Am 03.12.2019 07:22 schrieb Willy Tarreau:
I suspect that on other platforms, logging 0 characters from a NULL
pointer
is OK and results in nothing being emitted while on OpenBSD it still
checks
the pointer's validity before detecting it doesn't need it, resulting
in the
error. Could you
Am 01.12.2019 12:00 schrieb Aleksandar Lazic:
just a wild guess have you set "log-send-hostname" if not can you set
it and tell us if anything is changed.
http://cbonte.github.io/haproxy-dconv/2.1/configuration.html#log-send-hostname
I had not, but made me curious. So I did some tcpdump on it
Hello,
just build 2.1.0 on OpenBSD.. while the actual processing (fe->be)
works,
I am getting quite some weird logging (in /var/log/messages) per
http-request:
Nov 30 23:01:05 tyo haproxy: vfprintf %s NULL in ">%s %2d
%02d:%02d:%02d %.*s%*s"
syslog.conf pretty straight forward:
Hi Jarno,
thanks a lot for your hint. I had two issues. I missed "mode tcp" also in the
backend and additionally your tip works perfectly without acl but with the
"use_backend special if {src 10.0.0.1 10.0.0.2} " statem
a tip how to achieve this with mode tcp?
Thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: philipp.kolm...@tuwien.ac.at
Technische Universitaet Wien web: www.it.tuwien.ac.at
IT Solutions
lookup 100
pre-down ip route del from all fwmark 1 lookup 100
Thanks
Philipp
smime.p7s
Description: S/MIME Cryptographic Signature
ble to help. I haven't found
any hints on this problem...
Thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: philipp.kolm...@tuwien.ac.at
Technische Universitaet Wien web: www.it.tuwien.ac
a possibility to add the port to
the name. My Idea would be to be able to specify
server name-%p 172.1.2.3 maxconn 1 check
and in the statistics it would read
name-8100
name-8101
etc...
Is this already possible?
Thanks
Philipp
fantastic!
Philipp
--
---
DI Mag. Philipp Kolmann mail: philipp.kolm...@tuwien.ac.at
Technische Universitaet Wien web: www.it.tuwien.ac.at
IT Solutions - Applications tel: +43(1
via maps?
http-request redirect code 302 location *value* if path_beg *key
*
Thanks
Philipp
**
smime.p7s
Description: S/MIME Cryptographic Signature
gets used by HAproxy include statement.
Does this workaround solve your use case?
Regarding the IP Adresses it works as expected. The include statement
(or whatever) still would be very welcome for other things but IP lists.
Thanks for the hint,
Philipp
smime.p7s
Description: S/MIME Cryptographic Signature
such an include option be made for the
config files?
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: philipp.kolm...@tuwien.ac.at
Technische Universitaet Wien web: www.it.tuwien.ac.at
IT Solutions
Hi,
I had a patch for my issue with multi-port + multi-server listener that
got fixed in 1.7.10 that seems to have gotten forgotten. I add this
patch again.
Thanks for considering adding it to the test cases.
thanks
Philipp
Am 23.02.2018 09:57 schrieb Aleksandar Lazic:
Can I run something like this?
```
server-template units 1-40 "10.0.8.${num}":"1000${num}" maxconn 2
check
```
Because I haven't seen that the iterator is exported maybe it's not
possible.
As I see it from docs and the haproxy-blog*,
Hi,
I had a patch for my issue with multi-port + multi-server listener that
got fixed in 1.7.10 that seems to have gotten forgotten. I add this
patch again.
Thanks for considering adding it to the test cases.
thanks
Philipp
Am 03.01.2018 17:39 schrieb Lukas Tribus:
To compile Haproxy 1.8 with threads, at least GCC 4.7 is needed.
CentOs 6 only ships GCC 4.4.7, therefor compilation fails.
Waaah, thanks for telling before I tried to rush 1.8 to customer :-P
Rather not in the mood to make a build-VM with 4.7+ on C6
stener to the tcp-check
test config. See attached patch file.
