Re: ratio spam/useful message

On 08 Jul 05:40, Willy Tarreau wrote: > Hi Julien, > > On Tue, Jul 06, 2021 at 11:06:05AM +0200, Julien Pivotto wrote: > > Hello, > > > > Lately, the ratio spam/useful message on the ML has been quite high. > > Well, that's not what I'm seeing in the archiv

ratio spam/useful message

Hello, Lately, the ratio spam/useful message on the ML has been quite high. Could we maybe force the registration on the mailing list or set moderation for new users? Regards, -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc

Re: SNI spoofing in HAproxy?

t; > My questions: > > * HAproxy does seem to treat SNI (L5) and HTTP Host Header (L7) as > unrelated. Is this true? > * Applications offloading TLS to HAproxy usually trust that mTLS requests > coming in are validated correctly. They usually don’t revalidate the entire &

Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

On 01 May 18:40, Aleksandar Lazic wrote: > > On 01.05.21 14:38, Julien Pivotto wrote: > > I do not know what you are trying to achieve. > > I try to add on the first line of defense => HAProxy, the possibility to > protect > the backend attack without to talk outside

Re: Brainstorming to add JWT verify to HAPoxy (was: Re: What's the "best" way to read a file in a sample converter)

ch do the read_file_to_string, does such a > function exist in HAProxy? > Can I create a $MAP or $DATA_STRUCTURE to prevent to read the file on very > request? > Is there a max size of a variable in HAProxy? > > Any feedback is very welcome. > > Regards > Alex > -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [ANNOUNCE] haproxy-2.3.9

ssions require > more backport time. I just want to say that I greatly appreciate the backport policy of HAProxy. I often see really small bugs or even small improvements being backported, where I personally would have been happy with them just fixed on devel. This is greatly appreciated! --

Re: HTTP/2 and compression

I have tried it and it works with HTTP/2. I have sent a patch in another thread to clarify the documentation. On 29 Mar 10:45, Julien Pivotto wrote: > > Hello there, > > I read in the HAProxy configuration: > https://cbonte.github.io/haproxy-dconv/2.1/configuration.html#4.2-com

Patch: DOC: clarify that compression works for HTTP/2

Dear, Please find a patch attached with a small fix for the documentation. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu From 359e386c711276c554eb8b9f07476017b6128519 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Mon, 29 Mar 2021 12:41:40

HTTP/2 and compression

? Regards, -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [PATCH] MINOR: contrib/prometheus-exporter: export build_info

t to add multiple fields (e.g. an extra aggregate > version field in the same spirit as /proc/version), that's certainly fine. > I doubt anyone cares about the compiler version alone anyway, so we could > have a "build_version" or whatever with the full string in the format you > suggest. > > Just my two cents, > Willy > Good morning, As said before, from a Prometheus perspective the _build_info approach is indeed more common. I am questioning if the release date is really a useful label however. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Wording in home page

meone fix the wording? Thanks! -- (o- Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: Add 401, 403 retries at l7

:facepalm: Here is the good one On 22 Nov 15:39, Tim Düsterhus wrote: > Julien, > > Am 22.11.20 um 15:24 schrieb Julien Pivotto: > > Here you go. > > > > It looks like you sent the same patch again. > > Best regards > Tim Düsterhus -- (o-Julien Pi

Re: Add 401, 403 retries at l7

Here you go. On 20 Nov 12:51, Christopher Faulet wrote: > Le 12/11/2020 à 11:18, Julien Pivotto a écrit : > > Dear, > > > > Please find a patch to add 401 and 403 l7 retries, see > > https://github.com/haproxy/haproxy/issues/948 > > > > Thanks Julien. So

Re: [2.2.5] High cpu usage after switch to threads

031 check weight 76 > > server slot_6_checker 10.x.x.x:31124 check weight 50 > > server slot_7_checker 10.x.x.x:31353 check weight 48 > > server slot_8_checker 10.x.x.x:31839 check weight 33 > > server slot_9_checker 10.x.x.x:31854 check weight 44 > > server slot_10_checker 10.x.x.x:31794 check weight 60 disabled > > server slot_11_checker 10.x.x.x:31561 check weight 56 > > server slot_12_checker 10.x.x.x:31814 check weight 57 > > server slot_13_checker 10.x.x.x:31535 check weight 44 disabled > > server slot_14_checker 10.x.x.x:31829 check weight 43 disabled > > server slot_15_checker 10.x.x.x:31655 check weight 40 disabled > > -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: Add 401, 403 retries at l7

