate Status Request
>> exte
We have been doing some testing with the 1.5 dev12 branch (commit
3e394c903f156ab2bcf731df39c4e6e74df3b6b4).
First of all, we're very happy with native SSL coming to haproxy. Our
tests initially indicated a big performance increase over using apache
frontends for ssl offloading in front of haproxy
Hi Willy, Liang:
Please forgive me for my poor English.
In my experience of using HA Proxy 1.4.8 in 2009, there are some 50x
errors when Nginx is used to be backend server.
The errors can take over 0.5% of total requests.
However, the error rate can be reduced to 0.1% when increasing the size
of
Hi Willy,
The version is 1.4.21
We will try to remove "option abortonclose" and test if the problem persists.
Thanks.
Liang Hong
--
Liang Hong
System Operation Engineer
T8586 5673-821
F010-6550 5686
M 187 1019 5645
Eliang.h...@ipinyou.com
北京市朝阳区八里庄西里100号东区 住邦2000,1号楼A
Hi Liang,
On Wed, Nov 07, 2012 at 04:03:47PM +0800, ?? wrote:
> Hi Willy/Yuxans,
>
> Appreciate for your quick reply. Another question is our haproxy log shows
> many 503 errors. Could you please take a look the attached configuration and
> log files and give us some suggestions?
There's som
Hi Liang:
tune.bufsize or other?
maybe.
Regards,
Yuxans Yao
于 2012年11月07日 16:03, 洪靓 写道:
> Hi Willy/Yuxans,
>
> Appreciate for your quick reply. Another question is our haproxy log
> shows many 503 errors. Could you please take a look the attached
> configuration and log files and give us some
Hi Willy/Yuxans,
Appreciate for your quick reply. Another question is our haproxy log shows many
503 errors. Could you please take a look the attached configuration and log
files and give us some suggestions?
Many thanks!
Liang Hong
--
Liang Hong
System Operation Engineer
T8586 5673
23 matches
Mail list logo