I didn't know about the curves parameter, and i don't see performance
regression with it. I don't really understand why this kind of parameter
can influence certs loading time.
Hervé.
Le 23/05/2018 à 15:08, Emmanuel Hocdet a écrit :
> Hi Hervé,
>
>> Le 22 mai 2018 à 10:31, Her
Hello HAProxy ML,
I tracked down a performance regression about loading bunch of
certificates, at least 3x to 5x more time for loading 10 certs since
this commit
http://git.haproxy.org/?p=haproxy-1.8.git;a=commitdiff;h=f6b37c67be277b5f0ae60438d796ff29ef19be40
This regression is 1.8 specific,
;
}
else {
/* Clear openssl global errors stack */
On Fri, May 22, 2015 at 10:50 AM, Hervé Commowick her...@gmail.com wrote:
Hey Willy,
I confirm his patch work as expected, it just need to be modified a bit to
apply on 1.5, but not a big deal.
Hervé.
On Fri
Hey Willy,
I confirm his patch work as expected, it just need to be modified a bit to
apply on 1.5, but not a big deal.
Hervé.
On Fri, May 22, 2015 at 10:28 AM, Willy Tarreau w...@1wt.eu wrote:
Hi Hervé,
On Fri, May 22, 2015 at 09:10:36AM +0200, Hervé Commowick wrote:
As a temporary
Hello,
I encounter a problem with dhparam configuration, if i have 2 bind lines, a
tune.ssl.default-dh-param 2048, and a custom group dhparam in one of the
pem file, ALL bind lines will use 1024, the one with the custom group will
work as expected, and the one without will use the default Oakley
is not so nice, base syslogd support up
to 1024, so maybe we should stick to 1024 only for us.
BTW, i think the best should also be to support configurable value in
configuration, like a tune.syslog.maxlength or something like that.
Hervé.
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http
gzip compression.
Gzip compression has been added to the latest uploads.
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group http://www.lizeo-online-media-group.com/
42 quai Rambaud - 69002 Lyon (France) ⎮ ☎ +33 (0)4 26 99 03 77
need to update the documentation.
Regards,
Hervé.
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group http://www.lizeo-online-media-group.com/
42 quai Rambaud - 69002 Lyon (France) ⎮ ☎ +33 (0)4 26 99 03 77
, if any, direct or indirect.
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group http://www.lizeo-online-media-group.com/
42 quai Rambaud - 69002 Lyon (France) ⎮ ☎ +33 (0)4 26 99 03 77
OCSP is obviously enabled, but not ocsp stapling.
On 11/07/2012 05:18 PM, joris dedieu wrote:
2012/11/7 Hervé COMMOWICK herve.commow...@lizeo-group.com:
As of now, on client side, it is only working on IE9 (not before not
after) and Opera, not so common...
It's enable in Firefox for a long
/
stats auth user:secret
Kevin C.
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group http://www.lizeo-online-media-group.com/
42 quai Rambaud - 69002 Lyon (France) ⎮ ☎ +33 (0)4 63 05 95 30
it so it ended up with the same name).
There was a bug affecting the combination of accept-proxy + ssl which
I just fixed.
Regards,
Willy
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group http://www.lizeo-online-media-group.com/
42 quai
. mod_gnutls in our case) would need to be
configured on the backend to permit ssl resume.
But how do you go about distributing traffic to a ssl form
without losing the client IP?
/Allan
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group http
No, you may have multiple stud.
On 05/23/2012 04:12 PM, Allan Wind wrote:
On 2012-05-23 11:42:24, Hervé COMMOWICK wrote:
Or you may use PROXY protocol and set send-proxy in your haproxy
configuration and ask stud to merge this :
https://github.com/bumptech/stud/pull/81
This is the single ssl
ip and this is now
moved to haproxy2.
Is it
possible to not lose the established session between the client and the backend
in this case?
I have tried this but the session is disconnected, unfortunately.
Thanks in
advance
Br
Joakim
--
Hervé COMMOWICK
.
Thanks,
Ran
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
As i say, it is not yet released, get the snapshot or wait a week.
Hervé.
On Thu, 9 Jun 2011 17:43:51 +0800
Igor j...@owind.com wrote:
Can't find 1.4.16 at http://haproxy.1wt.eu/download/1.4/src/ ?
Bests,
-Igor
2011/6/9 Hervé COMMOWICK hcommow...@exosec.fr:
Hello Matt,
You
reqadd X-Country:\ nz if ipcc_nz
With haproxy and these lists, it is fast and easy to add the country
info to requests.
Is anyone else doing something similar?
Or other sources for this or other similar types of info?
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3
On Wed, 09 Mar 2011 00:40:12 -0800
Joel Krauska jkrau...@gmail.com wrote:
Has anyone worked out a way to get HAProxy to output logging in an
Apache Combined Log Format?
Most log analysis tools out there already speak Apache log format and
I was hoping to avoid writing a parser for what is
at tcp/ip level, so no application knowledge
would be needed.
