do using faked cookie persistence and a map.
It is much simpler than a lot of if/then/else in LUA.
Baptiste
On Tue, Jun 2, 2015 at 3:59 AM, Mrunmayi Dhume mrunmayi.dh...@yahoo.com wrote:
Hello,
Thanks for all your help. Any rough estimate on when the patch for doing DNS
resolutions during
, using the agent-check for this purpose.
Baptiste
of this application :)
Baptiste
you confirm this is a typo or you did not forward
all your configuration?
Baptiste
state.
Baptiste
On Mon, May 18, 2015 at 10:12 AM, Yves Van Wert yve...@gmail.com wrote:
Hi Baptiste,
when i made the post to the list we were still running haproxy 1.4. I've
upgraded yesterday to 1.5 but still notice the same behaviour.
The backend config is :
backend weblogic-tpc
Hi Peter,
Which HAProxy version are you running?
what's your whole configuration settings?
Baptiste
On Wed, May 20, 2015 at 12:18 PM, Peter BUtler
peter_butler1...@outlook.com wrote:
Sorry, I pressed send a little early on this. MOre information
backend https_mysite
mode http
Is there any way to control the frontend in that kind of way, that it does
not listen on the assigned interface/port, when all backends are down?
you can write your own script which reads haproxy stats socket and
then stop/disable the frontend if all the backends are down.
Baptiste
|
| |
sso01 sso02
||
web01 web02
Hi Glenn,
Are sso01 and web01 runnig on the same server / same IP address?
Baptiste
and report any issue?
(it's simply a test and should not be used in any case as a workaround!)
Baptiste
Hi Pavlos,
Thanks a lot for the great work!
I'm going to have a look at it as soon as possible :)
Baptiste
On Wed, May 13, 2015 at 12:00 AM, Pavlos Parissis
pavlos.paris...@gmail.com wrote:
Hi all,
I have pushed to github a tool which I call haproxytool that can be used
to perform the most
On Wed, May 13, 2015 at 2:16 PM, Krishna Kumar (Engineering)
krishna...@flipkart.com wrote:
Hi Baptiste,
Thank you very much for the tips. I have nbproc=8 in my configuration. Made
the
following changes:
Added both bind and tune.bufsize changeresult -
works
is the good way to go, simply increase your maxconn, unless
there is a good reason for it to be as low as 2.
Baptiste
to.
Baptiste
On Wed, May 6, 2015 at 7:15 AM, Krishna Kumar (Engineering)
krishna...@flipkart.com wrote:
Hi Baptiste,
On Wed, May 6, 2015 at 1:24 AM, Baptiste bed...@gmail.com wrote:
Also, during the test, the status of various backend's change often
between
OK to DOWN,
and then gets back to OK
in the logfile that connections are also
being sent to server03 04. Any idea on how this is possible ?
thanks
Yves
Hi Yves,
Please share you logs as well :)
Baptiste
you have here,
please share your information.
Baptiste
On Wed, May 6, 2015 at 11:38 AM, Danijel Starman theghost...@gmail.com wrote:
Hi,
I believe Willy mentioned that HTTP/2 support is being worked on, I
assume for 1.6 version.
--
*blap*
On Wed, May 6, 2015 at 11:04 AM, Krishna Kumar
that
backend from my setup and use dedicated systems, after which the original
configuration without specifying source port is working, no connection
flaps
now.
Thanks,
- Krishna Kumar
How much performance do you have now?
Baptiste
sysctls.
Baptiste
Veiko,
The question is how do you set your constant, what piece of
information do you use from the traffic or whatever?
Then we may help you.
Baptiste
On Wed, Apr 29, 2015 at 9:18 AM, iain expat.i...@gmail.com wrote:
On 29/04/15 04:26, Baptiste wrote:
Hi,
You need to enable the check-ssl on the server line.
In your case haproxy sends a check in clear, while the server expects a
ciphered connexion.
That's correct, because I am trying
on the SSL side do not
cleanly complete. Can someone show me exactly where I am making an error
in here?
Hi,
You need to enable the check-ssl on the server line.
In your case haproxy sends a check in clear, while the server expects a
ciphered connexion.
Baptiste
Hi yves,
Could you tell us which application server are you using?
