Kevin,
Simply remove the port and HAProxy will use the original one:
server OVIR1 172.20.69.21 weight 10
On 10 June 2015 at 09:29, Kevin C ki...@kiven.fr wrote:
Hi list,
Is it possible to use HAproxy instead of Squid for a SPICE Proxy (I already
use Haproxy on this server, I'd rather
?
For now I don't see how to do this. While it is possible to spoof
the original IP address extracted from the x-forwarded-for header,
I'm not seeing a way to do that for proxy-proto. In fact we could
imagine to have an http-request rule to replace the incoming
connections's source with something
extracted from the x-forwarded-for header,
I'm not seeing a way to do that for proxy-proto. In fact we could
imagine to have an http-request rule to replace the incoming
connections's source with something extracted from a header, that
would solve most use cases I think.
Regards,
Willy
Hello Phil,
On 5/12/2015 8:54 AM, Phil Daws wrote:
the issue is that if I go to the web site via HTTPS, which does not pass
through a CDN, then the correct client IP is being passed through but if I go
via HTTP its the CDN's IP which is being presented. When I was using
real_ip_header
Any thoughts please ?
- Original Message -
From: Phil Daws ux...@splatnix.net
To: haproxy@formilux.org
Sent: Tuesday, 12 May, 2015 07:54:35
Subject: send-proxy and x-forward-for
Hello:
am testing NGINX behind HAP 1.5.11 and having trouble to understand how
send-proxy should be used
Hello:
am testing NGINX behind HAP 1.5.11 and having trouble to understand how
send-proxy should be used with a combination of x-forward-for. What I so far
in my haproxy.cfg is as follows:
frontend frontend-web-http
mode http
bind 192.168.8.70:80
default_backend
,
- Krishna Kumar
On Thu, May 7, 2015 at 11:28 AM, ANISH S IYER
anish.subramaniai...@gmail.com wrote:
-- Forwarded message --
From: Krishna Kumar (Engineering) krishna...@flipkart.com
Date: Thu, May 7, 2015 at 11:21 AM
Subject: Re: HA Proxy
To: ANISH S IYER anish.subramaniai
Hi
let me know the answers of the following question
1) how ha proxy is know both of his front and backend server is waiting or
busy.?
2) when a new server is up how it can added to load balancing
automatically.
let me know more details
looking forward to hear soon
thanks in advance
On Thu, May 7, 2015 at 9:44 AM, ANISH S IYER anish.subramaniai...@gmail.com
wrote:
1) how ha proxy is know both of his front and backend server is waiting or
busy.?
I am not sure if I understood this right. Depending on the algo, the
backend is picked.
It should not care if the backend
-- Forwarded message --
From: Krishna Kumar (Engineering) krishna...@flipkart.com
Date: Thu, May 7, 2015 at 11:21 AM
Subject: Re: HA Proxy
To: ANISH S IYER anish.subramaniai...@gmail.com
Please send mail to the full list, so that people can also respond and
confirm
what I am
On 05/05/2015 07:11 πμ, ANISH S IYER wrote:
HI
i need to configure HAproxy with apache server as loadbalancer
It sounds a bit strange to have a 2-tier load balancing setup using
software load balancer at both tiers, unless you do SSL offloading on
1-tier.
You can configure your Apache load
On 2015-05-04 07:35, ANISH S IYER wrote:
Hi
while configuring Ha proxy.
mv /etc/haproxy/haproxy.cfg{,.original}
what is the meaning of this line. what you mean by original
It will move the file haproxy.cfg to haproxy.cfg.original. So, it is the
same as mv /etc/haproxy/haproxy.cfg /etc
Hey,
please keep it on the list...
On 2015-05-04 10:19, ANISH S IYER wrote:
Hi
thanks for your fast replay
after configuring the HA proxy
the log file seems like
May 4 03:42:00 discourse haproxy[3590]: Proxy haproxy_in started.
May 4 03:42:00 discourse haproxy[3590]: Proxy haproxy_in
HI
i need to configure HAproxy with apache server as loadbalancer
also let me know what type of the protocol can used in HAproxy for load
balancing, is socks protocol can be used in HAproxy???
let me know more details
thanks in advance
regards
anish
Hi
while configuring Ha proxy.
mv /etc/haproxy/haproxy.cfg{,.original}
what is the meaning of this line. what you mean by original
let me know more details
thanks in advance
regards
anish
:
Hello,
I currently installing HAProxy with keepalived to one of my clients.
