On Thu, Mar 17, 2016 at 10:47 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Thu, Mar 17, 2016 at 5:29 AM, Zachary Punches
> wrote:
>
>> I’m not, these guys aren’t sitting behind an ELB. They sit behind route53
>> routing. If one of the
e
> yeah?
>
> From: Igor Cicimov
> Date: Wednesday, March 16, 2016 at 4:50 PM
> To: Zachary Punches
> Cc: Baptiste , "haproxy@formilux.org" <
> haproxy@formilux.org>
> Subject: Re: Help! HAProxy randomly failing health checks!
>
>
>
> On Thu, Mar
On Fri, Mar 18, 2016 at 10:38 AM, Chris Warren wrote:
> Hi,
>
> We use haproxy in an auto-scaling environment. On an auto-scaling event,
> the haproxy configuration is rewritten to list all existing servers for
> each proxied service. A graceful reload is then performed.
>
> The issue is that by
CR-- 314/314/0/0/0 0/0 ""
> Mar 17 18:37:45 localhost haproxy[28703]: 109.154.74.227:53964
> [17/Mar/2016:18:37:06.938] shared_incoming shared_incoming/
> -1/-1/-1/-1/0 400 0 - - CR-- 313/313/0/0/0 0/0 ""
> Mar 17 18:37:45 localhost haproxy[28703]: 66.87.151.25:3325
>
On Thu, Mar 17, 2016 at 12:46 PM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Thu, Mar 17, 2016 at 11:14 AM, Zachary Punches
> wrote:
>
>> I wanna say average is like 4-6 connections a second? Super minimal
>>
>> From what I’ve seen in
On Fri, Mar 18, 2016 at 1:38 PM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Fri, Mar 18, 2016 at 12:04 PM, Zachary Punches
> wrote:
>
>> Yeah port 1027 is used for health checks over SSL.
>>
>> This HAP forwards requests off to our datab
entire process before it lights as green.
>
> Our health checks in route 53 are setup to ping 1027 as the SSL port
>
> From: Igor Cicimov
> Date: Thursday, March 17, 2016 at 4:18 PM
> To: Zachary Punches
> Cc: Baptiste , "haproxy@formilux.org" <
> haproxy@formilu
t; error: "net.bridge.bridge-nf-call-iptables" is an unknown key
> error: "net.bridge.bridge-nf-call-arptables" is an unknown key
> kernel.msgmnb = 65536
> kernel.msgmax = 65536
> kernel.shmmax = 68719476736
> kernel.shmall = 4294967296
>
> What would lowerin
On Thu, Mar 17, 2016 at 5:29 AM, Zachary Punches
wrote:
> I’m not, these guys aren’t sitting behind an ELB. They sit behind route53
> routing. If one of the proxy boxes fails 3 checks in 30 seconds (with 4
> checks done a second) then Route53 changes its routing from the first proxy
> box to the
On Wed, Mar 16, 2016 at 5:54 AM, Zachary Punches
wrote:
> Hello!
>
>
>
> My name is Zack, and I have been in the middle of an on going HAProxy
> issue that has me scratching my head.
>
>
>
> Here is the setup:
>
>
>
> Our setup is hosted by amazon, and our HAProxy (1.6.3) boxes are in each
> regi
On 16/03/2016 12:27 AM, "Hugo Maia" wrote:
>
> Hi, my name is Hugo.
>
> I'm currently using Haproxy 1.5, I have a backend with 2 servers. My app
servers receive connection from two clients and I want both of them to be
attributed to the same server. All connections have a url parameter X and
sessi
On 01/03/2016 9:57 PM, "Zoltan Lorincz" wrote:
>
> Hi all,
>
> i am very new to haproxy. Read trough all the docs but i think something
is wrong with my configuration, because if we connect directly to tomcat we
don't get any 502 errors.
>
> The errors from haproxy look like this.
