On Tue, Feb 24, 2015 at 01:33:32PM -0700, NuSkooler wrote:
Thanks, this has all been very helpful.
Unfortunately it seems that some of the pieces to create a debuggable
version of these old clients are currently missing here. If I can get
that together I'll debug and hopefully find
Hi,
I have a list of valid cookies associated with client IP, that I try
to make match in an acl.
The map format is :
cookie-value\tip-address\n
This acl should do :
if (client has cookie plop and plop value lookup in plop.map returns
src); then
the acl is valid
endif
I tried things like :
Hi,
I want to know if a MIB for HAProxy is available ?
Regards,
Mathieu
On Wed, Feb 25, 2015 at 09:34:06AM +, Konstantin vz'One Enchant wrote:
I have a config:
backend some_backend
acl is_copy_req method COPY hdr(Destination)
acl is_copy_req method PUT hdr(X-Copy-From)
timeout server 15m if is_copy_req
It's worked in
Hi Mike,
On Wed, Feb 25, 2015 at 09:41:35AM +, Mike Zoom wrote:
Hi everyone!
I want to integrate a third party library, open source, under the Mozilla
Public licence v2.
The main role of this library is to process an HTTP request header and to
return a string which describes the
hi,
i encountered problems upgrading from haproxy.debian.net to the
backports repo with the following error:
Setting up haproxy (1.5.8-2~bpo70+1) ...
[] Starting haproxy: haproxy/usr/sbin/haproxy already running.
failed!
invoke-rc.d: initscript haproxy, action start failed.
for this you
If a site has N haproxy hosts, how should new ticket-keys be
distributed (and processes reloaded) and avoid the race condition of
some hosts using the new keys before those keys are on all hosts?
You distribute the new key to all instances for decryption, but use
the penultimate key for
If a site has N haproxy hosts, how should new ticket-keys be distributed
(and processes reloaded) and avoid the race condition of some hosts using
the new keys before those keys are on all hosts?
Seems that not all hosts would be updated at exactly the same time and that
until all hosts are
That is a nice solution.
I didn't understand that was the behavior from reading the
documentation patch from the OP. This makes it sound like the last key
is used for encryption and not the next-to-last (penultimate).
Correct.
Currently there is no choice about which key to use, so maybe
On Wed, Feb 25, 2015 at 12:09 PM, Lukas Tribus luky...@hotmail.com wrote:
If a site has N haproxy hosts, how should new ticket-keys be
distributed (and processes reloaded) and avoid the race condition of
some hosts using the new keys before those keys are on all hosts?
You distribute the
Hello Lukas,
On 2/25/2015 9:09 PM, Lukas Tribus wrote:
If a site has N haproxy hosts, how should new ticket-keys be
distributed (and processes reloaded) and avoid the race condition of
some hosts using the new keys before those keys are on all hosts?
You distribute the new key to all
(sorry, again my mailer messed up ...)
That is a nice solution.
I didn't understand that was the behavior from reading the
documentation patch from the OP. This makes it sound like the last key
is used for encryption and not the next-to-last (penultimate).
Correct.
Currently there is
On Thu, Feb 26, 2015 at 07:09:25AM +0100, Willy Tarreau wrote:
Hi Simon,
On Thu, Feb 26, 2015 at 11:26:17AM +0900, Simon Horman wrote:
As failure to connect to the agent check is not sufficient to mark it as
failed it stands to reason that an L7 error shouldn't either.
Without this
Hi Simon,
On Thu, Feb 26, 2015 at 11:26:17AM +0900, Simon Horman wrote:
As failure to connect to the agent check is not sufficient to mark it as
failed it stands to reason that an L7 error shouldn't either.
Without this fix if an L7 error occurs, for example of connectivity to the
agent is
Hi Mathieu,
There is no such MIB for HAProxy.
Baptiste
On Wed, Feb 25, 2015 at 4:17 PM, Mathieu Sergent
mathieu.sergent...@gmail.com wrote:
Hi,
I want to know if a MIB for HAProxy is available ?
Regards,
Mathieu
and 2. how
could we write a new function in HAProxy which takes a buffer of data in
entry and can return a string (or buffer of data)
I think that what you want to implement is a sample fetch function. For
example, take a look at the recently introduced req.hdr_names function,
which
On 24/02/2015 04:57 μμ, Nenad Merdanovic wrote:
Hello Vincent, Lucas
On 2/24/2015 4:56 PM, Lukas Tribus wrote:
It would be nice to add a note that without proper rotation, PFS is
compromised by the use of TLS tickets. People may not understand why
they need to put 3 keys in this file and
I have a config:
backend some_backend
acl is_copy_req method COPY hdr(Destination)
acl is_copy_req method PUT hdr(X-Copy-From)
timeout server 15m if is_copy_req
It's worked in 1.5-dev21. But now, if I run last version (1.5.11) I get
error on start:
[ALERT]
On 02/24/2015 04:42 PM, Nenad Merdanovic wrote:
TLS_TICKETS_NO is a build time option, so you can set it to whatever
you want.
Ok, fair enough.
The idea which I discussed with Willy is to build an interface to be
able to update the keys via the socket so we don't even have to
reload in
Hi everyone!
I want to integrate a third party library, open source, under the Mozilla
Public licence v2.
The main role of this library is to process an HTTP request header and to
return a string which describes the client.
Basically, we have the following questions:
1. how could we link our
-- Use stats socket to update the list without reload
-- Update Session state at disconnection log schema to include
something useful in case server receives a ticket which was encrypted with key
that is not anymore in the list. Debugging SSL problems is a nightmare
by definition and having
21 matches
Mail list logo