(For offline consulting of the answer)
Baptiste
Le 27 avr. 2015 07:01, Yves Van Wert yve...@gmail.com a écrit :
Hi Baptiste,
that did the trick ! Thank you for your assistance
Yves
On Sat, Apr 25, 2015 at 4:35 PM
Hi,
I reported this issue to Willy already and latest snapshot includes a fix:
http://git.haproxy.org/?p=haproxy.git;a=commit;h=e91ffd093e548aa08d7ccb835fd261f3d71ffb17
run a git pull or git clone ;)
Baptiste
On Fri, Apr 24, 2015 at 5:58 PM, CJ Ess zxcvbn4...@gmail.com wrote:
Its possible
Hi Yves,
proxy protocol is your friend. But the server must be compatible.
http://blog.haproxy.com/haproxy/proxy-protocol/
Baptiste
On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote:
hi list,
Is there any way to get the client ip passed through to the backend servers
maybe the server refuses sslv3...
Can you disable sslv3 on the server side?
Baptiste
On Thu, Apr 23, 2015 at 3:38 PM, i...@linux-web-development.de wrote:
I've checked again, but the time on those servers is correct..
On 2015-04-23 14:16, Daniel Schneller wrote:
Have you checked the time
Sometimes during the test, I also see many nf_conntrack: table full,
dropping
packet messages on the host system.
First, increase conntrack table size with the following sysctl
net.netfilter.nf_conntrack_max=655360
run your test again and report the reslut here
Baptiste
Hi Krishna,
Maybe you could be more verbose on your application, architecture, etc...
also which haproxy version, share your configuration, etc...
Cause we can't answer you, I'm sorry!
Baptiste
On Tue, Apr 21, 2015 at 9:59 AM, Krishna Kumar (Engineering)
krishna...@flipkart.com wrote:
Hi all
only the timeout client being changed to 10s
and for the rest to keep their initial values. If not then we would end up
writing duplicate blocks.
Thanks,
Igor
Hi Igor,
A new defaults section erases all parameters already set.
Then the new section update its default parameters.
Baptiste
, it does not depends only on HAProxy, but also on your openssl library.
If the library is able to take advantage of such device, then haproxy
will perform better.
Baptiste
Hi Thibault,
You can contact haproxy.com, we have a nice GUI and an API on top of
HAProxy in our ALOHA appliance.
And we speak French :)
Just give a call and ask to speak to Sean (+33 1 30 67 60 74)
Baptiste
On Mon, Apr 13, 2015 at 4:55 PM, Thibault Labrut
thibault.lab...@enioka.com wrote
missing the parameter on-marked-down shutdown-sessions on your
server lines.
It will kill sessions established on a server when it is marked as
DOWN by the health checking.
Baptiste
unfortunately, for now you'll have to repeat the acl in each frontend :)
Baptiste
On Tue, Apr 7, 2015 at 9:14 PM, Florin Andrei flo...@andrei.myip.org wrote:
I have a few ACLs that are identical for several frontends. I tried to
define the ACLs in the defaults section, but I got an error
, and to be sure
we'll find the header, I've added the inspect delay which accept the
request once the buffer is confirmed to contain HTTP.
Baptiste
On Tue, Apr 7, 2015 at 12:33 PM, Klavs Klavsen k...@vsen.dk wrote:
Back from easter vacation :)
Baptiste wrote on 03/25/2015 10:30 AM:
Hi,
some useful
Haproxy closes the connection with an RST.
Baptiste
Le 9 avr. 2015 16:54, Pavlos Parissis pavlos.paris...@gmail.com a
écrit :
On 09/04/2015 02:52 μμ, Dieter van Zeder wrote:
Here's the the stripped-down configuration. Http-server-close is
required in order to use leastconn. The frontend
On Mon, Apr 6, 2015 at 2:54 PM, Evgeniy Sudyr eject.in...@gmail.com wrote:
Btw, where Pavlos reported his test results? There in list or somewhere else?
On this ML.
Pavlos was running Linux ;)
Baptiste
,
HAProxy won't do it on behalf of it.
So please confirm first the browser can use any of the listed IP
without using HAProxy.
Then we'll dig into your issue...
Baptiste
On Fri, Apr 3, 2015 at 2:05 AM, Hongyi Zhao hongyi.z...@gmail.com wrote:
On Thu, 02 Apr 2015 15:04:09 +0200, Baptiste wrote
Hi Claudio,
Yes, you can trust Vincent's job :)
Baptiste
On Thu, Apr 2, 2015 at 8:47 AM, Claudio Ruggieri
claudio.ruggi...@inetworking.it wrote:
Dear Cyril,
I updated haproxy to 1.5.11 via ppa. The behaviour is what expected.