>
> Mar 1 11:41
Hi Willy,
On 04/02/2016 3:11 PM, "Willy Tarreau" wrote:
>
> On Wed, Feb 03, 2016 at 11:05:03AM +1100, Igor Cicimov wrote:
> > Any comments on this? Shouldn't the expiration time get replicated upon
> > restart or just the keys? Obviously the entry in the first s
hanks,
Igor
On Mon, Feb 1, 2016 at 11:07 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
> Hi all,
>
> I have the following entry in a stick-table:
>
> 0x87bf54: key=09643F891F0C6F7BE467E619952E327E use=0 exp=1938168
> server_id=1
>
> and on the peer after
Hi all,
I have the following entry in a stick-table:
0x87bf54: key=09643F891F0C6F7BE467E619952E327E use=0 exp=1938168 server_id=1
and on the peer after doing a restart:
0x806934: key=09643F891F0C6F7BE467E619952E327E use=0 exp=4795722 server_id=1
can see the same entry with different expiration
On 01/02/2016 8:32 AM, "Willy Tarreau" wrote:
>
> Hi Igor,
>
> On Sun, Jan 31, 2016 at 07:39:02PM +1100, Igor Cicimov wrote:
> > Any chance for this to get back-ported into 1.5?
>
> Not at all. We don't backport features anymore into stable releases,
&g
Hi,
Wonder if the mailers can support smtp authentication?
Thanks,
Igor
yword is
> listed in 1.5. Let me check...
>
> OK I found it, it was accidently added in 1.5-dev19 when http-response
> was introduced : e365c0b ("MEDIUM: http: add a new "http-response"
> ruleset")
>
> This one needs to be removed from the error message.
>
On Sun, Jan 31, 2016 at 5:33 PM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
> Hi,
>
> I have a:
>
> http-response redirect code 302 location https://blabla if { status
> 404 }
>
> statement in my haproxy 1.5.15 config but on reload I get:
>
> *
Hi,
I have a:
http-response redirect code 302 location https://blabla if { status 404
}
statement in my haproxy 1.5.15 config but on reload I get:
* Reloading haproxy
haproxy
[ALERT] 030/061559 (3) : parsing [/etc/haproxy/haproxy.cfg:142]:
'http-response' *expects* 'allow', 'deny', '*r
can't seem to find any examples on the net.. and can't figure it out
>>> from the haproxy 1.5 docs..
>>>
>>> I was hoping any of you had some hints :)
>>>
>>>
>>
>>
>
> --
> Regards,
> Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
>
> "Those who do not understand Unix are condemned to reinvent it, poorly."
> --Henry Spencer
>
>
>
--
Igor Cicimov | DevOps
p. +61 (0) 433 078 728
e. ig...@encompasscorporation.com <http://encompasscorporation.com/>
w*.* encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000
Hi Baptiste,
On Wed, Jan 20, 2016 at 11:08 AM, Baptiste wrote:
> On Sat, Jan 16, 2016 at 3:37 AM, Igor Cicimov
> wrote:
> >
> >
> > On Sat, Jan 16, 2016 at 7:36 AM, Alex wrote:
> >>
> >> Hello,
> >>
> >> I was testing haproxy ver
On Sat, Jan 16, 2016 at 7:36 AM, Alex wrote:
> Hello,
>
> I was testing haproxy version 1.6.3 and I am a bit confused regarding
> draining a server.
>
> According to the documentation:
> set server / state [ ready | drain | maint ]
> [...] Setting the mode to "drain" only removes the server from
On Mon, Jan 4, 2016 at 10:57 PM, Mike MacCana
wrote:
> I'm investigating active/passive HAProxy setups and came across the
> following from the official HAProxy blog. At http://blog.haproxy
> .com/2014/01/17/emulating-activepassing-application-clustering-with-
> haproxy/
>
> backend bk_app
>
Hi Grant,
On Fri, Dec 4, 2015 at 7:46 AM, Grant Haywood
wrote:
> Hello,
>
> I was wondering if there is a basic example of using lua to do
> authentication?
>
> I am specificaly interested in constructing 'ldap' and 'jwt' versions of
> the 'userlist' block
>
> thx in advance for your time
>
>
Ex
On 03/12/2015 6:54 AM, "Jesus Moran" wrote:
>
> Hello.
>
> Excelent work whit this tool.
>
> Today i was integrating haproxy 1.5 whit SSL and was easy and fast, but i
wave a litte issue.
>
> When i create the .key file i add it a phrase.