I hope that things are clearer now :)
Regards,
L. Alberto Giménez
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40
PROTO=ESMTP
250 Ok
XFORWARD HELO=spike.porcupine.org
250 Ok
MAIL FROM:wie...@porcupine.org
250 Ok
RCPT TO:u...@example.com
250 Ok
DATA
354 End data with CRLF.CRLF
. . .message content. . .
.
250 Ok: queued as 3CF6B2AAE8
QUIT
221 Bye
--
Hervé COMMOWICK, EXOSEC (http
for your answer.
Regards,
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
need to use the http mode instead.
Does someone have a patch that allows using https on the backend?
If there's no such patch, how big changes it would require?
I might work on it if there's nothing ready yet..
Thanks!
-- Pasi
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr
like HAProxy httplog will fit and I don't
see any custom options for HAProxy logging (Perhaps I am missing
that?).
Has anyone ever plugged HAProxy logs into any analysis software
before that they might recommend?
Thank you,
Kyle Brandt
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr
1
balance uri len 128 depth 8
option srvtcpka
server p-01 10.x.x.x:80 maxconn 32 check inter 1
server p-02 10.x.x.x:80 maxconn 32 check inter 1
server p-03 10.x.x.x:80 maxconn 32 check inter 1
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr
)
Best regards
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
What do you mean by increase cookie size ?
On 07/07/2010 03:13 PM, Falco Schmutz wrote:
Hello,
Do you know if it s possible to increase cookie size in Listen
configuration
We used 1.4.8 Haproxy Release.
Many thanks
--
.
On 07/07/2010 04:52 PM, Falco Schmutz wrote:
I mean, there is no way to increase without global config
(tune.bufsize) ?
I juste want to increase one customers.
Le 7 juillet 2010 16:48, Hervé COMMOWICK hcommow...@exceliance.fr
mailto:hcommow...@exceliance.fr a écrit :
What do you mean
Hello Ben,
As discussed on IRC channel, you spot a regression on stick-table
introduced in 1.4.7, Willy send me the patch that fix that.
When you came back from sleeping, can you tell me if it works for you ?
(btw it works for me :))
Hervé.
On 06/16/2010 09:17 AM, Ben Congleton wrote:
Hi
Hello mgades,
Willy send me the patch who fix this bug.
It is good for me, can you test it on your configuration ?
On 06/16/2010 03:16 PM, Morten Gade Sørensen wrote:
Hi again
Just an update on this issue.
I had it crash instantly by telnetting on the CAS_smtp listener port
from the host
about not using ajax and haproxy together?
Like haproxy cut the url which can be very long with ajax call. Is
someone had experience problem . And what kind?
Thank you
NICOLE Emerik
Newbie french user of haproxy
eni-urge...@scan-eco.com
www.scan-eco.com
www.quickmed.fr
--
Hervé COMMOWICK
Hello,
On 05/21/2010 03:15 PM, eni-urgence wrote:
Hello all.
I discover haproxy few weeks ago and I want to thanks willy for his
very good product.
I'm planing to integrate haproxy to our dmz.
I want to use haproxy for loadbalancing heavy secure php/ajax
applications with cookie
Hi Chris,
You are using an old configuration template, let's go updating :
On 05/19/2010 12:10 PM, Chris Sarginson wrote:
[...]
defaults
log global
modehttp
You want to use tcp load balancing so set mode tcp instead
option httplog
same reason, set option
Hello,
On 05/18/2010 05:01 PM, Damien Hardy wrote:
ii haproxy 1.3.15.2-2+lenny2 fast and reliable load balancing reverse proxy
What's is wrong ?
Your HAProxy version doesn't include this feature, please update to *at
least* the lenny-backports version.
Regards,
Hervé.
--
Your Network
http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
Search for the keyword latency inside ;-)
On 03/24/2010 07:25 AM, Paras Fadte wrote:
Hi,
Are there specific parameters in HAproxy config which play important role in
reducing latency ?
Thank you.
-plf
--
Hervé COMMOWICK
, status and queues.
All is working but I was wondering if anyone could enlighten me to
meaning of the hanafail field in 1.4?
Thanks in advance,
Duncan
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax
of the configs into a single line in the back end? In my case it
would be great to be able to just specify once for the backend the
following:
check inter 15s
rise 3
fall 1
slowstart 60s
Thanks
Duncan
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit
no password
2. sizeof(MYSQL40_HANDSHAKE_ACK) gives one more byte than required.
Sorry for the previous patch.
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow
AM, Cyril Bonté wrote:
Hi again Hervé,
Le Mercredi 13 Janvier 2010 12:56:30, Hervé COMMOWICK a écrit :
Hi Cyril,
I know the check is not perfect, because it doesn't handle a correct
disconnection.
Mysql expect the client to talk, and i think it's weird... in the
future, i think
', check
duration: 0ms.
[ALERT] 012/111726 (7318) : proxy 'mysql_1' has no server available!
--
Hervé COMMOWICK, EXOSEC (http://www.exosec.fr/)
ZAC des Metz - 3 Rue du petit robinson - 78350 JOUY EN JOSAS
Tel: +33 1 30 67 60 65 - Fax: +33 1 75 43 40 70
mailto:hcommow...@exosec.fr
40 matches
Mail list logo