Re: [PATCH] FEATURE Implementing send-proxy version 2

On Wed, Apr 23, 2014 at 04:19:17PM -0400, David S wrote: On Wed, Apr 23, 2014 at 5:45 AM, Willy Tarreau w...@1wt.eu wrote: (...) Otherwise your patch looks fine. Do you want me to merge it ? If so, please could you provide a commit message with it ? Thanks, Willy First, I'll

Re: Proxy Protocol v2 Implementations?

Hi, On Fri, Apr 18, 2014 at 07:22:17PM -0700, tyju tiui wrote: Hi, I'm curious if anyone knows of any proxy protocol v2 implementations (client or server)? I've written my implementation against the spec (http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt) but I realize now I have

Re: [PATCH] FEATURE Implementing send-proxy version 2

Hi David, On Mon, Apr 21, 2014 at 06:17:58PM -0400, David S wrote: As a foundation for extending the proxy-protocol to include additional information, I've implemented version 2 of the proxy protocol. As we discussed in the Extending PROXY protocol for SSL thread, I made one change

Re: [PATCH] FEATURE Implementing send-proxy version 2

*/ + unsigned int send_proxy_opts; /* PROXY protocol option flags */ Adding fields to struct connection is really not welcome, these ones should remain as small as possible. I don't think there's anything in these options that cannot be deduced from the target. So we'd rather check the connection's

Re: [PATCH] FEATURE Implementing send-proxy version 2

; /* 0 = offset to (re)send from the end, 0 = send all */ + unsigned int send_proxy_opts; /* PROXY protocol option flags */ Adding fields to struct connection is really not welcome, these ones should remain as small as possible. I don't think there's anything in these options

Re: [PATCH] FEATURE Implementing send-proxy version 2

support for check-send-proxy-v2. diff --git a/include/proto/connection.h b/include/proto/connection.h index 8609f17..0db677e 100644 --- a/include/proto/connection.h +++ b/include/proto/connection.h @@ -41,7 +41,9 @@ int conn_fd_handler(int fd); /* receive a PROXY protocol header over a connection

[PATCH] FEATURE Implementing send-proxy version 2

As a foundation for extending the proxy-protocol to include additional information, I've implemented version 2 of the proxy protocol. As we discussed in the Extending PROXY protocol for SSL thread, I made one change to the protocol. Version and Command are combined into one byte. Length is now

RE: HA proxy High availability functionality

Hi Shweta, I have an active HTTP session serviced through the haproxy's virtual ip and load balanced to one of the virtual servers. If the master haproxy instance goes down in the middle of the active HTTP session, can the backup haproxy instance that takes over the virtual ip ,know that

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On Thu, Apr 17, 2014 at 9:17 AM, Todd Lyons tly...@exim.org wrote: Note that this probably marks the death of protocol v2 that nobody implemented yet, but that was supposed to be easier to parse... Exim git HEAD has support (for the forthcoming 4.83 release) for Proxy Protocol, when

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

has support (for the forthcoming 4.83 release) for Proxy Protocol, when built with EXPERIMENTAL_PROXY. This includes support for proxy protocols 1 and 2 both. (This is Exim as a server sat behind a supported V2. So actually Exim can probably proudly claim to be the first one to implement v2

HA proxy High availability functionality

Hi, I have a question on the HA proxy's high availability provided by the peers command, I have two haproxy instances running - one as the master and another as the backup through keepalived, Both are configured to listen on a virtual ip and are servicing a couple of backend servers. The same

Proxy Protocol v2 Implementations?

Hi, I'm curious if anyone knows of any proxy protocol v2 implementations (client or server)? I've written my implementation against the spec (http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt) but I realize now I have no way to really validate my code. Thanks!

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On Wed, Apr 16, 2014 at 2:14 PM, Willy Tarreau w...@1wt.eu wrote: Note that this probably marks the death of protocol v2 that nobody implemented yet, but that was supposed to be easier to parse... Exim git HEAD has support (for the forthcoming 4.83 release) for Proxy Protocol, when built

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On Wed, Apr 16, 2014 at 5:44 PM, Willy Tarreau w...@1wt.eu wrote: (...) We can also decide that we don't implement the extensions in v1 which will motivate adoption for the new v2. (...) What's your opinion ? Willy I prefer to make the extension v2 only, mostly because I don't want to

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

Hi David, On Thu, Apr 17, 2014 at 01:51:36PM -0400, David S wrote: On Wed, Apr 16, 2014 at 5:44 PM, Willy Tarreau w...@1wt.eu wrote: (...) We can also decide that we don't implement the extensions in v1 which will motivate adoption for the new v2. (...) What's your opinion ?