>
>
> i cerate the certificate with GoDaddy. And Now Alway w
On 02/12/2015 10:19 AM, "Lukas Tribus" wrote:
>
> > On 02/12/2015 12:41 AM, "Cohen Galit"
> > mailto:galit.co...@xura.com>> wrote:
> > >
> > > Hello,
> > >
> > >
> > >
> > > When HAProxy 1.5.9 is trying to sample our servers with this
> > configuration: tcp-check connect port 50443 ssl
> > >
> > >
On 02/12/2015 12:41 AM, "Cohen Galit" wrote:
>
> Hello,
>
>
>
> When HAProxy 1.5.9 is trying to sample our servers with this
configuration: tcp-check connect port 50443 ssl
>
>
>
> Our servers returns an error:
>
>
>
> 2015-11-29 09:48:18,155 [StartPoint-IMAP-SSL-Worker(14)]
[e8d05153-267f-4378-9a
On 20/11/2015 7:23 AM, "Piotr Kubaj" wrote:
>
> On 11/19/2015 17:01, Janusz Dziemidowicz wrote:
> > 2015-11-19 15:45 GMT+01:00 Piotr Kubaj :
> >> Now, about RSA vs ECDSA. I simply don't trust ECDSA. There are quite a
> >> lot of questions about constants used by ECDSA, which seem to be
> >> chosen
On Sun, Nov 15, 2015 at 1:21 AM, SL wrote:
> Hi,
>
> We have quite a large number of backends, and are selecting which back end
> to use based on the host specified in the request. (Note these are not
> loadbalanced, we have to target them individually).
>
> Currently we are doing this with ACLs
On 13/11/2015 1:04 AM, "jaleel" wrote:
>
> Hello,
>
> I am trying to setup the following for deployment
>
> I have 2 servers.
> server1: eth0:10.200.2.211 (255.255.252.0)
> eth1: 192.168.10.10 (255.255.255.0)
> server2: eth0: 10.200.2.242 (255.255.252.0)
> eth1: 192.168.20.
eg/?lang=$
> # off acl fr_topurlp_reg(lang\=$,?) -m
> found
> # off acl fr_topurlp_reg(lang\=$,?) -m
> found
>
> but with no luck
>
> thanks
>
> ---
> Guillaume Bourque, B.Sc.,
&g
On 12/11/2015 5:30 PM, "Guillaume Bourque" <
guillaume.bour...@logisoftech.com> wrote:
>
> Hello Bryan
>
> I’m running haproxy 1.5.4 and I can’t find any example on how to user
req.uri if you could give a examples on how to match a specific query to
redirect to another
>
> From http://domain/pages/
On 07/11/2015 8:01 AM, "Sébastien ROHAUT"
wrote:
>
> Hi,
>
> We encountered a big problem this afternoon, which crashed for a while
one of our websites, a java (tomcat+lift) application. We are using Haproxy
1.5.
>
> For our backend, we're doing something like this, using tcp-check because
we need
On 31/10/2015 3:14 AM, "Daren Sefcik" wrote:
>
>
>
> On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>>
>>
>> On 30/10/2015 4:48 PM, "Daren Sefcik" wrote:
>> >
>> > So I think those
On 31/10/2015 2:03 AM, "Igor Cicimov"
wrote:
>
>
> On 30/10/2015 11:18 PM, "Labedan, Alain" wrote:
> >
> > Hi,
> >
> >
> >
> > I have HAPROXY in front of servers backend which are load balanced.
> >
> >
> >
>
On 30/10/2015 11:18 PM, "Labedan, Alain" wrote:
>
> Hi,
>
>
>
> I have HAPROXY in front of servers backend which are load balanced.
>
>
>
> - For terminated SSL haproxy, I want HAproxy give the good
certificate to the client associated with the good domain .
>
> I’ve not found how to conf
On 30/10/2015 4:48 PM, "Daren Sefcik" wrote:
>
> So I think those links were the right idea and I have been trying
different configurations but am not quite there and am hoping somebody can
offer a bit more guidance.
>
> So when I telnet to the icap server I type in the OPTIONS line followed
by (2
On 14/10/2015 9:41 PM, "Baptiste" wrote:
>
> Hey,
>
> I summarized what's new in HAProxy 1.6 with some configuration
> examples in a blog post to help quick adoption of new features:
> http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/
>
> Baptiste
>
Awesome, thank you!
