Re: haproxy backend server template service discovery questions

On Sat, 6 Apr 2024 at 20:17, Илья Шипицин wrote: > > Consul template is something done by consul itself, after that haproxy.conf > is rendered > > Do you mean "how haproxy deals with rendered template"? > He doesn't use that method of discovery, he uses DNS resolvers so haproxy gets the SRV

Re: haproxy backend server template service discovery questions

On Fri, 5 Apr 2024 at 15:00, Andrii Ustymenko wrote: > > Dear list! > > My name is Andrii. I work for Adyen. We are using haproxy as our main > software loadbalancer at quite large scale. > Af of now our main use-case for backends routing based on > server-template and dynamic dns from consul as

Incorrect href for 2.9 version on Latest versions table

Hoi all, I noticed on the main page of http://www.haproxy.org/ that the `Latest versions` table has an incorrect URL for the git repo of the 2.9 version. In the below table the `href` for 2.9 should point to http://git.haproxy.org/?p=haproxy-2.9.git and not to

Re: Some notes about what happens with HTTP/1.0 requests

On Wednesday, July 5, 2023 8:25:35 PM CEST Shawn Heisey wrote: > I have a backend in haproxy for my Solr server. Solr lives unencrypted > on port 8983, haproxy provides TLS for it, on a name like > `solr.example.com`. > > Everything works fully as expected with HTTP 1.1, 2, or 3. > > If I

Re: Opinions desired on HTTP/2 config simplification

On Saturday, April 15, 2023 11:32:49 AM CEST Willy Tarreau wrote: > Hi everyone, [...snip...] > Even if I wouldn't share my feelings, some would consider that I'm > trying to influence their opinion, so I'll share them anyway :-) I > think that with the status change from

Re: Is adaptive circuit breaking in the roadmap for 2.3/2.4?

On Τρίτη, 15 Σεπτεμβρίου 2020 9:24:32 Π.Μ. CEST Willy Tarreau wrote: > Hi Pavlos! > > On Sat, Sep 12, 2020 at 11:45:12AM +0200, Pavlos Parissis wrote: > > Hi old friends!, > > > > Is in the roadmap the addition of a circuit breaking which adapts its > > set

Is adaptive circuit breaking in the roadmap for 2.3/2.4?

Hi old friends!, Is in the roadmap the addition of a circuit breaking which adapts its settings using real-time data? I believe we discussed this in the last HAProxyConf with a group of people, but I don't remember if there were , back then, concrete plans to work on it. I know that something

Re: TLS tickets prone to MITM attacks (was: [PR] Docs tls tickets)

On Τετάρτη, 11 Μαρτίου 2020 9:10:56 Π.Μ. CET Lukas Tribus wrote: > Hello, > > On Wed, 11 Mar 2020 at 08:32, Илья Шипицин wrote: > >> On 09.03.20 20:37, Lukas Tribus wrote: > >> >> I think the wording from the patch is still quite relaxed :). One of > >> >> the best > >> >> summaries describing

Re: kernel panics after updating to 2.0

On Παρασκευή, 6 Δεκεμβρίου 2019 10:36:18 Π.Μ. CET Sander Hoentjen wrote: > > On 12/6/19 10:20 AM, Pavlos Parissis wrote: > > On Παρασκευή, 6 Δεκεμβρίου 2019 9:23:24 Π.Μ. CET Sander Hoentjen wrote: > >> Hi list, > >> > >> After updating from 1.8.13 to

Re: kernel panics after updating to 2.0

On Παρασκευή, 6 Δεκεμβρίου 2019 9:23:24 Π.Μ. CET Sander Hoentjen wrote: > Hi list, > > After updating from 1.8.13 to 2.0.5 (also with 2.0.10) we are seeing > kernel panics on our production servers. I haven't been able to trigger > them on a test server, and we rollbacked haproxy to 1.8 for

Re: using hashicorp vault for storing SSL certs

On Κυριακή, 29 Σεπτεμβρίου 2019 7:52:12 Μ.Μ. CEST Илья Шипицин wrote: > hello, > > is anybody using https://www.vaultproject.io/docs/secrets/pki/index.html > for storing certs ? (I want to avoid reinventing the wheel here) > > thanks, > Ilya Shipitcin > I have, but with a different system, but

Re: fullconn not working

On Παρασκευή, 28 Ιουνίου 2019 5:50:48 Μ.Μ. CEST Patrick Hemmer wrote: > I'm trying to get fullconn working, and can't seem to do so. I dunno if > it's a bug, or if it's my understanding that's wrong. > Basically my goal is to prevent the cumulative total of all connections > to all servers in a

Re: How to get overall stats in haproxy?

