On 30/04/2015 08:31 μμ, Shawn Heisey wrote:
I have a number of backend configs that handle requests to dev and
staging webservers. These backend configs only have one server. If
that server goes down briefly because the server process is restarted,
which happens frequently precisely because
On 30/04/2015 09:57 μμ, Shawn Heisey wrote:
On 4/30/2015 1:03 PM, Pavlos Parissis wrote:
On 30/04/2015 08:31 μμ, Shawn Heisey wrote:
I definitely DO want this kind of console notification if one of the
production backends has no server available, but I don't want the
interruption for staging
On 29/04/2015 12:56 μμ, Krishna Kumar (Engineering) wrote:
Dear all,
Sorry, my lab systems were down for many days and I could not get back
on this earlier. After
new systems were allocated, I managed to get all the requested
information with a fresh ru
(Sorry, this is a long mail too!).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 13/04/2015 07:24 ??, Joseph Lynch wrote:
Hello,
I published an article today on Yelp's engineering blog
(http://engineeringblog.yelp.com/2015/04/true-zero-downtime-haproxy-re
loads.html)
that shows a technique we use for low latency,
On 09/04/2015 02:52 μμ, Dieter van Zeder wrote:
Here's the the stripped-down configuration. Http-server-close is required in
order to use leastconn. The frontend actually contains various acl rules,
thus mode http.
I had a look at the doc and it isn't mentioned that http-server-close is
On 09/04/2015 02:11 μμ, Dieter van Zeder wrote:
It's not about idle connections, it's about connections closed by the client
before the server fully sent the response. I have an apache module which can
detect client disconnects and then stops processing. Having haproxy before
those
On 09/04/2015 12:52 μμ, Dieter van Zeder wrote:
Hi there, is it possible to forward packets indicating a client
disconnect, with haproxy running in http mode? The webserver is able to
cancel long running requests, but the disconnect cannot be detected at
the backend.
I don't quite
On 07/04/2015 09:55 μμ, Florin Andrei wrote:
Let's say HAproxy is used for a second layer of load balancers, with the
first layer being AWS ELBs.
When you create an ELB, you can specify a health check. This should
actually check the health of the HAproxy instances that the ELB is
pointing
Hoi,
While I was reading commit descriptions I saw in
REORG/MAJOR: session: rename the session entity to stream
[..snip..]
Some more cleanup is needed because some code was already far from
being clean. The server queue management still refers to sessions at
many places while comments talk about
On 06/04/2015 08:41 μμ, Brian Fleming wrote:
I can do reload and there will be no downtime?
Yes, reload is a safe operation. But, don't be surprised if you see the
old process alive for long time(days). This behavior is caused by insane
timeout values on the client-side used by some
Hi all,
During a stress test I discovered a drop of 5% performance at rate of
380K req/s when the following 3 statements were added in a frontend
where HTTPS is not used
http-request add-header X-Cipher-Name %sslc
http-request add-header X-Cipher-Version %sslv
http-request add-header
On 30/03/2015 07:13 πμ, Krishna Kumar Unnikrishnan (Engineering) wrote:
Hi all,
I am testing haproxy as follows:
System1: 24 Intel(R) Xeon(R) CPU E5-2697 v3 @ 2.60GHz, 64 GB. This system
is running 3.19.0 kernel, and hosts the following servers:
1. nginx1 server - cpu 1-2, 1G
Hi,
Today I noticed after a reload that previous process was alive for long
time( 8hours). This is a HAProxy which runs in HTTP mode in front of
few squid servers, conf is quite simple[1] and the version is 1.5.6[2]
I had a lsof watcher for the old pid and the number of connections were
very
On 24/02/2015 04:57 μμ, Nenad Merdanovic wrote:
Hello Vincent, Lucas
On 2/24/2015 4:56 PM, Lukas Tribus wrote:
It would be nice to add a note that without proper rotation, PFS is
compromised by the use of TLS tickets. People may not understand why
they need to put 3 keys in this file and
On 23/02/2015 10:55 μμ, NuSkooler wrote:
Attached is the information you requested -- and hopefully performed
correctly :)
* no_haproxy.pcap: This is a successful connection + POST to the
original Mochiweb server. Note that here the port is 8443 not 443
(IP=10.3.3.3)
* ha_self_signed.pcap:
On 17/02/2015 01:11 μμ, Mariusz Gronczewski wrote:
On Mon, 16 Feb 2015 12:41:06 +0100, Klavs Klavsen k...@vsen.dk wrote:
As I understand anycast and ECMP (and I only know guys who use it and
know what they are doing ;) - it needs to be two different routes (ie.