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On Tue, Apr 15, 2014 at 6:13 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: Hello-- Part of my solution uses a non-HTTP protocol. My backend server need L3/L4 information, so the PROXY protocol is a perfect fit. In addition

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On 2014-04-15 at 12:13 +0200, Willy Tarreau wrote: On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: [ SSL extensions for Proxy protocol ] Please let me know your feedback. [ many great improvements ] Note that this probably marks the death of protocol v2 that nobody implemented yet

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

Hi Phil, On Wed, Apr 16, 2014 at 04:46:05PM -0400, Phil Pennock wrote: On 2014-04-15 at 12:13 +0200, Willy Tarreau wrote: On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: [ SSL extensions for Proxy protocol ] Please let me know your feedback. [ many great improvements ] Note

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

Hi David, On Wed, Apr 16, 2014 at 01:03:37PM -0400, David S wrote: (...) This makes sense. With all the possible fields, I would prefer a more machine friendly format. (I think that is your preference too.) Actually yes. How about a proxy protocol extension that can be appended

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

Hi David, On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: Hello-- Part of my solution uses a non-HTTP protocol. My backend server need L3/L4 information, so the PROXY protocol is a perfect fit. In addition to TCP and IP addresses, my backend server needs information from

[PATCH] FEATURE Extending PROXY protocol for SSL

Hello-- Part of my solution uses a non-HTTP protocol. My backend server need L3/L4 information, so the PROXY protocol is a perfect fit. In addition to TCP and IP addresses, my backend server needs information from the client SSL connection. So, I would like to extend the PROXY protocol

Re: [PATCH] proxy: support use_backend with dynamic names

Hi Thomas, On Mon, Mar 31, 2014 at 12:29:25PM +0200, Thomas Heil wrote: Hi, On 31.03.2014 10:45, Willy Tarreau wrote: On Thu, Mar 27, 2014 at 08:57:09PM -0400, Rajat Chopra wrote: Hi! This solution very much solves the problem that I have been facing i.e. large number of acl rules

Re: [PATCH] proxy: support use_backend with dynamic names

- Original Message - From: Steven Le Roux ste...@le-roux.info To: Rajat Chopra rcho...@redhat.com Cc: haproxy haproxy@formilux.org Sent: Monday, March 31, 2014 4:04:55 PM Subject: Re: [PATCH] proxy: support use_backend with dynamic names Hi ! Since I experienced the same behaviour

Re: [PATCH] proxy: support use_backend with dynamic names

On Thu, Mar 27, 2014 at 08:57:09PM -0400, Rajat Chopra wrote: Hi! This solution very much solves the problem that I have been facing i.e. large number of acl rules causing latency in requests. Been in discussions separately about it and today I got a chance to test out this patch. I

Re: [PATCH] proxy: support use_backend with dynamic names

Hi, On 31.03.2014 10:45, Willy Tarreau wrote: On Thu, Mar 27, 2014 at 08:57:09PM -0400, Rajat Chopra wrote: Hi! This solution very much solves the problem that I have been facing i.e. large number of acl rules causing latency in requests. Been in discussions separately about it and

Re: [PATCH] proxy: support use_backend with dynamic names

Le lundi 31 mars 2014 à 10h45, « Willy Tarreau » a écrit : On Thu, Mar 27, 2014 at 08:57:09PM -0400, Rajat Chopra wrote: Hi! This solution very much solves the problem that I have been facing i.e. large number of acl rules causing latency in requests. Been in discussions separately

Re: [PATCH] proxy: support use_backend with dynamic names

Hi ! Since I experienced the same behaviour with a similar configuration, don't you have a huge startup time due to the ACL parsing ? -- Steven Le Roux Le 28 mars 2014 01:59, Rajat Chopra rcho...@redhat.com a écrit : Hi! This solution very much solves the problem that I have been facing

Re: [PATCH] proxy: support use_backend with dynamic names

: [PATCH] proxy: support use_backend with dynamic names Hi ! Since I experienced the same behaviour with a similar configuration, don't you have a huge startup time due to the ACL parsing ? -- Steven Le Roux Le 28 mars 2014 01:59, Rajat Chopra rcho...@redhat.com a écrit : Hi