All seams fine now.
Vincent's ppa is maintained? Is safe to use
[ hongyi.zhao AT gmail.com ] Free as in Freedom :.
Hi Hongyi,
What happens if you brows directly one of the IP address???
Baptiste
I'll have to find a way to code buffer overflows in LUA!
Baptiste
in the
packet captured?
Baptiste
Hi Matt,
The issue with LDAP, is that it is not a banner protocol.
So either you check the TCP port is well bound on the server for a
simple L4 check, for L7, you don't have the choice, you must send a
message and check the server's result.
Baptiste
On Tue, Mar 31, 2015 at 9:53 AM, Matt
I think they play with their syslog server to detect a check from real
traffic and prevent the syslog server to log the checks.
Baptiste
On Tue, Mar 31, 2015 at 11:33 AM, Matt . yamakasi@gmail.com wrote:
Hi Baptiste,
Yes I've seen it also and never got around large logs.
What do most
prefer a
send-as-binary REQUEST_METHOD = GET
)
these and many others could be shipped with haproxy.
this seems to make sense to me as they are small contained logical items
Neil
Hi Neil,
Both contributions are interresting!
Let's wait for other people feedback.
Baptiste
to highlight the most important point, from my point of view:
Requests/sec: 438828.20
nice job man!
Baptiste
you should believe it :)
On Mon, Mar 30, 2015 at 11:34 PM, Neil - HAProxy List
maillist-hapr...@iamafreeman.com wrote:
Hello
Thanks so much. That worked well, I now get
L7OK/0 in 0ms
not sure I believe the 0ms but maybe I should
Thanks again,
Neil
On 30 March 2015 at 22:14, Baptiste
authentication
tcp-check expect binary 0a0100 # bind response + result code: success
tcp-check send-binary 30050201034200 # unbind request
Note for myself: put this tip on the blog..
Baptiste
Matt,
I won't do your configuration since I have no idea what you want to do.
Share what you did exactly, share more information about the issues
(logs, etc...) and we may help.
Baptiste
On Sun, Mar 29, 2015 at 3:53 PM, Matt . yamakasi@gmail.com wrote:
Hi,
I have tried all, also TCP
, stats page, etc...)
Baptiste
a hard one in this case ?
Thanks,
Matt
Hi,
Are you using mode tcp ?
could you share your configuration?
any error message provided by any equipement involved in your setup?
Baptiste
Hi,
No HAProxy won't do this.
Instead, if you could explain us clearly what is your problem, we may
be able to help you.
For now you just explain what you tried to achieve.
Baptiste
On Sun, Mar 29, 2015 at 3:33 PM, Abdelouahed Haitoute
ahaito...@rinis.nl wrote:
I think I've found the issue
, but still fairly well.
Any insight on the usage of the stick table here would be appreciated!
Hi Michael,
Can you add the 'nopurge' option on your stick-table statement and
tell us if that fixes your issue?
Baptiste
Use hyperv and a linux VM inside.
It works pretty well :)
Baptiste
On Fri, Mar 27, 2015 at 12:50 PM, Simon Dick sim...@irrelevant.org wrote:
I'm afraid Windows isn't a supported platform, please see
http://www.haproxy.org/#plat
On 26 March 2015 at 21:38, Abhijit Damle abhijit.da...@beca.com
, the roadmap, the wish list, the ecosystem (third
party tools you use around HAProxy), etc..., just send me a mail!
If you simply want to drink a beer or a coffee and discuss about anything
but HAProxy, this is also possible !!!
Baptiste
of the Host header, etc...
So we could discuss the options here, then we'll be able to code
something I guess...
Baptiste
Hi,
some useful examples can be taken from this blog post:
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
Just replace src by hdr(X-Forwarded-For).
Baptiste
On Tue, Mar 24, 2015 at 5:58 PM, Jarno Huuskonen jarno.huusko...@uef.fi wrote:
Hi
be forced in HAProxy's configuration using the directive 'id'.
You may even be able to convert a backend id to a string using a map:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#map
Baptiste
On Tue, Mar 24, 2015 at 8:36 PM, Martin Nikolov
martin.martinniko...@gmail.com wrote:
Hi
(HW, VM, capacity, etc...).
Baptiste
on cpu/ram/nic, etc...