routers) that are
On 10/02/2015 10:56 πμ, Tobias Feldhaus wrote:
On Thu, Feb 5, 2015 at 9:38 PM, Pavlos Parissis
pavlos.paris...@gmail.com mailto:pavlos.paris...@gmail.com wrote:
On 04/02/2015 11:38 πμ, Tobias Feldhaus wrote:
Hi,
To refresh the page did not help (the number of seconds
On 16/02/2015 09:45 μμ, Michael Holmes wrote:
[...snip..]
* @ 9:05 a.m. stopping and starting HAProxy v1.5.11 didn't resolve the
problem. Waited six minutes for processing which didn't catch up.
* @ 9:12 a.m. I downgraded HAProxy from v1.5.11 to v1.5.3 and
everything normalized in
Hi,
I see tfo setting for bind directive but it isn't clear to me if HAProxy
will use TCP Fast Open towards the backend server.
Shall I assume that if client uses TCP Fast Open HAProxy will do the
same for server side?
Cheers,
Pavlos
signature.asc
Description: OpenPGP digital signature
On 06/02/2015 11:19 πμ, Georges-Etienne Legendre wrote:
Hi Willy,
Yes, please send me the script.
Willy,
If it isn't against the policies of this ML to send attachments and the
script is few kilobytes size, could you please send it to the list?
Thanks,
Pavlos
signature.asc
Description:
On 03/02/2015 02:02 πμ, Thomas Amsler wrote:
Hello,
Is it possible to front AWS S3 Static Web Hosting with HAProxy? I have
tried to setup a backend to proxy requests to
SomeHost.s3-website-us-east-1.amazonaws.com:80
http://SomeHost.s3-website-us-east-1.amazonaws.com:80. But I am
getting an
On 02/02/2015 05:31 μμ, Willy Tarreau wrote:
Hi Christian,
[...snip...]
We've been considering this for a while now without any elegant solution.
Recently while discussing with Emeric we got an idea to implement scopes,
and along these lines I think we could instead try to inherit ACLs
On 04/02/2015 01:26 πμ, Simon Horman wrote:
On Tue, Feb 03, 2015 at 05:13:02PM +0100, Baptiste wrote:
On Tue, Feb 3, 2015 at 4:59 PM, Pavlos Parissis
pavlos.paris...@gmail.com wrote:
On 01/02/2015 03:15 μμ, Willy Tarreau wrote:
Hi Simon,
On Fri, Jan 30, 2015 at 11:22:52AM +0900, Simon
On 04/02/2015 11:38 πμ, Tobias Feldhaus wrote:
Hi,
To refresh the page did not help (the number of seconds the PRIMARY
backend was considered to be down increased continuously, but not the
number of Bytes or the color).
[deploy@haproxy-tracker-one /var/log] /usr/local/sbin/haproxy -vv
On 05/02/2015 03:01 μμ, Klavs Klavsen wrote:
Hi guys,
Just to check.. if I set nbproc to f.ex. 4 - then I understand I need to
define 4xstats.. and when I visit the webinterface.. I'll actually only
get stats from one of the 4 processes..
But we have ADMIN enabled for stats - so we can
On 01/02/2015 03:15 μμ, Willy Tarreau wrote:
Hi Simon,
On Fri, Jan 30, 2015 at 11:22:52AM +0900, Simon Horman wrote:
Hi Willy, Hi All,
the purpose of this email is to solicit feedback on an implementation
of email alerts for haproxy the design of which is based on a discussion
in this
On 15/01/2015 09:16 μμ, Alex Wu wrote:
We enable send-proxy for ssl connections, and have the patched apache
module to deal with proxyprotocol.
