If you want them to all use the same outgoing IP, you could place them
behind a NAT router instead of using outgoing proxy server.
That said, if you do want to use haproxy, I think you will want to use the
"usesrc client" on the haproxy config and the haproxy server will also need
the
No. PowerMTA would not be the last hop, because then it would be using the
IPs that the PowerMTA Server is on.
I am wanting PowerMTA -> HAProxy -> t...@gmail.com
>From the article:
This allows customers to deploy all their source IPs on an external proxy
server instead of being
Hi,
>From the first link, I understand you're trying to do the following:
user MUA ==> HAProxy ==> fleet of power MTA ==> Internet ==>
destination MTA
Is this correct?
Baptiste
On Thu, May 6, 2021 at 5:13 AM Brizz Bane wrote:
> I am wanting to set up HAProxy
I am wanting to set up HAProxy to act as a proxy for PowerMTA. I do not
want a reverse or load balancing setup, so what I'm wanting to do is
atypical and I've not found much online.
Here are a couple links describing PowerMTA's integration with HAProxy:
https://www.sparkpost.com/docs/tech
Double post on discourse, please refrain from this practice in the future!
https://discourse.haproxy.org/t/haproxy-proxy-protocol/6413/2
Thanks,
Lukas
es -
Application A
frontend rabbitmq_local_service
mode tcp
option tcplog
bind localhost:9000
default_backend rabbitmq_remote_service
backend rabbitmq_remote_service
mode tcp
option tcplog
option tcp-check
server-template SRV 10 send-proxy ssl crt
/etc/haproxy/ssl/cert.pem ca-file /etc/haproxy/
Tim Düsterhus wrote:
> Amaury,
> Am 21.01.21 um 16:40 schrieb (Amaury Denoyelle):
> > I have a question for you on the case of the proxy protocol. One of
> > these special parameters to identify a connection is the content of the
> > proxy protocol block. However, this
Amaury,
Am 21.01.21 um 16:40 schrieb (Amaury Denoyelle):
> I have a question for you on the case of the proxy protocol. One of
> these special parameters to identify a connection is the content of the
> proxy protocol block. However, this breaks the following
Hi Tim,
I'm currently doing a major rework of idle connection management on the
server side of haproxy. The goal is to be able to reuse connection that
are private today, such as the ones with SNI or proxy protocol. Every
server connection will be differentiated by a set of parameters to be
able
Hi Bertrand,
On Thu, Jan 21, 2021 at 01:20:09AM +, Bertrand Jacquin wrote:
> This all definitely make sense, I'll provide the split patchset over the
> week-end as I want to adjust vtest as well as William righfully pointed
> out vtest itself is also messing around with naming and making my
oxy.c
> > > @@ -537,7 +537,7 @@ static void display_version()
> > > {
> > > struct utsname utsname;
> > >
> > > - printf("HA-Proxy version %s %s - https://haproxy.org/\n;
> > > + printf("HAProxy version %s %s - https://haproxy.o
On Wed, Jan 20, 2021 at 07:26:05PM +0100, Tim Düsterhus wrote:
> Willy,
>
> Am 18.01.21 um 08:47 schrieb William Lallemand:
> > I wanted to do this a long time ago, and at this time we decided to keep
> > it as it was to not break existing scripts. I think we'll let Willy
> > decide if that's a
HAproxy used 10 times
> > index e36e020c5ce7..92449a04f6e2 100644
> >
> > [...]
> >
> > --- a/src/haproxy.c
> > +++ b/src/haproxy.c
> > @@ -537,7 +537,7 @@ static void display_version()
> > {
> > struct utsname utsname;
> >
> > - p
Bertrand,
Am 17.01.21 um 22:13 schrieb Bertrand Jacquin:
> Indeed, there are not well numbered since I use format.numbered = false
> in my git config. Let me know if you want me to resend them with proper
> subject/threading.
>
I am not responsible for patch handling, so my opinion regarding
Willy,
Am 18.01.21 um 08:47 schrieb William Lallemand:
> I wanted to do this a long time ago, and at this time we decided to keep
> it as it was to not break existing scripts. I think we'll let Willy
> decide if that's a good idea now :-)
>
I assume you missed this email, so I just put you in
On Mon, Jan 18, 2021 at 6:35 AM John Traweek CCNA, Sec+
wrote:
> How do I unsubscribe?
send an email to haproxy+unsubscr...@formilux.org
--
William
src/haproxy.c
> +++ b/src/haproxy.c
> @@ -537,7 +537,7 @@ static void display_version()
> {
> struct utsname utsname;
>
> - printf("HA-Proxy version %s %s - https://haproxy.org/\n;
> + printf("HAProxy version %s %s - https://haproxy.org/\n;
How do I unsubscribe?
