Hi,
There's a mirror at https://github.com/haproxy/haproxy if the main repo is
hanging. It's usually not more than a day or so out of date.
Just clone from:
http://master.formilux.org/git/people/willy/haproxy.git/
There is no delay at all usually at this mirror.
Doing a git pull just
Hi list,
anyone running openssl 1.0.1 is likely affected by the quite serious TLS
heartbeat read overrun bug (CVE-2014-0160) in OpenSSL:
https://www.openssl.org/news/secadv_20140407.txt
http://heartbleed.com/
Upgrading to 1.0.1g fixes this issue, 0.9.8 and 1.0.0 are unaffected.
Regards,
Hi Cyril,
thank you very much for the fast answer
and the pointer into the documentation.
Now I have to think about whether I'm happy
with it... ;-)
In this case I suggest adding a cross reference
to the paragraph citied by me, so that there are
configuration circumstances where a high
Hi Dave,
Hello
The TLS unique id, or unique channel binding, is a byte string that can be
pulled from a TLS connection and it is unique to that connection. It is
defined in RFC 5929 section 3. The value is used by various upper layer
protocols as part of an extra layer of security. For
Hi,
How can I have high availability and load balancing in my HA PROXY?
Using keepalived only guarantees me an online machine and is not load
balancing between nodes HAproxy.
Haproxy load balances traffic and guarantess high availability for your
backends. Haproxy cannot load balance its own
Hi,
Hi! Can I redirect request from client on the local directory(server)
via haproxy? For example:
If user send request - crossdomain.xm I am redirect its on the
directory /opt/crossdomain/ , folder for files. This is file be on the
server whith haproxy.
HAproxy doesn't serve files from
Hi,
Hello everyone,
Is there a release date for haproxy 1.5 stable version ?
Regarding this list: http://haproxy.1wt.eu/knownbugs-1.3.html , 1.5.22
is bug free, does anyone here has a feedback about 1.5.22 in production
environment ?
The is no ETA.
This is a list for bugs for the
Hi Neil,
my logs have a uncomforting line
kernel: [7302179.685736] haproxy[1766]: segfault at 7c ip
7f6629410a9f sp 7fffdaf98868 error 4 in
libc-2.15.sohttp://libc-2.15.so[7f66292ae000+1b5000]
We caused this trying to use this config which tries to track the
source of a
Hi,
The same error, i add -lz in ADDLIB the Makefile.bsd and run:
root@haproxy01 $ make Makefile.bsd USE_ZLIB=1
Wrong command, you are missing the -f.
And yes, GNU make would work with the default makefile.
Regards,
Lukas
Hi,
I tried the enable ZLIB Compression in OpenBSD 5.4 amd64 but not work:
root@haproxy01 $ ./haproxy -vv
HA-Proxy version 1.5-dev19 2013/06/17
Please try recent code (latest snapshot preferably).
But I suspect the bsd makefile doesn't implement zlib.
Regards,
Lukas
Hi Jorge,
Date: Fri, 4 Apr 2014 12:53:26 -0300
Subject: Re: Compile ZLIB in OpenBSD 5.4
From: severino.jo...@gmail.com
haproxy not support ZLIB in OpenBSD?
No, I don't think this is intentional.
Please try with current code, if it still doesn't work,
we will take a look at it.
Hi,
In OpenBSD library is libZ?
I have in /usr/lib
root@haproxy01 $ ls -l /usr/lib/libz*
-r--r--r-- 1 root bin 296850 Jul 30 2013 /usr/lib/libz.a
-r--r--r-- 1 root bin 201378 Jul 30 2013 /usr/lib/libz.so.4.1
-r--r--r-- 1 root bin 305920 Jul 30 2013 /usr/lib/libz_p.a
Ok,
Hi,
Hi,
I find that HAProxy only resolve DNS of Backend Server that the start
up time :
* server sv1.mydomain.com sv1.mydomain.com:80 check port 80 inter
4000 weight 10
* server sv2.mydomain.com sv2.mydomain.com:80 check port 80 inter
4000 weight 10
Even if DNS Server has
Hi,
#=== HAProxy 1 =
frontend h1
mode tcp
bind 10.10.10.241:443http://10.10.10.241:443 name example ssl
crt /etc/haproxy/keys/haproxy1.pem verify required ca-file
/etc/haproxy/keys/rootCA.pem
default_backend b1
backend b1
server haproxy2 10.10.10.242:443http://10.10.10.242:443 ssl
Hi,
I am using 1.5-dev21-6b07bf7. The haproxy process was running, the web
gui was responding. According to the web gui, all the backends were up,
and I restarted all backend services to make sure as well.