On Tue, 11 Jun 2019 at 10:03, wrote: > > Hi > > I'm using multiple processes haproxy, how can I get overall stats in haproxy? > > I have to access every process's stats page, and get the stats of that > process and count. > > Is there any convenient way to get overall stats? > > Thanks > >

Re: two maps with the same id

On 11/4/19 2:56 μ.μ., Willy Tarreau wrote: > Hi Pavlos, > > On Thu, Apr 11, 2019 at 09:47:41AM +0200, Pavlos Parissis wrote: >> Hi, >> >> I am having a rather simple config[1] for testing few changes in >> haproxyadmin library and I noticed >> that t

two maps with the same id

Hi, I am having a rather simple config[1] for testing few changes in haproxyadmin library and I noticed that two different map files have the same ID: echo 'show map' | socat /run/haproxy/admin1.sock - # id (file) description -1 (/etc/haproxy/test_map.map) pattern loaded from file

Re: [ANNOUNCE] haproxy-2.0-dev2

Hoi Willy! What a detailed and fruitful response, as always On 27/3/19 10:56 μ.μ., Willy Tarreau wrote: > Hi Pavlos! > > On Wed, Mar 27, 2019 at 09:57:32PM +0100, Pavlos Parissis wrote: >> Have you considered enabling SO_INCOMING_CPU socket option in >> order to increase

Re: [ANNOUNCE] haproxy-2.0-dev2

On 26/3/19 6:24 π.μ., Willy Tarreau wrote: > Hi, > > HAProxy 2.0-dev2 was released on 2019/03/26. It added 176 new commits > after version 2.0-dev1. > > This version starts more important changes. One of the most visible > ones is that haproxy will now automatically start with threads enabled >

Re: [PATCH] CONTRIB: contrib/prometheus-exporter: Add a Prometheus exporter for HAProxy

On 8/2/19 11:11 π.μ., Willy Tarreau wrote: > Hi Christopher, > > > On Thu, Feb 07, 2019 at 10:09:52PM +0100, Christopher Faulet wrote: >> Hi, >> >> This patch adds a new component in contrib. It is a Prometheus exporter for >> HAProxy. > (...) > > Thanks for doing this. After reading the whole

Re: Balance based on network/cpu load

On 13/11/18 9:37 π.μ., Bruno Henc wrote: > Hello, > > > Not sure if there is a direct way to do this, but you can always create a > monitoring process that > will use the haproxy runtime API to MAINT or DRAIN a server until the CPU / > network load drops. So > you have a simple watchdog

Re: [PATCH] DOC: fix various typos in the CHANGELOG

On 8/11/18 5:48 π.μ., Willy Tarreau wrote: > Hi Joseph, > > On Wed, Nov 07, 2018 at 06:03:14PM -0800, Joseph Herlant wrote: >> Hi, >> >> Please find attached a patch to cleanup typos in the changelog. >> I'm not sure where you stand on cleaning up typos in changelogs, >> some people totally

Re: [ANNOUNCE] haproxy-1.9-dev4

On 10/22/18 11:15 AM, Willy Tarreau wrote: > Hi Pavlos! > > On Mon, Oct 22, 2018 at 11:01:37AM +0200, Pavlos Parissis wrote: >> On 10/21/18 9:05 PM, Willy Tarreau wrote: >>> Hi, >>> >>> HAProxy 1.9-dev4 was released on 2018/10/21. It added

Re: [ANNOUNCE] haproxy-1.9-dev4

On 10/21/18 9:05 PM, Willy Tarreau wrote: > Hi, > > HAProxy 1.9-dev4 was released on 2018/10/21. It added 97 new commits > after version 1.9-dev3. > > There's not much user-visible here, it's mostly another merge of some > pending infrastructure changes. The most sensitive changes consist in >

Re: gRPC protocol

On 5/24/18 5:54 PM, Daniel Corbett wrote: > Hello Aleks, > > > On 05/24/2018 10:54 AM, Aleksandar Lazic wrote: >> >> I remembert that Willy mentioned this in any of his mail. >> Do you have any rough timeline, this year, next year something like this >> ;-) >> > > We're aiming to have the

Re: Considering adding support for TCP Zero Copy

On 03/05/2018 07:24 μμ, Willy Tarreau wrote: > On Thu, May 03, 2018 at 02:51:12PM +0200, Pavlos Parissis wrote: >> On 03/05/2018 02:45 uu, Olivier Houchard wrote: >>> Hi Pavlos, >>> >>> On Thu, May 03, 2018 at 12:45:42PM +0200, Pavlos Parissis wrote: >>