On 1/17/21, 2:00 PM, "Tim Düsterhus" wrote:
Bertrand,
Am 17.01.21 um 20:19 schrieb Bertrand Jacquin:
> On Sunday, January 17 2021 at 20:02:47 +0100, Tim Düsterhus wrote:
>> Bertrand,
>>
>> Am 17.01.21 um 19:58 schrieb Bertrand Jacquin:
>>>
On Sunday, January 17 2021 at 20:28:40 +0100, Tim Düsterhus wrote:
> Bertrand,
>
> Am 17.01.21 um 20:19 schrieb Bertrand Jacquin:
> > On Sunday, January 17 2021 at 20:02:47 +0100, Tim Düsterhus wrote:
> >> Bertrand,
> >>
> >> Am 17.01.21 um 19:58 schrieb Bertrand Jacquin:
> >>> This is a pretty
Bertrand,
Am 17.01.21 um 20:19 schrieb Bertrand Jacquin:
> On Sunday, January 17 2021 at 20:02:47 +0100, Tim Düsterhus wrote:
>> Bertrand,
>>
>> Am 17.01.21 um 19:58 schrieb Bertrand Jacquin:
>>> This is a pretty lame commit in a attempt to use a common wording of
>>> HAProxy used 1319 times
This is a pretty lame commit in a attempt to use a common wording of
HAProxy used 1319 times compared to HA-Proxy used 10 times
---
doc/internals/filters.txt | 2 +-
doc/intro.txt | 8
doc/management.txt| 2 +-
examples/haproxy.init | 2 +-
scripts/run-regtests.sh
On Sunday, January 17 2021 at 20:02:47 +0100, Tim Düsterhus wrote:
> Bertrand,
>
> Am 17.01.21 um 19:58 schrieb Bertrand Jacquin:
> > This is a pretty lame commit in a attempt to use a common wording of
> > HAProxy used 1319 times compared to HAproxy used 10 times
>
> I believe you have a typo
Hi,
On Tue, Nov 24, 2020 at 09:42:53AM +0100, Lothruin Mirwen wrote:
> Hi!
>
> I've seen on proxy protocol spec (
> https://www.haproxy.org/download/2.3/doc/proxy-protocol.txt) the section
> "Validation" with a list of tested implementations for some protocols.
>
&
Hi!
I've seen on proxy protocol spec (
https://www.haproxy.org/download/2.3/doc/proxy-protocol.txt) the section
"Validation" with a list of tested implementations for some protocols.
Right now on SubEthaSMTP we have created a new release with support for
proxy protocol (https://
Hi,
On Thu, 2020-10-29 at 10:21 +0200, Jonathan Matthews wrote:
> I don’t think haproxy is what you’re looking for. You’re looking for more
> than a TCP proxy: you need a DB-specific-protocol-proxy. Haproxy can
> listen for HTTP, above the TCP layer, but not any specific DB protocol
On Thu, 29 Oct 2020 at 03:41, Anand Rao wrote:
> Hi,
>
> I'm looking for a TCP proxy that can proxy the connection between a
> database client and the database server. I want to be able to look at the
> traffic and log the queries etc for mining later. I also want to use the
&g
Hi,
I'm looking for a TCP proxy that can proxy the connection between a database
client and the database server. I want to be able to look at the traffic and
log the queries etc for mining later. I also want to use the proxy to remove
human knowledge of passwords. The users will point
On Fri, Oct 09, 2020 at 05:46:10PM +, Simon Ser wrote:
> On Friday, October 9, 2020 4:28 PM, Frederic Lecaille
> wrote:
>
> > > > The IETF-QUIC transport protocol spec [1] hasn't been ratified, but
> > > > there exists a number of QUIC deployments in the
On Friday, October 9, 2020 4:28 PM, Frederic Lecaille
wrote:
> > > The IETF-QUIC transport protocol spec [1] hasn't been ratified, but
> > > there exists a number of QUIC deployments in the wild. I'm writing a
> > > proxy and I'd like to add support for QUIC.
