Hi Brendon,
On Wed, Dec 26, 2012 at 03:09:37PM -0500, Brendon Colby wrote:
Greetings!
(Apparently GMail IPs are now listed in SORBs, so when I first sent this
through the Gmail web interface I got a bounce; I had to use Thunderbird
and IMAP.)
We just replaced our old commercial load
We have the same exact problem, only that dontlognull is not working for us
neither for some reason (we have 1 byte requests containing a single byte -
NULL - maybe something affected from a firewall or other device tunneling
the traffic to our LB).
We also concluded this is something the
On Dec 26, 2012, at 4:38 PM, Willy Tarreau w...@1wt.eu wrote:
Hi Brendon,
Thank you for the very well detailed analysis. I believe that some browsers
nowadays tend to proactively establish connections to visited websites, just
in case they will need them later. Since Chrome does
On Dec 26, 2012, at 5:57 PM, SBD sbd@gmail.com wrote:
We have the same exact problem, only that dontlognull is not working for us
neither for some reason (we have 1 byte requests containing a single byte -
NULL - maybe something affected from a firewall or other device tunneling the
Yes. sometimes I get it and sometimes don't though. As I said this is
probably have to do with some other device (hopefully).
Another interesting thing is, that we didn't have those kind of requests
all the time. It was started soon after changing the configuration from
single listen to
On Wed, Dec 26, 2012 at 07:03:02PM -0500, Brendon Colby wrote:
I was thinking that this is just standard browser behavior too. IE also does
this - it just seems to open fewer connections. This is why I was confused
and thought I was missing something, because it seems like normal browser
On 22 November 2012 22:14, Owen Marinas omari...@woozworld.com wrote:
option httpchk POST /db/data/ext/feed/graphdb/userFeed
HTTP/1.1\r\nContent-Type: application/json\r\nContent-Length:
35\r\n{userId:8, offset:0, limit:1}\r\n
It might not be related to your original question, but I think
Thx for the advice Jonathan
Willy's advice from an old post was to make it work with printf+nc in
bash first. So I did.
the issue is after I added the lines to the backend(below), the server
still resported UP eben if the expected string is not there.
regards
Owen
---
On 23 November 2012 17:10, Owen Marinas omari...@woozworld.com wrote:
Thx for the advice Jonathan
Willy's advice from an old post was to make it work with printf+nc in bash
first. So I did.
I think your back-end may be being lenient, then :-)
the issue is after I added the lines to the
I hate myself for this
my production LB is running haproxy-1.4.15-1 but the Staging haproxy-1.4.8-1
after upgrade its all working now, the POST, and http-check expect
works fine.
thx all
Owen
On 12-11-23 12:50 PM, Jonathan Matthews wrote:
On 23 November 2012 17:10, Owen Marinas
On Fri, Nov 23, 2012 at 01:28:38PM -0500, Owen Marinas wrote:
I hate myself for this
my production LB is running haproxy-1.4.15-1 but the Staging haproxy-1.4.8-1
after upgrade its all working now, the POST, and http-check expect
works fine.
Good reason indeed. BTW, keep in mind that even
On Wed, Jul 11, 2012 at 07:03:52AM +0200, Baptiste wrote:
Hey,
Depends at which phase of the health check Chrome maintains the
connection opened, you can give a try to HAProxy's content inspection:
listen https
mode tcp
balance roundrobin
acl clienthello
Thanks for all the replies Willy, Baptiste and Lukas.
Unfortunately we could not get the tcp content trick to work. Our guess
is Chrome preconnect actually does a SSL handshake and so HAProxy does not
have a choice and has to engage a Apache worker. We used the following
==
listen https
Sorry for the confusing config that I gave. I actually meant
==
listen https 0.0.0.0:44 http://0.0.0.0:4445/3
mode tcp
balance roundrobin
acl clienthello req_ssl_hello_type 1
# use tcp content accepts to detects ssl client and server hello.
tcp-request
I would suggest terminating SSL on the haproxy box (with stud in front of it),
thus switching haproxy from tcp to http mode. That way, longrunning
keepalive-enabled HTTPS sessions terminate there and apache only sees real
non-SSL request without blocking any threads.
If you would like to avoid
Christensen (JEDC)
Cc: haproxy@formilux.org
Subject: Re: Help with ACL
Hi Jens,
No need to apologies, you may have helped a few other people ;)
You can also do this:
acl acl_myip src 1.1.1.1
acl acl_collector path_beg -f /etc/haproxy/collector_patterns.lst
acl acl_collector hdr_sub(Referer
Hi Jens,
You can setup 2 ACLs, one with IPs one with your header and use them
on the use_backend line:
acl myip src 1.1.1.1 1.1.1.2
acl myheader hdr(MyHeader) keyword
use_backend acl_collector myip || myheader
Note that the use_backend order matters.
The first matching will be used. So
if the traffic was comming from
1.1.1.1.