When I send connections to the front-end, TCP connection was
established to
Hi,
Basic question on send-proxy:
If the HAProxy server configuration has both SSL and send-proxy, should
the proxy protocol header be sent encrypted within the SSL packet?
Good question. In my opinion send_proxy should be cleartext, as a proxy
may or may not terminate SSL.
Imagine if
Hi,
Please try it and report any issue / bug / success story.
(the wiki hosting the page above uses the patch, of course)
FYI: this feature has been committed to the nginx code base [1]
and is in nginx v1.5.12 [2]. Docs are [3] and [4] and someone
also wrote a blog post about it [5].
Hi,
Please add me to the haproxy dev ML.
Write to:
Subscribe to the list :
haproxy+subscr...@formilux.org
Unsubscribe from the list :
haproxy+unsubscr...@formilux.org
Regards,
Lukas
Hi Simon,
2. There are some issue with option http-server-close, haproxy crashed
after a while, whennever set it on frontend or backend.
For crashes, please provide gdb backtraces [1].
3. Sometimes stalled with tcp-smart-connect and tcp-smart-accept,
when I removed it, it's work normal.
Hi John,
I've ready every Haproxy/SPDY tutorial and I have the latest version
of Open SSL and I'm using the latest 1.5 dev build.
Everything looks find and I can get a SPDY connection on an upstream
ports (bound to port 444) but the local port uses plain SSL as opposed
to SPDY.
I can't
Hi Dário,
please always send your email to the mailing list as-well.
I managed it on java but I would like to use HAProxy due to performance
and credibility... Do you think it would be hard to add this feature?
I'm not sure it will be particularly easy to add something like that.
HAProxy
Hi Dário,
I want to track every request and response which crosses the HAProxy.
Therefore, I want forward the request to 2 distinct servers
Thats not possible, you cannot forward a request to 2 or more servers.
and collect the response and forward to the log server and to client.
Thats
Hi Dário,
It's for my thesis work but see it like this:
I have 2 servers: test and production. I want forward the same request
to both, collect/log the responses and compare them (similar to parallel
proxy)
I see. Well haproxy cannot this and I doubt you will find a proxy capable
to do
Hi Jim,
Please try it and report any issue / bug / success story.
(the wiki hosting the page above uses the patch, of course)
This is great, and mostly working for me on 1.4.5! Solves a big problem
of mine.However, is it not possible to use SNI at the same time?
When I configure nginx
Hi Willy,
Your description corresponds with my configuration (using select() with
glibc 2.15 on ubuntu crashing with some load).
On the terminal I see (which is what confuses a bit):
*** buffer overflow detected ***: ./haproxy terminated
and the backtrace looks like this:
(gdb)
Hi,
backend b_catchall
log global
mode http
option httplog
option http-server-close
#--- speedtest
use-server www.speedtest.net if { hdr_dom(host) -i speedtest }
server www.speedtest.net *:80
This is an unsupported configuration, you cannot specify an asterisk
as address.
This
Hi,
Thanks Lukas. But why does it say this here for server in the man?
Address “0.0.0.0″ or “*” has a special meaning.
It indicates that the connection will be forwarded to the same IP
address as the one from the client connection. This is useful in
transparent proxy architectures where
Hi Willy,
Chris Allen and Jeff Zellner reported a similar issue at the same
time on two different versions : 1.4.20 and 1.5-dev17. The symptom
is always the same, haproxy suddenly started to crash under load
while it did not in the past.