From Mac OS, we see it works as designed. But when we repeat the same
test using ipad, then we the connection rejected. iPad cannot establish
the
On 01/02/2015 03:03 μμ, Willy Tarreau wrote:
On Sun, Feb 01, 2015 at 08:25:24AM +0100, Pavlos Parissis wrote:
If I understood Bhaskar's suggestion correctly, we could delegate health
check for backend servers to a single server which does all the health
checking. Am I right ?
Yes
On 01/02/2015 07:35 πμ, Willy Tarreau wrote:
Hello Joseph,
I'm CCing Bhaskar since he was the one proposing the first solution, he
may have some useful insights. Other points below.
On Thu, Jan 15, 2015 at 01:23:59PM -0800, Joseph Lynch wrote:
Hello,
I am trying to set up a health check
Hoi,
I am trying to return a specific 200 response when URL matches a ACL but I get
back 503. Where is my mistake?
frontend mpla
acl robots.txt path_beg /robots.txt
use_backend bk_robots if robots.txt
default_backend foo_com
backend bk_robots
mode http
errorfile 200
On 13/01/2015 12:36 μμ, Jarno Huuskonen wrote:
Hi,
On Tue, Jan 13, Pavlos Parissis wrote:
Hoi,
I am trying to return a specific 200 response when URL matches a ACL but I
get
back 503. Where is my mistake?
frontend mpla
acl robots.txt path_beg /robots.txt
use_backend
Στις 8 Ιαν 2015 4:39 ΜΜ, ο χρήστης Alfredo Gutierrez
alfredo.gutierrez...@gmail.com έγραψε:
I am trying to setup a LB for one of my clients that is for two WS_FTP
windows servers. I have configured HAProxy already but I am not getting any
redirecting when I ftp to the LB server. I have searched
On 06/01/2015 08:42 μμ, Cyril Bonté wrote:
Hi Pavlos,
Le 06/01/2015 20:17, Pavlos Parissis a écrit :
Hi,
According to the docs I can have the following snippet
http-request add-header Nodename %[env(HOSTNAME)]
to set the hostname as the value on a header. But, it doesn't work. I
Hi,
According to the docs I can have the following snippet
http-request add-header Nodename %[env(HOSTNAME)]
to set the hostname as the value on a header. But, it doesn't work. I
network trace and Nginx logs show no value.
While the following works.
http-request add-header Nodename %H
I am
On 05/01/2015 12:04 μμ, Thomas Heil wrote:
Hi,
On 03.01.2015 16:31, Ram Chander wrote:
Hi,
I have a requirement like below:
Consider there are two sets of backends. Each has some servers in it
One is default , other is backup
Haproxy should try second set if first set returns 404.
On 05/01/2015 12:28 μμ, Thomas Heil wrote:
Hi,
On 05.01.2015 12:18, Pavlos Parissis wrote:
On 05/01/2015 12:04 μμ, Thomas Heil wrote:
Hi,
On 03.01.2015 16:31, Ram Chander wrote:
Hi,
I have a requirement like below:
Consider there are two sets of backends. Each has some servers
On 19 December 2014 at 12:02, Kevin COUSIN ki...@kiven.fr wrote:
Hi all,
I install an HAproxy instance to load balance an Remote Desktop Gateway
2012 R2. It works fine in Layer 7 with this configuration and a Windows
8.1, but it dont works with an xfreerdp.I see a difference in logs, with a
On 18/12/2014 05:24 πμ, Baptiste wrote:
On Wed, Dec 17, 2014 at 10:39 PM, Pavlos Parissis
pavlos.paris...@gmail.com wrote:
Hi,
I remember someone( maybe Baptiste) saying that in multi process mode
backends will be picked up by the process which frontend is bound to.
But, I found
Hi,
I remember someone( maybe Baptiste) saying that in multi process mode
backends will be picked up by the process which frontend is bound to.
But, I found not to be the case in 1.5.9.
