Patch for ALPN compatibility with OpenSSL development

2014-02-13 Thread Dirkjan Bussink
Hi all, At GitHub we’ve worked on a patch to make HAProxy’s ALPN code compatible with the patches for it that have landed in OpenSSL: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691 This final version is slightly different from what HAProxy

check works on one backend but not another

2014-02-13 Thread Jeremy Wilson
I'm running HAProxy version 1.5-dev21-6b07bf7 and have a strange behaviour issue with the check command. Here's my config: backend nginx modehttp balance leastconn server app1app1.prod:81check inter 3s port 9700 rise 1 fall 2 maxconn 2000

Re: check works on one backend but not another

2014-02-13 Thread Baptiste
Hi Jeremy, You're checking with a TCP handshake only, which is not aware of HTTP status response. add option httpchk in your backend and add the keyword check-ssl on your server lines to tell HAProxy the health check must be ciphered. Baptiste On Thu, Feb 13, 2014 at 2:42 PM, Jeremy Wilson

Re: HAProxy as a TCP Fast Open Client

2014-02-13 Thread Willy Tarreau
Hi David, On Thu, Feb 13, 2014 at 01:50:16PM +, David Harrold wrote: Hi Willy Did some more investigation on the case where the application request is too large to fit within the initial SYN. Here is my test setup: Web clients ?? haproxy ?? long-thin-pipe ? haproxy

Re: check works on one backend but not another

2014-02-13 Thread Jeremy Wilson
On 2014-02-13, at 11:11 AM, Baptiste bed...@gmail.com wrote: You're checking with a TCP handshake only, which is not aware of HTTP status response. add option httpchk in your backend and add the keyword check-ssl on your server lines to tell HAProxy the health check must be ciphered. But

Re: speeding up failover

2014-02-13 Thread Ben Timby
Read the manual about `rise` and `fall` parameters. These allow you to control how many successive checks must pass or fail before the server transitions up or down (rises / falls). The check interval is used as the check timeout unless you specify a check timeout. See timeout check in the manual.

Re: check works on one backend but not another

2014-02-13 Thread Ben Timby
While this does not answer your question per se you can use the track option to eliminate the duplicate check. In other words, the SSL backend can track the checks done by the non-SSL backend. backend nginx-ssl modetcp balance leastconn server app1

Re: check works on one backend but not another

2014-02-13 Thread Ben Timby
Baptiste gave you the proper answer already. The SSL backend is using TCP mode, so the check is a TCP check without the `option httpchk` defined on the backend, which just checks that the port is open. Add the httpchk option without check-ssl and you will be all set. Or you can use track to skip