When looking deeper into the traces and core files,
Hi,
I understand. Is this something that could be taken up for a
future version?
Not a trivial thing todo. I think an internal resolver implementation
in haproxy would be needed, as gethostbyname() and friends are blocking
(nginx has its own resolver for example).
I don't think there are use
Hi Sander,
Patch applied, thank you Lukas!
I will test the patch. Stupid question, but is it really supported
from 3.3 and higher? A quick test with dev22 yesterday seemed to be
working but I didn't put any traffic through it. It was late so I
didn't give it enough attention ;-)
Just
Hi,
Hello,
I'm maintain postgresql cluster with streaming replication for
php-based webapp. And for a few days I'm trying to get rid of errors in
my setup:
Application serverDB server
| PHP - pgbouncer - haproxy | - | postgresql |
pgbouncer pools
Hi Fred,
Is this a known bug in HAProxy 1.5?
When I use 0.0.0.0 or * as server address for a certain host, HAProxy
crashes with a oom_killer log.
Thats certainly not expected. Does the OOM conditional really come
from HAProxy?
server
...
Address “0.0.0.0″ or “*” has a special
Hi,
On 03.03.2014 14:45, Sander Klein wrote:
Hi,
would it be possible to support IP_FREEBIND with HAProxy-1.5 on linux?
I'm asking because nonlocal_bind only works for IPv4 and it seems
linux upstream does not want to support nonlocal_bind for IPv6.
A thread about this can be found
Lets set IP_FREEBIND on IPv6 sockets as well, this works since Linux 3.3
and doesn't require CAP_NET_ADMIN privileges (IPV6_TRANSPARENT does).
This allows unprivileged users to bind to non-local IPv6 addresses, which
can be useful when setting up the listening sockets or when connecting
to
Hi Joshua,
Hi folks,
I was testing haproxy-1.5-dev22 on SmartOS (an illumos-based system)
and ran into a problem. There's a small window after non-blocking
connect() is called, but before the TCP connection is established,
where recv() may return ENOTCONN. On Linux, the behaviour here
Hi Jordan,
I'm running into an issue with one of our API endpoints that takes in a
fairly large amount of data over a PUT (or sometimes POST) request body.
This would cause the server to timeout, and after some investigation it
looked like the request was being mangled. We switched from SSL
Hi,
Is this [1] the correct archive to use?
Yes.
By mangled, I mean, the full request wasn't making it to my server,
only partial data, which caused it to fail.
Ok. Upgrade to current code, if it still fails, enable logging (httplog),
we should be able to see something.
Regards,
Hi.
Hello,I have installed haproxy 1.4.23 on Cnetos 6.3 .And I can see
the haproxy stats through WEB,but I don't the meaning of 'Resp'(in the
following picture).What does it means?
Its the eresp column in the csv output and means response errors on
the server side. It also includes srv_abrt
Hi,
We have experimented a bit with the latest haproxies and keep-alive. We
rely on haproxy to set good maxconn values for our servers so they can
operate at full speed without becoming overloaded.
When using multiple servers in a backend, prefer-last-server is
required to get
Hi,
I just noticed I had missed a timeout client.. When disabling that - I
can't seem to reproduce the 408 issue.
Ok.
I applied both patches, and can still reproduce the error (when timeout
client is set), but the log no longer logs cR (since I enabled httplog).
I'm not sure if they are
Hi Andy,
Also, I'm not sure if this makes a difference, but the two times
I was able to reproduce this today (yes, two times... the first
time, Wireshark crashed *sigh*), the connections/requests were
HTTP over SSL.
For the record: are you using HAproxy SSL functionality or do you
use
Hi,
There wasn't a request made prior to it sending that 408, so
something seems a bit fishy there, too. I could be completely missing
something, though.
It's *exactly* the purpose of 408 : indicate to the client that we're
fed up with waiting for it to send a request (hence the request
Hi,
I suggest you try this an different box, not virtualized or on a different
hypervisor as well. I still think what you are experiencing is time jump
related.