Re: Considering adding support for TCP Zero Copy

On 03/05/2018 02:45 μμ, Olivier Houchard wrote: > Hi Pavlos, > > On Thu, May 03, 2018 at 12:45:42PM +0200, Pavlos Parissis wrote: >> Hi, >> >> Linux kernel version 4.14 adds support for zero-copy from user memory to TCP >> sockets by setting >> MSG_ZERO

Considering adding support for TCP Zero Copy

Hi, Linux kernel version 4.14 adds support for zero-copy from user memory to TCP sockets by setting MSG_ZEROCOPY flag. This is for the sending side of the socket, for the receiving side of the socket we need to wait for kernel version 4.18. Will you consider enabling this on HAProxy? More

Re: Updating the unofficial GitHub mirror

On 12/03/2018 08:07 πμ, Willy Tarreau wrote: > Hi Dan, > > On Sun, Mar 11, 2018 at 12:55:59PM -0400, Dan Kohn wrote: >> I'm the author of the CNCF Cloud Native Interactive Landscape, which tracks >> projects and >> products used in open source. We include HAProxy: >> >>

Re: [PATCH v2 0/3] Add SystemD's sandboxing options

On 27/02/2018 08:19 μμ, Tim Duesterhus wrote: > Willy, > > okay. I added an additional comment about the nature of those options in > the first commit and then added the various settings in commented out > versions. For reference, these are the settings I add on top of Debian's > default unit

Re: [PATCH 0/2] Add SystemD's sandboxing options

On 27/02/2018 04:00 μμ, Willy Tarreau wrote: > Hi Tim, > > On Thu, Feb 22, 2018 at 03:03:58PM +0100, Tim Duesterhus wrote: >> I'm running this exact settings on my Debian Stretch machine using haproxy >> 1.8.x, without issues so far. >> >> The first patch could cause issues for users that store

Re: What is a nice way to bypass the maintenance mode for certain IP's?

On 20/02/2018 09:11 πμ, Pieter Vogelaar wrote: > Hi Willy, > > Thanks I will look into that! > > On the statistics report page it's possible to set all servers of a backend > in maintence mode. Is it also possible to set the servers of all backends in > maintenance mode? > > Best regards, >

[PATCH] DOC: Mention -Ws in the list of available options

` build option enabled, otherwise this option is not available. Cheers, Pavlos From 426a4b37f7f1347a3e017db8f577b81f34f51f13 Mon Sep 17 00:00:00 2001 From: Pavlos Parissis <pavlos.paris...@booking.com> Date: Wed, 7 Feb 2018 21:42:16 +0100 Subject: [PATCH] DOC: Mention -Ws in the list of ava

Re: -Ws argument isn't document?

On 03/02/2018 03:53 μμ, Lucas Rolff wrote: > haproxy --help: > -W master-worker mode. > -Ws master-worker mode with systemd notify support. Stupid me. But, I think it should be mentioned in the document as well. I prepared a patched for it. Cheers, Pavlos signature.asc

-Ws argument isn't document?

Hi, In contrib/systemd/haproxy.service.in we see -Ws used in ExecStart as it is the recommended way to start haproxy under systemd: ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE But, it isn't documented in doc/management.txt, only -W is mentioned while I failed to find any

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

On 13/01/2018 04:22 μμ, Lukas Tribus wrote: > Hello, > > > On 13 January 2018 at 15:17, Pavlos Parissis <pavlos.paris...@gmail.com> > wrote: >>> Not exactly, the moment you force a cipher list that does not include a >>> TLSv1.3 cipher in the server s

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

On 13/01/2018 01:22 μμ, Moemen MHEDHBI wrote: > HI Pavlos, > > > On 12/01/2018 22:53, Pavlos Parissis wrote: >> On 12/01/2018 03:57 μμ, Emeric Brun wrote: >>> Hi All, >>> >>> FYI: upgrading to next openssl-1.1.1 could break your prod if y

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

On 12/01/2018 03:57 μμ, Emeric Brun wrote: > Hi All, > > FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a > forced cipher list because > handshake will fail regardless the tls protocol version if you don't specify > a cipher valid for TLSv1.3 > in your cipher list. >

Re: AW: Poll: haproxy 1.4 support ?

On 03/01/2018 08:50 πμ, Maximilian Böhm wrote: > Debian (Jessie) distributes Haproxy 1.5.8.3 > Well, Debian users can also use https://haproxy.debian.net/ to get any version they want. For more details, please read https://packages.debian.org/search?suite=jessie-backports=names=haproxy Cheers,

Re: Poll: haproxy 1.4 support ?

