On 08 Jul 05:40, Willy Tarreau wrote:
> Hi Julien,
>
> On Tue, Jul 06, 2021 at 11:06:05AM +0200, Julien Pivotto wrote:
> > Hello,
> >
> > Lately, the ratio spam/useful message on the ML has been quite high.
>
> Well, that's not what I'm seeing in the archiv
Hello,
Lately, the ratio spam/useful message on the ML has been quite high.
Could we maybe force the registration on the mailing list or set
moderation for new users?
Regards,
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
t;
> My questions:
>
> * HAproxy does seem to treat SNI (L5) and HTTP Host Header (L7) as
> unrelated. Is this true?
> * Applications offloading TLS to HAproxy usually trust that mTLS requests
> coming in are validated correctly. They usually don’t revalidate the entire
&
On 01 May 18:40, Aleksandar Lazic wrote:
>
> On 01.05.21 14:38, Julien Pivotto wrote:
> > I do not know what you are trying to achieve.
>
> I try to add on the first line of defense => HAProxy, the possibility to
> protect
> the backend attack without to talk outside
ch do the read_file_to_string, does such a
> function exist in HAProxy?
> Can I create a $MAP or $DATA_STRUCTURE to prevent to read the file on very
> request?
> Is there a max size of a variable in HAProxy?
>
> Any feedback is very welcome.
>
> Regards
> Alex
>
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
ssions require
> more backport time.
I just want to say that I greatly appreciate the backport policy of
HAProxy. I often see really small bugs or even small improvements being
backported, where I personally would have been happy with them just
fixed on devel. This is greatly appreciated!
--
I have tried it and it works with HTTP/2.
I have sent a patch in another thread to clarify the documentation.
On 29 Mar 10:45, Julien Pivotto wrote:
>
> Hello there,
>
> I read in the HAProxy configuration:
> https://cbonte.github.io/haproxy-dconv/2.1/configuration.html#4.2-com
Dear,
Please find a patch attached with a small fix for the documentation.
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
From 359e386c711276c554eb8b9f07476017b6128519 Mon Sep 17 00:00:00 2001
From: Julien Pivotto
Date: Mon, 29 Mar 2021 12:41:40
?
Regards,
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
t to add multiple fields (e.g. an extra aggregate
> version field in the same spirit as /proc/version), that's certainly fine.
> I doubt anyone cares about the compiler version alone anyway, so we could
> have a "build_version" or whatever with the full string in the format you
> suggest.
>
> Just my two cents,
> Willy
>
Good morning,
As said before, from a Prometheus perspective the _build_info approach
is indeed more common.
I am questioning if the release date is really a useful label however.
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
meone fix the wording?
Thanks!
--
(o- Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
:facepalm:
Here is the good one
On 22 Nov 15:39, Tim Düsterhus wrote:
> Julien,
>
> Am 22.11.20 um 15:24 schrieb Julien Pivotto:
> > Here you go.
> >
>
> It looks like you sent the same patch again.
>
> Best regards
> Tim Düsterhus
--
(o-Julien Pi
Here you go.
On 20 Nov 12:51, Christopher Faulet wrote:
> Le 12/11/2020 à 11:18, Julien Pivotto a écrit :
> > Dear,
> >
> > Please find a patch to add 401 and 403 l7 retries, see
> > https://github.com/haproxy/haproxy/issues/948
> >
>
> Thanks Julien. So
031 check weight 76
> > server slot_6_checker 10.x.x.x:31124 check weight 50
> > server slot_7_checker 10.x.x.x:31353 check weight 48
> > server slot_8_checker 10.x.x.x:31839 check weight 33
> > server slot_9_checker 10.x.x.x:31854 check weight 44
> > server slot_10_checker 10.x.x.x:31794 check weight 60 disabled
> > server slot_11_checker 10.x.x.x:31561 check weight 56
> > server slot_12_checker 10.x.x.x:31814 check weight 57
> > server slot_13_checker 10.x.x.x:31535 check weight 44 disabled
> > server slot_14_checker 10.x.x.x:31829 check weight 43 disabled
> > server slot_15_checker 10.x.x.x:31655 check weight 40 disabled
> >
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
On 13 Nov 00:12, Jonathan Matthews wrote:
> On Thu, 12 Nov 2020 at 12:21, Julien Pivotto wrote:
>
> > Dear,
> >
> > Please find a patch to add 401 and 403 l7 retries, see
> > https://github.com/haproxy/haproxy/issues/948
>
>
> Hey Julien,
>
Dear,
Please find a patch to add 401 and 403 l7 retries, see
https://github.com/haproxy/haproxy/issues/948
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
From f71e0b2eb69303fa59645fefda3960fb2a9eb7fb Mon Sep 17 00:00:00 2001
From: Julien Pivotto
as their feedback is
valuable for the building the next releases of HAProxy.