Igor
On Thu, Oct 8, 2015 at 7:15 PM, Dmitry Sivachenko
wrote:
>
> > On 7 окт. 2015 г., at 16:18, Dmitry Sivachenko
> wrote:
> >
> > Hello,
> >
> > I am using haproxy-1.5.14 and sometimes I see the following errors in
> the log:
> >
> > Oct 7 08:33:03 srv1 haproxy[77565]: unix:1 [07/Oct/2015:08:33:02
On Thu, Oct 8, 2015 at 11:51 AM, Igor Cicimov <
ig...@encompasscorporation.com> wrote:
>
>
> On Thu, Oct 8, 2015 at 12:18 AM, Dmitry Sivachenko
> wrote:
>
>> Hello,
>>
>> I am using haproxy-1.5.14 and sometimes I see the following errors in the
>>
On Thu, Oct 8, 2015 at 12:18 AM, Dmitry Sivachenko
wrote:
> Hello,
>
> I am using haproxy-1.5.14 and sometimes I see the following errors in the
> log:
>
> Oct 7 08:33:03 srv1 haproxy[77565]: unix:1 [07/Oct/2015:08:33:02.428]
> MT-front MT_RU_EN-back/ 0/1000/-1/-1/1000 503 212 - - sQ--
> 125/124
to bla bla".
>
>
> server Product1.VM0 cookie c check
>
>
>
> Thank you.
>
> --
>
> Sincerely,
>
> Susheel Jalali
>
> Coscend Communications Solutions
>
> Elite Premio Complex Suite 200, Pune 411045 Maharashtra India
> susheel.jal...@coscend.com
>
> Web site: www.Coscend
I am happy to
> send you relevant parts of those files if you think you understand the
> problem and want to look at them.
>
> thanks,
> Daren
>
>
> On Mon, Oct 5, 2015 at 2:58 PM, Igor Cicimov <
> ig...@encompasscorporation.com> wrote:
>
>>
>> On 06/1
table declaration.
>
> Sent via iPhone
>
> On Sep 30, 2015, at 18:23, Igor Cicimov
> wrote:
>
> Well in case of header you would have something like this I guess:
>
> tcp-request content track-sc1 hdr(x-app-authorization)
>
>
>
> On Thu, Oct 1, 2015 at 9:4
e the stick
> table (I assume they need type ip) or another implied table?
>
> -J
>
> On Wed, Sep 30, 2015 at 3:41 PM, Igor Cicimov <
> ig...@encompasscorporation.com> wrote:
>
>> The stick-table type would be string and not ip in that case though
>>
The stick-table type would be string and not ip in that case though
On 01/10/2015 5:07 AM, "Jason J. W. Williams"
wrote:
>
> We've been seeing CenturyLink and a few other residential providers
NATing their IPv4 traffic, making client persistency on source IP result in
really lopsided load balancin
hat needs to happen for PROXY protocol to be
>> recognized by the web server?
>>
> The webserver needs to support it. There is a (probably incomplete) list
> here: http://blog.haproxy.com/haproxy/proxy-protocol/
>
>
>
>> Im assuming the haproxy server already
On 16/08/2015 11:21 PM, "Mitchell Gurspan"
wrote:
>
> Hi –
>
> Would you be able to tell me if HAProxy can be used to solve the
following problem?
>
>
>
>
>
> I host an iis 7.5) windows site on a comcast business static IP (in
office). the internet goes down sometimes and I’d like redundancy.
>
>
On Tue, Aug 11, 2015 at 12:10 PM, Roman Gelfand wrote:
> I am publishing horde webmail application. The horde itself is served
> internally via http protocol on apache. Please, see the configuration,
> below. The issue seems to be with css and image files as formatting is out
> wack. Please n
By run I meant you have to start it as root user which you are doing
anyway. Can you run:
# nc -l -p 80
as root just to confirm you can bind to port 80?
On 25/07/2015 2:10 PM, "Igor Cicimov"
wrote:
> You need to run haproxy as root to bind to ports lower than 1024
> On 25/07/20
You need to run haproxy as root to bind to ports lower than 1024
On 25/07/2015 1:36 PM, "Tim Dunphy" wrote:
> Hi Yuan,
>
> Nice.
>> Do you use selinux in prod.
>> regards,
>> ; Yuan
>
>
> Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby
> environments. And right now actu
; So it seems that haproxy is expecting to have mysql already listening on
> port 3306. But mysql is runnign on two external nodes with port 3306 open
> to the two haproxy machines.
>
> What am I doing wrong? And how can I get this to work?