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: philipp.kolm...@tuwien.ac.at
Technische Universitaet Wien web: www.zid.tuwien
n't post it.
Thanks in advance
Regards
Philipp
Hi Lukas,
On 06/19/17 21:23, Lukas Tribus wrote:
Am 19.06.2017 um 11:27 schrieb Philipp Kolmann:
This config works in 1.5.8 but fails to tcp-check in 1.7.5.
The errors in the logfile look like this:
Jun 19 10:52:57 testha2 haproxy[5042]: Server mail-exchtest-smtp/mbx13a is DOWN, reason
Am 29.06.2017 13:32 schrieb Mark Holmes:
This worked perfectly - thanks again Philipp - but now the goalposts
have moved slightly...
So what I need to do is
If a request comes in for www.old.com/audi/thesite/pages
I'd like to redirect to
www.new.com/audi/thesite/pages
maintaining
Am 28.06.2017 19:20 schrieb Mark Holmes:
Note that /audi/page/whatever will change all the time - essentially,
I want to preserve whatever comes after the first /, just rewriting
the domain part
I feel bad for "Audi" (shouts from an ex-Daimler one.. :D ) now.
With 1.6 you can just do that
equeued, 0 remaining in queue.
Jun 19 10:52:57 testha2 haproxy[5042]: proxy mail-exchtest-smtp has no
server available!
I haven't found any messages with this bug and how to fix it,
Thanks
Philipp
--
---
DI Mag. Phi
Am 20.05.2016 16:12 schrieb Aleksandar Lazic:
Maybe off topic and just for my curiosity 'why'.
Lazy developers. Oh so shiny to get client-ip and other info "for free"
from the ajp-listener/container.
Next to any jboss/tomcat app I get on the table "suffers" from this.
There are one/some that
Am 29.04.2016 17:27 schrieb Chad Lavoie:
HAProxy sockets support "add acl " to add an ACL entry
or "add map" to add to a map. Can be used with "clear acl"/"clear
map" to empty the table first to refresh them completely.
See
Hi,
I quite like not to reload haproxy every here and there (stats and
races..) and make
quite some use of 'acl foo .. -f aclfile'.
Now feature-creep mounts and aclfile shall be build/extended "on demand"
(think of something along fail2ban).
Besides losing stats, that can grow into a problem
Am 24.01.2016 17:58 schrieb Jeff Buchbinder:
The way we've done it has been to add a maintenance server to all of
our backends, then use the admin socket to iteratively disable all
"real" servers for our backends. The maintenance server points all
requests to your temporary page.
Something
the patch. The original mail
is from Hiep Nguyen, hie...@vccloud.vn (CCed).
I just wanted to re-raise the topic again, since the mail from Hiep
seemed to have drowned and I am interested in this feature.
@Hiep: Please look at Willi's suggestions.
Thanks
Philipp
e 100644 src/shm_proxy.c
http://comments.gmane.org/gmane.comp.web.haproxy/21470
Could you please recheck, if that would be a possible feature?
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: kolm...@zid.
Hello,
likely that we are not alone with the following requirement:
- provide a sorry-page (maintenance) if backends are unavailable
- have the ability to still access the backend servers from certain
ip-addresses (administration after deployment..)
- no restarts of haproxy ;-)
(since this is
: maxconn 1 check
All clients are now redirected to htc2 and don't see the troublesome htc1.
We now would like to debug this issue and specify special source ip
addresses that get routet to the htc1 in maintainance mode. Is this
possible?
thanks
Philipp
amdin-socket?
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: kolm...@zid.tuwien.ac.at
Technische Universitaet Wien web: www.zid.tuwien.ac.at
Zentraler Informatikdienst (ZID
Am 10.12.2014 14:55 schrieb Dennis Jacobfeuerborn:
Hi,
is there a way to modify the http code of a response? Right now I use a
backup server to deliver a static maintenance page but I want it to be
delivered with a 503 code instead of 200. Is there a way to modify the
response code like this?