On 02/01/2018 04:23 μμ, Jonathan Matthews wrote: > On 2 January 2018 at 15:12, Willy Tarreau wrote: >> So please simply voice in. Just a few "please keep it alive" will be >> enough to convince me, otherwise I'll mark it unmaintained. > > I don't use 1.4, but I do have a small

Re: Incredible performance bump between 1.5.12 and 1.8.1 ?

On 09/12/2017 05:01 πμ, Christopher Lane wrote: > It is plausible/expected that my version upgrade performance goes like (about > 4K connections, > long lived and short lived mix, TCP only, no HTTP: > > 1.5.12 (nproc 1, old connections causing about 100 old -sf processes to > linger) uses 100%

Re: 1.8.1-fe66fd doesn't finish startup and doesn't listen to sockets

On 08/12/2017 10:38 πμ, Pavlos Parissis wrote: > On 08/12/2017 10:21 πμ, Christopher Faulet wrote: >> Le 08/12/2017 à 05:52, Willy Tarreau a écrit : >>> >>>> pparissis at poseidonas in ~/repo/haproxy-1.8 on (master u=) >>>> sudo gdb ./haproxy >&g

Re: 1.8.1-fe66fd doesn't finish startup and doesn't listen to sockets

On 07/12/2017 10:18 μμ, Pavlos Parissis wrote: > On 07/12/2017 07:41 μμ, Willy Tarreau wrote: >> Hi Pavlos! >> >> On Thu, Dec 07, 2017 at 07:16:54PM +0100, Pavlos Parissis wrote: >>> Hi, >>> >>> OK, I haven't read the ML for ~2 weeks and a quick sca

Re: 1.8.1-fe66fd doesn't finish startup and doesn't listen to sockets

On 07/12/2017 07:41 μμ, Willy Tarreau wrote: > Hi Pavlos! > > On Thu, Dec 07, 2017 at 07:16:54PM +0100, Pavlos Parissis wrote: >> Hi, >> >> OK, I haven't read the ML for ~2 weeks and a quick scan didn't reveal >> anything. >> So, here I am asking somethi

1.8.1-fe66fd doesn't finish startup and doesn't listen to sockets

Hi, OK, I haven't read the ML for ~2 weeks and a quick scan didn't reveal anything. So, here I am asking something that may have been addressed already. Today, I decided to switch my dev env to haproxy-1.8 using current master and I started haproxy in the same way as I have been doing with older

Re: [ANNOUNCE] haproxy-1.8.0

On 26/11/2017 07:57 μμ, Willy Tarreau wrote: > Hi all, > > After one year of intense development and almost one month of debugging, > polishing, and cross-review work trying to prevent our respective coworkers > from winning the first bug award, I'm pleased to announce that haproxy 1.8.0 > is now

Re: [PATCH] MINOR: mworker: do not store child pid anymore in the pidfile

On 06/11/2017 03:19 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Mon, Nov 06, 2017 at 03:09:10PM +0100, Pavlos Parissis wrote: >> That will be very much appreciated as it will allow us to have a smooth >> migration to the new master process model. > > In fact the curre

Re: [PATCH] MINOR: mworker: do not store child pid anymore in the pidfile

On 06/11/2017 01:35 μμ, William Lallemand wrote: > On Mon, Nov 06, 2017 at 12:11:13PM +0100, Pavlos Parissis wrote: >> On 06/11/2017 11:16 πμ, William Lallemand wrote: >>> The parent process supervises itself the children, we don't need to >>> store the children

Re: [PATCH] MINOR: mworker: do not store child pid anymore in the pidfile

On 06/11/2017 11:16 πμ, William Lallemand wrote: > The parent process supervises itself the children, we don't need to > store the children pids anymore in the pidfile in master-worker mode. I have a small objection against this. Having PIDs in a file allows external tools to monitor the

Re: 1.8-RC1 100% cpu usage

On 02/11/2017 02:24 μμ, Mihail Samoylov wrote: > Hi. > > I've tried 1.8-RC1 and in my case it ate 100% CPU and didn't work. I found > out that this is caused > by option httpchk. When I commented this line everything became fine. Some > details: > Willy mentioned in the announcement that

Re: Happroxy and TCP SYN flood attacks

On 18/10/2017 01:06 μμ, Pooja Patel wrote: > Respected Sir, > > I am Pooja from University of Hyerabad. Currently I am working on networking > project for which I am > using HAProxy as a load balancer. I have one doubt and that is: > > *Does HAProxy by default protect itself from DOS or TCP SYN