To facilitate the administration of this tool, I would like to know if you
can advise me of administration web gui for HA proxy.
Thank you for your help.
Best regards,
--
Thibault Labrut
enioka
24 galerie Saint
Hi,
But I search a GUI to manage Ha proxy (add/remove services for example).
Bes regards,
--
Thibault Labrut
enioka
24 galerie Saint-Marc
75002 Paris
+33 615 700 935
+33 144 618 314
De : Igor Cicimov ig...@encompasscorporation.com
Date : mardi 14 avril 2015 02:56
À : Thibault Labrut
On Tue, Apr 14, 2015 at 12:55 AM, Thibault Labrut
thibault.lab...@enioka.com wrote:
Hello,
I currently installing HAProxy with keepalived to one of my clients.
To facilitate the administration of this tool, I would like to know if you
can advise me of administration web gui for HA proxy
Hello,
I currently installing HAProxy with keepalived to one of my clients.
To facilitate the administration of this tool, I would like to know if you
can advise me of administration web gui for HA proxy.
Thank you for your help.
Best regards,
--
Thibault Labrut
enioka
24 galerie Saint-Marc
.
When I
start haproxy, I get this error:
_
Apr 7 10:38:22 localhost haproxy[3418]: Proxy haproxy started.
Apr 7 10:38:24 localhost haproxy[3420]: Server haproxy/nginx-1 is
DOWN, reason Layer4 timeout, check duration: 2000ms. 1 active and 0 backup
servers
Forgot to cc the list.
-- Forwarded message --
From: Igor Cicimov ig...@encompasscorporation.com
Date: Tue, Apr 7, 2015 at 4:25 PM
Subject: Re: proxy haproxy has no server available!
To: Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com
On Tue, Apr 7, 2015 at 3
the list.
-- Forwarded message --
From: Igor Cicimov ig...@encompasscorporation.com
Date: Tue, Apr 7, 2015 at 4:25 PM
Subject: Re: proxy haproxy has no server available!
To: Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com
On Tue, Apr 7, 2015 at 3:58 PM
Hi all,
I am moving from using LXC to KVM for haproxy on my Debian 7 system. When I
start haproxy, I get this error:
_
Apr 7 10:38:22 localhost haproxy[3418]: Proxy haproxy started.
Apr 7 10:38:24 localhost haproxy[3420]: Server haproxy/nginx-1 is DOWN
:
_
Apr 7 10:38:22 localhost haproxy[3418]: Proxy haproxy started.
Apr 7 10:38:24 localhost haproxy[3420]: Server haproxy/nginx-1 is DOWN,
reason Layer4 timeout, check duration: 2000ms. 1 active and 0 backup
servers left. 0 essions active, 0 requeued, 0 remaining
Unnikrishnan (Engineering)
krishna...@flipkart.com wrote:
Hi all,
I am moving from using LXC to KVM for haproxy on my Debian 7 system.
When I
start haproxy, I get this error:
_
Apr 7 10:38:22 localhost haproxy[3418]: Proxy haproxy started.
Apr 7 10
from using LXC to KVM for haproxy on my Debian 7 system. When
I
start haproxy, I get this error:
_
Apr 7 10:38:22 localhost haproxy[3418]: Proxy haproxy started.
Apr 7 10:38:24 localhost haproxy[3420]: Server haproxy/nginx-1 is DOWN,
reason Layer4
Dear community,
Is it possible to let the backend start a new https-session on with the CONNECT
method?
We’d like to get this setup in production. But unfortunately the proxy remote
issue is the only thing that stand in our way.
Any help is welcome.
Abdelouahed
Op 31 mrt. 2015, om 15:22
192.168.68.100:443 ssl verify required ca-file
/etc/haproxy/certs/ca.crt crt /etc/haproxy/certs/client.pem
The backend ssl1 is currently direct connected to the HTTPS-service. But in the
production situation there’s a squid proxy server between them. So the backend
must connect the HTTPS-service via
Subject: Re: send/accept-proxy over unix socket not working
On 13.03.2015 18:44, Lukas Tribus wrote:
What version of haproxy are you using ? (And what OS) ?