If you missed it: http://marc.info/?l=haproxym=141561304511354w=2
Anyone?
Am 10.11.2014 10:49 schrieb Philipp:
Hello,
this is confusing me and maybe someone could shed some light (or
reasoning) into the count/sums
for the http-responses from frontend and backends.
.
--Philipp
128.130.XX.XX
acl stats-access src 2001:629:XX::XX # wspk.zid
http-request deny if ! stats-access
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: kolm...@zid.tuwien.ac.at
Technische Universitaet
Am 19.06.2014 21:54 schrieb Willy Tarreau:
Today is a great day, the reward of 4 years of hard work. I'm
announcing the
release of HAProxy 1.5.0.
A *BIG* Thank-You to all of those who contributed to this major
milestone.
Customers will be so happy to learn that their
-s0 -w haproxy.backend.dmp host router-12a.zap.tuwien.ac.at or
host router-12b.zap.tuwien.ac.at
Thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: kolm...@zid.tuwien.ac.at
Technische Universitaet Wien
it declares
timeout client 7200s #alctl: client inactivity
then
srvtimeout 5
Philipp, please remove this second one from your configuration.
Mercy Cyril,
I didn't see that line. It was in the original debian package and it
slipped when I added my custom lines
:10:54.789] router-zap router-12a 128.130.XXX.63:3299
1/0/69959 19629 sD 0/0/0/0/0 0/0
Has anyone an idea, if this setup is possible?
thanks
Philipp
--
---
DI Mag. Philipp Kolmann mail: kolm...@zid.tuwien.ac.at
Am 25.04.2014 19:19 schrieb Paul Hirose:
I was wondering if anyone uses haproxy for http - ajp (tomcat)
Dont go there, the proposed gains of AJP over HTTP are not relevant
today.
It's been a while so I dont have the numbers around any more, but we
did
some thorough testing of apache/ajp
Am 16.04.2014 17:40 schrieb Willy Tarreau:
I think you summarized very well how to carefully use a development
version in prod. That requires a bit of care, but with that you can
get both nice features and quick fixes.
Indeed :)
After 1.5 is released, I'd like to switch to a faster and more
Missed the reply-to :)
Originalnachricht
Thanks for the data point, Philipp. If you resend your reply to the
list, that might be useful for people other than just me :-)
J
On 15 April 2014 09:26, Philipp
e1c1bac6253dc54a1e89ddc046585...@posteo.net wrote:
Am 14.04.2014 23:27
Am 08.04.2014 10:31 schrieb duncan hall:
You can test if you are vulnerable here: http://filippo.io/Heartbleed/
Or test yourself (without leaking information to some website):
http://s3.jspenguin.org/ssltest.py
RHEL/Centos has an update (cherrypick fix) to 1.0.1e-16.el6_5.7
Hi,
current functional setup:
frontend f
acl ssfc_dev hdr(host) -m str dev.example.com
acl ssfc_img hdr(host) -m str img.example.com
[..]
reqrep ^GET[\ \t]*/(.*) GET\ /dev.example.com/\1 if ssfc_dev
reqrep ^GET[\ \t]*/(.*) GET\ /img.example.com/\1 if ssfc_img
the backend webserver treats that
=472b1ee115f45129ea3fc19e26f85b3ec9715abe/link
but this port is not open.
If you got some seconds to spare maybe you could fix this.
thanks
Philipp
[1] http://git.1wt.eu/web?p=haproxy.git;a=rss
--
---
DI Mag. Philipp Kolmann mail: kolm
On 2013-03-27 11:22, Lukas Tribus wrote:
What kernel are you running? You need at least 2.6.37 to do this
with non-local IPv6 binds.
Thanks to Lukas and Emeric, that was exactly the issue.
Thanks for pointing me to the right direction.
Philipp
like to also provide IPv6 access
to our LDAP infrastructure (and www later on as well).
thanks
Philipp
47 matches
Mail list logo