I also remember that this works only when you have 1to1 relationship
between frontend and backends, which is my
Hi,
It has been mentioned that 1.5 version doesn't support connection
pooling, meaning that 1 TCP session to a backend server can serve
multiple HTTP requests originated from than 1 client.
Do you guys have plans to introduce this functionality in 1.6 release?
Cheers,
Pavlos
signature.asc
On 2 December 2014 at 09:17, Samuel Reed samuel.trace.r...@gmail.com
wrote:
I'm running the latest 1.5 release.
Our site runs primarily on the `www` subdomain, but we want to enable HSTS
for
all subdomains (includeSubdomains). Unfortunately, due to the way HSTS
works,
the HSTS header MUST
Στις 1 Δεκ 2014 2:53 ΜΜ, ο χρήστης Baptiste bed...@gmail.com έγραψε:
Thanks for solution Baptise but why is it consider a dirty hack? I must
assume that it may cause problems in a more complex setups.
Hi Pavlos,
I considered it as a dirty hack because I derouted a feature from
its
On 28/11/2014 02:44 μμ, Pavlos Parissis wrote:
Hi,
I want HAProxy to add a response header if request includes a specific
header. I implemented the logic [1] but I get the following
parsing [/etc/haproxy/haproxy.cfg:77] : acl 'lb_debug' will never match
because it only involves keywords
On 28/11/2014 01:19 μμ, Baptiste wrote:
On Wed, Nov 26, 2014 at 9:48 PM, Pavlos Parissis
pavlos.paris...@gmail.com wrote:
On 25/11/2014 07:08 μμ, Lukas Tribus wrote:
Hi, Thanks for your reply. We have tried this approach and while
it gives some benefit, the haproxy process itself remains
On 28/11/2014 05:19 μμ, Lukas Tribus wrote:
Hi,
you're right.
If you need to scale *a lot* your SSL processing capacity in HAProxy,
you must use multiple processes.
That said, multiproc model has some counter parts (stats, server
status, health checks are local to each process,
On 30/11/2014 01:17 μμ, Cyril Bonté wrote:
Hi again Sachin,
Le 30/11/2014 13:01, Sachin Shetty a écrit :
Thanks Cyril, but no luck, I still see no connection reuse. For every new
connection from the same client, haproxy make a new connection to the
server and terminates it right after.
Hi,
I want HAProxy to add a response header if request includes a specific
header. I implemented the logic [1] but I get the following
parsing [/etc/haproxy/haproxy.cfg:77] : acl 'lb_debug' will never match
because it only involves keywords that are incompatible with 'frontend
http-response
Hi,
I want HAProxy to add a response header if request includes a specific
header. I implemented the logic [1] but I get the following
parsing [/etc/haproxy/haproxy.cfg:77] : acl 'lb_debug' will never match
because it only involves keywords that are incompatible with 'frontend
http-response
On 25/11/2014 07:08 μμ, Lukas Tribus wrote:
Hi, Thanks for your reply. We have tried this approach and while
it gives some benefit, the haproxy process itself remains cpu-bound,
with no idle time at all - with both pidstat and perf reporting that
it uses close to 100% of available cpu
Hi,
Looking at the output of 'show info' on stats socket I see
[...snip...]
SslFrontendKeyRate: 0
SslFrontendMaxKeyRate: 31
SslFrontendSessionReuse_pct: 100
SslBackendKeyRate: 0
SslBackendMaxKeyRate: 6
SslCacheLookups: 698093
SslCacheMisses: 417817
[...snip...]
Would it be an accurate
Git tag 1.5.8 is missing:-)
On 31 October 2014 11:33, Willy Tarreau w...@1wt.eu wrote:
On Fri, Oct 31, 2014 at 11:30:14AM +0100, Pavlos Parissis wrote:
Git tag 1.5.8 is missing:-)
Ah indeed, I used Ctrl-R to recall the last history command line
to push the new version, so I pushed only v1.5.7 as found on the
previous
On 29 October 2014 08:52, Baptiste bed...@gmail.com wrote:
On Mon, Oct 27, 2014 at 7:41 PM, Chris Allen ch...@cjx.com wrote:
We're running haproxy on a 2x4 core Intel E5-2609 box. At present
haproxy is
running on
a single core and saturating that core at about 15,000 requests per
second.