In the first frontend I set:
server clear /var/lib/haproxy/test send-proxy
In the second frontend I set:
bind /var/lib/haproxy/test
Dear Mr Jacobfeuerborn ,
I would like to appreciate, I am trying to follow your instructions our my
system and will do the tests right away.
What version of haproxy are you using ? (And what OS) ?
HA-Proxy 1.5.11 and Ubuntu 14.04 with Postgres 9.3
You bet,
Ha.
- Original Message
dontlognull
option redispatch
retries 3
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
maxconn 2000
frontend pgdbplatform_frontend_cluster01
#bind *:5432
bind /var/lib/haproxy/test accept-proxy user haproxy group haproxy
mode tcp
timeout client 168h
Dear Mr Jacobfeuerborn,
May I reply to you, may you check
What version of haproxy are you using ? (And what OS) ?
HA-Proxy 1.5.11 and Ubuntu 14.04 with Postgres 9.3
Are you able to connect to the /var/lib/haproxy/test socket with
netcat or socat ? And/or do you have chroot
server
But my questions are not about how to start HA-Proxy, my questions are that we
received no logs of RSYSLOG from HA-Proxy, even log files of HA-Proxy are not
created.
May I send you the attachment, you will see all of our settings inside, our
errors are that NO LOGS OF HA-PROXY CREATION
-
From: Jarno Huuskonen jarno.huusko...@uef.fi
To: Ha Quan Le nlp...@shaw.ca
Cc: haproxy@formilux.org
Sent: Friday, March 20, 2015 12:57:46 PM
Subject: Re: Checked: send/accept-proxy over unix socket not working
Hi,
On Fri, Mar 20, Ha Quan Le wrote:
global
log /var/log local0
log
Hi,
On Fri, Mar 20, Ha Quan Le wrote:
local@PGSYNCTEST:~$ sudo -u haproxy /etc/init.d/haproxy restart
* Restarting haproxy haproxy
[WARNING] 078/171401 (1267) : [/usr/local/sbin/haproxy.main()] Cannot raise
FD limit to 90034.
You're trying to start/restart haproxy as haproxy user (sudo
pgdbplatform_frontend_cluster01
#bind *:5432
bind /var/lib/haproxy/test accept-proxy user haproxy group haproxy
mode tcp
timeout client 168h
option tcplog
option logasap
default_backend pgdbplatform_backend_cluster01
backend pgdbplatform_backend_cluster01
mode tcp
option tcplog
balance
Date: Wed, 18 Mar 2015 01:49:47 +0100
From: denni...@conversis.de
To: luky...@hotmail.com; jarno.huusko...@uef.fi
CC: haproxy@formilux.org
Subject: Re: send/accept-proxy over unix socket not working
On 13.03.2015 18:44, Lukas Tribus wrote:
What
On Wed, Mar 18, 2015 at 1:07 PM, Lukas Tribus luky...@hotmail.com wrote:
Date: Wed, 18 Mar 2015 01:49:47 +0100
From: denni...@conversis.de
To: luky...@hotmail.com; jarno.huusko...@uef.fi
CC: haproxy@formilux.org
Subject: Re: send/accept-proxy over
On 13.03.2015 18:44, Lukas Tribus wrote:
What version of haproxy are you using ? (And what OS) ?
In the first frontend I set:
server clear /var/lib/haproxy/test send-proxy
In the second frontend I set:
bind /var/lib/haproxy/test accept-proxy
Are you able to connect to the /var/lib/haproxy
Le 13 mars 2015 18:45, Lukas Tribus luky...@hotmail.com a écrit :
What version of haproxy are you using ? (And what OS) ?
In the first frontend I set:
server clear /var/lib/haproxy/test send-proxy
In the second frontend I set:
bind /var/lib/haproxy/test accept-proxy
Are you able
What version of haproxy are you using ? (And what OS) ?
In the first frontend I set:
server clear /var/lib/haproxy/test send-proxy
In the second frontend I set:
bind /var/lib/haproxy/test accept-proxy
Are you able to connect to the /var/lib/haproxy/test socket with
netcat or socat
using ? (And what OS) ?