Regards,
Jens Dueholm Christensen
From: Baptiste [bed...@gmail.com]
Sent: 21 March 2012 22:02
To: Jens Dueholm Christensen (JEDC)
Cc: haproxy@formilux.org
Subject: Re: Help with ACL
Hi Jens,
You can setup 2 ACLs, one
:32
To: haproxy@formilux.org
Subject: RE: Help with ACL
Hi Baptiste
I can see I forgot to add some more information to my previous mail..
Existing functionality (ie. ACLs and sorting into backends) and traffic must
not be changed.
There is a lot of traffic to other parts of the system (ie
.. :)
Regards,
Jens Dueholm Christensen
From: Jens Dueholm Christensen (JEDC) [jens.dueh...@r-m.com]
Sent: 21 March 2012 23:32
To: haproxy@formilux.org
Subject: RE: Help with ACL
Hi Baptiste
I can see I forgot to add some more information to my previous
Thanks for the response.
The stats were lagging actually, we determined that the bottleneck was
before HAproxy (it ended up being the IPS in front of the network)
However, our linux guy suggested the following sysctl changes to enhance
throughput which i will share here:
net.ipv4.tcp_tw_reuse =
Hi Steve,
On Tue, Jan 24, 2012 at 08:55:15AM -0800, Steve V wrote:
Good morning,
Much love for haproxy and many thanks to all who have worked on and
contributed to it. We have been using it for several years without issue.
However, we have been doing load testing lately and there appears
Hi Steve,
Are you using Vsĥere 4 or above?
Since you're using option httpclose, I recommand you to move to
roundrobin load-balancing algorithm.
Actually, HTTP connections to the servers may be very short, so
leastconn is not appropriate there and rr will provide a better
balancing.
Would it be
Good morning,
Much love for haproxy and many thanks to all who have worked on and
contributed to it. We have been using it for several years without issue.
However, we have been doing load testing lately and there appears to be a
bottleneck. It may not even have to do with haproxy (i dont think
Hi Sean,
On Fri, Jan 06, 2012 at 02:16:44PM -0500, Sean Patronis wrote:
Well, I think I figured it out. Though I am not sure it is the most
efficient way.
first I created a match acl in the frontend:
acl is_apps_match url_dir apps
then in the backend, i created a rewrite:
reqrep
Well, I think I figured it out. Though I am not sure it is the most
efficient way.
first I created a match acl in the frontend:
acl is_apps_match url_dir apps
then in the backend, i created a rewrite:
reqrep ^([^\ ]*)\ /apps/(.*) \1\ /\2
Is there a more efficient way?
--Sean
On
Solved! Here it is:
backend boappsrv
mode http
option forwardfor
option httpclose
reqirep ^([^\ ]*)\ /bologna/geamappa(.*) \1\ \2
server bo-appsrv bo-appsrv4-bo.arpa.emr.net:8080 maxconn 50
TY All,
Rune
Hi Christophe,
On 03.11.2011 22:00, Christophe Rahier wrote:
Hello,
My config of HAProxy is:
-- CUT --
[snipp]
-- CUT --
The problem with SSL is that the IP address that I get to the web
server
is the IP address of the loadbalancer and not the original IP
address.
This is a big
Hi Aleks,
Thanks for your help, I received your answer yesterday but it was too late
for answering, I was too tired :-)
I'll check what you proposed.
Thanks once again,
Christophe
Le 04/11/11 09:41, « Aleksandar Lazic » al-hapr...@none.at a écrit :
Hi Christophe,
On 03.11.2011 22:00,
On Fri, 04 Nov 2011 09:41:00 +0100, Aleksandar Lazic wrote:
you must use
http://www.stunnel.org/static/stunnel.html
protocol = proxy
In this case, you need the latest stunnel (4.45).
Hi Christophe,
Use the HAProxy box in transparent mode: HAProxy will get connected to
your application server using the client IP.
In your backend, just add the line:
source 0.0.0.0 usesrc clientip
Bear in mind that in such configuration, the default gateway of your
server must be the HAProxy
On Sat, Aug 27, 2011 at 5:26 AM, Willy Tarreau w...@1wt.eu wrote:
Hi David,
On Thu, Aug 25, 2011 at 12:28:43PM -0700, David Birdsong wrote:
I've poured over 1.5 docs, and I'm pretty sure this should be
possible. Is there a way to extract a header string from an http
header and track that in
On Mon, Aug 29, 2011 at 01:40:53PM -0700, David Birdsong wrote:
On Mon, Aug 29, 2011 at 1:36 PM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 29, 2011 at 12:22:18PM -0700, David Birdsong wrote:
On Sat, Aug 27, 2011 at 5:26 AM, Willy Tarreau w...@1wt.eu wrote:
Hi David,
On Thu, Aug
On Mon, Aug 29, 2011 at 1:46 PM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 29, 2011 at 01:40:53PM -0700, David Birdsong wrote:
On Mon, Aug 29, 2011 at 1:36 PM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 29, 2011 at 12:22:18PM -0700, David Birdsong wrote:
On Sat, Aug 27, 2011 at 5:26 AM,
Hi David,
On Thu, Aug 25, 2011 at 12:28:43PM -0700, David Birdsong wrote:
I've poured over 1.5 docs, and I'm pretty sure this should be
possible. Is there a way to extract a header string from an http
header and track that in a stick-table of type 'string'? If so, what
is the syntax, where
On Mon, Jun 20, 2011 at 04:48:15PM +1200, Todd Nine wrote:
Hi guys,
We're experiencing a strange issue I could use a hand with. We
require sticky sessions in our app. I was using the following
configuration in my haproxy conf
https://gist.github.com/0e8dba64b2008473c408
Occasionally,
On Thu, Jun 9, 2011 at 7:33 AM, habeeb rahman pk.h...@gmail.com wrote:
apache rewrite rule:
RewriteRule ^/(.*)$ http://127.0.0.1:2443%{REQUEST_URI} [P,QSA,L]
Why are you using a rewrite instead of mod_proxy?