Re: [PATCH] proxy: support use_backend with dynamic names

Hi Rajat, On Fri, Mar 28, 2014 at 07:40:45PM -0400, Rajat Chopra wrote: Haproxy 1.5 and earlier cut the lines in words around spaces, so above your expression does not work because it's split in two. Just remove the space before map and it will do exactly what you need. Also I think

Re: Interaction between SSL and send-proxy

not mean there was no regression since, but I'd like to see the exact setup that is exhibiting a handshake failure. Here is the configuration I used for experimenting with proxy protocol with SSL between two HAProxy servers. This configuration results in a handshake failure between HAProxy1

RE: Interaction between SSL and send-proxy

verify required ca-file /etc/haproxy/keys/rootCA.pem send-proxy #=== HAProxy 2 = frontend h2 mode tcp bind 10.10.10.242:443http://10.10.10.242:443 name example1 ssl crt /etc/haproxy/keys/haproxy2.pem verify required ca-file /etc/haproxy/keys/rootCA.pem accept-proxy default_backend b

Re: [PATCH] proxy: support use_backend with dynamic names

Hi Rajat, On Thu, Mar 27, 2014 at 08:57:09PM -0400, Rajat Chopra wrote: Hi! This solution very much solves the problem that I have been facing i.e. large number of acl rules causing latency in requests. Been in discussions separately about it and today I got a chance to test out this

Re: [PATCH] proxy: support use_backend with dynamic names

Haproxy 1.5 and earlier cut the lines in words around spaces, so above your expression does not work because it's split in two. Just remove the space before map and it will do exactly what you need. Also I think it's better to use a map than the plain header because this way you can ensure

Re: [PATCH] proxy: support use_backend with dynamic names

Hi! This solution very much solves the problem that I have been facing i.e. large number of acl rules causing latency in requests. Been in discussions separately about it and today I got a chance to test out this patch. I report that it works great! I have been able to route 150k backends

RE: Interaction between SSL and send-proxy

Hi, Basic question on send-proxy:    If the HAProxy server configuration has both SSL and send-proxy, should  the proxy protocol header be sent encrypted within the SSL packet? Good question. In my opinion send_proxy should be cleartext, as a proxy may or may not terminate SSL. Imagine

Re: Interaction between SSL and send-proxy

On 26 March 2014 11:01, Lukas Tribus luky...@hotmail.com wrote: Hi, Basic question on send-proxy: If the HAProxy server configuration has both SSL and send-proxy, should the proxy protocol header be sent encrypted within the SSL packet? Good question. In my opinion send_proxy should

Re: Interaction between SSL and send-proxy

Hi Bob, On Tue, Mar 25, 2014 at 01:58:12PM -0400, Bob S wrote: Basic question on send-proxy: If the HAProxy server configuration has both SSL and send-proxy, should the proxy protocol header be sent encrypted within the SSL packet? On 1.5-dev22, I see it being sent outside of the encrypted

Re: [PATCH] proxy: support use_backend with dynamic names

Hi Bertrand, On Sun, Mar 23, 2014 at 04:18:44PM +0100, Bertrand Jacquin wrote: Hi, I did this patch for dev19 some time ago but I am still not sure whether it is the best way to do it or not, and did not have the time to discuss it since. As the latest changes broke it and forced me to

Interaction between SSL and send-proxy

Basic question on send-proxy: If the HAProxy server configuration has both SSL and send-proxy, should the proxy protocol header be sent encrypted within the SSL packet? On 1.5-dev22, I see it being sent outside of the encrypted envelope. This causes a handshake failure, even when connecting

RE: Proxy protocol patch for nginx 1.4.x

]. Regards, Lukas [1] http://hg.nginx.org/nginx/rev/3a72b1805c52 [2] http://nginx.org/en/CHANGES [3] http://nginx.org/en/docs/http/ngx_http_core_module.html#listen [4] http://nginx.org/en/docs/http/ngx_http_core_module.html#variables [5] https://chrislea.com/2014/03/20/using-proxy-protocol-nginx/

[PATCH] proxy: support use_backend with dynamic names

2001 From: Bertrand Jacquin bjacq...@exosec.fr Date: Tue, 19 Nov 2013 11:43:06 +0100 Subject: [PATCH] MEDIUM: proxy: support use_backend with dynamic names We have a use case where we look up a customer ID in an HTTP header and direct it to the corresponding server. This can easily be done using