In the first frontend I set:
server clear /var/lib/haproxy/test send-proxy
In the second frontend I set:
bind /var/lib/haproxy/test accept-proxy
Are you able to connect to the /var/lib/haproxy/test socket with
netcat or socat ? And/or do you have chroot in haproxy.cfg
Hi,
I'm currently trying to find the most efficient way to pass traffic from
one frontend to another (and later to another process altogether) so
I've tried using unix sockets but this does not seem to work.
In the first frontend I set:
server clear /var/lib/haproxy/test send-proxy
In the second
On 15/01/2015 09:16 μμ, Alex Wu wrote:
We enable send-proxy for ssl connections, and have the patched apache
module to deal with proxyprotocol.
From Mac OS, we see it works as designed. But when we repeat the same
test using ipad, then we the connection rejected. iPad cannot establish
Thanks for the help.
wt
On Jan 31, 2015 5:06 AM, Willy Tarreau w...@1wt.eu wrote:
On Thu, Jan 29, 2015 at 09:57:32AM -0800, Warren Turkal wrote:
I am using HAProxy 1.5.10. My config looks something like the following:
frontend main
bind *:8080 accept-proxy
use backend blah
On Thu, Jan 15, 2015 at 12:16:13PM -0800, Alex Wu wrote:
We enable send-proxy for ssl connections, and have the patched apache module
to deal with proxyprotocol.
From Mac OS, we see it works as designed. But when we repeat the same test
using ipad, then we the connection rejected. iPad
I am using HAProxy 1.5.10. My config looks something like the following:
frontend main
bind *:8080 accept-proxy
use backend blah
backend blah
server 10.0.0.1
When I am accepting proxy protocol connections on the bind line in my front
end, I would like to add an X-Forwarded-For header
On Thu, Jan 29, 2015 at 09:57:32AM -0800, Warren Turkal wrote:
I am using HAProxy 1.5.10. My config looks something like the following:
frontend main
bind *:8080 accept-proxy
use backend blah
backend blah
server 10.0.0.1
When I am accepting proxy protocol connections on the bind
Morning all …
I’ve been fighting with an issue here, and have run out of ideas …
We have a wordpress site, two webheads behind haproxy … balance leastconn …
in front of haproxy, we are using Incapsula, as CDN/DDoS shield … if I am only
running one webhead, everythign works great,
found it just after I sent this:
balance hdr(X-Forwarded-For)
testing right now, but *looks* like it fixes the issue … *cross fingers*
On Jan 16, 2015, at 9:21 AM, Marc Fournier scra...@hub.org wrote:
Morning all …
I’ve been fighting with an issue here, and have run out of ideas …
We enable send-proxy for ssl connections, and have the patched apache module to
deal with proxyprotocol.
From Mac OS, we see it works as designed. But when we repeat the same test
using ipad, then we the connection rejected. iPad cannot establish the
connection to haproxy over ssl.
What
Hi Alex,
I have a website https://mytest.com. (faked for testing) I intend to
use haproxy in front of it with the option of send-proxy (using
proxyprotocol with ssl connection). The ideal case is that haproxy just
pass through the tcp packet without decoding it, and somehow
I have a website https://mytest.com. (faked for testing) I intend to use
haproxy in front of it with the option of send-proxy (using proxyprotocol with
ssl connection). The ideal case is that haproxy just pass through the tcp
packet without decoding it, and somehow the haproxy can use
...@hotmail.com; haproxy@formilux.org
Subject: RE: what is the proper configuration for using send-proxy with SSL
Date: Mon, 5 Jan 2015 18:18:59 +0100
Hi Alex,
I have a website https://mytest.com. (faked for testing) I intend to
use haproxy in front of it with the option of send-proxy (using
, haproxy will transparently pass the
traffic from the client to the webserver (including SSL-encrypted traffic),
yet, be leveraging the proxy protocol you can see the real client IP on
the backend.
But, as I said, the backend needs to support the PROXY protocol.
Read more about it here:
http
the SSL negotiation even starts, its the very first thing that
happens after the 3-way handshake.
Perhaps this helps:
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
Regards,
Lukas
Hi Willy,
Attached is a patch for fixing a bug which should refer curproxy but
refer proxy by mistake.