I am not yet confident to run 2.2 in prod yet, but I will roll out 2.2
in non-prod env soon.
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
espaces from the files modified.
>
> Instructions:
>This github pull request will be closed automatically; patch should be
>reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is
>invited to comment, even the patch's author. Please keep the author and
>
> Loïc CHANEL
> System Big Data engineer
> Vision 360 Degrés - SoftAtHome (Lyon, France)
--
Julien Pivotto
@roidelapluie
le with
> min-ssl-ver if you want the support for prior TLS versions.
>
> Does anybody have any objections?
That would be really good.
>
> --
> William Lallemand
>
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
On 02 Apr 15:27, Julien Pivotto wrote:
> On 02 Apr 15:03, Willy Tarreau wrote:
> > Hi,
> >
> > HAProxy 2.1.4 was released on 2020/04/02. It added 99 new commits
> > after version 2.1.3.
> >
> > The main driver for this release is that it contain
d on version 2.2
> BUILD: wdt: only test for SI_TKILL when compiled with thread support
> BUG/MEDIUM: random: align the state on 2*64 bits for ARM64
> BUG/MINOR: haproxy: always initialize sleeping_thread_mask
> BUG/MINOR: listener/mq: do not dispatch connections to remote threads
> when stopping
> BUG/MINOR: haproxy/threads: try to make all threads leave together
> BUILD: makefile: fix regex syntax in ARM platform detection
> BUILD: makefile: fix expression again to detect ARM platform
> REGTESTS: use "command -v" instead of "which"
> REGTEST: increase timeouts on the seamless-reload test
> BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection
> BUILD: ssl: only pass unsigned chars to isspace()
> BUG/CRITICAL: hpack: never index a header into the headroom after
> wrapping
>
> ---
>
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
times it can
> divert you by 3 hours for something that was expected to take 10 seconds,
> it's easy to understand why they're often handled in batches :-/
>
> Willy
No worries. The goal is not to put pressure on the maintainers, also I
did not insist after my first mail. Take your time, thanks!
ely provided by HAProxy Technologies to help
> improve the quality of each HAProxy release. If you have any issue with
> these emails or if you want to suggest some improvements, please post them on
> the list so that the solutions suiting the most users can be found.
>
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
,
I want to tell another story.
I find the bot useful and appreciate it. We get more real spam on the
mailing list than emails from the bot, and it gives a good reminder
about what's coming next and what are the bugs. In the current status of
HAProxy development, where lots of things only happen
that's a bit wonky as a few commits are
> cherry-picked, like this one which was cherry-picked in v1.8 indeed.
> --
> William
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
known/security.txt
>
> Willy
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
Willy
>
we could improve http://www.haproxy.org/ and add such a contact, maybe
even a security.txt file: https://securitytxt.org/
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
On 09 Jan 06:01, Willy Tarreau wrote:
> On Wed, Jan 08, 2020 at 01:26:00PM +0100, Julien Pivotto wrote:
> > While we are at it, could we add 404 as well?
> >
> > 404 is frequently used to deny to hide the fact that the access is
> > denied, see
> > https://develo
n",[0m
> [32m+[0m
> [37m [HTTP_ERR_421] =[0m
> [37m "HTTP/1.1 421 Misdirected Request\r\n"[0m
> [37m "Content-length: 104\r\n"[0m
> [37m@@ -379,6 +389,7 @@ int http_get_status_idx(unsigned int status)[0m
> [37m case 403: return HTTP_ERR_403;[0m
> [37m case 405: return HTTP_ERR_405;[0m
> [37m case 408: return HTTP_ERR_408;[0m
> [32m+case 410: return HTTP_ERR_410;[0m
> [37m case 421: return HTTP_ERR_421;[0m
> [37m case 425: return HTTP_ERR_425;[0m
> [37m case 429: return HTTP_ERR_429;[0m
> [31m-- [0m
> 2.24.1
>
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
Thank you to all the team for the work on the FD layer and my best wishes!
However to avoid phone calls I have set nbthread to 1 before leaving ;)
- Original Message -
From: Willy Tarreau
To: haproxy@formilux.org
Sent: Sat, 21 Dec 2019 12:44:05 +0100 (CET)
Subject: [ANNOUNCE]
not reuse SNI
connection, even in safe mode. After all there is not big difference
once the connection is established and we can not change the value of
sni() between requests anyway.
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
On 17 Dec 11:13, Willy Tarreau wrote:
> Hi Julien,
>
> On Tue, Dec 17, 2019 at 09:16:37AM +0100, Julien Pivotto wrote:
> > Dear list,
> >
> > https://github.com/haproxy/haproxy/blob/50603267981a002d2593bfe219e5071d66a8ea65/doc/configuration.txt#L7798-L7809
> >
retry-on" directive?
Thanks
--
(o- Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
maybe even to 2.0 (though
> it would require some adaptations to legacy mode there).