RE: Proxy protocol patch for nginx 1.4.x

Hi Jim, Please try it and report any issue / bug / success story. (the wiki hosting the page above uses the patch, of course) This is great, and mostly working for me on 1.4.5! Solves a big problem of mine.However, is it not possible to use SNI at the same time? When I configure nginx

Re: Proxy protocol patch for nginx 1.4.x

Baptiste bedis9@... writes: Please try it and report any issue / bug / success story. (the wiki hosting the page above uses the patch, of course) This is great, and mostly working for me on 1.4.5! Solves a big problem of mine.However, is it not possible to use SNI at the same time? When I

Re: Proxy protocol patch for nginx 1.4.x

Hi Jim, Thanks a lot for the feedback. I know nginx devs are now working on an official patch: https://twitter.com/mdounin/status/441705983581372417 Baptiste On Sun, Mar 9, 2014 at 2:30 AM, Jim Howell jimboco...@gmail.com wrote: Baptiste bedis9@... writes: Please try it and report any

Re: Does haproxy could be a forward proxy?

laptop to split traffic, for example, there's a ACL to let some special domains go via remote proxy, and the default goes local proxy, I wonder is it possible to replace local proxy with haproxy, so I could have: server default local:1080 directly without creating a proxy by another tool

503 errors from HTTP statistics proxy

I am running HAProxy version 1.5-dev16 to load balance traffic to a pair of web servers. That part of the service is running great. I attempted to add a proxy to serve the HTTP statistics page and am receiving 503 Service Unavailable messages. (I also run a separate instance of HAProxy version

Re: Google Maps API reverse proxy

to reverse proxy HTTP requests (/maps context) to the HTTPS Google maps API. Network traces show empty data packets coming back from Google which appear to be interpreted as 503/bad gateway by haproxy. I've modified the haproxy config through various attempts to get this working (commented out

Re: Google Maps API reverse proxy

Hi, Le 20/02/2014 21:56, Steve Phillips a écrit : That's corrrect, I want to talk https to the maps API. Thanks for the response. Added ssl keyword and tried adding verify none as well but now get a 404 back from google. The URL is valid as I'm testing with curl on my haproxy host: curl -I

Re: Google Maps API reverse proxy

That worked! Thank you so much for your help I've been working on this off and on for a couple weeks. Steve On Thu, Feb 20, 2014 at 1:00 PM, Cyril Bonté cyril.bo...@free.fr wrote: Hi, Le 20/02/2014 21:56, Steve Phillips a écrit : That's corrrect, I want to talk https to the maps

Re: 503 errors from HTTP statistics proxy

is running great. I attempted to add a proxy to serve the HTTP statistics page and am receiving 503 Service Unavailable messages. (I also run a separate instance of HAProxy version 1.4.8 on which the statistics page is working fine.) I have tried several different configurations. Here is what gets

Re: Google Maps API reverse proxy

So you now owe Cyril a beer (at least) Baptiste On Thu, Feb 20, 2014 at 11:06 PM, Steve Phillips stw...@gmail.com wrote: That worked! Thank you so much for your help I've been working on this off and on for a couple weeks. Steve On Thu, Feb 20, 2014 at 1:00 PM, Cyril Bonté

Re: Google Maps API reverse proxy

If you're ever in San Francisco, beer is on me:) On Thu, Feb 20, 2014 at 2:50 PM, Baptiste bed...@gmail.com wrote: So you now owe Cyril a beer (at least) Baptiste On Thu, Feb 20, 2014 at 11:06 PM, Steve Phillips stw...@gmail.com wrote: That worked! Thank you so much for your

Re: 503 errors from HTTP statistics proxy

- Original Message - Hi Patrick, I think your listen adminstats would be glad to have a 'stats enable' statement! Baptiste Thanks but that does not fix it. I had that included at one point. I have been through so many configurations listen adminstats 0.0.0.0:8080 mode

Re: 503 errors from HTTP statistics proxy

Hi Patrick, Le 21/02/2014 00:06, Patrick Landry a écrit : Thanks but that does not fix it. I had that included at one point. I have been through so many configurations The solution is to upgrade to haproxy-1.5-dev22 or the current snapshot ;-) There were regressions on the stats page in