Re: Experimental / broken HTTP/2 support

On 16/10/2017 11:27 πμ, Willy Tarreau wrote: > Hi Pavlos! > > On Mon, Oct 16, 2017 at 10:46:44AM +0200, Pavlos Parissis wrote: >>> Now after several failed attempts and with a lot of design sessions >>> with my coworkers, I've made a good progress on a totally d

Re: Experimental / broken HTTP/2 support

On 15/10/2017 07:02 μμ, Willy Tarreau wrote: > Hi Sander, > > On Sun, Oct 15, 2017 at 04:27:15PM +0200, Sander Klein wrote: >> Hi, >> >> I haven't been paying much attention to the list lately, but I am wondering >> what the current status of http/2 support is in 1.8-(dev|snapshot). >> >> Is it

Re: Reload takes about 3 minutes

On 13/10/2017 10:32 πμ, Joel W Kall wrote: > We're using HAProxy 1.6.3 to load balance and route HTTP traffic to hundreds > of backend servers. We > reload the config often (several times a day), both automatically when a > server fails and manually > for administrative reasons. > > The problem

Re: Consider mentioning haproxystats in the site

On 03/10/2017 01:55 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Wed, Sep 27, 2017 at 11:40:07AM +0200, Pavlos Parissis wrote: >> On 27/09/2017 10:36 ?u, Pavlos Parissis wrote: >>> Hello all, >>> >>> haproxystats has been running for more than one y

Re: Consider mentioning haproxystats in the site

On 27/09/2017 10:36 πμ, Pavlos Parissis wrote: > Hello all, > > haproxystats has been running for more than one year in production and has > been proven stable and > very useful. > Forgot to mention that link for the project: https://github.com/unixsurfer/haproxysta

Consider mentioning haproxystats in the site

Hello all, haproxystats has been running for more than one year in production and has been proven stable and very useful. Thus, I would like to request to mention it in www.haproxy.org site as a satellite tool, under the list with HAtop and etc. Thanks in advance, Pavlos signature.asc

Re: Issue while using Proxy protocol in TCP mode

On 06/14/2017 11:17 AM, Vijay Bais wrote: > Upgraded haproxy to 1.5.18. > Why not 1.5.19? 1.5.18 was released a year ago. Do you have a reason for not switching to 1.7.5? Having said this, your problem could be a configuration issue or a new bug. Cheers. Pavlos signature.asc Description:

Re: Issue while using Proxy protocol in TCP mode

On 13/06/2017 02:23 μμ, Christopher Faulet wrote: > Le 13/06/2017 à 10:07, Vijay Bais a écrit : >> Hello, >> >> I am using HAProxy version 1.5-dev25-a339395. >> > > Hi, > > This is a *very* old version and not a stable one. Please, first of all, > upgrade > your HAProxy to a stable version. For

Re: Regarding migration on version haproxy-1.7.3

On 06/08/2017 07:31 AM, Devendra Joshi wrote: > Hi, > currently we are using haproxy-1.5.14 & now we want to migrate on > haproxy-1.7.3 > > > is there any config changes or

Re: Seeing server termination_state SD after updating from 1.6.11 to 1.7.5

On 06/01/2017 04:53 PM, Bernard McCormack wrote: > > > After updating haproxy from 1.6.11 we saw a number of errors with the > termination state “SD “ that > is flooding our logs with errors. It seems to only occur on a random subset > of requests. Attached > is a pcap of failed request. I

Re: Download site horrendously slow

On 05/31/2017 06:28 PM, William Lallemand wrote: > On Wed, May 31, 2017 at 04:15:18PM +, Skarbek, John wrote: >> Hey guys, >> >> Just an FYI, I'm not sure how you host the downloads for haproxy, but for >> the past couple of days, they've been horridly slow. >> > > You are right, I'd just

Re: New feature request

On 05/30/2017 11:56 AM, Willy Tarreau wrote: > On Tue, May 30, 2017 at 11:04:35AM +0200, Pavlos Parissis wrote: >> On 05/29/2017 02:58 PM, John Dison wrote: >>> Hello, >>> >>> in ROADMAP I see: >>> - spare servers : servers which are used in LB