On 10/9/20 3:54 PM, William Dauchy wrote:
Hi Simon,
Hi Simon,
On Fri, Oct 9, 2020 at 3:10 PM Simon Ser wrote:
The IETF-QUIC transport protocol spec [1] hasn't been ratified, but
there exists a number of QUIC deployments in the wild. I'm writing a
proxy and I'd like to add support for QUIC
Hi Simon,
On Fri, Oct 9, 2020 at 3:10 PM Simon Ser wrote:
> The IETF-QUIC transport protocol spec [1] hasn't been ratified, but
> there exists a number of QUIC deployments in the wild. I'm writing a
> proxy and I'd like to add support for QUIC. Are there any plans to add
>
Hi all,
The IETF-QUIC transport protocol spec [1] hasn't been ratified, but
there exists a number of QUIC deployments in the wild. I'm writing a
proxy and I'd like to add support for QUIC. Are there any plans to add
QUIC4/QUIC6 to the list of PROXY transport protocols?
Thanks,
Simon Ser
[1
The aim is to be able to hot change `ssl` parameter for each server.
Signed-off-by: William Dauchy
---
doc/management.txt | 1 +
include/haproxy/server-t.h | 3 ++-
src/proxy.c| 5 +++--
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/doc/management.txt
I want to control the rate of submission to a SVN server, via https and hope
someone can assist. The main problem is to slow down some clients which have
to up load a large amount of data so as not to deny service to others. The
clients are not rogue, they have to up load large image and
The aim is to be able to hot change `ssl` parameter for each server.
Signed-off-by: William Dauchy
---
doc/management.txt | 1 +
include/haproxy/server-t.h | 3 ++-
src/proxy.c| 5 +++--
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/doc/management.txt
Hi Tim,
Thanks for your answer.
On Sun, Oct 4, 2020 at 12:38 PM Tim Düsterhus wrote:
> > - srvrecord ? srvrecord : "-");
> > + srvrecord ? srvrecord : "-",
> > srv->use_ssl);
>
> But here you don't. From what I am seeing the
William,
Am 03.10.20 um 23:15 schrieb William Dauchy:
> index 18cdf426e..fffd841f8 100644
> --- a/src/proxy.c
> +++ b/src/proxy.c
> @@ -1930,14 +1930,15 @@ static int dump_servers_state(struct stream_interface
> *si)
>"%d %s %s "
>
The aim is to be able to hot change `ssl` parameter for each server.
Signed-off-by: William Dauchy
---
doc/management.txt | 1 +
include/haproxy/server-t.h | 3 ++-
src/proxy.c| 5 +++--
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/doc/management.txt
On Thu, Sep 3, 2020 at 15:40 Илья Шипицин wrote:
> seems, you are talking about SNI routing. i.e. L7 routing based on server
> name extension sent in SSL Client Helo.
>
> will the following work for you ?
>
>
e's managed domain capability to get
> and keep current a Letsencrypt TLS cert
> b. have a reverse proxy to a backend TLS server (with
> passthrough TLS) identified by a unique port number
> on the local host
>
> <== reverse proxy ==>
>
> 2. for each unique backend
urrent a Letsencrypt TLS cert
b. have a reverse proxy to a backend TLS server (with
passthrough TLS) identified by a unique port number
on the local host
<== reverse proxy ==>
2. for each unique backend server
a. respond to public domain https requests
b. serve both static and dyn
Hello,
Le 23/07/2020 à 14:34, Willy Tarreau a écrit :
Hi Arnall,
On Tue, Jul 21, 2020 at 01:27:31PM +0200, Arnall wrote:
Hello everyone,
I remember that in the past it was strongly discouraged to use http-reuse in
combination with send-proxy, because of the client IP which is provided
On Mon, Jul 27, 2020 at 01:47:44PM +0200, Lukas Tribus wrote:
> On Mon, 27 Jul 2020 at 13:14, Willy Tarreau wrote:
> > > However on a unix domain socket like this we never had this issue in
> > > the first place, as connection-reuse cannot be used on it by
> > > definition, correct?
> >
> > No,
On Mon, 27 Jul 2020 at 13:14, Willy Tarreau wrote:
> > However on a unix domain socket like this we never had this issue in
> > the first place, as connection-reuse cannot be used on it by
> > definition, correct?