Re: 503 errors from HTTP statistics proxy

- Original Message - From: Cyril Bonté cyril.bo...@free.fr To: Patrick Landry p...@louisiana.edu, Baptiste bed...@gmail.com Cc: HAProxy haproxy@formilux.org Sent: Thursday, February 20, 2014 5:32:25 PM Subject: Re: 503 errors from HTTP statistics proxy Hi Patrick, Le 21/02/2014 00

Re: Need client source ip from HA-proxy at proxy

Hi Russ, Your last chance is the proxy-protocol: http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt http://blog.exceliance.fr/haproxy/proxy-protocol/ That said, your proxy server might be compatible! Baptiste On Tue, Feb 11, 2014 at 9:34 PM, Russ Daigle rdaigle...@yahoo.com wrote

Re: Extending Proxy Protocol

Hi David, On Wed, Jan 29, 2014 at 10:53:22PM -0500, David S wrote: I want to use HAProxy to terminate my incoming SSL connections and forward the messages to my server application. My challenge is that my application needs information from the client certificates. The Proxy Protocol

Re: Haproxy as simple proxy forwarding each request

On Wed, Jan 29, 2014 at 07:32:37PM +, Jonathan Matthews wrote: On 29 January 2014 17:59, Ricardo ri...@hotmail.com wrote: Hello, Is a bit mess situation but I can't configure Haproxy as a simple proxy. The behaviour I'm looking for is an Haproxy listen in port 80, receiving

Re: Extending Proxy Protocol

information from the client certificates. The Proxy Protocol is one way that connection information can be forwarded from HAProxy to the receiver. I'm interested in extending the Proxy Protocol to include client certificate information. The Proxy Protocol documentation mentions that this has

Re: Extending Proxy Protocol

On Thu, Jan 30, 2014 at 09:19:34AM +, Neil wrote: Another http proxy 'pound' passes on this information by added http headers similar to x-forwarded-for. It would,imho, be great to be able to take arbitary headers from client and mangle and pass them on to backend servers or use in acls

Re: Extending Proxy Protocol

:22PM -0500, David S wrote: I want to use HAProxy to terminate my incoming SSL connections and forward the messages to my server application. My challenge is that my application needs information from the client certificates. The Proxy Protocol is one way that connection information can

RE: Can HAProxy Reverse Proxy SSL to Backend?

Hi, OK we discussed this with Emeric in the last few days and came up with a solution closer from yours than from mine. What made me accept to change my mind is to realize that many users don't see warnings at all. Probably that the new shitty service managers which replace init are

Re: Can HAProxy Reverse Proxy SSL to Backend?

Hi Lukas, coming back to this old thread. On Wed, Jun 26, 2013 at 11:48:12AM +0200, Willy Tarreau wrote: On Wed, Jun 26, 2013 at 09:52:32AM +0200, Lukas Tribus wrote: Hi Willy, I sense we are not going to agree on this, but I'm posting my two cents here anyway. you're welcome :-)

Haproxy as simple proxy forwarding each request

Hello, Is a bit mess situation but I can't configure Haproxy as a simple proxy. The behaviour I'm looking for is an Haproxy listen in port 80, receiving request to any url and forward each request to the appropiate domain trought his own gateway. Client 192.168.1.5 -- Haproxy 192.168.1.254

Re: Haproxy as simple proxy forwarding each request

On 29 January 2014 17:59, Ricardo ri...@hotmail.com wrote: Hello, Is a bit mess situation but I can't configure Haproxy as a simple proxy. The behaviour I'm looking for is an Haproxy listen in port 80, receiving request to any url and forward each request to the appropiate domain trought

Extending Proxy Protocol

I want to use HAProxy to terminate my incoming SSL connections and forward the messages to my server application. My challenge is that my application needs information from the client certificates. The Proxy Protocol is one way that connection information can be forwarded from HAProxy

tune.bufsize issue with send-proxy / accept-proxy SSL setup

Hello Our HAProxy 1.5~dev21 setup looks like this: client browser - haproxy1 - haproxy2 - web servers - client browser sends as https. - haproxy1 receives with mode tcp frontend, and sends using mode tcp backend with send-proxy. - haproxy2 receives with mode http frontend with ssl accept-proxy

Re: tune.bufsize issue with send-proxy / accept-proxy SSL setup

- haproxy2 - web servers - client browser sends as https. - haproxy1 receives with mode tcp frontend, and sends using mode tcp backend with send-proxy. - haproxy2 receives with mode http frontend with ssl accept-proxy, and sends using mode http backend to web servers. The problem: when