On 13 Nov 00:12, Jonathan Matthews wrote: > On Thu, 12 Nov 2020 at 12:21, Julien Pivotto wrote: > > > Dear, > > > > Please find a patch to add 401 and 403 l7 retries, see > > https://github.com/haproxy/haproxy/issues/948 > > > Hey Julien, >

Add 401, 403 retries at l7

Dear, Please find a patch to add 401 and 403 l7 retries, see https://github.com/haproxy/haproxy/issues/948 -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu From f71e0b2eb69303fa59645fefda3960fb2a9eb7fb Mon Sep 17 00:00:00 2001 From: Julien Pivotto

Re: Can I help with the 2.1 release?

as their feedback is valuable for the building the next releases of HAProxy. I am not yet confident to run 2.2 in prod yet, but I will roll out 2.2 in non-prod env soon. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [PR] DOC: Update docs / comments to be inclusive of all gender identities

espaces from the files modified. > > Instructions: >This github pull request will be closed automatically; patch should be >reviewed on the haproxy mailing list (haproxy@formilux.org). Everyone is >invited to comment, even the patch's author. Please keep the author and

Re: HAproxy 2.X RPM

> > Loïc CHANEL > System Big Data engineer > Vision 360 Degrés - SoftAtHome (Lyon, France) -- Julien Pivotto @roidelapluie

Re: RFC: set minimum default TLS version to 1.2 for HAProxy 2.2

le with > min-ssl-ver if you want the support for prior TLS versions. > > Does anybody have any objections? That would be really good. > > -- > William Lallemand > -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [ANNOUNCE] haproxy-2.1.4

On 02 Apr 15:27, Julien Pivotto wrote: > On 02 Apr 15:03, Willy Tarreau wrote: > > Hi, > > > > HAProxy 2.1.4 was released on 2020/04/02. It added 99 new commits > > after version 2.1.3. > > > > The main driver for this release is that it contain

Re: [ANNOUNCE] haproxy-2.1.4

d on version 2.2 > BUILD: wdt: only test for SI_TKILL when compiled with thread support > BUG/MEDIUM: random: align the state on 2*64 bits for ARM64 > BUG/MINOR: haproxy: always initialize sleeping_thread_mask > BUG/MINOR: listener/mq: do not dispatch connections to remote threads > when stopping > BUG/MINOR: haproxy/threads: try to make all threads leave together > BUILD: makefile: fix regex syntax in ARM platform detection > BUILD: makefile: fix expression again to detect ARM platform > REGTESTS: use "command -v" instead of "which" > REGTEST: increase timeouts on the seamless-reload test > BUG/MINOR: haproxy/threads: close a possible race in soft-stop detection > BUILD: ssl: only pass unsigned chars to isspace() > BUG/CRITICAL: hpack: never index a header into the headroom after > wrapping > > --- > -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: stable-bot: Bugfixes waiting for a release 2.1 (21), 2.0 (16)

times it can > divert you by 3 hours for something that was expected to take 10 seconds, > it's easy to understand why they're often handled in batches :-/ > > Willy No worries. The goal is not to put pressure on the maintainers, also I did not insist after my first mail. Take your time, thanks!

Re: stable-bot: Bugfixes waiting for a release 2.1 (21), 2.0 (16)

ely provided by HAProxy Technologies to help > improve the quality of each HAProxy release. If you have any issue with > these emails or if you want to suggest some improvements, please post them on > the list so that the solutions suiting the most users can be found. > -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: stable-bot: WARNING: 54 bug fixes in queue for next release - 2.1

, I want to tell another story. I find the bot useful and appreciate it. We get more real spam on the mailing list than emails from the bot, and it gives a good reminder about what's coming next and what are the bugs. In the current status of HAProxy development, where lots of things only happen