>
> No, it doesn't change anything. We consider the connection, the protocol
>
gt; > > balance roundrobin
> > > hash-balance-factor 0
> > > server s_abuse u...@abuse.sock send-proxy-v2 maxconn 4
> > >
> > > listen l_abuse
> > > bind u...@abuse.sock accept-proxy
> > > http-request set-var(req.delay
Hello,
On Thu, 23 Jul 2020 at 14:34, Willy Tarreau wrote:
> > defaults
> > http-reuse always
> >
> > backend abuse
> > timeout server 60s
> > balance roundrobin
> > hash-balance-factor 0
> > server s_abuse u...@abuse.soc
Hi Arnall,
On Tue, Jul 21, 2020 at 01:27:31PM +0200, Arnall wrote:
> Hello everyone,
>
> I remember that in the past it was strongly discouraged to use http-reuse in
> combination with send-proxy, because of the client IP which is provided by
> the proxy protocol.
>
> I ha
Hello everyone,
I remember that in the past it was strongly discouraged to use
http-reuse in combination with send-proxy, because of the client IP
which is provided by the proxy protocol.
I have this configuration :
HA-Proxy version 2.0.14-1~bpo9+1 2020/04/16 - https://haproxy.org
3600s
server host1 10.132.15.129:26462 weight 16 proto h2 check
HAproxy version output:
$ /usr/sbin/haproxy -vvv
HA-Proxy version 2.2.0 2020/07/07 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2
2025.
Known bugs: http://www.haproxy.org/bug
Hey there. Just to start by double-checking you know this is the public
mailing list for the open source haproxy project, and not a commercial
support contact ... :-)
>From near the top of your configuration: what do you reckon these lines do?
acl path_mtc-jenkins-1 path_beg /mtc-jenkins-1
Hello Jonathan,
Greetings for the day,
Please find the Front-end and Back-end of Ha-Proxy configuration details in
the attachment.
Kindly let us know if there is any amendments.
Mit freundlichen Grüßen / With Best Regards,
Gokulakrishnan.R
Gsep-Crosscutting
On Tue, 14 Jul 2020 at 08:47, wrote:
> We are using Ha-proxy 1.8. Recently we started facing issue with Ha-Proxy
> ignoring context after first digit.
>
Do you perhaps mean “Host” rather than Context?
> Please check and help us on this.
>
Whilst I’m not ruling out a bug in
Hello Team,
Greetings for the day,
We are using Ha-proxy 1.8. Recently we started facing issue with Ha-Proxy
ignoring context after first digit.
Issue : Ha-proxy configuration ignoring after 1st digit
Observation: we are not able to use https://gsep.daimler.com/mtc-jenkins-10
Given the following example configuration:
frontend foo
mode http
bind *:8080
unique-id-format x
Running a configuration check with valgrind reports:
==30712== 42 (40 direct, 2 indirect) bytes in 1 blocks are definitely lost
in loss record 18 of 39
==30712==
Given the following example configuration:
frontend foo
mode http
bind *:8080
unique-id-header x
Running a configuration check with valgrind reports:
==17621== 2 bytes in 1 blocks are definitely lost in loss record 1 of 341
==17621==at 0x4C2DB8F: malloc
Given the following example configuration:
frontend foo
mode http
bind *:8080
unique-id-format x
Running a configuration check with valgrind reports:
==30712== 42 (40 direct, 2 indirect) bytes in 1 blocks are definitely lost
in loss record 18 of 39
==30712==
It works! Thank you so much!
发件人: Christopher Faulet<mailto:cfau...@haproxy.com>
发送时间: 2020年5月29日 15:43
收件人: lufeng0...@outlook.com<mailto:lufeng0...@outlook.com>;
haproxy@formilux.org<mailto:haproxy@formilux.org>
主题: Re: Fail to send unique-id by using proxy-v2-options
Le
It works! Thank you so much!