Also, please remove this statement:
option http-server-close
replace by the two following ones:
option http-keep-alive
option prefer-last-server
Baptiste
between each HTTP request.
You should get much better performance, but it depends on your traffic pattern.
Baptiste
On Thu, Mar 19, 2015 at 6:30 PM, Baptiste bed...@gmail.com wrote:
On Thu, Mar 19, 2015 at 1:37 PM, Saurab t saurabh.tiwari@gmail.com
wrote:
Hello Willy,
Thanks you
haproxy group haproxy
Same on server line:
server clear /var/lib/haproxy/test send-proxy user haproxy group haproxy
Hope this helps.
Baptiste
Hi Sean,
You may find some useful information here:
http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/
and here:
http://blog.haproxy.com/2013/02/26/ssl-offloading-impact-on-web-applications/
Baptiste
On Wed, Mar 18, 2015 at 3:39 PM, Sean Patronis spatro
Hi Sean!
You're welcome :)
I still have in my TODO list to contact you about your AVI network experience ;)
Talk to you soon.
Baptiste
On Wed, Mar 18, 2015 at 7:06 PM, Sean Patronis spatro...@add123.com wrote:
Baptiste,
Thanks for the links, I had run across them earlier this morning in my
-2015 Lua.org, PUC-Rio
Thanks!
-Joe
Hi Joe,
You're missing an LDFLAGS=-ldl.
More information on this blog page, including some quickstart code example:
http://blog.haproxy.com/2015/03/12/haproxy-1-6-dev1-and-lua/
Baptiste
called in a lua script:
http://blog.haproxy.com/2015/03/12/haproxy-1-6-dev1-and-lua/
Bascally, in your lua script, you can recover the client Ip address like this:
local clientip = txn.f:src()
Baptiste
Hi, thanks for the reply
2.9.6
Proxy protocol is available in Postfix since version 2.10:
http://blog.haproxy.com/haproxy/proxy-protocol/
Baptiste
to persistence.
More information on this blog post:
http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
There is no rule, either A or B could get more requests.
Baptiste
Let me rephrase this: your version of postfix is too old and does not
include the proxy protocol.
Please use postfix 2.10 or above.
Baptiste
On Mon, Mar 16, 2015 at 4:26 PM, adcd gmail adcd...@gmail.com wrote:
I read this but I dont understand how it is related to postfix not knowing
this is due to either chroot or rights on the socket.
Check the user and mode parameters of both your bind and server
descritption.
Also ensure the unix socket is available in a chroot environment, if any.
Baptiste
HAProxy.
Soon, HAProxy will perform DNS resolution to kept updated on the fly
of server IP address changes.
Baptiste
I love it !
Just wrote, as a proof of concept, a forward proxy...
That said, it seems my lua script is blocking... I mean, if the
remote server is slow to deliver the response, then HAProxy doesn't
process any other request or response.
Baptiste
a couple of missing ifdef for openssl prevent to build LUA without SSL enabled.
This patch fix it.
Baptiste
0002-FIX-missing-ifdef-related-to-SSL-when-enabling-LUA.patch
Description: Binary data
When we try to execute the txn.get_headers function in a TCP mode
frontend or backend, then HAProxy segfaults.
Baptiste
0001-fix-a-segfault-in-txn.get_headers.patch
Description: Binary data
how do you pass arguments to a lua function?
Imagine I want to call the following lua function: function download
(host, file)
Baptiste
Great news, congratulation Thierry!
Baptiste
, hlua_socket_connect);
hlua_class_function(gL.T, send,hlua_socket_send);
hlua_class_function(gL.T, receive, hlua_socket_receive);
Baptiste
On Sun, Mar 1, 2015 at 6:22 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Hi Tierry,
Huge work ! I've not played with it yet
On Sat, Feb 28, 2015 at 9:03 AM, Baptiste bed...@gmail.com wrote:
On Sat, Feb 28, 2015 at 8:42 AM, Vivek Malik vivek.ma...@gmail.com wrote:
Hi Baptise,
Using set-map on the stats socket gives the expected result (except
that I can't use functions there). set map motion.map monday 12345 did
, I'm digging into it.