On 29 October 2014 13:49, Baptiste bed...@gmail.com wrote:
If a backend is used only by 1 FE and that FE is bound to a certain
CPU(s),
do we still need to bind the backend to the same CPU(s) set ?
Cheers,
Pavlos
Yes, this is a requirement and will be performed by HAProxy
On 16/10/2014 12:12 μμ, Olivier wrote:
Hi,
2014-10-16 10:34 GMT+02:00 Neil - HAProxy List
maillist-hapr...@iamafreeman.com
mailto:maillist-hapr...@iamafreeman.com:
I'd go further. Sslv3 us an obsolete protocol does anyone disagree
with that?
For a start make no-sslv3 the
Hi,
The doc is a bit confusing, at least to me. The former is about TCP
connections and the latter for HTTP requests, am I completely wrong?
Cheers,
Pavlos
signature.asc
Description: OpenPGP digital signature
On 01/10/2014 04:30 μμ, Alexander Olsson wrote:
Is it possible to bind both HTTP and HTTPS on the same port with haproxy.
Something like this:
frontend data-in
mode http
bind 0.0.0.0:8080
crt if ssl /path/to/crt
Obviously above doesn't work. Is there something similar? It's
Στις 29 Σεπ 2014 1:56 ΜΜ, ο χρήστης Bot Budi roboteb...@gmail.com
έγραψε:
can i used haproxy for caching server?, it there have feature for
caching?
thanks.
Nope, HAProxy is not a caching engine.
Pavlos
On 26/09/2014 11:46 πμ, JCM wrote:
On 25 September 2014 14:47, Klavs Klavsen k...@vsen.dk wrote:
Any way to make haproxy retry requests with certain http response codes
X times (or just until all backends have been tried) ?
Nope. You really don't want to do this. And I'd be sad if the devs
Hi,
Is it possible to have the SSL Private key and SSL certificate of the
server together with all intermediate certificates in 2 separated files?
I tried
bind 10.1.1.1.1:443 ssl crt file.key crt certifate-bundle.pem no-sslv3
ciphers .
but it fails with unable to load SSL private key from
On 16 September 2014 03:23, Zebra max...@unitedstack.com wrote:
Hi,all
I configure one frontend named https_proxy and one backend named
httpservers. When I start the haproxy in my machine which has 2 cpus,I find
the log below.
Sep 16 01:03:34 localhost haproxy[30429]: Proxy https_proxy
On 10/09/2014 07:02 πμ, Juho Mäkinen wrote:
Thanks Pavlos for your help. Fortunately (and embarrassedly for me) the
mistake was not anywhere near haproxy but instead my haproxy configure
template system had a bug which mixed up the backend name and ip
address. Because of this haproxy showed
On 10/09/2014 03:31 μμ, Franky Van Liedekerke wrote:
Hi,
[..snip..]
Any hints are very much appreciated. If more info is needed, let me know.
Is it possible to run tcpdump on both servers and see who is sending
RSTs? what about ldap logs? Do you know if you get this problem for all
LDAP
On 08/09/2014 10:30 πμ, Juho Mäkinen wrote:
On Thu, Sep 4, 2014 at 11:35 PM, Pavlos Parissis
pavlos.paris...@gmail.com mailto:pavlos.paris...@gmail.com wrote:
On 04/09/2014 08:55 πμ, Juho Mäkinen wrote:
I'm upgrading my old 1.4.18 haproxies to 1.5.4 and I have a mysterious
On 04/09/2014 08:55 πμ, Juho Mäkinen wrote:
I'm upgrading my old 1.4.18 haproxies to 1.5.4 and I have a mysterious
problem where haproxy marks some backend servers as being DOWN with a
message L4TOUT in 2000ms. Some times the message also has a star: *
L4TOUT in 2000ms (I didn't find what the
On 01/08/2014 08:00 πμ, cloudpack 川原 洋平 wrote:
Hi,
I setting up HAProxy 1.5.3.