Compile the test program from this bugreport:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=186393
and let it run for a few
Hi,
I have attached a dump, from the client side of the problem.
As you can see it starts to send the reply, and then suddenly resets.
When looking at tcp.stream eq 0:
We RST in the middle of a HTTP response, without any apparent reason.
When looking at tcp.stream eq 1:
270 ms after the ACK
Hi,
the odd thing is, if I point the url to the varnish right behind the
haproxy - the issue goes away completely.
The dump I send you, was from over the internet (a few countries apart)
- so that's probably why the MSS is the size it is :)
I'll grab a dump on haproxy server tomorrow,
Hi,
Feb 18 14:46:02 localhost haproxy[23414]: 10.46.10.145:58871
[18/Feb/2014:14:46:02.454] example.dk .dk/NOSRV -1/-1/31 212 cR
2/2/0/0/0 0/0
Feb 18 14:46:02 localhost haproxy[23414]: 10.46.10.145:58872
[18/Feb/2014:14:46:02.455] example.dk .dk/NOSRV -1/-1/30 212 cR
1/1/0/0/0 0/0
cR
Hi,
What would I look for in the tcpdump?
Whether or not the browser takes more than 10 seconds to complete
the http request, as per your configuration:
timeout http-request 10s
This is the timeout you are hitting. Also read this [1]. Share
your tcpdump capture if it doesn't contain
Hi,
Whether or not the browser takes more than 10 seconds to complete
the http request, as per your configuration:
timeout http-request 10s
it's not even close to 10 seconds.. it happens as soon as I press f5 -
randomly.
Well, I was assuming this is the issue, since it was the only error
Hi,
I’ve updated the patch which now does actual negotiation. The logic comes
from the example OpenSSL server application that also was committed in the
commit that adds ALPN support to OpenSSL:
Great, it works correctly now. When negotiating spdy I now get a
ERR_SPDY_PROTOCOL_ERROR in
Hi,
same problem as mentioned here:
http://comments.gmane.org/gmane.comp.web.haproxy/7172
Same solution, use the mirrors:
http://master.formilux.org/git/people/willy/haproxy.git/
http://master.formilux.org/git/people/willy/haproxy-1.4.git/
I've tried for three days in a row.
It
Hi,
I hope you are not to angry that I ask a Linux network question here.
The reason is that on this list are also very experienced users about
high traffic
and high performance setups.
Still offtopic, as it isn't a haproxy issue. If you think thats a kernel
issue, LKML is the right place
Hi,
Thanks for your suggestion, Lukas.
For my own understanding, are you saying that there is no difference
between having http-keep-alive and having http-server-close to a
backend server once websocket connection to that server is establish,
and both settings allow for establishing
Hi,
Not a problem ... our Head of IS did a detailed write up on our
investigation process and findings at his blog if you are interested:
http://blog.tinola.com/?e=36
Thanks, thats really interesting and very detailed.
Someone from RedHat really should take a look at this. Most likely
Hi,
In the latest HAProxy 1.5 release (dev22), it is indicated that
keep-alive is now enabled by default for both client and server sides.
I have some questions regarding its use in the following scenario.
I use HAProxy in front of an array of servers: one nginx for
delivering static
Hi,
Can you tell me if the following is possible with HA proxy please:
LB-Prim-Node---LB-Backup-Node
HTTPS VIP
|___Heart Beat___|
| | |
| | |
| | |
Real-Srv1 Real-Srv2 Real-Srv3
HTTPS HTTPS HTTPS
I need a HTTPS entry and the backend server in the farm
Hi,
Excellent. Having looked at the documentation, I cant clearly see the
configuration options I need to use. Can you point me to a doc that
will explain on how to set it up and which options to use please?
examples/ssl.cfg is a (very) simplified configuration of what you would
like to
Hi,
I would like to know if Haproxy is able to prevent OS fingerprinting /
public display of the os it is running on. (nmap -O as an example)
No, an application cannot prevent OS fingerprinting.