发件人: Lukas Tribus
发送时间: Friday, May 29, 2020 3:48:09 PM
收件人: lufeng0...@outlook.com
抄送: haproxy@formilux.org
主题: Re: Fail to send unique-id by using proxy-v2-options
Hello,
On Fri, 29 May 2020 at 04:39, lufeng0...@outlook.com
Hello,
On Fri, 29 May 2020 at 04:39, lufeng0...@outlook.com
wrote:
>
> Hi,
>
>
>
> I have compiled haproxy of version2.2-dev8 using Cygwin, in order to use it
> as a load balancer in Windows 10. I want to send a unique ID generated using
> the frontend's "unique-id-format" within the PROXYv2
Le 29/05/2020 à 04:39, lufeng0...@outlook.com a écrit :
*Hi, *
**
*I have compiled haproxy of version2.2-dev8 using Cygwin, in order to use it as
a load balancer in Windows 10. I want to send a unique ID generated using the
frontend's "unique-id-format" within the PROXYv2 header. However, it
eb_servers
backend web_servers
mode tcp
balance roundrobin
server server1 XXX.XXX.XXX.XXX:443 send-proxy-v2 proxy-v2-options unique-id
check inter 1500 rise 3 fall 3 weight 1
listen admin_stats
stats enable
bind*:8200
modehttp
maxconn 10
stats r
Hi Olivier,
On Wed, May 06, 2020 at 06:29:46PM +0200, Olivier D wrote:
> So to be clear :
> I'm using 2.0.14 source code. In this version, patch 7f26391bc is already
> applied and 02c88036a is not.
> So applying 02c88036a did nothing (well, it triggers two different
> non-working behaviour with
Hi again,
Le mer. 6 mai 2020 à 17:47, Willy Tarreau a écrit :
> Hi Olivier,
>
> On Wed, May 06, 2020 at 05:29:59PM +0200, Olivier D wrote:
> > > Try applying this commit:
> > >
> > >
> https://github.com/haproxy/haproxy/commit/02c88036a61e09d0676a2b6b4086af677b023b94
> >
> >
> > So this patch
Hi Olivier,
On Wed, May 06, 2020 at 05:29:59PM +0200, Olivier D wrote:
> > Try applying this commit:
> >
> > https://github.com/haproxy/haproxy/commit/02c88036a61e09d0676a2b6b4086af677b023b94
>
>
> So this patch is not working for me, with or without patching Apache2 with
>
Hello,
Le mer. 6 mai 2020 à 15:30, Tim Düsterhus a écrit :
> Olivier,
>
> > I was not aware there were any change in the way HAProxy was doing its
> > checks over proxy-protocol in 2.0.14 ... any hint ?
>
> This sounds like this issue we've seen with Dovecot:
> h
c configuration as follows (I removed
> anything unnecessary to trigger the issue)
> listen webtruc:443
> mode tcp
> bind X.X.X.X:443
> server xxx X.X.X.X:443 check weight 5 send-proxy-v2-ssl-cn check-ssl
> verify none
>
> Backend is an Apache 2.4 with "Remote
the issue)
listen webtruc:443
mode tcp
bind X.X.X.X:443
server xxx X.X.X.X:443 check weight 5 send-proxy-v2-ssl-cn check-ssl
verify none
Backend is an Apache 2.4 with "RemoteIPProxyProtocol On".
In apache logs I have :
[remoteip:error] [pid 1067 [client :2684
On Wed, Apr 29, 2020 at 7:49 AM Michal Vala wrote:
> Hello,
> I would like to do reverse proxy with haproxy so that part of the path
> resolves to the server and I need to do it dynamically, servers are
> created and destroyed on the fly. And I need to do the path rewrite so
>
Hello,
I would like to do reverse proxy with haproxy so that part of the path
resolves to the server and I need to do it dynamically, servers are
created and destroyed on the fly. And I need to do the path rewrite so
the server part is removed from the path (I can do that with
http-request set
Willy,
Am 05.03.20 um 19:48 schrieb Willy Tarreau:
> On Thu, Mar 05, 2020 at 05:56:35PM +0100, Tim Duesterhus wrote:
>> @@ -3484,13 +3491,21 @@ stats_error_parsing:
>> }
>>
>> else if (strcmp(args[0], "unique-id-header") == 0) {
>> +char *copy;
>> if
On Thu, Mar 05, 2020 at 05:56:35PM +0100, Tim Duesterhus wrote:
> @@ -3484,13 +3491,21 @@ stats_error_parsing:
> }
>
> else if (strcmp(args[0], "unique-id-header") == 0) {
> + char *copy;
> if (!*(args[1])) {
> ha_alert("parsing [%s:%d]
The `header_unique_id` member of `struct proxy` now is a `struct ist`.
