>> Hm, I haven't tried Apache yet but would that be a huge benefit compared
>> to a setup using nbproc> 1?
>
> I haven't tried it either, but yes, I would assume so.
To be more specific: the number of TLS handshakes would probably be
similar, especially in a nbproc>1 configuration, but when you
On Wed, Mar 16, 2016 at 10:21:26AM +, David Carlier wrote:
> Here a little update of the DeviceAtlas module which use the new wider 64
> bytes ARG# macros introduced recently, plus documentations related changes.
Applied, thanks David!
Willy
On 18.03.2016 11:46, Willy Tarreau wrote:
> Hi Christian,
>
> On Fri, Mar 18, 2016 at 11:31:57AM +0100, Christian Ruppert wrote:
>> I also just stumbled over this:
>> https://software.intel.com/en-us/articles/accelerating-ssl-load-balancers-with-intel-xeon-v3-processors
>> Might be interesting
> The "option httpclose" was on purpose. Also the client could (during a
> attack) simply do the same and achieve the same result. I don't think
> that will help in such cases.
So what you are actually and purposely benchmarking are SSL/TLS
handshakes, because thats the bottleneck you are trying
Dear Manager,Greetings from Lucy, I
am from Tianjin World Machinery Manufacture.
We are a valve manufacturer, our factory
is specializing in manufacture and export of
Butterfly Valve
Gate Valve
Check Valve Y-Strainer
Rubber Expansion
On Thu, Mar 17, 2016 at 10:47 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Thu, Mar 17, 2016 at 5:29 AM, Zachary Punches
> wrote:
>
>> I’m not, these guys aren’t sitting behind an ELB. They sit behind route53
>> routing. If one of the proxy boxes fails
Hello Pavlos,
On 3/17/2016 4:45 PM, Pavlos Parissis wrote:
> I am working(not very actively) on a solution which utilizes this.
> It will use www.vaultproject.io as central store, a generating engine
> and a pull/push mechanism in place.
>
> But, the current version of HAProxy doesn't support
> Some customers may require 4096 bit keys as it seems to be much more
> decent than 2048 nowadays.
I've not come across any recommendations pointing in that direction, in
fact 2048-bit RSA are supposed to be safe for commercial use until 2030.
I don't think this is a real requirement from
Hi,
We use haproxy in an auto-scaling environment. On an auto-scaling event, the
haproxy configuration is rewritten to list all existing servers for each
proxied service. A graceful reload is then performed.
The issue is that by default haproxy assumes a server is UP (going down) until
the
Hi Christian,
On Wed, Mar 16, 2016 at 05:25:53PM +0100, Christian Ruppert wrote:
> Hi Lukas,
>
> On 2016-03-16 16:53, Lukas Tribus wrote:
> >>The "option httpclose" was on purpose. Also the client could (during a
> >>attack) simply do the same and achieve the same result. I don't think
> >>that
On 18 Mar 2016, at 03:03, Igor Cicimov
> wrote:
On Fri, Mar 18, 2016 at 10:38 AM, Chris Warren
> wrote:
Hi,
We use haproxy in an auto-scaling environment. On an auto-scaling event,
On Thu, Mar 17, 2016 at 10:55 AM, Zachary Punches
wrote:
> Thanks for the reply!
>
> Ok so based on what you saw in my config, does it look like we’re
> misconfigured enough to cause this to happen?
>
> If we were misconfigured, one would assume we would go down all the
I went ahead and added the performance tuning you recommended (changing the
maxconn to 1024). Hopefully this adds some stability
As for the port, we’re using 1027 for our SSL traffic vs 443. We are currently
getting SSL traffic that isn’t always failing on handshake.
As for what is in front of
Hi Cyril,
On 2016-03-16 16:14, Cyril Bonté wrote:
Hi all,
replying really quickly from a webmail, sorry for the lack of details
[...]
I also ran 2 parallel "ab" on two separate machines against a third
one.
