Hi, here the new patchset.
On 2 July 2015 at 06:22, Willy Tarreau w...@1wt.eu wrote:
Hi David,
On Thu, Jul 02, 2015 at 03:13:11AM +0100, David CARLIER wrote:
Hi
Yes indeed I sent two versions intentionally the first with T. Fournier
proposal the another one what I had in mind so at
On 26/06/2015 03:57 μμ, Willy Tarreau wrote:
Hi,
as promise, here comes 1.5.13. It's been 1.5 months already since 1.5.12
and my misleading announce of the backport of peers support for nbproc :-)
You forgot to paste this to the site:-)
BTW: runs smoothly on production since the release
On Thu, Jul 02, 2015 at 07:06:39AM +0100, David CARLIER wrote:
Hi, here the new patchset.
Thanks, I've applied them. I merged patches 2 and 3 since patch 2
breaks the build without patch 3, and backported them to 1.5.
Willy
Good day
We can supply the good quality Poly Aluminium Chloride with low in cost.
Free sample is ok for your test.
Looking forward to your early reply.
ThanksRgds
jerry
www.twinshanghai.com
All chapters in the configuration documentation used to follow this syntax :
chapter number. title
-
The new chapters introduced to document the dns resolution didn't provide the
dot character after the chapter number, which breaks the parsing for the HTML
converter.
oops, I still had the link to the pastebinit, which doesn't work on
binary files.
https://dropsha.re/files/orange-hound-85/64443-traffic.default.cap
https://dropsha.re/files/angry-dragon-19/64443-traffic.baz.cap
Looks alright. Can you configure logging and check the result:
global
Seu cliente de e-mail não pode ler este e-mail.
Para visualizá-lo on-line, por favor, clique aqui:
http://comprasnoparaguay23.net/display.php?M=426C=0756d1e8cdaf638b4892e93319565405S=2L=1N=1
Para parar de receber nossos
But when I use curl bundled with Yosemite (or from Brew) on my macbook,
it's not switching.
curl --insecure https://bar.example.com:64443
Default on 1443
These are the versions I'm testing with:
curl --version
curl 7.37.1 (x86_64-apple-darwin14.0) libcurl/7.37.1
Dear Purchasing Manager,
Are you still suffering from a lack of good printing experience? Are you
feeling printing products not reaching their desired goal, or is the high
price? All right, why don't we look farther? You just need a right book printer.
In China, Hangzhou, there is a
Sounds like that client hello from curl@mac looks different
than we expect, therefor SNI parsing fails. Can you provide
the same tcpdump captures again, this time from the mac
curl client that fails?
I ran this on the server
sudo tcpdump -ps0 -i eth0 -w eth0.64443.cap tcp port 64443
I googled 'haproxy sni' and found this official blog:
http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
And I created this config file following that format
(literally my exact config file, no changes):
I tried the most naïve approach, but it doesn't output anything as I make
curl requests
sudo ssldump \
-k
/usr/local/lib/node_modules/serve-https/node_modules/localhost.daplie.com-certificates/certs/server/my-server.key.pem
So I thought maybe I *must* supply an interface
sudo
To limit verbosity I just captured one full request where it succeeded
and then another when it didn't
# this is the one that worked as expected
pastebinit dump.1.tls.bin
http://paste.ubuntu.com/11811750/
# this is the one that went to default anyway
sudo haproxy -db -f /etc/haproxy/haproxy.cfg
Backend IPs are 0.0.0.0. Thats probably not what you want.
Should be 127.0.0.1 if I understand correctly.
I've edited /etc/hosts so that baz.example.comhttp://baz.example.com
points to 127.0.0.1
I've created a few bogus servers
Yes, I did switch the frontends from 0.0.0.0 to 127.0.0.1 and restarted the
server.
sudo haproxy -db -f /etc/haproxy/haproxy.cfg
sudo tcpdump -ps0 -i lo -w 64443-traffic.0.cap tcp port 64443
curl --insecure https://baz.example.com:64443
dropshare 64443-traffic.default.cap
oops, I still had the link to the pastebinit, which doesn't work on binary
files.
https://dropsha.re/files/orange-hound-85/64443-traffic.default.cap
https://dropsha.re/files/angry-dragon-19/64443-traffic.baz.cap
AJ ONeal
(317) 426-6525
I tried a few requests
curl --insecure https://baz.example.com:64443
baz on 3443
curl --insecure https://baz.example.com:64443
baz on 3443
curl --insecure https://baz.example.com:64443
baz on 3443
curl --insecure https://baz.example.com:64443
Default on 1443
It looks like you have 2 haproxy processes listening on port 64443. Can
you verify that the pid 18887 is not a previous haproxy process still
running, with an older configuration routing to foo_bk_default ?
Maybe you should kill it and relaunch your tests.
Ba that was it!
sudo
Wanted also to confirm that we've running version 1.5.13 for a week looks
great, no issues so far.
/Eduard
On Thursday, July 2, 2015 3:37 AM, Pavlos Parissis pavlos.paris...@gmail.com
wrote:
On 26/06/2015 03:57 μμ, Willy Tarreau wrote:
Hi,
as promise, here comes 1.5.13. It's been
Hi,
Le 02/07/2015 23:25, AJ ONeal (Home) a écrit :
I tried a few requests
curl --insecure https://baz.example.com:64443
baz on 3443
curl --insecure https://baz.example.com:64443
baz on 3443
curl --insecure https://baz.example.com:64443
baz on 3443
curl
I dug a little deeper and found this:
https://transloadit.com/blog/2010/08/haproxy-logging/
And after modifying the log file, I don't get much better, but at least I
don't get the ALERT messages:
sudo cat /var/log/haproxy_1.log
Jul 2 21:39:51 localhost haproxy[27997]: message repeated 3
hello team,I will be on vacation starting Jun 09 and back in Office July 09 ..backup contacts during my absenceFor Nemesis - nemesis-...@yahoo-inc.com or Ivan Alonso iv...@yahoo-inc.com For Halo - halo-...@yahoo-inc.com orHans Kieserman ha...@yahoo-inc.comFor any other concern/escalation, pls
It seems that haproxy and newer versions of curl have trouble with the
SNI-based switching.
If anyone would care to test on their own machine, this is what I'm doing:
This is my server's config file:
https://gist.github.com/coolaj86/2faa07aa535e6dc04639
Update /etc/hosts point to my test
23 matches
Mail list logo