>
> Willy
I am in favour of replace-path.
Should we have a replace-domain or so for the first part of the abs url?
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
.1.1
In ELEL7 it uses
https://copr.fedorainfracloud.org/coprs/roidelapluie/lua/
which is the LUA for RHEL8 compiled for RHEL7.
We statically compile it within haproxy.
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
On 11 Dec 10:51, Willy Tarreau wrote:
> On Wed, Dec 11, 2019 at 10:49:00AM +0100, Julien Pivotto wrote:
> > On 11 Dec 10:19, Willy Tarreau wrote:
> > > On Tue, Dec 10, 2019 at 01:11:17PM +0100, Julien Pivotto wrote:
> > > > The 4th one (forceclose) has be
On 11 Dec 10:19, Willy Tarreau wrote:
> On Tue, Dec 10, 2019 at 01:11:17PM +0100, Julien Pivotto wrote:
> > The 4th one (forceclose) has been deprecated and deleted from the
> > documentation in 10c6c16cde0b0b473a1ab16e958a7d6b61ed36fc
> >
> > Signed-off-by: Julien Pi
The 4th one (forceclose) has been deprecated and deleted from the
documentation in 10c6c16cde0b0b473a1ab16e958a7d6b61ed36fc
Signed-off-by: Julien Pivotto
---
doc/configuration.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
Hi,
I have the impression that stable-bot has not been configured for the
2.1 branch yet.
Regards,
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
Signed-off-by: Julien Pivotto
---
doc/configuration.txt | 1 +
src/acl.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 862fa72d4..71fa1bdc8 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -16314,6 +16314,7
rate(haproxy_backend_http_responses_time_second_total[5m])
/
rate(haproxy_backend_http_responses_total[5m])
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
HAProxy.
Thank you.
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
On 28 Nov 11:02, Baptiste wrote:
> On Thu, Nov 28, 2019 at 10:56 AM Julien Pivotto
> wrote:
>
> > On 28 Nov 10:38, Baptiste wrote:
> > > 'hold valid' still prevents HAProxy from changing the status of the
> > server
> > > in current Valid status to
On 28 Nov 12:09, Julien Pivotto wrote:
> On 27 Nov 01:15, Илья Шипицин wrote:
> > ср, 27 нояб. 2019 г. в 01:10, Russell Eason :
> >
> > > Hello,
> > >
> > > Fedora upstream added it
> > > https://src.fedoraproject.org/rpms/haproxy/c/45c57ba71174f
h care.
- in EL8 is is dynamically linked
I also cherry-picked fa137e3b5c994508370e0cd2396ece081a1316c4 as it is a
bug that affects me (being totally selfish here ...)
Regards,
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
DNS is up, any change will be picked after 30 seconds?
--
(o-Julien Pivotto
//\Open-Source Consultant
V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
Signed-off-by: Julien Pivotto
---
doc/configuration.txt | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 7e5ecd881..787f77988 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -64,6 +64,12
wondering whether or not we should include a local copy of it into
> the haproxy source code, but I really hate doing this. I'd rather help
> packagers build it locally in fact.
>
> Thanks,
> Willy
Willy,
What is the flag to build lua statically? is there a flag yet?
--
(o-J
On 27 Nov 00:39, Lukas Tribus wrote:
> On Wed, Nov 27, 2019 at 12:36 AM Julien Pivotto
> wrote:
> >
> > On 27 Nov 00:31, Lukas Tribus wrote:
> > > Hello Julien,
> > >
> > >
> > >
> > > On Wed, Nov 27, 2019 at 12:21 AM Julien Pivot
On 27 Nov 00:31, Lukas Tribus wrote:
> Hello Julien,
>
>
>
> On Wed, Nov 27, 2019 at 12:21 AM Julien Pivotto
> wrote:
> > Haproxy 2.1 blocks a response with PH-- if the response has a Host header.
>
> A Host header belongs to the request, not the response
default/x 0/0/486/-1/681 502
229 - - PH-- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Why is this request blocked? As soon as I remove the HOST header from the
response (server side), it works fine.
NOTE: this worked in haproxy 2.0, no longer in 2.1, so it looks like a
regression.
-
нояб. 2019 г. в 00:36, Julien Pivotto :
>
> > Dear HAProxy Community,
> >
> > I have started building HAProxy 2.x packages for CentOS.
> >
> > It includes HAProxy 2.0.10 and 2.1.0.
> >
> > You can find them here:
> > https://copr.fedorainfracloud
/rh-haproxy18-haproxy
Repo config:
https://copr.fedorainfracloud.org/coprs/roidelapluie/haproxy/repo/epel-7/roidelapluie-haproxy-epel-7.repo
Copr is the Fedora public tool to build packages. Build logs are public,
as well as source RPM's etc. So you are free to review it.
--
(o-Julien
54 matches
Mail list logo