RE: SSL farm

Or put keepalived in front of 2 or more machines with stud/stunnel/nginx for SSL termination and HAProxy for distributing the traffic to all backends. Keepalived can move a floating IP between multiple machines, and as long as each machine can do ssl termination and load balancing, you've got no

RE: clarification on peers and inclusion into 1.4 soon?

The map module is for comparing strings. The geo module is for comparing IP's or multiple IP's in CIDR notation. .. it took a while for me to figure this out. Regards, Jens Dueholm Christensen -Original Message- From: Aleksandar Lazic [mailto:al-hapr...@none.at] Sent: Tuesday, April 24,

RE: haproxy with keepalived

xperiences with arp_filter etc tells me that I've still got something to learn.. Regards, Jens Dueholm Christensen  -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: Saturday, March 31, 2012 6:36 PM To: Jens Dueholm Christensen (JEDC) Cc: haproxy@formilux.org Subject: R

RE: haproxy with keepalived

least I'm sure that this strange behaviour is limited to linux-flavour OSes. FreeBSD (that I also use) does not exibit the same behaviour. Regards, Jens Dueholm Christensen From: Baptiste [bed...@gmail.com] Sent: 28 March 2012 06:14 To: Jens Dueholm C

RE: haproxy with keepalived

Hi I've got a setup with haproxy and keepalived in front handling ~10 IP's. When I was testing my setup (watching with tcpdump etc) I saw a strange behaviour, that I eventually found a solution to a long while ago. A bit of googling today lead me to answer 2 (answered Mar 16 '11 at 6:12) on th

RE: Help with ACL

r_patterns.lst   acl acl_collector hdr_sub(Referer) -f /etc/haproxy/collector_patterns.lst   use_backend new_collectors if acl_myip acl_collector ==> AND is implicit. regards On Wed, Mar 21, 2012 at 11:46 PM, Jens Dueholm Christensen (JEDC) wrote: > Oh.. > > It just hit me.. &

RE: Help with ACL

this - somehow I was focused on reusing my existing acl_collector and never thought about building a new ACL with the correct rules.. :) Regards, Jens Dueholm Christensen From: Jens Dueholm Christensen (JEDC) [jens.dueh...@r-m.com] Sent: 21 March 2012 23

RE: Help with ACL

ent to the new_collectors backend if the traffic was comming from 1.1.1.1. Regards, Jens Dueholm Christensen From: Baptiste [bed...@gmail.com] Sent: 21 March 2012 22:02 To: Jens Dueholm Christensen (JEDC) Cc: haproxy@formilux.org Subject: Re: Help with AC

Help with ACL

Hi I'm having trouble wrapping my head around what I belive is a really simple problem. I've got a working HAProxy setup with a few listeners and a few backends and some ACL's that direct traffic accordingly. Now I'm about to add a new backend for some function-testing in this setup, and I wa

RE: HAProxy Support

For what it's worth.. I think you are overcomplicating your setup here. Unless your last "leg" of the connection between haproxy and the backend https server is running over an unsecure network (ie. internet or large LAN with no absolute control of the flowing traffic on the LAN) why insist tha