The requests per second were around ~70 r/s per host instead of ~140.
So
I doubt it's
Title: enews-201603
This message contains graphics. If you do not see the graphics, click here to view.
For more details information about RISC 3352, Please visit our website: www.ewinsonic.com
Hi Willy,
On 2016-03-17 06:05, Willy Tarreau wrote:
Hi Christian,
On Wed, Mar 16, 2016 at 05:25:53PM +0100, Christian Ruppert wrote:
Hi Lukas,
On 2016-03-16 16:53, Lukas Tribus wrote:
>>The "option httpclose" was on purpose. Also the client could (during a
>>attack) simply do the same and
So at long last, I'm getting to use keep-alives with HAProxy!
I'm terminating http/ssl/spdy with Nginx and then passing the connections
to HAProxy via an upstream pool. I've verified by packet capture that
connection reuse between clients, Nginx, and HAProxy is occurring.
So I'd like to keep the
Dear Friend,Etrans
(www.etctrans.com) is a China/Hong Kong based company. We have been
providing translation, localization and other services since 2004. Our
highly qualified and experienced freelance translators with their
translation experience ranges from
On Fri, Mar 18, 2016 at 10:38 AM, Chris Warren wrote:
> Hi,
>
> We use haproxy in an auto-scaling environment. On an auto-scaling event,
> the haproxy configuration is rewritten to list all existing servers for
> each proxied service. A graceful reload is then performed.
>
>
Dear Sir/Ms,
Hope you everything is great.
This is Zoe from Guangzhou SA Digital Technology.
We work on 3D rendering ,3D animation for architectural projects with more than
ten years experience.
Kindly attached our website and Behance for your reference.
Are there any projects you are working
On Tue, Mar 15, 2016 at 11:06:55PM +0100, Benoît GARNIER wrote:
> From: Benoit GARNIER
> Date: Sun, 27 Mar 2016 03:04:16 +0200
> Subject: [PATCH] BUG/MINOR: log: Don't use strftime() which can clobber
> timezone if chrooted
>
> The strftime() function can call
Hello,
On 3/16/2016 6:25 PM, Christian Ruppert wrote:
>
> Some customers may require 4096 bit keys as it seems to be much more
> decent than 2048 nowadays. So you may be limited here. A test with a
> 2048 bit Cert gives me around ~770 requests per second, a test with an
> 256 bit ECC cert around
Hi!
I am trying to capture an HTTP Request Header that gets added under certain
circumstances in the backend. From the documentation I understand I can use a
capture slot for that. This is what I tried in my stripped down config file:
...
frontend fe_http
bind 192.168.1.3:80
declare
Dear Purchase Manager
Nice to me you,i am Ali Wang from Yindu Tools.
If you are going to purchase new order of hydraulic tools,hydraulic pumps,
Hydraulic cylinders,Busbar processor machines,etc for your new year market.
please reply me.
On Thu, Mar 17, 2016 at 4:23 PM, Pavlos Parissis
wrote:
> Hi all,
>
> I would like to announce a statistics collector program for HAProxy.
>
> Key features:
> - Support of multiprocess mode of HAProxy (nbproc > 1)
> - Ability to pull statistics at very low intervals
Hi.
Am 17-03-2016 11:51, schrieb Gary Barrueto:
Hi.
On Mar 16, 2016 10:06 PM, "Willy Tarreau" <
Here I don't know. TLS handshakes are one large part of what made me
think
that we must go multi-threaded instead of multi-process over the long
term,
just because I want to be able to pin
Hi Aleks,
On 2016-03-16 15:57, Aleksandar Lazic wrote:
Hi.
Am 16-03-2016 15:17, schrieb Christian Ruppert:
Hi,
this is rather HAProxy unrelated so more a general problem but
anyway..