Re: [PATCH v2] BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2

that's a bit wonky as a few commits are > cherry-picked, like this one which was cherry-picked in v1.8 indeed. > -- > William -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: Found a security issue

known/security.txt > > Willy -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: Found a security issue

Willy > we could improve http://www.haproxy.org/ and add such a contact, maybe even a security.txt file: https://securitytxt.org/ -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [PATCH] MINOR: http: Add 410 to http-request deny

On 09 Jan 06:01, Willy Tarreau wrote: > On Wed, Jan 08, 2020 at 01:26:00PM +0100, Julien Pivotto wrote: > > While we are at it, could we add 404 as well? > > > > 404 is frequently used to deny to hide the fact that the access is > > denied, see > > https://develo

Re: [PATCH] MINOR: http: Add 410 to http-request deny

n", > + >  [HTTP_ERR_421] = >  "HTTP/1.1 421 Misdirected Request\r\n" >  "Content-length: 104\r\n" > @@ -379,6 +389,7 @@ int http_get_status_idx(unsigned int status) >  case 403: return HTTP_ERR_403; >  case 405: return HTTP_ERR_405; >  case 408: return HTTP_ERR_408; > +case 410: return HTTP_ERR_410; >  case 421: return HTTP_ERR_421; >  case 425: return HTTP_ERR_425; >  case 429: return HTTP_ERR_429; > --  > 2.24.1 > -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [ANNOUNCE] haproxy-2.1.2

Thank you to all the team for the work on the FD layer and my best wishes! However to avoid phone calls I have set nbthread to 1 before leaving ;) - Original Message - From: Willy Tarreau To: haproxy@formilux.org Sent: Sat, 21 Dec 2019 12:44:05 +0100 (CET) Subject: [ANNOUNCE]

Re: [RFC PATCH] HTTPS connection reuse with SNI

not reuse SNI connection, even in safe mode. After all there is not big difference once the connection is established and we can not change the value of sni() between requests anyway. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: Outdated retries documentation

On 17 Dec 11:13, Willy Tarreau wrote: > Hi Julien, > > On Tue, Dec 17, 2019 at 09:16:37AM +0100, Julien Pivotto wrote: > > Dear list, > > > > https://github.com/haproxy/haproxy/blob/50603267981a002d2593bfe219e5071d66a8ea65/doc/configuration.txt#L7798-L7809 > >

Outdated retries documentation

retry-on" directive? Thanks -- (o- Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [2.1.1] http-request replace-uri does not work

maybe even to 2.0 (though > it would require some adaptations to legacy mode there). > > Willy I am in favour of replace-path. Should we have a replace-domain or so for the first part of the abs url? -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: HAProxy 2.0.10 and 2.1.0 RPM's

.1.1 In ELEL7 it uses https://copr.fedorainfracloud.org/coprs/roidelapluie/lua/ which is the LUA for RHEL8 compiled for RHEL7. We statically compile it within haproxy. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: [PATCH] DOC: proxies: HAProxy only supports 3 connection modes

On 11 Dec 10:51, Willy Tarreau wrote: > On Wed, Dec 11, 2019 at 10:49:00AM +0100, Julien Pivotto wrote: > > On 11 Dec 10:19, Willy Tarreau wrote: > > > On Tue, Dec 10, 2019 at 01:11:17PM +0100, Julien Pivotto wrote: > > > > The 4th one (forceclose) has be

Re: [PATCH] DOC: proxies: HAProxy only supports 3 connection modes

On 11 Dec 10:19, Willy Tarreau wrote: > On Tue, Dec 10, 2019 at 01:11:17PM +0100, Julien Pivotto wrote: > > The 4th one (forceclose) has been deprecated and deleted from the > > documentation in 10c6c16cde0b0b473a1ab16e958a7d6b61ed36fc > > > > Signed-off-by: Julien Pi

[PATCH] DOC: proxies: HAProxy only supports 3 connection modes

The 4th one (forceclose) has been deprecated and deleted from the documentation in 10c6c16cde0b0b473a1ab16e958a7d6b61ed36fc Signed-off-by: Julien Pivotto --- doc/configuration.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt

stable-bot for 2.1

Hi, I have the impression that stable-bot has not been configured for the 2.1 branch yet. Regards, -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

