postfix with postscreen behind haproxy

2024-05-06 Thread Rainer Duffner
Hi, I am running (trying to, really) postfix with postscreen (really Zimbra) behind haproxy. I enabled proxy protocol support in Zimbra 08:27:26 (TEST) zimbra@zcs-fe5 [~] $ postconf |grep haproxy postscreen_upstream_proxy_protocol = haproxy 08:26:47 (TEST) zimbra@zcs-fe6 [~] $ postconf

Re: Transparent proxy issue on FreeBSD

2023-03-07 Thread Rainer Duffner
> Am 07.03.2023 um 18:26 schrieb Marc West : > > On 2023-03-07 08:09:04, Rainer Duffner wrote: >> I admit I only toyed with TP, so I really don???t know what I???m doing >> there, but: >> >> Have you tried to just use pfSense for this? The developer of th

Re: Transparent proxy issue on FreeBSD

2023-03-07 Thread Rainer Duffner
> Am 07.03.2023 um 08:46 schrieb Marc West : > > > > Any other thoughts to look at or data that would be helpful to collect? > I admit I only toyed with TP, so I really don’t know what I’m doing there, but: Have you tried to just use pfSense for this? The developer of the package

Re: OT: About WebPageTest results (was Re: SSL Labs says my server isn't doing ssl session resumption)

2021-06-21 Thread Rainer Duffner
> Am 21.06.2021 um 18:25 schrieb Shawn Heisey : > > On 2021-06-20 06:03, Shawn Heisey wrote: >> Unrelated, and off topic because it's mostly about Apache, but strange: >> I've been doing some tests with webpagetest.org, and seeing REALLY >> long load times for some resources in their waterfall

Re: NFS mounts freezing via Haproxy

2018-05-21 Thread Rainer Duffner
> Am 22.05.2018 um 06:46 schrieb TomK : > > Trying to mount an NFS share vi an Haproxy / Keepalived configuration. When I > mount the NFS share directly from the host, bypassing Haproxy / Keepalived, > it works fine. However, when I try via the Haproxy / Keepalived

Re: HaProxy Hang

2017-03-03 Thread Rainer Duffner
> Am 03.03.2017 um 15:07 schrieb David King : > > Hi All > > Hoping someone will be able to help, we're running a bit of an interesting > setup > > we have 3 HAProxy nodes running freebsd 11.0 , each host runs 4 jails, each > running haproxy, but only one of the

Re: WAF in HAProxy

2016-05-06 Thread Rainer Duffner
> Am 06.05.2016 um 00:15 schrieb Thierry FOURNIER > : > > Hi, > > You can look here: > > http://discourse.haproxy.org/t/ironbee-in-haproxy/92 > > Thierry > > Is that project actually alive? The last (and what looks like only) commit this year was to

Re: Linux or FreeBSD ?

2015-09-30 Thread Rainer Duffner
> Am 30.09.2015 um 16:25 schrieb Jeff Palmer : > > Arnall, > > > This advice is less of an haproxy specific response, and more of > general information. > > As someone who's tried to manage mixed infrastructure, I would push > back if possible, unles syour organization has

Re: Linux or FreeBSD ?

2015-09-30 Thread Rainer Duffner
> Am 01.10.2015 um 01:22 schrieb Willy Tarreau : > >> > > I'd be tempted to place my judgement between yours and Jeff's. I'd say > that if the company is already using the target OS on any other place, > the cost of switching is low. If the load balancer is the opportunity > to

Re: Is FTP through haproxy at all viable?

2015-05-09 Thread Rainer Duffner
I consider openssh for sftp pretty much unusable for clients/customers. I wouldn’t say that. Certainly true if they don’t actually know what they’re doing. As for the setup: yes, the first directory users can write to in a chroot-setup is a subdirectory of the home directory (because $HOME

Re: tcp-check for IMAP SSL ?