RE: tune.bufsize issue with send-proxy / accept-proxy SSL setup

, January 23, 2014 12:27 To: Oskar Liljeblad Cc: haproxy@formilux.org Subject: Re: tune.bufsize issue with send-proxy / accept-proxy SSL setup Hi Oskar, Are you using the latest git version? If no, please give it a try, there may be a fix which apply to this case. Baptiste On Thu, Jan 23, 2014 at 12

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

To: Lauri-Alo Adamson; haproxy@formilux.org Subject: RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment Hi, My web servers contain text file wich contain name of that server. Then put following line to web browser https://X.X.X.X/index.txt

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, And this program generated a file rfc5077-output-1389174665--p-4431- 192.168.35.254.csv with following contet: This output is extremely useful. What it says is that session id caching works perfectly fine; as long as TLS ticket remains disabled on the client side. But when the client

http download stop with busy low speed link if haproxy doing reverse proxy for a file about 5MB

Hi, I have run into an issue that http download stop with busy low speed link if haproxy doing reverse proxy for a file about 5MB. The topo is like: browser1-traffic shape box allow 128Kb --haproxy--1Gb link---web server | browser2

Re: http download stop with busy low speed link if haproxy doing reverse proxy for a file about 5MB

Hi, On Mon, Jan 06, 2014 at 06:07:21PM +0800, Delta Yeh wrote: Hi, I have run into an issue that http download stop with busy low speed link if haproxy doing reverse proxy for a file about 5MB. The topo is like: browser1-traffic shape box allow 128Kb --haproxy

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

@formilux.org Subject: RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment Hi, My web servers contain text file wich contain name of that server. Then put following line to web browser https://X.X.X.X/index.txt and browse this page it displays

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, My web servers contain text file wich contain name of that server. Then put following line to web browser https://X.X.X.X/index.txt and browse this page it displays server name One server file index.txt contains server name etee-live1 and other server the file contains this server name

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, Have been wondering about if/how i could persist ssl sessions between servers myself if i ever need it. And found the concept of a SSL-session-id rather promising, then after looking into how to use it and its reliability i found some articles saying it might not be wise..

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

and try experiment ssl sessioon affinity again. Lauri-Alo Adamson -Original Message- From: Lukas Tribus [mailto:luky...@hotmail.com] Sent: Friday, January 03, 2014 11:41 PM To: Lauri-Alo Adamson; haproxy@formilux.org Subject: RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl

Re: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, Le 04/01/2014 20:09, Lauri-Alo Adamson a écrit : Are you tcpdumping the frontent traffic? If undestood correctly tcpdump displays encrypted traffic without necessary information about affinity Yes it does. This will allow to check the SSL session id in each ClientHello/ServerHello

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Subject: Re: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment Hi, Le 04/01/2014 20:09, Lauri-Alo Adamson a écrit : Are you tcpdumping the frontent traffic? If undestood correctly tcpdump displays encrypted traffic without necessary information

RE: Does haproxy could be a forward proxy?

Hi, Hi, this question is silly, but I use haproxy even on my laptop to split traffic, for example, there's a ACL to let some special domains go via remote proxy, and the default goes local proxy, I wonder is it possible to replace local proxy with haproxy, so I could have: server default

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, Hello , Many thanks for your replay. This thing is more stranger i downloaded and compiled serverl versions of HAproxy 1.5.x.x and the result was alwase the same I experimented with following versions At first i testing with

Re: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, Have been wondering about if/how i could persist ssl sessions between servers myself if i ever need it. And found the concept of a SSL-session-id rather promising, then after looking into how to use it and its reliability i found some articles saying it might not be wise..

HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hello ! Problem description - then i access my two web servers through HA-Proxy version 1.5-dev21-51437d2 2013/12/29 it acts as round robin load balancing with out any ssl sticky sessions effect. I would be very pleased if some could help to make sticky ssl sessions work with out ssl offload

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

Hi, Problem description – then i access my two web servers through HA-Proxy version 1.5-dev21-51437d2 2013/12/29 it acts as round robin load balancing with out any ssl sticky sessions effect. I would be very pleased if some could help to make sticky ssl sessions work with out ssl offload

RE: proxy protocol for varnish 3.0.5

Hi, Dumb question: what is the advantage of the proxy protocol for http (as would be the case with varnish)? I assumed the proxy protocol was used to enable load balancing of non-http protocols. It can be useful even when you are load-balancing http. Perhaps you don't want to touch the HTTP

Does haproxy could be a forward proxy?