The purpose is essentially to test my infrastructure and enhance my
understanding of what
Hi,
Hi, build latest git head, error like:
src/listener.c:361:5: warning: implicit declaration of function
'fcntl' is invalid in C99 [-Wimplicit-function-declaration]
fcntl(cfd, F_SETFL, O_NONBLOCK);
^
src/listener.c:361:16: error: use of undeclared identifier 'F_SETFL'
fcntl(cfd,
Hi,
OK we discussed this with Emeric in the last few days and came up with a
solution closer from yours than from mine. What made me accept to change
my mind is to realize that many users don't see warnings at all. Probably
that the new shitty service managers which replace init are
Hi,
Here's an update of current 1.5 status. All reported bugs were fixed.
I'm currently working on something that was just reported to me today
which is not exactly a bug but a design mistake around the way track-
counters are tracked between HTTP requests when they're done in content
Hi,
If anyone has any thoughts or insights I'd be intrigued to hear them
and if you want to reproduce and have difficulties doing so I'd be
happy to help.
Please provide the smallest config you can reproduce the problem with
and the output of haproxy -vv. I cannot currently reproduce
Hey guys,
Do you still want me to bisect? Or should I wait? If you think the
problem is the same I'll just test the fix :-)
Don't waste your time bisecting. I'll propose you to test the patch
instead. The problem I've seen is always the same and is related to
the fact that the SSL layer
Hi,
Thanks very much for your answer !
Actually, we just used FreeBSD9.2 with the same configuration before,
but the situation almost the same :(
Ok, at least its not likely to be a OS bug then.
And is there any other possible reason there ? Or is there any
possible tools for track the
Hi,
And this program generated a file rfc5077-output-1389174665--p-4431-
192.168.35.254.csv with following contet:
This output is extremely useful. What it says is that session id caching
works perfectly fine; as long as TLS ticket remains disabled on the client
side.
But when the client
Hi,
I want to enable client side ssl for a specific URL only. My web app
admin lives at https://example.org/admin and I want only the /admin part
require a client certificate. In Apache I would do it with a Location
/admin block. In haproxy I am able to require a certificate for the
entire
Hi,
$ openssl s_client -state -quiet -connect xx.xx.xx.xx:443
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=4 /C=NL/O=xxx/CN=xxx
verify error:num=19:self signed certificate in certificate chain
verify
Hi,
I calculated the connection in frontend and backend direct.( as
freeBSD don't show port of 2001 in netstat -na when connect to
client.)
root@Haproxy01:~ # sh frontend_tcp_conns.sh
FIN_WAIT_1 129
FIN_WAIT_2 25729
LAST_ACK 1730
CLOSING 5
CLOSE_WAIT 1560
CLOSED 211
SYN_RCVD 33
Hi,
Recently, we use haproxy1.5-dev21 in our product.And we want to get
the benefit of http-keep-alive. But after we added the option
http-keep-alive and deployed new version of haproxy. We found that the
connection of FIN_WAIT_2 CLOSED ESTABLISHED increased quickly. when we
change to the
Hi,
Well, after spending some time compiling testing compiling testing I
finally found that the patch
0103-OPTIM-MEDIUM-epoll-fuse-active-events-into--1.5-dev19.diff done
between 20131115 and 20131116 is causing my problems.
I also found that this problem is much easier to reproduce on
Hi,
My web servers contain text file wich contain name of that server.
Then put following line to web browser https://X.X.X.X/index.txt
and browse this page it displays server name One server file index.txt
contains server name etee-live1 and other server the file contains this
server name
Hi,
Disabling epoll doesn't fix it... drat... Tested it with ss-20140104.
Could it be that it's a more subtle bug somewhere else?
If disabling epoll doesn't workaround that problem then another patch must
be the reason for this.
But, Yes, that is correct. 20131115 works and 2013116
Hi,
Have been wondering about if/how i could persist ssl sessions between
servers myself if i ever need it.