[PATCH] MINOR: acl: Add pre-defined HTTP_2.0 ACL

Signed-off-by: Julien Pivotto --- doc/configuration.txt | 1 + src/acl.c | 1 + 2 files changed, 2 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index 862fa72d4..71fa1bdc8 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -16314,6 +16314,7

Re: Extra Prometheus metrics

rate(haproxy_backend_http_responses_time_second_total[5m]) / rate(haproxy_backend_http_responses_total[5m]) -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Extra Prometheus metrics

HAProxy. Thank you. -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: DNS resolution every second - v2.0.10

On 28 Nov 11:02, Baptiste wrote: > On Thu, Nov 28, 2019 at 10:56 AM Julien Pivotto > wrote: > > > On 28 Nov 10:38, Baptiste wrote: > > > 'hold valid' still prevents HAProxy from changing the status of the > > server > > > in current Valid status to

Re: HAProxy 2.0.10 and 2.1.0 RPM's

On 28 Nov 12:09, Julien Pivotto wrote: > On 27 Nov 01:15, Илья Шипицин wrote: > > ср, 27 нояб. 2019 г. в 01:10, Russell Eason : > > > > > Hello, > > > > > > Fedora upstream added it > > > https://src.fedoraproject.org/rpms/haproxy/c/45c57ba71174f

Re: HAProxy 2.0.10 and 2.1.0 RPM's

h care. - in EL8 is is dynamically linked I also cherry-picked fa137e3b5c994508370e0cd2396ece081a1316c4 as it is a bug that affects me (being totally selfish here ...) Regards, -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

Re: DNS resolution every second - v2.0.10

DNS is up, any change will be picked after 30 seconds? -- (o-Julien Pivotto //\Open-Source Consultant V_/_ Inuits - https://www.inuits.eu signature.asc Description: PGP signature

[PATCH] DOC: Fix ordered list in summary

Signed-off-by: Julien Pivotto --- doc/configuration.txt | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 7e5ecd881..787f77988 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -64,6 +64,12

Re: HAProxy 2.0.10 and 2.1.0 RPM's

wondering whether or not we should include a local copy of it into > the haproxy source code, but I really hate doing this. I'd rather help > packagers build it locally in fact. > > Thanks, > Willy Willy, What is the flag to build lua statically? is there a flag yet? -- (o-J

Re: Regression in 2.1 with Host header sent by backends

On 27 Nov 00:39, Lukas Tribus wrote: > On Wed, Nov 27, 2019 at 12:36 AM Julien Pivotto > wrote: > > > > On 27 Nov 00:31, Lukas Tribus wrote: > > > Hello Julien, > > > > > > > > > > > > On Wed, Nov 27, 2019 at 12:21 AM Julien Pivot

Re: Regression in 2.1 with Host header sent by backends

On 27 Nov 00:31, Lukas Tribus wrote: > Hello Julien, > > > > On Wed, Nov 27, 2019 at 12:21 AM Julien Pivotto > wrote: > > Haproxy 2.1 blocks a response with PH-- if the response has a Host header. > > A Host header belongs to the request, not the response

Regression in 2.1 with Host header sent by backends

default/x 0/0/486/-1/681 502 229 - - PH-- 1/1/0/0/0 0/0 "GET / HTTP/1.1" Why is this request blocked? As soon as I remove the HOST header from the response (server side), it works fine. NOTE: this worked in haproxy 2.0, no longer in 2.1, so it looks like a regression. -

Re: HAProxy 2.0.10 and 2.1.0 RPM's

нояб. 2019 г. в 00:36, Julien Pivotto : > > > Dear HAProxy Community, > > > > I have started building HAProxy 2.x packages for CentOS. > > > > It includes HAProxy 2.0.10 and 2.1.0. > > > > You can find them here: > > https://copr.fedorainfracloud

HAProxy 2.0.10 and 2.1.0 RPM's

/rh-haproxy18-haproxy Repo config: https://copr.fedorainfracloud.org/coprs/roidelapluie/haproxy/repo/epel-7/roidelapluie-haproxy-epel-7.repo Copr is the Fedora public tool to build packages. Build logs are public, as well as source RPM's etc. So you are free to review it. -- (o-Julien