Hi, this question is silly, but I use haproxy even on my laptop to split traffic, for example, there's a ACL to let some special domains go via remote proxy, and the default goes local proxy, I wonder is it possible to replace local proxy with haproxy, so I could have: server default local:1080

RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment

://haproxy.1wt.eu/download/1.5/src/snapshot/ All the time the result was same Lauri-Alo Adamson -Original Message- From: Lukas Tribus [mailto:luky...@hotmail.com] Sent: Thursday, January 02, 2014 5:35 PM To: Lauri-Alo Adamson; haproxy@formilux.org Subject: RE: HA-Proxy version 1.5-dev21

Re: proxy protocol for varnish 3.0.5

On 12/30/2013 10:00 AM, Baptiste wrote: On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote: Hi, I have made a patch to add proxy protocol to V arnish 3.0 you can find it at http://varnish.hocdet.net Emmanuel Brilliant!!! I'm going to play with it soon :) Dumb

proxy protocol for varnish 3.0.5

Hi, I have made a patch to add proxy protocol to Varnish 3.0 you can find it at http://varnish.hocdet.net Emmanuel

Re: proxy protocol for varnish 3.0.5

On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote: Hi, I have made a patch to add proxy protocol to V arnish 3.0 you can find it at http://varnish.hocdet.net Emmanuel Brilliant!!! I'm going to play with it soon :) Baptiste

RE: proxy protocol for varnish 3.0.5

Hi, I have made a patch to add proxy protocol to Varnish 3.0 you can find it at http://varnish.hocdet.net Nice! Btw, is there any patch available for apache? Google search with the apache, haproxy, proxy keywords isn't very helpful, as you can immagine ... We need more exotic names

Re: proxy protocol for varnish 3.0.5

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 30.12.2013 19:00, Baptiste wrote: On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote: Hi, I have made a patch to add proxy protocol to V arnish 3.0 you can find it at http://varnish.hocdet.net Emmanuel

Re: proxy protocol for varnish 3.0.5

On Tue, Dec 31, 2013 at 03:23:59AM +0100, Thomas Heil wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 30.12.2013 19:00, Baptiste wrote: On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote: Hi, I have made a patch to add proxy protocol to V arnish

Re: proxy protocol for varnish 3.0.5

On Tue, Dec 31, 2013 at 12:34:43AM +0100, Lukas Tribus wrote: Hi, I have made a patch to add proxy protocol to Varnish 3.0 you can find it at http://varnish.hocdet.net Nice! Btw, is there any patch available for apache? Google search with the apache, haproxy, proxy keywords isn't

Re: HTTP and send-proxy

HAProxy and the server to know the issue. Maybe your HTTP check URL is wrong or you need a Host header. Baptiste On Sat, Oct 12, 2013 at 4:48 AM, jinge altman87...@gmail.com wrote: Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address

Re: HTTP and send-proxy

On 29 October 2013 08:30, Ge Jin altman87...@gmail.com wrote: Hi, Baptiste! Thanks for your reply, I found there is an incorrect configure in my ... email client? ;-)

Re: Proxy Protocol Patch for HAProxy 1.4

Hi Charles-Antoine, On Fri, Oct 11, 2013 at 06:14:17PM +0200, Charles-antoine Guillat-Guignard wrote: Hello, After testing the proxy protocol feature to balance SMTP connections to a Postfix 2.10 farm, I have to say it is doing nicely, using HAProxy 1.5-dev19. Thank you for this very

Re: HTTP and send-proxy

altman87...@gmail.com wrote: Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address to the peer haproxy. But after I config the send-proxy and accept-proxy in the configuration. The web nevent be successful responsed. The 503 error always

Proxy Protocol Patch for HAProxy 1.4

Hello, After testing the proxy protocol feature to balance SMTP connections to a Postfix 2.10 farm, I have to say it is doing nicely, using HAProxy 1.5-dev19. Thank you for this very welcome feature. But I was wondering, is the proxy protocol patch for the current stable version (1.4.24

HTTP and send-proxy

Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address to the peer haproxy. But after I config the send-proxy and accept-proxy in the configuration. The web nevent be successful responsed. The 503 error always there. the configure there ha-L0.conf

<    4   5   6   7   8   9   10   11   12   >