In fact, I found this issue when I was trying to change proxy list to
double linked list for more convenient and united operation. By the way,
is it necessary for HAProxy to make
Hi Godbach,
On Thu, Dec 18, 2014 at 04:20:01PM +0800, Godbach wrote:
Hi Willy,
Attached is a patch for fixing a bug which should refer curproxy but
refer proxy by mistake.
I think you're right. In fact this bug has no effect because during
the parsing, curproxy == proxy since it's inserted
On 24 Oct 2014 03:18, Jason J. W. Williams jasonjwwilli...@gmail.com
wrote:
How are folks deal with direct healthchecks (e.g. from Nagios) of
backend servers that have PROXY protocol enabled?
To clarify, you're healthchecking the backends from Haproxy, which copes
with the backends
PROXY protocol enabled?
To clarify, you're healthchecking the backends from Haproxy, which copes with
the backends' expectation of a PROXY header just fine, but then want to
healthcheck the same services from $monitoring on the same ports?
My choice of how to deal with this would
How are folks deal with direct healthchecks (e.g. from Nagios) of
backend servers that have PROXY protocol enabled? Currently we're
using a BASH scripts around wget and curl, but since wget and curl
can't send the PROXY header, that approach doesn't work. Hoping
someone has a a slick wrapper
Hi all,
Sorry for the last email. I sent it empty.
I would like to know it is possible to configure haproxy to forward the
requests to a backend via proxy?
Something like the following:
backend api_backend
*set_proxy http:proxy1:8080*
server server1server1:8080
Using curl
Hi all,
Is is possible
Title: Auchan.fr
Proxy HA, votre offre de bienvenue !
Si ce message ne s'affiche pas
correctement, cliquez ici
Votre offre de bienvenue
Hi Dave,
On Thu, Aug 21, 2014 at 05:22:37PM -0400, Dave McCowan wrote:
On Tue, Aug 12, 2014 at 1:11 AM, Willy Tarreau w...@1wt.eu wrote:
Hi Dave,
On Mon, Aug 11, 2014 at 10:28:15AM -0400, Dave McCowan wrote:
Hi Willy--
I see the value of have both session and connection level
On Sat, Aug 23, 2014 at 07:32:42AM +0200, Willy Tarreau wrote:
Ah yes indeed. I saw that you changed ssl_sock_get_cert_used() with
*_sess() and used to set the _SESS(=4) flag but the code itself which
tests the flag on the connection still sets the same bit (2), so indeed
that's fine.
And by
On Tue, Aug 12, 2014 at 1:11 AM, Willy Tarreau w...@1wt.eu wrote:
Hi Dave,
On Mon, Aug 11, 2014 at 10:28:15AM -0400, Dave McCowan wrote:
Hi Willy--
I see the value of have both session and connection level certificate
information.
I like the concept of trying to avoid impossible
Hi,
I would like to know whether haproxy can be configure as a forward proxy?
--
Regards,
Ku Wei Xiong
0166365831
Hi Dave,
On Mon, Aug 11, 2014 at 10:28:15AM -0400, Dave McCowan wrote:
Hi Willy--
I see the value of have both session and connection level certificate
information.
I like the concept of trying to avoid impossible combinations, but I'm
not sure it's possible here.
The whole tlv_ssl
For some simple cases maybe but why bother when there are real forward
proxies that work well?
-Bryan
On Mon, Aug 11, 2014 at 7:21 PM, Wei Xiong weixiong...@redtreeunwired.com
wrote:
Hi,
I would like to know whether haproxy can be configure as a forward proxy?
--
Regards,
Ku Wei Xiong
ssl_c_used is true if there is a certificate present in the session.
If a session has stopped and resumed, then ssl_c_used could be true, while
ssl_fc_has_crt is false.
Exactly.
In the client byte of the TLS TLV of Proxy Protocol V2, there is only one
bit to indicate whether a certificate
Resending.
Any feedback on this? I'm not sure of the history of having both
ssl_c_used and ssl_fc_has_crt.
Should both bits be exposed in the proxy protocol?
On Wed, Jul 30, 2014 at 10:39 AM, Dave McCowan 11235da...@gmail.com wrote:
There are two sample commands to get information about
could be true, while
ssl_fc_has_crt is false.
In the client byte of the TLS TLV of Proxy Protocol V2, there is only one
bit to indicate whether a certificate is present on the connection. The
attached patch adds a second bit to indicate the presence for the session.