Baptiste
On Fri, Feb 27, 2015 at 12:04 PM, Dmitry Sivachenko trtrmi...@gmail.com wrote:
On 27 февр. 2015 г., at 11:52, Baptiste bed...@gmail.com wrote:
On Fri, Feb 27, 2015 at 9:02 AM, Dmitry Sivachenko trtrmi...@gmail.com
wrote:
On 27 февр. 2015 г., at 2:56, Baptiste bed...@gmail.com wrote
the 'stick store-response' when an error is returned by
the server and track it when traffic comes in with the in_table fetch.
This may require you to switch to HAProxy 1.6-dev.
Baptiste
On Fri, Feb 27, 2015 at 9:02 AM, Dmitry Sivachenko trtrmi...@gmail.com wrote:
On 27 февр. 2015 г., at 2:56, Baptiste bed...@gmail.com wrote:
On Thu, Feb 26, 2015 at 3:58 PM, Dmitry Sivachenko trtrmi...@gmail.com
wrote:
Hello!
Given the following configuration
backend BC
option
has a free slot
b1 and b2 will be used when ALL s1, s2 and s3 will be operationnaly DOWN.
2) nbsrv(BC) will be still equal to 3 because checks for s1, s2 and s3 still
succeed
nope, nbsrv is 5, since b1 and b2 should be counted as well.
Baptiste
,
Yes, this is normal and by design.
Baptiste
Hi Mathieu,
There is no such MIB for HAProxy.
Baptiste
On Wed, Feb 25, 2015 at 4:17 PM, Mathieu Sergent
mathieu.sergent...@gmail.com wrote:
Hi,
I want to know if a MIB for HAProxy is available ?
Regards,
Mathieu
=haproxy.git;a=blob_plain;f=src/sample.c;hb=HEAD
and with the upper and lower and any other converter functions.
Baptiste
.
Baptiste
Guys,
This is not an HAProxy related question, but more a system question.
simply test your configuration with -c and redirect stderr to a text
file in /var/log/ and you're done!
Baptiste
On Tue, Feb 17, 2015 at 2:57 PM, Cohen Galit galit.co...@comverse.com wrote:
Hello HAProxy team,
We
We can verify this quickly :
- using haproxy 1.5.5 and later, remove option http-server-close. It will
default to option http-keep-alive, and see if it's better.
Don't forget to enable option prefer-last-server as well to ensure
you'll keep the same connection.
Baptiste
:)
Baptiste
rules and simple
header addition.
That said should not be there for 1.6...
Baptiste
HTTP request
with tcp-check send and matching with two consecutive tcp-check expect
rules:
tcp-check expect string HTTP/1.1\ 200\ OK
tcp-check expect ! string healthStatus:Unhealthy
Baptiste
on frontends and binds.
Your hardware knows the limit :)
Baptiste
haproxy should report the reason of the fail in a log line, which
can be easily anonymized.
Please share with us these logs information.
Baptiste
On Thu, Feb 12, 2015 at 9:23 PM, chris...@endlessnow.com wrote:
Is there a problem with health checks and haproxy? Again, using a
machine
gun approach on the health check service, we see no problems, but for
whatever reason, occasionally (maybe 1 out 10, could be more), the
haproxy
tcp
...
In the blog article, I did not mention the global section because it
is not visible by our customer in our appliances.
That said, I should update the article as proposed.
Baptiste
On Wed, Feb 11, 2015 at 3:55 AM, Tod Schmidt tschmi...@yahoo.com wrote:
Wow, thanks for that response. That makes total
tod,
You're missing a global section and a maxconn into this section.
By default, HAProxy allows only 2000 connection on the process and
you're running our of free connections.
Please add this in your production server and report us how it works:
global
maxconn 2
Baptiste
lines generated by your HAProxy?
Both traffic and events.
Baptiste
On Mon, Feb 9, 2015 at 9:50 PM, Shawn Heisey hapr...@elyograg.org wrote:
On 2/9/2015 1:08 PM, Baptiste wrote:
could you define what you mean by heavy ?
What type of web application do you host?
How many req / conn per second do you expect?
When doing SSL, the CPU is not enough, the memory
of web application do you host?
How many req / conn per second do you expect?
When doing SSL, the CPU is not enough, the memory also matters.
Baptiste
,
prefixing and/or for sticky session purposes.
Is there a way to get haproxy just set a simple uuid cookie if
one isn't there?
Thanks,
Alberto
Hi Alberto,
You may be able to do something with the http-response set-header and
the rand fetch.
Baptiste
without explaining us the problem.
So it's hard to help.
Baptiste
501 - 600 of 1451 matches
Mail list logo