ProxyPass does some nice things by default, like adding the
X-Forwarded-For header
James,
Thanks for your points. Rewrite rule was set up by some other guys and is
being used for some time now and works well with round robin.
Anyhow I will look at mod_proxy in detail. Not sure how SSL termination can
be done with it and moreover how haproxy gonna balance based on client IP.
Any
Habeeb,
given your Apache does actually insert/append an X-Forwarded-For header
you can use this statement instead of balance source in HAProxy:
balance hdr(X-Forwarded-For)
This has a few caveats you should be aware. Users can set the
X-Forwarded-Header themselves (which is done by some
Le samedi 28 mai 2011 08:05:59, Jirapong Kijkiat a écrit :
Dear. w...@1wt.eu, haproxy@formilux.org
How i can config haproxy for load balance my ftp server. now my
haproxy.cnf
FTP is not easy to load balance. Here is the solution I use.
1. HAProxy machine is the NAT gateway for FTP
On Mon, Dec 27, 2010 at 1:25 AM, Willy Tarreau w...@1wt.eu wrote:
Hi Joubert,
On Thu, Dec 23, 2010 at 03:29:34PM -0500, Joubert Berger wrote:
Hi Cyril,
On Wed, Dec 22, 2010 at 7:33 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Hi Joubert,
Le mercredi 22 décembre 2010 22:11:27, Joubert
On Fri, Jan 07, 2011 at 10:37:56AM -0500, Joubert Berger wrote:
I did solve the error problem by removing the switch. I now have the
three machines connected directly to themselves.
OK fine.
Just to follow up on a question you asked:
Here is my -vv.
HA-Proxy version 1.4.10 2010/11/28
Hi Joubert,
On Thu, Dec 23, 2010 at 03:29:34PM -0500, Joubert Berger wrote:
Hi Cyril,
On Wed, Dec 22, 2010 at 7:33 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Hi Joubert,
Le mercredi 22 décembre 2010 22:11:27, Joubert Berger a écrit :
(...)
For the proxy I am comparing squid (as a
Hi Cyril,
On Wed, Dec 22, 2010 at 7:33 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Hi Joubert,
Le mercredi 22 décembre 2010 22:11:27, Joubert Berger a écrit :
(...)
For the proxy I am comparing squid (as a reverse proxy) and haproxy.
For squid, the only major thing I added was:
On Wed, Jun 9, 2010 at 10:09 PM, Willy Tarreau w...@1wt.eu wrote:
Hi David,
On Wed, Jun 09, 2010 at 04:37:28PM -0700, David Birdsong wrote:
I'm pretty excited to start using halog, but dumping out the usage is
about the only documentation I can turn up -which is not explaining
anything to
Hi David,
On Wed, Jun 09, 2010 at 04:37:28PM -0700, David Birdsong wrote:
I'm pretty excited to start using halog, but dumping out the usage is
about the only documentation I can turn up -which is not explaining
anything to me. Is there anything more substantial on how to use
halog?
you're
Hi,
On Sat, Jan 23, 2010 at 12:05:16PM +0800, ËïéªËÉ wrote:
Hello ! I have questions ! please help me ! thank you very much !
my cluster works , but not excellent. that's
please see this architecture below my questions first.
Q1:on the tomcats ,there are always 500~800 TIME_WAIT connections
2009/8/27 Vadim Bazilevich bvv2...@gmail.com:
Hi friends! I used haproxy in my project. But I have one problem. What I can
switch between two backends servers (me need used rule url_sub) if I used
haproxy as frontend
Define two backends, backend1 and backend10001 and one frontend.
In the
On 17.06.2009 19:59 Uhr, Karthik Pattabhiraman wrote:
We use HAProxy 1.3.17 for our setup. We faced an issue where the
requests were redirected to a wrong cluster. We are still not able to
figure out why this happened and would really appreciate any help.
Please find attached a sample
101 - 149 of 149 matches
Mail list logo