This maintains backward
Hi Willy, hi Dave,
Hi Dave,
On Thu, Jul 17, 2014 at 02:34:01PM -0400, Dave McCowan wrote:
Here is the corrected (and retested) :-) patch.
Commit comment: Use temporary trash chunk, instead of global trash chunk in
make_proxy_line_v2() to avoid memory overwrite.
Thank you, I've just
Hi Lukas,
On Fri, Jul 18, 2014 at 08:30:23PM +0200, Lukas Tribus wrote:
FYI when compiling current haproxy-1.5 with openssl, compiler warns:
src/connection.c: In function ?make_proxy_line_v2?:
src/connection.c:687:5: warning: passing argument 2 of
?ssl_sock_get_remote_common_name? from
On Wed, Jul 16, 2014 at 11:50:30PM -0400, Dave McCowan wrote:
Hi Willy,
blush Yes, I changed my variable names after testing to clean up and
failed.
Is my obvious corrected patch the correct fix?
Yes I think so.
Or should we clamp down on the use of global chunks being passed downstream?
Here is the corrected (and retested) :-) patch.
Commit comment: Use temporary trash chunk, instead of global trash chunk in
make_proxy_line_v2() to avoid memory overwrite.
--Dave
On Thu, Jul 17, 2014 at 4:17 AM, Willy Tarreau w...@1wt.eu wrote:
On Wed, Jul 16, 2014 at 11:50:30PM -0400, Dave
Hi Dave,
On Thu, Jul 17, 2014 at 02:34:01PM -0400, Dave McCowan wrote:
Here is the corrected (and retested) :-) patch.
Commit comment: Use temporary trash chunk, instead of global trash chunk in
make_proxy_line_v2() to avoid memory overwrite.
Thank you, I've just applied it now.
Best
Hi Willy, Emeric--
A commit on 6/24 changed the way ssl_sock_get_remote_common_name()
works.
I agree with this refactoring, unfortunately both make_proxy_line_v2()
and the caller of make_proxy_line_v2() are using the global trash chunk as
a workspace resulting in a memory overwrite.
Hi Dave,
On Wed, Jul 16, 2014 at 02:16:52PM -0400, Dave McCowan wrote:
Hi Willy, Emeric--
A commit on 6/24 changed the way ssl_sock_get_remote_common_name()
works.
I agree with this refactoring, unfortunately both make_proxy_line_v2()
and the caller of make_proxy_line_v2() are using
Hi Willy,
blush Yes, I changed my variable names after testing to clean up and
failed.
Is my obvious corrected patch the correct fix?
Or should we clamp down on the use of global chunks being passed downstream?
--Dave
On Wed, Jul 16, 2014 at 4:16 PM, Willy Tarreau w...@1wt.eu wrote:
Hi
Just FYI -- proxy protocol v1 and v2 decoding has recently landed in netty
(https://github.com/netty/netty/commit/d7b2affe321edeaa51c1fa7bb3df9a5badb4728a)
Despite the original commit message v2 is actually supported (it was finished /
tested after the haproxy-1.5-dev25 release). TLV's
Hi,
On Mon, Jun 23, 2014 at 10:32:53AM -0700, tyju tiui wrote:
Just FYI -- proxy protocol v1 and v2 decoding has recently landed in netty
(https://github.com/netty/netty/commit/d7b2affe321edeaa51c1fa7bb3df9a5badb4728a)
Great!
Despite the original commit message v2 is actually supported
Hi Jason,
In further tests, I adjusted the bind line to the following (explicitly
defining a second key)
bind ip:443 ssl crt nfs/default.pem crt nfs/site2.pem crt
local crt nfs strict-sni
Accessing site2 with the above bind line worked correctly.
I'm not sure if its a good idea to
Hi Lukas,
Responses in-line.
Ultimately, it appears as though haproxy doesn't like certs residing on an
NFS mount so I'll need to explore other options at this point.
In further tests, I adjusted the bind line to the following (explicitly
defining a second key)
bind ip:443 ssl crt
Hi Jason,
On Wed, Jun 11, 2014 at 06:02:34AM -0400, Jason Ziemba wrote:
Hi Lukas,
Responses in-line.
Ultimately, it appears as though haproxy doesn't like certs residing on an
NFS mount so I'll need to explore other options at this point.