Re: New feature request

On 05/29/2017 02:58 PM, John Dison wrote: > Hello, > > in ROADMAP I see: > - spare servers : servers which are used in LB only when a minimum farm > weight threshold is not satisfied anymore. Useful for inter-site LB with > local pref by default. > > > Is it possible to push this item priority

awesome article from Willy for seamless reload

Hi, For those (I am on of them) who don't follow twitter/blogs/fb and all these noisy stuff, check Willy's article about seamless reload here https://www.haproxy.com/blog/truly-seamless-reloads-with-haproxy-no-more-hacks I think section 4. Stopping and restarting HAProxy of management document

Re: [RFC][PATCHES] seamless reload

On 06/05/2017 11:15 μμ, Pavlos Parissis wrote: > On 04/05/2017 01:16 μμ, Olivier Houchard wrote: >> On Thu, May 04, 2017 at 10:03:07AM +, Pierre Cheynier wrote: >>> Hi Olivier, >>> >>> Many thanks for that ! As you know, we are very interested on this top

Re: [RFC][PATCHES] seamless reload

On 04/05/2017 01:16 μμ, Olivier Houchard wrote: > On Thu, May 04, 2017 at 10:03:07AM +, Pierre Cheynier wrote: >> Hi Olivier, >> >> Many thanks for that ! As you know, we are very interested on this topic. >> We'll test your patches soon for sure. >> >> Pierre > > Hi Pierre :) > > Thanks !

Re: Backport proposal, opinion needed

On 19/04/2017 12:13 μμ, Willy Tarreau wrote: > Hi all, > > Stephan (in Cc) reported me two nice segfaults in the config parser when > feeding haproxy with some horribly fuzzed invalid configurations. To make > it clear, it happens only when haproxy *fails* to start due to an error. > But it's not

Re: [RFC][PATCHES] seamless reload

On 13/04/2017 06:18 μμ, Olivier Houchard wrote: > On Thu, Apr 13, 2017 at 06:00:59PM +0200, Conrad Hoffmann wrote: >> On 04/13/2017 05:10 PM, Olivier Houchard wrote: >>> On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote: Sure, here it is ;P I now get a segfault (on

HAProxy spins at 100 CPU....

Hi all, Wait don't blame HAProxy yet, read this first, https://blog.booking.com/troubleshooting-a-journey-into-the-unknown.html I would like to thank Willy Tarreau for his support on this interesting system and not HAProxy issue. Cheers, Pavlos signature.asc Description: OpenPGP digital

Re: Multiple Config Files Use Leads to Lockout

On 08/04/2017 08:26 μμ, Coscend@HAProxy wrote: > Hello Pavlos, > > An update: Following your guidance, we have successfully transitioned from > using 'system V init' to 'systemd' in order to start/stop/reload HAProxy. > Thank > you for helping us advance with times. > > We would appreciate

Re: [RFC][PATCHES] seamless reload

On 10/04/2017 11:52 μμ, Olivier Houchard wrote: > On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: >> On 10/04/2017 08:09 , Olivier Houchard wrote: >>> >>> Hi, >>> >>> On top of those patches, here a 3 more patches. >

Re: [RFC][PATCHES] seamless reload

On 10/04/2017 11:48 μμ, Olivier Houchard wrote: > On Mon, Apr 10, 2017 at 10:49:21PM +0200, Pavlos Parissis wrote: >> On 07/04/2017 11:17 , Olivier Houchard wrote: >>> On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: >>>> On 06/04/2017 04:5

Re: [RFC][PATCHES] seamless reload

On 10/04/2017 08:09 μμ, Olivier Houchard wrote: > > Hi, > > On top of those patches, here a 3 more patches. > The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET > environment variable. If set, it will use that as an argument to -x, when > reloading the process. I see you

Re: [RFC][PATCHES] seamless reload

On 07/04/2017 11:17 μμ, Olivier Houchard wrote: > On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: >> On 06/04/2017 04:57 , Olivier Houchard wrote: >>> On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: >>>> On 06/04/2017 04:2

Re: Multiple Config Files Use Leads to Lockout

On 07/04/2017 06:00 μμ, Coscend@HAProxy wrote: > Dear HAProxy Community, > > > > We are seeking your guidance with regard to the following issue we are facing > with our HAProxy use. > > > > -- > > ISSUE > > --- > > When we use a single monolithic config file (haproxy.cfg),

Re: [PATCH]: BUG/MINOR

On 07/04/2017 08:52 μμ, David CARLIER wrote: > Hi all, > > I was trying to compile the 1.8 branch under DragonflyBSD and went into a > build > failure, thus > this patch proposal. > > Kindest regards. I believe Steven Davidobitz has sent the same patch, see mail with subject '[PATCH] BUILD:

Re: [RFC][PATCHES] seamless reload

On 06/04/2017 04:57 μμ, Olivier Houchard wrote: > On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: >> On 06/04/2017 04:25 μμ, Olivier Houchard wrote: >>> Hi, >>> >>> The attached patchset is the first cut at an attempt to work around the >>

Re: [RFC][PATCHES] seamless reload

On 06/04/2017 04:25 μμ, Olivier Houchard wrote: > Hi, > > The attached patchset is the first cut at an attempt to work around the > linux issues with SOREUSEPORT that makes haproxy refuse a few new connections > under heavy load. > This works by transferring the existing sockets to the new

Re: [ANNOUNCE] haproxy-1.6.12

On 04/04/2017 11:29 πμ, Willy Tarreau wrote: > Hi, > > HAProxy 1.6.12 was released on 2017/04/04. It added 46 new commits > after version 1.6.11. > You need to update the last version for 1.6 release on the site, it points to 1.6.11. Cheers, Pavlos signature.asc Description: OpenPGP

Re: Problems with haproxy 1.7.3 on FreeBSD 11.0-p8

On 17/03/2017 05:57 μμ, Aleksandar Lazic wrote: > Willy. > > Am 14-03-2017 22:17, schrieb Willy Tarreau: >> Matthias, >> >> I could finally track the problem down to a 5-year old bug in the >> connection handler. It already used to affect Unix sockets but it >> requires so rare a set of options

Re: Haproxy ssl with nginx backend problem.....

On 16/03/2017 09:21 πμ, 何智声 wrote: > at first thank you read this email,and you help! > i have problem for haproxy settings, > this is my haproxy.cfg settings > > frontend > 内嵌图片 3 > backend > 内嵌图片 2 > 内嵌图片 1 > what happen on it and how to fix this error..thank you!!! I am sorry but I

Re: Force connection close after a haproxy reload

On 15/03/2017 11:48 πμ, Cyril Bonté wrote: > Hi all, > >> De: "Willy Tarreau" À: "Robson Roberto Souza Peixoto" >> Cc: haproxy@formilux.org Envoyé: Mardi 14 Mars >> 2017 13:20:46 Objet: Re: Force connection close after a haproxy reload >> >> On Tue, Mar

Re: Some compilation SSL errors/warnings on debian testing

On 14/03/2017 10:20 μμ, Willy Tarreau wrote: > On Tue, Mar 14, 2017 at 08:18:27PM +0100, Pavlos Parissis wrote: >>>> On Debian testing with openssl 1.1.0e, I get the following warnings when I >>>> compile 1.7 and 1.8: >>>> https:

Re: Some compilation SSL errors/warnings on debian testing

On 14/03/2017 05:24 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Tue, Mar 14, 2017 at 04:43:26PM +0100, Pavlos Parissis wrote: >> Hi, >> >> On Debian testing with openssl 1.1.0e, I get the following warnings when I >> compile 1.7 and 1.8: >> https:

Some compilation SSL errors/warnings on debian testing

Hi, On Debian testing with openssl 1.1.0e, I get the following warnings when I compile 1.7 and 1.8: https://gist.githubusercontent.com/unixsurfer/9c42361822f23cfe36f3b2169133b551/raw/4665476fdfb2a94d287814a2c8a36215cbebb465/gistfile1.txt When I compile 1.6 I get errors and compilation fails:

Re: Feature request: routing a TCP stream based on Cipher Suites in a TLS ClientHello

On 23/02/2017 07:38 μμ, Lukas Tribus wrote: > Hi, > > Am 23.02.2017 um 04:02 schrieb James Brown: >> Unfortunately, that feature only works with OpenSSL 1.0.2 (which, >> incidentally, would be a good thing to note in the documentation)... > > Good point; I did not remember this either ... we

Re: multiproc ssl recommendations

On 9 December 2016 at 20:07, Apollon Oikonomopoulos <apoi...@debian.org> wrote: > Hi Pavlos, > > On 17:31 Fri 09 Dec , Pavlos Parissis wrote: >> On 09/12/2016 08:54 πμ, Apollon Oikonomopoulos wrote: >> > Hi Willy, Elias, >> > >> > On 08:33 Fr

Re: multiproc ssl recommendations

On 09/12/2016 08:54 πμ, Apollon Oikonomopoulos wrote: > Hi Willy, Elias, > > On 08:33 Fri 09 Dec , Willy Tarreau wrote: >> On Thu, Dec 01, 2016 at 02:53:25PM +0100, Elias Abacioglu wrote: >>> # Should I use core 0 on each CPU for backends (proc 1+15) or should >>> I >>> use core 1(proc