---
include/types/proxy.h | 2 +-
src/cfgparse-listen.c | 23 +++
src/http_ana.c| 5 ++---
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/include/types/proxy.h b/include/types
The `header_unique_id` member of `struct proxy` now is a `struct ist`.
---
include/types/proxy.h | 2 +-
src/cfgparse-listen.c | 23 +++
src/http_ana.c| 5 ++---
3 files changed, 22 insertions(+), 8 deletions(-)
diff --git a/include/types/proxy.h b/include/types
On Sat, Jan 25, 2020 at 11:45:18PM +0100, William Dauchy wrote:
> this log could be sometimes a bit confusing (depending on the number in
> fact) when you read it (e.g is it the number of active connection?) -
> only trained eyes knows haproxy output a different log when closing
> active
;
t = tick_remain(now_ms, p->stop_time);
if (t == 0) {
- ha_warning("Proxy %s stopped (FE: %lld conns, BE: %lld
conns).\n",
+ ha_warning("Proxy %s stopped (cumulated conns: FE:
On Thu, Jan 16, 2020 at 01:34:27AM +0100, William Dauchy wrote:
> rate-limits are valid for both frontend and listen, but not backend; so
> we can simplify this check in a similar manner as it is done in e.g
> max-keep-alive-queue.
>
> this should fix github issue #449
Thanks William. initially
deletions(-)
diff --git a/src/proxy.c b/src/proxy.c
index 8720b2880..aed32f94b 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -330,7 +330,7 @@ static int proxy_parse_rate_limit(char **args, int section,
struct proxy *proxy,
struct proxy *defpx, const char *file
Hello,
Le mar. 17 déc. 2019 à 11:11, Willy Tarreau a écrit :
> Hi Olivier,
>
> On Tue, Dec 17, 2019 at 09:20:21AM +0100, Olivier D wrote:
> > That's not what I was saying. I'm already using "show server state", and
> > that's exactly what leads me to hours of debugging : between two versions
>
Hi Olivier,
On Tue, Dec 17, 2019 at 09:20:21AM +0100, Olivier D wrote:
> That's not what I was saying. I'm already using "show server state", and
> that's exactly what leads me to hours of debugging : between two versions
> of my haproxy config file, I changed backend server port from 80 to 443.
Hi Olivier,
On Tue, Dec 17, 2019 at 7:20 PM Olivier D wrote:
> Hello Igor,
>
>
> Le lun. 16 déc. 2019 à 23:41, Igor Cicimov
> a écrit :
>
>> Hi,
>>
>> On Tue, Dec 17, 2019 at 2:55 AM Olivier D wrote:
>>
>>> Hello,
>>>
>>> I found what was wrong : I was using "load-server-state-from-file" and
Hello Igor,
Le lun. 16 déc. 2019 à 23:41, Igor Cicimov
a écrit :
> Hi,
>
> On Tue, Dec 17, 2019 at 2:55 AM Olivier D wrote:
>
>> Hello,
>>
>> I found what was wrong : I was using "load-server-state-from-file" and
>> previous config file was using port 80 as server port.
>> It seems using this
Hi,
On Tue, Dec 17, 2019 at 2:55 AM Olivier D wrote:
> Hello,
>
> I found what was wrong : I was using "load-server-state-from-file" and
> previous config file was using port 80 as server port.
> It seems using this instruction loads previous server state but also
> previous srv_port.
> Is this
19 à 18:32, Olivier D a écrit :
> Hello all,
> I struggle with what seemed a very easy config :
>
> listen test:443
> id 20609
> bind-process 16
> balance source
> hash-type consistent
> mode tcp
> bind x.x.x.x:443
> server s1 192.168.x.x:44
Hello all,
I struggle with what seemed a very easy config :
listen test:443
id 20609
bind-process 16
balance source
hash-type consistent
mode tcp
bind x.x.x.x:443
server s1 192.168.x.x:443 id 2158 check weight 5 send-proxy port 80
server s2 192.168.x.x:443 id 2168
Apologies as this is *way* overdue as I didn't get the initial reply
for whatever reason.
Thanks, Willy, for that initial response. We ended getting this
implemented and things worked properly.