I obtained the RST randomly http response when verifying the following
settings.
State that contains the RST or would specification
## tcpdump result
05:31:17.738871 IP ${haproxy-host}.49167
On 29/07/2014 10:55 πμ, Willy Tarreau wrote:
Hi Pavlos,
On Mon, Jul 28, 2014 at 12:07:37AM +0200, Pavlos Parissis wrote:
On 25/07/2014 07:28 , Willy Tarreau wrote:
Hi all,
[..snip..]
- hot reconfiguration : some users are abusing the reload mechanism to
extreme levels
On 28/07/2014 11:54 πμ, Apollon Oikonomopoulos wrote:
Hi Willy,
On 19:28 Fri 25 Jul , Willy Tarreau wrote:
Concerning the new features, no promises, but we know that we need to
progress in the following areas :
- multi-process : better synchronization of stats and health checks,
On 25/07/2014 07:28 μμ, Willy Tarreau wrote:
Hi all,
[..snip..]
- hot reconfiguration : some users are abusing the reload mechanism to
extreme levels, but that does not void their requirements. And many
other users occasionally need to reload for various reasons such as
Hi,
I have a question about session limit on backend. Having the following
conf and without any parameters in frontend/backends about
sessions/connections I see that backends have 5000 session limit(slim in
CSV output).
How this number is calculated?
global
log 127.0.0.1 local2
On 18/07/2014 08:33 μμ, Szelcsányi Gábor wrote:
Hi,
I've been reading the documentation and searching the mail list, but one
thing is not clear for me. I have nbroc 2, 2 frontends pined to a
separate cpu core and 1-1 backend. The bind-process options of these
backends are inherited from
On 16/07/2014 08:31 πμ, Baptiste wrote:
On Tue, Jul 15, 2014 at 7:14 PM, Pavlos Parissis
pavlos.paris...@gmail.com wrote:
On 15/07/2014 05:49 μμ, Baptiste wrote:
On Tue, Jul 15, 2014 at 12:40 AM, bjun...@gmail.com bjun...@gmail.com
wrote:
Hi folks,
I've a question regarding the ordering
On 15/07/2014 05:49 μμ, Baptiste wrote:
On Tue, Jul 15, 2014 at 12:40 AM, bjun...@gmail.com bjun...@gmail.com wrote:
Hi folks,
I've a question regarding the ordering/processing of ACL's.
Example (HAProxy 1.4.24):
frontend http_in
.
.
acl is_example.com hdr_beg(host) -i
On 07/07/2014 11:49 πμ, David wrote:
Hello,
I have installed HAproxy 1.5 in my RDS farm. But when i check the disable
option for one server, this server is still active in my farm and users can
connect to it ?
I assume you mean that it took while for the server to stop receiving
after
Hi,
I read the news about Native SSL support on 1.5.1. version, so I said I
need to try it out:-)
But either I don't understand how SSL backend should be configured or
there is a mismatch on the expectations.
I want HTTPS traffic to HAProxy to be loadbalanced to a backend without
stripping put
On 06/07/2014 04:27 μμ, Jarno Huuskonen wrote:
Hi,
On Sun, Jul 06, Pavlos Parissis wrote:
My conf[1] is quite simple and HAProxy has support for SSL [2]. What I
observe(using tcpdump) is that health checks are in SSL mode(SSL
handshake followed by a HTTP request) but incoming request over
Hoi again,
I am trying to squeeze the most out of my CPUs but I ran into the
problem with stats sockets and multiple processes, see below
Starting haproxy: [WARNING] 186/183809 (33970) : Proxy 'haproxy': in
multi-process mode, stats will be limited to process assigned to the
current request.
On 06/07/2014 10:35 μμ, Vincent Bernat wrote:
❦ 6 juillet 2014 19:00 +0200, Pavlos Parissis pavlos.paris...@gmail.com :
It works and I can get up to 34K transactions/sec as reported by siege,
I am quite happy with that. But the statistics are not correct. The
stats pages reports 1/12th
201 - 278 of 278 matches
Mail list logo