Hi,
We set up HAProxy with stickiness (appsession), and usually it works great.
But unfortunately, after failover it seems to stop sticking and just do round
robin.
We got the problem on both 1.4 and 1.5.
The details - it's a backend of 3 Tomcat servers, with stickiness based on
myCookie.
Hi,
I try to do the following in my haproxy (dev18) config:
http-request set-header X-Forwarded-Proto https if ssl_fc
http-request set-header X-Forwarded-Ssl on if ssl_fc
http-request set-header X-Forwarded-Proto http if ! ssl_fc
http-request set-header X-Forwarded-Ssl off if ! ssl_fc
But,
Hi,
Better using stick tables with store-response and store-request to replace
your appsession configuration.
that way, you can reload your haproxy without loosing persistence
information.
It also allows you to have a cluster of HAProxy sharing the same
persistence information.
Baptiste
On
Hi,
You want to use anonymous ACLs which requires brackets '{' and '}', like:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
Baptiste
On Wed, Apr 3, 2013 at 11:15 AM, Sander Klein roe...@roedie.nl wrote:
Hi,
I try to do the following in my haproxy (dev18) config:
Try with PCRE JIT, but failed with:
error detected while parsing ACL 'adb' : regex 'ad_keyword=' is invalid.
is this my ACL's problem or bug?
Bests,
-Igor
Hmmm, nope, it still doesn't work
I did:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Ssl off if !{ ssl_fc }
But this
Ah sorry, I misread!
http-request set-header X-Frontend-SSL %[ssl_fc] https
%[ssl_fc] will be 0 in case of HTTP and 1 in case of SSL.
You can't setup an ACL after the set-header directive.
Baptiste
On Wed, Apr 3, 2013 at 12:09 PM, Sander Klein roe...@roedie.nl wrote:
Hmmm, nope, it
Hi,
Why not using something like,
reqidel ^X-Forwarded-Proto:.*
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
reqadd X-Forwarded-Proto:\ http if ! { ssl_fc }
cheers
thomas
On 03.04.2013 12:26, Baptiste wrote:
Ah sorry, I misread!
http-request set-header
Hey Thomas,
That's indeed what I had, but the http-request directive seemed more
efficient. And, because
http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/
stated it was possible I thought it would be a good idea to use it :-)
Greets,
Sander
On 03.04.2013
On Wed, Apr 03, 2013 at 12:37:15PM +0200, Thomas Heil wrote:
Hi,
Why not using something like,
reqidel ^X-Forwarded-Proto:.*
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
reqadd X-Forwarded-Proto:\ http if ! { ssl_fc }
Anyway Sander's rule should work. I'm going
On Wed, Apr 03, 2013 at 05:42:45PM +0800, Igor wrote:
Try with PCRE JIT, but failed with:
error detected while parsing ACL 'adb' : regex 'ad_keyword=' is invalid.
is this my ACL's problem or bug?
JIT has received very little testing yet, so all possibilities
are open !
Willy
On 4/3/13 5:36 AM, Baptiste wrote:
Better using stick tables with store-response and store-request to
replace your appsession configuration.
Is there a configuration example of this method somewhere? Google didn't
turn up much for me.
David
On Wed, Apr 03, 2013 at 12:09:37PM +0200, Sander Klein wrote:
Hmmm, nope, it still doesn't work
I did:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
On 03.04.2013 14:20, Willy Tarreau wrote:
On Wed, Apr 03, 2013 at 12:09:37PM +0200, Sander Klein wrote:
Hmmm, nope, it still doesn't work
I did:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-request set-header
Hi David,
On 03.04.2013 13:10, David Coulson wrote:
On 4/3/13 5:36 AM, Baptiste wrote:
Better using stick tables with store-response and store-request to
replace your appsession configuration.
Is there a configuration example of this method somewhere? Google
didn't turn up much for me.
I'm planning to write an article on exceliance's blog about it, because the
question is ask very often.
Baptiste
On Wed, Apr 3, 2013 at 2:45 PM, Thomas Heil h...@terminal-consulting.dewrote:
Hi David,
On 03.04.2013 13:10, David Coulson wrote:
On 4/3/13 5:36 AM, Baptiste wrote:
Better
On 03.04.2013 14:20, Willy Tarreau wrote:
On Wed, Apr 03, 2013 at 12:09:37PM +0200, Sander Klein wrote:
Hmmm, nope, it still doesn't work
I did:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-request set-header
On Wed, Apr 03, 2013 at 03:37:09PM +0200, Sander Klein wrote:
On 03.04.2013 14:20, Willy Tarreau wrote:
On Wed, Apr 03, 2013 at 12:09:37PM +0200, Sander Klein wrote:
Hmmm, nope, it still doesn't work
I did:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request
Thank you very much, Jeff. One follow-up: Is the hashing algorithm
consistent across multiple instances of HAproxy? If you and I set up
identical configurations (in different locations), and the same IP
connected to both, would they be routed in the same way?
-Original Message-
From:
Thanks very much to everyone for replying and clarifying.
And that planned guide would indeed be welcome - thanks :)
From: Baptiste bed...@gmail.com
To: Thomas Heil h...@terminal-consulting.de
Cc: haproxy@formilux.org
Sent: Wednesday, April 3, 2013 4:00 PM
I believe so, but perhaps someone with better knowledge of the code can confirm.
On Wed, Apr 3, 2013 at 11:41 AM, Jim Gronowski jgronow...@ditronics.com wrote:
Thank you very much, Jeff. One follow-up: Is the hashing algorithm
consistent across multiple instances of HAproxy? If you and I set
Thank you, you did an amazing job here again!
TLS ALPN was implemented similarly as NPN was made. It is supposed
to replace NPN.
Jesus Christ, this was fast. It was only discussed at IETF 86 mid-march
(and in 2 drafts this year), and 15 days later its already in
haproxy-1.5.
I think HAProxy
On Wed, Apr 03, 2013 at 06:01:31PM +0200, Lukas Tribus wrote:
Thank you, you did an amazing job here again!
Thanks! You know, people like you who qualify bug reports on the
ML help save a lot of time and shorten the time to produce a fix.
TLS ALPN was implemented similarly as NPN was made. It
Hi Cyril,
On Wed, Apr 03, 2013 at 08:36:18PM +0200, Cyril Bonté wrote:
Hi Willy,
Le 03/04/2013 03:44, Willy Tarreau a écrit :
Hi,
I'm announcing haproxy 1.4.23. It contains a security fix, users of 1.4
MUST upgrade or MUST apply the patch. Please read.
Did you push the latest commits
Hello,
On Wed, Apr 03, 2013 at 08:05:28PM +0200, Nerilaunt Nerilaunt wrote:
Hello,
I'd like to know if it's complicated to store ACL in a memcached server and
live update them, or if the core of haproxy prevents to do this kind of
patch.
I want to add and remove lot of URI based ACL and
On Wed, Apr 03, 2013 at 06:20:44PM +0200, Baptiste wrote:
I confirm that as long as the number of server and each server's weight is
the same, two HAProxy instances would have the same result for a source
hash.
So, in case of HAProxy instance failover, the affinity remains.
And if you have
26 matches
Mail list logo