Re: Problem starting HaProxy after reboot

On 22/11/2016 10:09 πμ, Jürgen Haas wrote: >> What do you mean by 'not operating at all'? > > It doesn't respond to requests. > >> Are you sure the IPs configured in frontends are available during boot? > > Well, that's exactly what I don't know. Why shouldn't they? I don't know, but I think

Re: Problem starting HaProxy after reboot

On 22/11/2016 09:43 πμ, Jürgen Haas wrote: > Hi all, > > we do run HaProxy on 4 different hosts, all of which got configured by > Ansible the same way and for 3 of them I don't have any issues. On one > of them - which runs on Ubuntu 16.04 and the others on older version - > starting HaProxy

Re: HAProxy 1.5 vs 1.6

On 09/11/2016 09:20 μμ, Steven Le Roux wrote: > Hi a first good coverage for a comparison between 1.5 and 1.6 would be > http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/ > > 1.6 is perfectly considered stable and hasn't seen any maintenance > release for more than 2 months. It's being

Re: http-reuse always, work quite well

On 22/10/2016 08:08 πμ, Willy Tarreau wrote: > Hi Pavlos, > > On Fri, Oct 21, 2016 at 03:01:52PM +0200, Pavlos Parissis wrote: >>> I'm not surprized that always works better, but my point is that if it's >>> much better it can be useful to stay with it, but if i

Re: HAProxy reloads lets old and outdated processes

On 25/10/2016 01:21 πμ, Willy Tarreau wrote: > Hi guys, > > On Tue, Oct 25, 2016 at 12:42:26AM +0200, Lukas Tribus wrote: >> Not fixing *real world issues* because we don't agree with the use-case or >> there is a design misconception somewhere else is dangerous. We don't have >> to support every

Re: HAProxy reloads lets old and outdated processes

Good morning, Got my coffee ready before I read and reply:-) On 25/10/2016 12:42 πμ, Lukas Tribus wrote: > Hello, > > > Am 24.10.2016 um 22:32 schrieb Pavlos Parissis: >> >> IMHO: Ask the users to not perform reloads every 2miliseconds. It is >> insane. You m

Re: HAProxy reloads lets old and outdated processes

On 24/10/2016 09:13 μμ, Willy Tarreau wrote: > Hi again, > > On Mon, Oct 24, 2016 at 07:41:06PM +0200, Willy Tarreau wrote: >> I don't know if this is something you're interested in experimenting >> with. This is achieved using fcntl(F_SETLKW). It should be done in the >> wrapper as well. > >

Re: http-reuse always, work quite well

On 21/10/2016 08:14 πμ, Willy Tarreau wrote: > Hi Pavlos, > > On Wed, Oct 19, 2016 at 08:28:34AM +0200, Pavlos Parissis wrote: >>> That's really great, thanks for the feedback. Have you tried the other >>> http-reuse options ? >> >> A workmate did the experi

Re: http-reuse always, work quite well

On 15/10/2016 09:31 πμ, Willy Tarreau wrote: > Hi Pavlos, > > On Fri, Oct 14, 2016 at 04:33:20PM +0200, Pavlos Parissis wrote: >> Hi, >> >> I just want to drop a note and mention that http-reuse works very well >> for us: >> >> % ss -t state

Re: http-reuse always, work quite well

On 14/10/2016 08:49 μμ, Aleksandar Lazic wrote: > Hi > > Am 14-10-2016 16:33, schrieb Pavlos Parissis: >> Hi, >> >> I just want to drop a note and mention that http-reuse works very well >> for us: >> >> % ss -t state established '( sport = :http )'|

Re: Dynamic backend changes without restarting

On 04/10/2016 01:11 μμ, Hayden James wrote: > Was the concern that a better solution was possible that could fully > repair the issue instead of a partial fix? > I haven't seen that better solution, I may have missed it as I don't read linux-netdev ML every day. May be Willy knows something more

Re: nbproc best practices

On 03/10/2016 07:13 μμ, Mariusz Gronczewski wrote: > Hi, > > we've come to the point when we have to start using nbproc > 1 (mostly > because going SSL-only in coming months) and as I understand I have > to bind each process to separate admin socket and then repeat every > command for each

Re: Dynamic backend changes without restarting

On 29/09/2016 07:13 μμ, Joseph Lynch wrote: > You can always dynamically remove servers via the stats socket by > downing them. If your server pool is relatively well behaved you can > just pre-allocate and up and down as needed. > > If you need to add new servers, afaik you have to reload,

  1   2   3   >