And found the concept of a SSL-session-id rather promising, then after
looking into how to use it and its reliability i found some articles
saying it might not be wise..
Hi,
Hi, this question is silly, but I use haproxy even on my laptop to
split traffic, for example, there's a ACL to let some special domains
go via remote proxy, and the default goes local proxy, I wonder is it
possible to replace local proxy with haproxy, so I could have:
server default
Hi,
Hello ,
Many thanks for your replay. This thing is more stranger i downloaded and
compiled serverl versions of HAproxy 1.5.x.x and the result was alwase the
same
I experimented with following versions
At first i testing with
Hi,
The problem I'm having (also tested with ss-20140101 yesterday) happens
with http-keep-alive enabled and also when just running in tunnel mode.
But, when http-keep-alive is enabled I get the problem with ~98% of the
requests and in tunnel mode I get it with ~10% of the requests.
Hi,
Problem description – then i access my two web servers through HA-Proxy
version 1.5-dev21-51437d2 2013/12/29
it acts as round robin load balancing with out any ssl sticky sessions
effect. I would be very pleased if some could help to make sticky ssl
sessions work with out ssl offload.
Hi,
Thats great, but is there can be anything like this?
acl bad_guys tos-acl 0x20
block if bad_guys
Ah ok, you want to match incoming TOS.
That is indeed not supported currently.
Also, not all *nixes provide an API for this. Linux has
IP_RECVTOS/IPV6_RECVTCLASS to do it, but BSD hasn't,
Hi,
Wile I do agree that using tcp-mode would make stuff easier, I also need
to do some redirecting on the host-header. Which is AFAIK not possible
while in tcp-mode. (I might be wrong)
No, I really meant http mode, but in the (default) tunneling mode, which
can only analyze the first
Hi,
Dumb question: what is the advantage of the proxy protocol for http (as
would be the case with varnish)? I assumed the proxy protocol was used
to enable load balancing of non-http protocols.
It can be useful even when you are load-balancing http. Perhaps you don't
want to touch the HTTP
Hi,
Could haproxy add a tos based acl?
http://en.wikipedia.org/wiki/Type_of_service
We want to do some action on the traffic based on the tos field.
Should work already with something like this:
acl local_net src 192.168.0.0/16
http-response set-tos 46 if local_net
Hi,
I have made a patch to add proxy protocol to Varnish 3.0
you can find it at http://varnish.hocdet.net
Nice!
Btw, is there any patch available for apache? Google search
with the apache, haproxy, proxy keywords isn't very helpful,
as you can immagine ...
We need more exotic names for
Hi,
HTTP/1.1 200 OK
Date: Mon, 30 Dec 2013 05:40:02 GMT
X
MicrosoftOfficeWebServer: 5.0_Pub
X
XXX
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 73803
!DOCTYPE html PUBLIC
Hi,
Hi,
I know haproxy doesn't do UDP loadbalancing, but I figured someone here
might now A nice tool which can doe this for me. (If haproxy could do it
it would have been nice though... ;-) )
I've looked at pen but it doesn't seem to do IPV6.
LVS can do the trick but I need to
Hi,
Subject: http-keep-alive broken?
Hi,
I'm using haproxy ss-20131229 to reverse proxy some windows iis server
with ntlm-auth enabled (one of them being exchange 2012).
While I understood that using 'option http-keep-alive' would make
ntlm-auth work, it doesn't work for me. Are there
Hi,
My Linux is
[...]
Description: CentOS release 5.10 (Final)
[...]
and Installed openssl-1.0.1e
Please decide now: would you like to use the openssl from your
repository or do you want to build it on your own? There is no
point in troubleshooting 2 different problems at the same time.
Hi,
but my web server use https (ssl)so load-balancer have to provide
this. download the haproxy-1.5-dev21and make this.but... error...
src/shctx.o: In function `atomic_dec':
/root/haproxy-1.5-dev21/src/shctx.c:134: undefined reference to
`__sync_sub_and_fetch_4'
src/shctx.o: In function
Hi,
dev19 is OK.