2015-01-01 Thread Rainer Duffner
Am 01.01.2015 um 14:37 schrieb PiBa-NL piba.nl@gmail.com: Yosef Amir schreef op 1-1-2015 om 13:57: listen IMAP_SSL mode tcp bind :443 name VVM_SSL balance roundrobin tcp-check connect port 443 Maybe try the 'ssl' keyword as below. (i have not tested

Re: 1.5.9 crashes every 4 hours, like clockwork

2014-12-11 Thread Rainer Duffner
Am 11.12.2014 um 15:26 schrieb David Adams dr...@yahoo.com mailto:dr...@yahoo.com: We are running 1.5.9 on Centos 6.5. It crashes 10 seconds (give or take a few seconds) after 1am, 5am, 9am, 1pm, 5pm and 9pm, like clockwork; let's call that CRASHTIME. Previously we'd been using 1.5.3

HAPROXY for IMAP, SMTP

2014-10-18 Thread Rainer Duffner
Hi, we use HAPROXY for incoming mail, outgoing mail (authenticated), POP3, IMAP. With incoming mail, I can make use of HAProxy’s send-proxy feature to make the source-IP known to the backend SMTP-servers. (Works in the lab, I just need to move a few hundred customers off port 25 for

haproxy sending RSTs to backend-servers

2014-09-18 Thread Rainer Duffner
Hi, I’ve configured nginx+haproxy in front of a couple of IIS servers. NGINX terminates SSL. configuration is as following: global log /var/run/log local5 log /var/run/log local1 notice #log loghostlocal0 info maxconn 4096 #debug #quiet user www group www daemon

Is it possible to query the query the status of a server and use it in an ACL?

2014-09-11 Thread Rainer Duffner
Hi, I want to take the status of a server of a given backend and use it in another backend or in the frontend. If that possible? I though there might be something simular to nbsrv() - but I haven't found anything. Best Regards Rainer

Can you balance-out service-checks better?

2014-08-28 Thread Rainer Duffner
Hi, we will put haproxy in front of a Zimbra infrastructure (which we have split-up, so that there is a „front end“, with pop, imap, smtp and a „back end“, where the mail sits). I have too haproxy-servers (active/standby via CARP) that are checking the front-ends. I check: - smtp - smtps

Re: Can you balance-out service-checks better?

2014-08-28 Thread Rainer Duffner
Am 28.08.2014 um 22:41 schrieb Baptiste bed...@gmail.com: Hi, maybe you could share your HAProxy configuration :) By default, HAProxy tests a service every 3s, which is fine. It just does a tcp connect, so nothing complicated for your server to handle. Since we switched to

Re: Can you balance-out service-checks better?

2014-08-28 Thread Rainer Duffner
Am 28.08.2014 um 23:21 schrieb Baptiste bed...@gmail.com: Ok, I would create a monitoring backend, such as below: Hey, thanks a lot! I will try this and report back. Best Regards, Rainer

Re: Load balancing FTP with HAProxy behind a firewall

2014-07-16 Thread Rainer Duffner
hdr(host) ACL only applies to HTTP. Furthermore, I'm not sure there is a notion of Host header in FTP ;) Last time I looked (admittedly with 1.4) into FTP+HAProxy, the end-result was that it was just not possible. AFAIK, you can use LVS for that on Linux.

Re: haproxy dumps core

2013-10-23 Thread Rainer Duffner
Am 30.07.2013 um 21:40 schrieb Lukas Tribus luky...@hotmail.com: Hi Rainer! I'm using haproxy on FreeBSD 9.1-amd64 inside a VMware VM. I realized that when I have a situation where all servers in a backend are down, haproxy crashes: Jul 30 08:03:52 px2-bla kernel: pid 58816 (haproxy),

haproxy dumps core

2013-07-30 Thread Rainer Duffner
Hi, I'm using haproxy on FreeBSD 9.1-amd64 inside a VMware VM. I realized that when I have a situation where all servers in a backend are down, haproxy crashes: Jul 30 08:03:52 px2-bla kernel: pid 58816 (haproxy), uid 80: exited on signal 11 (core dumped) pkg info|grep haproxy haproxy-1.4.24

Re: haproxy dumps core

2013-07-30 Thread Rainer Duffner
Am Tue, 30 Jul 2013 21:40:34 +0200 schrieb Lukas Tribus luky...@hotmail.com: Hi Rainer! I'm using haproxy on FreeBSD 9.1-amd64 inside a VMware VM. I realized that when I have a situation where all servers in a backend are down, haproxy crashes: Jul 30 08:03:52 px2-bla kernel: pid