I did some tests with SSL vs. non-SSL performance and I wanted to
share my
results with you guys but also
On 2016-03-18 11:31, Christian Ruppert wrote:
Hi Willy,
On 2016-03-17 06:05, Willy Tarreau wrote:
Hi Christian,
On Wed, Mar 16, 2016 at 05:25:53PM +0100, Christian Ruppert wrote:
Hi Lukas,
On 2016-03-16 16:53, Lukas Tribus wrote:
>>The "option httpclose" was on purpose. Also the client
Dear manager,How are you doing?We are toner cartridges manufacturer in Zhuhai with 11 years experiences and capacity of 500.000 PCS per month. We use top grade raw materials like Tomoegawa toner powder,Mitsubish OPC etc. In addition,we carry out 4 times quality control in incoming material,online
Trying to understand this better, I came across
commit 3e7d15e744d5f0137dd266efba1f317895a31273
Author: Baptiste Assmann
Date: Tue Nov 3 23:31:35 2015 +0100
BUG/MINOR: http rule: http capture 'id' rule points to a non existing id
It is possible to create a http
Hi Nenad
Am 17-03-2016 19:27, schrieb Nenad Merdanovic:
Hello Aleksandar
On 3/17/2016 6:00 PM, Aleksandar Lazic wrote:
Okay I'm now lost 8-O
please can anyone help me to understand how the flow works.
1st Request
client -> ssl handshake -> haproxy server 1 (tls ticket?!)
2nd Request
Same
Hi all,
replying really quickly from a webmail, sorry for the lack of details
> [...]
> I also ran 2 parallel "ab" on two separate machines against a third
> one.
> The requests per second were around ~70 r/s per host instead of ~140.
> So
> I doubt it's a entropy problem.
The issue is in your
Hello,
I am in the middle of a project where I have to setup a couple of load
balancers to allow load balancing traffic to some web app servers and to
provide an easy way to swap out some other resources. I have spent a lot of
time researching options and I settled on HAProxy with Keepalived
On Fri, Mar 18, 2016 at 5:39 AM, Zachary Punches
wrote:
> Here is a quick grab of our log with the SSL errors. This just happened,
> if you check the timestamps before and the SSL handshake you can see the
> hang
>
> Mar 17 18:37:16 localhost haproxy[28703]:
Hi all,
We have implement a very simple haproxy
1 web site on 2 apps server.
Question:
How do you do this, my objective is to have the simplest solution four our QA
users.
Need:
Our QA team what to reach app1 and app2 to validate each application server.
I know we can do a simple haproxy
This e-mail I got from your website: http://sock-raw.org
You write that you are engaged in network security.
I'm looking for products to protect computer networks LANthat I could sell in Poland (European Union).
I work in marketing and computer science for 17 years in the capital,
On 17/03/2016 12:26 μμ, Nenad Merdanovic wrote:
> Hello Gary,
>
> On 3/17/2016 11:51 AM, Gary Barrueto wrote:
>>
>> While that would help a single server, how about when dealing with multi
>> servers + anycast: Has there been any thoughts about sharing ssl/tls
>> session cache between servers?
Hi.
On Mar 16, 2016 10:06 PM, "Willy Tarreau" <
>
> Here I don't know. TLS handshakes are one large part of what made me think
> that we must go multi-threaded instead of multi-process over the long
term,
> just because I want to be able to pin some tasks to some CPUs. Ie when TLS
> says
On Thu, Mar 17, 2016 at 12:46 PM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Thu, Mar 17, 2016 at 11:14 AM, Zachary Punches
> wrote:
>
>> I wanna say average is like 4-6 connections a second? Super minimal
>>
>> From what I’ve seen in the logs during the
On Fri, Mar 18, 2016 at 1:38 PM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Fri, Mar 18, 2016 at 12:04 PM, Zachary Punches
> wrote:
>
>> Yeah port 1027 is used for health checks over SSL.
>>
>> This HAP forwards requests off to our databases. The
Yeah port 1027 is used for health checks over SSL.