By the way you can currently do this using "expect-proxy layer4" and
"expec
Hi,
I did some more testing and found the reason why it didn't work:
I have added the required ip cmds:
post-up ip rule add fwmark 1 lookup 100
post-up ip route add local 0.0.0.0/0 dev lo table 100
post-up ip route add local ::/0 dev lo table 100
ip rule add fwmark
Hi,
I have setup my test-HAproxy-env according to
https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
I have setup the Firewall Rules for ipv4 and v6.
TEST testha1:~/svnconfig/etc/iptables# iptables -t mangle -vL
Chain PREROUTING (policy
Willy,
and a last one cleaning up the old proxy_tbl_by_name function so that the
bug will be gone for good.
Best regards
Tim Duesterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
Subject: [PATCH 4/4] CLEANUP: proxy: Remove `proxy_tbl_by_n
uspecting that sooner or later we'll need a
> "set-authority" action to complete the set-dst and so-on. We'll see.
>
> Now merged, thanks,
> Willy
>
Thanks.
Yes, it’s the next step to set authority, but I wonder what is the right
approach.
. simply, on server line:
Hi Manu,
On Thu, Aug 29, 2019 at 03:22:11PM +0200, Emmanuel Hocdet wrote:
> This patch follows Geoff's patch.
Thanks for this. I didn't remember we automatically copied the SNI
into the PP. I'm suspecting that sooner or later we'll need a
"set-authority" action to complete the set-dst and so-on.
Hi Leonardo,
What are you trying to achieve ?
What is your current setup ?
--
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager
De: "BISSOLI Leonardo"
À: "haproxy"
Envoyé: Vendredi 30 Août 2019 17:05:57
Objet: HA-Proxy version 1.8.13 2018/07/30.
Hi All.
Hi All.
My name is Leonardo Bissoli and we’re working in a project that use HAProxy.
We can successfully deploy 2 Load Balance Servers with 2 Web Servers the only
issue that we’re facing is when we reboot the Load Balance Server (the page
couldn’t be reached anymore) but there is no error in
Hi,
This patch follows Geoff's patch.
++
Manu
0001-MINOR-send-proxy-v2-sends-authority-TLV-according-to.patch
Description: Binary data
of the community edition.
On 8/21/19 9:42 AM, Eng, Lijwee wrote:
Hi HA Proxy Team,
Would like to check is HA Proxy compatible with RHEL 8, from the
current compatibility , based on the current documentation, 1-9r1
supports up to RHEL 7.
Will RHEL 8 be supported as well ?
https
Hi HA Proxy Team,
Would like to check is HA Proxy compatible with RHEL 8, from the current
compatibility , based on the current documentation, 1-9r1 supports up to RHEL 7.
Will RHEL 8 be supported as well ?
https://www.haproxy.com/documentation/hapee/1-9r1/getting-started/os-hardware/
Please
Dear list!
Author: Alex Gusev
Number of patches: 1
This is an automated relay of the Github pull request:
DOC: proxy: Fix typo in PROXY file
Patch title(s):
DOC: proxy: Fix typo in PROXY file
Link:
https://github.com/haproxy/haproxy/pull/191
Edit locally:
wget https://github.com
For the record:
this was not a haproxy bug, but turned out to be a kernel/conntrack
thing. Disabling nf_conntrack_tcp_loose fixes this:
https://www.spinics.net/lists/netdev/msg546371.html
cheers,
lukas
/proxy.c
+++ b/src/proxy.c
@@ -498,11 +498,15 @@ static int proxy_parse_declare(char **args, int section,
struct proxy *curpx,
hdr->index = curpx->nb_req_cap++;
curpx->req_cap = hdr;
}
- if (strcmp(args[2], "r
tcp-to-socks proxy,
> since we have Alec's patch here, I wonder if that easy to modify the
> patch to meet my weird requirement like:
> ```
> listen tcps
> bind: 1000 transparent
> server x.x.x.x:2000 ssl
> ```
> x.x.x.x:2000 is a remote socks server with ssl wrap. I wa
Hi, Alec, Willy
Sorry to ask a not so related question here, I have a Linux gateway to
redirect user's TCP traffic by using iptables like `iptables -t nat -A
PREROUTING -p tcp dst -j REDIRECT --to-ports 1000`, port 1000 is
redsocks transparent tcp-to-socks proxy,
since we have Alec's patch here
101 - 200 of 1160 matches
Mail list logo