Re: Timing out FIN_WAIT_2 connections under 1.5.14

Hi Richard, On Tue, Jan 17, 2017 at 05:27:22PM +1300, Richard Gray wrote: > tcp_fin_timeout is set to 60 seconds on my system, but as I understand it, > this parameter only applies to orphaned connections. In this case, HAProxy > appears to be holding the socket open, so still has responsibility

Hitting rate limit?

Hi all, I seem to hitting some kind of bottleneck at about 4k req/s and I’m not able to find the cause. I have HAproxy 1.7.2 installed on Ubuntu 16.04.1, VM with 8 cores, 2GB RAM, 1 Gbps networking. Testing with ab cannot get past ~4K req/s. Hitting the backend directly can yield 8-10K without

Re: Timing out FIN_WAIT_2 connections under 1.5.14

Hi Willy, Thanks for getting back to me, and thank you for HAProxy - it is one of my favourite pieces of software. I've done a bit more digging, and have figured out how to reproduce the behaviour. On 2017-01-16 23:54, Willy Tarreau wrote: I notice here that the connection takes 35 minutes

haproxy consuming 100% cpu - epoll loop

So on one of my local development machines haproxy started pegging the CPU at 100% `strace -T` on the process just shows: ... epoll_wait(0, {}, 200, 0) = 0 <0.03> epoll_wait(0, {}, 200, 0) = 0 <0.03> epoll_wait(0, {}, 200, 0) = 0 <0.03>

RE: Issue with windows IE 11 and Edge

Just using the haproxy, not including the CDN - I am able to reproduce the problem. It appears that for some reason, the JSESSIONID cookie just disappears and an new one gets created. I've looked through the logs and I am not seeing any of the backend servers going offline. Strangely enough I

Re: Need help to reolsve haproxy issue

I've not personally had any issues with systemd which I know doesn't mean there isn't any... However, on closer inspection, it gets started through a wrapper "haproxy-systemd-wrapper" for me : [Unit] Description=HAProxy Load Balancer After=network.target [Service]

Re: Need help to reolsve haproxy issue

Might be a systemd dependency issue, where the socket is not created before the process is started. Baptiste On Mon, Jan 16, 2017 at 4:46 PM, Aaron West wrote: > Hi Praveen, > > Am I right in assuming it's a socket for the stats page? Also what user is > starting

Re: Need help to reolsve haproxy issue

Hi Praveen, Am I right in assuming it's a socket for the stats page? Also what user is starting HAproxy because maybe it doesn't have permissions to create the socket? We might need your whole config or at least the GLOBAL section... Aaron West Loadbalancer.org Limited +44 (0)330 380 1064

Re: Need help to reolsve haproxy issue

There are some very knowledgeable people on this list so I'm sure someone can help, however, what might the problem actually be? Aaron West Loadbalancer.org Limited +44 (0)330 380 1064 www.loadbalancer.org On 16 January 2017 at 15:32, Praveen Koppula wrote: >

Re: Need help to reolsve haproxy issue

Some content was missing. Adding again. When we reboot our machine (Where haproxy installed) teh haproxy going to be down and it's not starting after machine boot. When we force to start haproxy service getting below error. Error: Starting haproxy [ALERT] 047/083514 : Starting frontend GLOBAL:

Need help to reolsve haproxy issue

Can you please help me on this. Haproxy version is : 1.5.4-2.1 Thanks in advance

[PATCH] MEDIUM: boringssl: support native multi-cert selection without bundling

for 1.8dev with build fix for boringssl 0001-MEDIUM-boringssl-support-native-multi-cert-selection.patch Description: Binary data

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

On Fri, Jan 13, 2017 at 06:11:55PM +0100, Emmanuel Hocdet wrote: > for 1.8dev now applied, thanks. Willy

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

Hi Willy, I look another change. A fix (or not?) can be out of this patch. @@ -3851,39 +3861,41 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag) return 0; } else if (ret == SSL_ERROR_SYSCALL) { -#if

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

On Mon, Jan 16, 2017 at 12:17:39PM +0100, Emmanuel Hocdet wrote: > > I think this one is wrong : > > > > @@ -6769,13 +6779,12 @@ static struct cli_kw_list cli_kws = {{ },{ > > #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) > > { { "show", "tls-keys", NULL }, "show

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

Hi Willy, > Le 16 janv. 2017 à 11:08, Willy Tarreau a écrit : > > Hi Manu, > > From: Emmanuel Hocdet > Date: Fri, 13 Jan 2017 17:48:18 +0100 > Subject: [PATCH] BUILD: ssl: fix to build (again) with boringssl > > Limitations: > . disable force-ssl/tls (need more

Re: Timing out FIN_WAIT_2 connections under 1.5.14

Hi Richard, On Mon, Jan 16, 2017 at 11:40:57PM +1300, Richard Gray wrote: > Hi All, > > I'm using HAProxy 1.5.14 (the packaged version on CentOS 7.2) to front an > IMAP proxy service, and I've noticed I'm getting quite a lot of connections > in FIN_WAIT_2. For example, here are the totals for

Re: Add agent-host configuration directive and allow changing it and agent-send via socket/CLI

Hi! On Mon, Jan 16, 2017 at 10:57:12AM +0100, Micha?? wrote: > Hello! > Thank you for reviewing. For me agent-addr looks better too, I hope it > won't > be confused with "addr" directive. > > So here are patches with "agent-addr" changes and I added extebded commit > messages to code commits. >

Timing out FIN_WAIT_2 connections under 1.5.14

Hi All, I'm using HAProxy 1.5.14 (the packaged version on CentOS 7.2) to front an IMAP proxy service, and I've noticed I'm getting quite a lot of connections in FIN_WAIT_2. For example, here are the totals for each state on my system right now: $ netstat -an | awk '/tcp/ {print $6}' | sort |

Re: HTTP 429 Too Many Requests (tarpit deny_status)

Hi Jarno, On Fri, Jan 13, 2017 at 07:28:38PM +0200, Jarno Huuskonen wrote: > This is my first attempt in adding deny_status to: > http-request tarpit [deny_status ] > > First patch updates parse_http_req_cond so config parser accepts > [deny_status ] for http-request tarpit (and sets >

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

Hi Manu, From: Emmanuel Hocdet Date: Fri, 13 Jan 2017 17:48:18 +0100 Subject: [PATCH] BUILD: ssl: fix to build (again) with boringssl Limitations: . disable force-ssl/tls (need more work) should be set earlier with SSL_CTX_new (SSL_CTX_set_ssl_version is removed) . disable

Re: Add agent-host configuration directive and allow changing it and agent-send via socket/CLI

Hello! Thank you for reviewing. For me agent-addr looks better too, I hope it won't be confused with "addr" directive. So here are patches with "agent-addr" changes and I added extebded commit messages to code commits. I wrote "Can be backported", because those are not bugfix'es, because they

Your Website Our Responsibility: Haproxy.Org

Hi HaproxyTeam, Hope this email brings you better business opportunity. After comparing your website performance with your competitors, we gathered few factors which are affecting your site while promotion. In order to avoid such hurdles, you should always be prepared to overcome new updates by