This HAP forwards requests off to our databases. The databases have a string in
a table that indicates that the HAP instance can move all the way through the
entire process before it lights as green.
Our health checks in route 53 are setup to
2016-03-17 20:48 GMT+01:00 Aleksandar Lazic :
> Hm I'm not sure if understand this right.
> I will try to repeat just to check if I have understand it righ.
>
> http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#5.1-tls-ticket-keys
>
> #
> frontend ssl
> bind
Hi all,
I would like to announce a statistics collector program for HAProxy.
Key features:
- Support of multiprocess mode of HAProxy (nbproc > 1)
- Ability to pull statistics at very low intervals even when there
are thousands for servers/backends.
It has been already used in production
I’m not, these guys aren’t sitting behind an ELB. They sit behind route53
routing. If one of the proxy boxes fails 3 checks in 30 seconds (with 4 checks
done a second) then Route53 changes its routing from the first proxy box to the
second
On 3/15/16, 9:46 PM, "Baptiste"
On 2016-03-17 00:14, Nenad Merdanovic wrote:
Hello,
On 3/16/2016 6:25 PM, Christian Ruppert wrote:
Some customers may require 4096 bit keys as it seems to be much more
decent than 2048 nowadays. So you may be limited here. A test with a
2048 bit Cert gives me around ~770 requests per second,
Hi,
We are using -p option to save the pid of HAProxy. When a new HAProxy is
received, we use -st pid option to reload HAProxy.
The issue we are having is that -st option sometimes does not kill the
old process.
An example would be:
root 372 1 0 03:22 ?00:00:00 haproxy -p
On Fri, Mar 18, 2016 at 12:04 PM, Zachary Punches
wrote:
> Yeah port 1027 is used for health checks over SSL.
>
> This HAP forwards requests off to our databases. The databases have a
> string in a table that indicates that the HAP instance can move all the way
> through
Indeed - I hardcode the frontend_name in the .cfg (instead of using
%f), and it works.
Thanks much!
On Fri, Mar 18, 2016 at 3:30 PM, Cyril Bonté wrote:
> Hi Jim,
>
> Le 18/03/2016 21:52, Jim Freeman a écrit :
>>
>> I'm trying to add a header only if the last occurrence of
On 2016-03-16 17:56, Lukas Tribus wrote:
Some customers may require 4096 bit keys as it seems to be much more
decent than 2048 nowadays.
I've not come across any recommendations pointing in that direction, in
fact 2048-bit RSA are supposed to be safe for commercial use until
2030.
I don't
I wanna say average is like 4-6 connections a second? Super minimal
From what I’ve seen in the logs during the SSL errors, the log hangs then
outputs a bunch of SSL errors all at once.
Here it the output from sysctl –p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
Hello Aleksandar
On 3/17/2016 6:00 PM, Aleksandar Lazic wrote:
> Okay I'm now lost 8-O
>
> please can anyone help me to understand how the flow works.
>
> 1st Request
> client -> ssl handshake -> haproxy server 1 (tls ticket?!)
>
> 2nd Request
> Same client -> ssl handshake -> haproxy server 2
On Fri, Mar 18, 2016 at 03:04:43PM +0100, Dennis Jacobfeuerborn wrote:
> > You don't need, just use the proxy protocol :
> >
> >listen secure
> > bind :443 ssl crt foo.pem process 2-32
> > mode tcp
> > server clear 127.0.0.1:81 send-proxy-v2
> >
> >frontend clear
> >
Hi there!
Do you have any best practices manual for haproxy?
Thanks in advance,
--
*Francesc Tost Mons*
Hi,
this is rather HAProxy unrelated so more a general problem but anyway..
I did some tests with SSL vs. non-SSL performance and I wanted to share
my
results with you guys but also trying to solve the actual problem
So here is what I did:
haproxy.cfg:
global
user haproxy
54 matches
Mail list logo