The config I use is:
With your exact configuration (other than changing the server ip) I'm
still unable to reproduce the problem:
0002:ap.accept(0004)=0005 from [10.0.0.3:55871]
0002:ap.clireq[0005:]: GET / HTTP/1.1
0002:ap.clihdr[0005:]:
Hi!
In my test of 1.5dev21, I found the following acl failed:
acl my_host req.hdr(host) -m str www.mytest.com
use_backend www if my_host
and result in an 503 error(because there is no default backend).
I tried :
1. my_host req.hdr(host) -m beg www.mytest.com
2. my_host
Hi!
Is anything ringing a bell to you? Anything I could do for the app to be
more responsive in HTTPS?
[...]
You're right, your HAProxy is in tunnel mode, which means it let the
client and the server negociate the keep-alive mode.
Obviously, they did not.
Correct. In case you origin
Hi,
backend transparent-cache1
option transparent
option tcp-smart-connect
source 10.0.253.26 usesrc clientip set-mark 0x11
Doesn't the following configuration achieve what you are trying to do?
backend transparent-cache1
option transparent
option tcp-smart-connect
source
Hi,
To be more clear:
There is client side, which is client to haproxy.
And there is server side, which is haproxy to server.
My patch implement mark for server side, while
http-request/http-response as i see in source code only for client
side.
Yes, I see.
Currently, the features
Hi,
we are using 1.5dev19 and I like to know is there option to use acl and
reqidel.
What I want. Remove accept-encoding gzip, deflate when matched acl. Because
I know that client is broken. And I want to set gzip compression globaly on.
Please check the documentation, you should find
Hi!
- sflow output
Can't log-format already do this?
Sure, but it might be a better integration in the rest of networking
infrastructure if sflow is supported.
FYI, Neil Mckee has a fork available with sflow support:
http://marc.info/?t=13673552702r=1w=2
Hi Willy and everyone,
Subject: [ANNOUNCE] haproxy-1.5-dev20
Hi all,
here is probably the largest update we ever had, it's composed of 345
patches!
Wow, thats one hell of a -dev release, nice work :)
- keep-alive: the dynamic allocation of the connection and applet in the
session now
Hi Annika,
we have a few regarding load at our Haproxy 1.5-dev19 cluster.
We run constantly at a load of 12 - 15 most of it is system load.
[...]
On our old cluster i do not see any of the Resource temporarily
unavailable” at splicing operation.
We can't tell if that kind of load is
Hi,
There are some bugs with splice in 1.5-dev19... they have been fixed.
See this thread for the patches:
http://comments.gmane.org/gmane.comp.web.haproxy/12774
(Or google for: Oh and by the way, the bug was present since 1.5-dev12. )
This is not what Annika is seeing; that bug is
Hi,
listen http
bind: 80
mode ssl-client
use-server sslsrv 127.0.0.1:443
I think this should work
--
listen http :80
mode http
server sslsrv 127.0.0.1:443 ssl
--
Yes exactly, or something like this when using the frontend/backend approach:
frontend myfrontend
mode http
bind :80
Hi,
For testing we disabled splicing on one of the cluster members on the
new cluster (after succesfull tests). Now load drops below 8 from 16.
So I maybe try it with splice-auto and if that does not help with a
new haproxy build with the following git commits:
Yes, but please fix the
Hi Igor,
include/common/time.h:111:29: warning: implicit conversion from
'unsigned long' to '__darwin_suseconds_t' (aka 'int') changes value
from
18446744073709551615 to -1 [-Wconstant-conversion]
tv-tv_sec = tv-tv_usec = TV_ETERNITY;
~ ^~~
include/common/time.h:32:26: note:
Hi,
Hello Experts,
not sure if this subject was already discussed or not, like to hear the
advices and suggestions.
If a single HAProxy instance as a load-balancer could not handle the
high-load traffic, how to scale multiple instances as a group of
load-balancers to handle the high-load?
1201 - 1300 of 1576 matches
Mail list logo