>
> Thanks,
> TIm
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>
>
--
Igor Cicimov | DevOps
p. +61 (0) 433 078 728
e. ig...@encompasscorporation.com <http://encompasscorporation.com/>
w*.* encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000
gt; frontend api-https-in
> bind X.X.X.X:443 ssl crt
> reqadd X-Forwarded-Proto:\ https
> acl host_soap hdr_end(host) -i example.com
> use_backend if host_soap
> acl secure dst_port eq 44
>
>
>
> backend
>
> mode http
> option httpchk HEAD /test.jsp HTTP
On 23/04/2015 6:01 PM, wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi!
>
> I'm having trouble with one of our HAProxy-Servers that uses a backend
with TLS. When starting HAProxy the backend will report all servers as down:
>
>> Server web_remote/apache_rem_1 is DOWN, reason: L
On Wed, Apr 22, 2015 at 3:34 PM, Krishna Kumar (Engineering) <
krishna...@flipkart.com> wrote:
> Hi Baptists,
>
> Sorry I didn't provide more details earlier.
>
>
> --
> 1. root@HAPROXY:~# haproxy -vv
>
On 21/04/2015 6:00 PM, "Krishna Kumar (Engineering)" <
krishna...@flipkart.com> wrote:
>
> Hi all,
>
> While running the command: :" ab -n 10 -c 1000 192.168.122.110:80/256
",
> the haproxy stats page shows the 4 different backend servers changing
status
> between "Active up, going down", "Acti
On 18/04/2015 5:20 PM, "Baptiste" wrote:
>
> On Fri, Apr 17, 2015 at 2:22 AM, Igor Cicimov
> wrote:
> >
> > Hi all,
> >
> > In the docs it says:
> >
> > A "defaults" section sets default parameters for all other sections
> &g
On Fri, Apr 17, 2015 at 2:26 PM, Dennis Jacobfeuerborn <
denni...@conversis.de> wrote:
> On 17.04.2015 02:12, Igor Cicimov wrote:
> > Hi all,
> >
> > Just a quick one, are the stick tables and counters persisted on haproxy
> > 1.5.11 reload/restart?
>
>
Hi all,
In the docs it says:
A "defaults" section sets default parameters for all other sections
following
its declaration. Those default parameters are reset by the next "defaults"
section.
So I wonder is the next defaults section resetting _all_ options and
parameters from the previous one or
Hi all,
Just a quick one, are the stick tables and counters persisted on haproxy
1.5.11 reload/restart?
Thanks,
Igor
On Fri, Apr 17, 2015 at 3:26 AM, Dennis Jacobfeuerborn <
denni...@conversis.de> wrote:
> Hi,
> I'm trying to find the best way to toggle maintenance mode for a site. I
> have a regular and a maintenance backend defined an I'm using something
> like:
>
> frontend:
> acl is_maintenance always_fals
On Tue, Apr 14, 2015 at 12:55 AM, Thibault Labrut <
thibault.lab...@enioka.com> wrote:
> Hello,
>
> I currently installing HAProxy with keepalived to one of my clients.
>
> To facilitate the administration of this tool, I would like to know if you
> can advise me of administration web gui for HA p
012-02-04
> PCRE library supports JIT : no (USE_PCRE_JIT not set)
> Built with transparent proxy support using: IP_TRANSPARENT
> IPV6_TRANSPARENT IP_FREEBIND
>
> Available polling systems :
> epoll : pref=300, test result OK
>poll : pref=200, test result OK
> select : pref=150, test result OK
> Total: 3 (3 usable), will use epoll.
>
> How can I fix this? Thanks for any help,
>
> Regards,
> - KK
>
--
Igor Cicimov | DevOps
p. +61 (0) 433 078 728
e. ig...@encompasscorporation.com <http://encompasscorporation.com/>
w*.* encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000
Forgot to cc the list.
-- Forwarded message --
From: Igor Cicimov
Date: Tue, Apr 7, 2015 at 4:25 PM
Subject: Re: "proxy haproxy has no server available!"
To: "Krishna Kumar Unnikrishnan (Engineering)"
On Tue, Apr 7, 2015 at 3:58 PM, Krishna Kumar Unnik
On Tue, Apr 7, 2015 at 3:24 PM, Krishna Kumar Unnikrishnan (Engineering) <
krishna...@flipkart.com> wrote:
> Sorry, forgot to mention, this is haproxy version 1.5.11
>
>
> On Tue, Apr 7, 2015 at 10:52 AM, Krishna Kumar Unnikrishnan (Engineering)
> wrote:
>
>> Hi all,
>>
>> I am moving from using
201 - 266 of 266 matches
Mail list logo