Hi all,
At GitHub we’ve worked on a patch to make HAProxy’s ALPN code compatible with
the patches for it that have landed in OpenSSL:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691
This final version is slightly different from what HAProxy
I'm running HAProxy version 1.5-dev21-6b07bf7 and have a strange behaviour
issue with the check command.
Here's my config:
backend nginx
modehttp
balance leastconn
server app1app1.prod:81check inter 3s port 9700 rise 1 fall 2
maxconn 2000
Hi Jeremy,
You're checking with a TCP handshake only, which is not aware of HTTP
status response.
add option httpchk in your backend and add the keyword check-ssl
on your server lines to tell HAProxy the health check must be
ciphered.
Baptiste
On Thu, Feb 13, 2014 at 2:42 PM, Jeremy Wilson
Hi David,
On Thu, Feb 13, 2014 at 01:50:16PM +, David Harrold wrote:
Hi Willy
Did some more investigation on the case where the application request is too
large to
fit within the initial SYN.
Here is my test setup:
Web clients ?? haproxy ?? long-thin-pipe ? haproxy
On 2014-02-13, at 11:11 AM, Baptiste bed...@gmail.com wrote:
You're checking with a TCP handshake only, which is not aware of HTTP
status response.
add option httpchk in your backend and add the keyword check-ssl
on your server lines to tell HAProxy the health check must be
ciphered.
But
Read the manual about `rise` and `fall` parameters. These allow you to
control how many successive checks must pass or fail before the server
transitions up or down (rises / falls). The check interval is used as the
check timeout unless you specify a check timeout. See timeout check in
the manual.
While this does not answer your question per se you can use the track
option to eliminate the duplicate check.
In other words, the SSL backend can track the checks done by the non-SSL
backend.
backend nginx-ssl
modetcp
balance leastconn
server app1
Baptiste gave you the proper answer already. The SSL backend is using TCP
mode, so the check is a TCP check without the `option httpchk` defined on
the backend, which just checks that the port is open. Add the httpchk
option without check-ssl and you will be all set. Or you can use track to
skip
8 matches
Mail list logo