In further tests, I adjusted the bind line
Hi Richard,
On Tue, Jun 10, 2014 at 05:22:40PM -0700, Richard Russo wrote:
Hi,
The sample code provided at the end of the proxy protocol documentation [1]
doesn't match the description earlier in the doc. Specifically the header
is described as:
struct proxy_hdr_v2
from reading through other
forums, here are some the items that have previously been asked for.
--
haproxy -vv
HA-Proxy version 1.5-dev25-a339395 2014/05/10
Copyright 2000-2014 Willy Tarreau w...@1wt.eu
Build options :
TARGET = linux2628
CPU
Jason Z. jason@... writes:
At one point I had SSL termination (with multiple certificates) working in
haProxy (same version as in subject), however I noticed today that no
matter
which site I accessed I was being returned the default certificate.
During further troubleshooting, turning
Hi Jason,
I believe I've figured out the error of my ways.
I recently changed where I'm generating SSL keys, in order to push keys to a
R/O mount for the FE server, letting a back-end server handle the security
aspects.
The openssl on the backend/generator system is 1.0.1-4ubuntu5.14, the
Hi,
The sample code provided at the end of the proxy protocol documentation [1]
doesn't match the description earlier in the doc. Specifically the header is
described as:
struct proxy_hdr_v2 {
uint8_t sig[12]; /* hex 0D 0A 0D 0A 00 0D 0A 51 55 49 54 0A */
uint8_t ver
A new development, as I was building a response to your email, I just
happened to copy a crt/pem generated by the BE server (sitting on NFS) to
the local path on the FE server, and it worked, though when that same file
sits on the NFS (r/o mount) it doesn't. However, when everything
(including
. The
code difference is only changing the order in types/connection.h.
An extended commit message:
This commit modifies the PROXY protocol V2 specification to support headers
longer than 255 bytes allowing for optional extensions. It implements the
PROXY protocol V2 which is a binary representation
Please find attached a patch that fully implements PROXY Protocol V2, and
adds initial extensions to include some SSL information. I have updated
the configuration.txt and proxy-protocol.txt files. The patch should apply
to the latest code in git. I believe I have incorporated all suggestions
Hi David,
On Thu, May 08, 2014 at 04:31:46PM -0400, David S wrote:
Please find attached a patch that fully implements PROXY Protocol V2, and
adds initial extensions to include some SSL information. I have updated
the configuration.txt and proxy-protocol.txt files. The patch should apply
Hi Willy--
Here's my latest on extending Proxy Protocol V2.
I'm still testing this, but I would like to solicit any feedback that
you may have.
I believe I have incorporated all of your comments to date.
So far, I have implemented CN as a first sub-vector. I'm willing to
write
On Wed, Apr 23, 2014 at 4:24 PM, Willy Tarreau w...@1wt.eu wrote:
On Wed, Apr 23, 2014 at 04:19:17PM -0400, David S wrote:
On Wed, Apr 23, 2014 at 5:45 AM, Willy Tarreau w...@1wt.eu wrote:
(...)
Otherwise your patch looks fine. Do you want me to merge it ? If so,
please could you
Hi David,
On Tue, Apr 29, 2014 at 12:21:10PM -0400, David S wrote:
On Wed, Apr 23, 2014 at 4:24 PM, Willy Tarreau w...@1wt.eu wrote:
On Wed, Apr 23, 2014 at 04:19:17PM -0400, David S wrote:
On Wed, Apr 23, 2014 at 5:45 AM, Willy Tarreau w...@1wt.eu wrote:
(...)
Otherwise your
Hi David,
On Tue, Apr 22, 2014 at 10:29:13PM -0400, David S wrote:
Here's an updated diff. I like it a lot better.
It addresses all of your comments, except adding support for
check-send-proxy-v2.
Indeed.
I've checked how SRV_SEND_PROXY is used, and it could clearly be
merged into -pp_opts
On Wed, Apr 23, 2014 at 5:45 AM, Willy Tarreau w...@1wt.eu wrote:
(...)
Otherwise your patch looks fine. Do you want me to merge it ? If so,
please could you provide a commit message with it ?
Thanks,
Willy
First, I'll update the documentation to keep it in sync with the code.
Thinking
701 - 800 of 1160 matches
Mail list logo