Hi David,
On Wed, Jan 29, 2014 at 10:53:22PM -0500, David S wrote:
> I want to use HAProxy to terminate my incoming SSL connections and forward
> the messages to my server application. My challenge is that my
> application needs information from the client certificates.
>
> The Proxy Protocol i
On Wed, Jan 29, 2014 at 07:32:37PM +, Jonathan Matthews wrote:
> On 29 January 2014 17:59, Ricardo wrote:
> > Hello,
> >
> > Is a bit mess situation but I can't configure Haproxy as a simple proxy.
> >
> > The behaviour I'm looking for is an Haproxy listen in port 80, receiving
> > request to
Hi Willy,
we see the same effect in our environment here as well.
We are not sure if this is related to a still open Websocket connection.
Do you think that a
timeout tunnel 1h# timeout to use with WebSocket and CONNECT
in the configuration will help to terminate these processes after the
Hi Willy,
we see the same effect in our environment here as well.
We are not sure if this is related to a still open Websocket connection.
Do you think that a
timeout tunnel 1h# timeout to use with WebSocket and CONNECT
in the configuration will help to terminate these processes after the
Hi Stefan,
On Thu, Jan 30, 2014 at 09:46:12AM +0100, Stefan Majer wrote:
> Hi Willy,
>
> we see the same effect in our environment here as well.
> We are not sure if this is related to a still open Websocket connection.
>
> Do you think that a
>
> timeout tunnel 1h# timeout to use with Web
On 30 Jan 2014 08:12, "Willy Tarreau" wrote:
>
> Hi David,
>
> On Wed, Jan 29, 2014 at 10:53:22PM -0500, David S wrote:
> > I want to use HAProxy to terminate my incoming SSL connections and
forward
> > the messages to my server application. My challenge is that my
> > application needs informat
Hello,
We have a web application running for which haproxy does SSL offloading
and load balancing. The application backend is http. The frontend is
https. I want to intercept all cookies the application sets/sends and
modify them to set the secure attribute. According to
http://cbonte.github.
Hi Remy,
Yes, you can do this with:
rspirep ^(set-cookie:.*) \1;\ Secure
Baptiste
On Thu, Jan 30, 2014 at 10:28 AM, Remy van Elst wrote:
> Hello,
>
> We have a web application running for which haproxy does SSL offloading and
> load balancing. The application backend is http. The frontend is
On Thu, Jan 30, 2014 at 09:19:34AM +, Neil wrote:
> Another http proxy 'pound' passes on this information by added http headers
> similar to x-forwarded-for.
>
> It would,imho, be great to be able to take arbitary headers from client and
> mangle and pass them on to backend servers or use in a
Hello!
(haproxy-1.5-dev21)
Using urlp() I can match specific parameter value and dispatch request to
different backends based on that value:
acl PARAM1 urlp(test) 1
use_backend BE1-back if PARAM1
acl PARAM2 urlp(test) 2
use_backend BE2-back if PARAM2
It works if I specify that parameter using
Hu Dmitry,
In Post, the parameters are in the body.
You may be able to match them using the payload ACLs (HAProxy 1.5 only).
Baptiste
On Thu, Jan 30, 2014 at 4:20 PM, Dmitry Sivachenko wrote:
> Hello!
>
> (haproxy-1.5-dev21)
>
>
> Using urlp() I can match specific parameter value and dispatch
Already the case:
http://blog.exceliance.fr/2013/06/13/ssl-client-certificate-information-in-http-headers-and-logs/
Baptiste
On Thu, Jan 30, 2014 at 10:19 AM, Neil wrote:
>
> On 30 Jan 2014 08:12, "Willy Tarreau" wrote:
>>
>> Hi David,
>>
>> On Wed, Jan 29, 2014 at 10:53:22PM -0500, David S wro
On 30 янв. 2014 г., at 19:30, Baptiste wrote:
> Hu Dmitry,
>
> In Post, the parameters are in the body.
> You may be able to match them using the payload ACLs (HAProxy 1.5 only).
>
Hello,
I tried
acl PARAM1 payload(0,500) -m sub test=1
use_backend BE1-back if PARAM1
and it does not match
Hi,
> OK we discussed this with Emeric in the last few days and came up with a
> solution closer from yours than from mine. What made me accept to change
> my mind is to realize that many users don't see warnings at all. Probably
> that the new shitty service managers which replace init are respo
Hi,
> Here's an update of current 1.5 status. All reported bugs were fixed.
>
> I'm currently working on something that was just reported to me today
> which is not exactly a bug but a design mistake around the way track-
> counters are tracked between HTTP requests when they're done in "content"
I'd like to define a proxy (tcp mode) that has multiple backend
servers yet only uses one at a time. In other words, traffic comes
into the frontend and is redirected to one backend server. Should that
server fail, another is chosen.
I realize this might be an odd thing to do with haproxy, and if
Hi Lukas,
On Thu, Jan 30, 2014 at 05:28:32PM +0100, Lukas Tribus wrote:
> Hi,
>
>
> > Here's an update of current 1.5 status. All reported bugs were fixed.
> >
> > I'm currently working on something that was just reported to me today
> > which is not exactly a bug but a design mistake around the
Hi,
I would like to replace incoming request's User Agent with a custom one
before it reaches the destination server.
Here is the incoming User Agent :
Mozilla/5.0 (;;;) AppleWebKit/534.6 HbbTV/1.1.1 (+DL+PVR; television;
Television EMC1000i; 1.0; 1.0;) hdplusinteraktiv/1.0 (NETRANGEMMH;)
CE-HTM
I feel like a really stupid noob But I've searched and searched and do
not understand this. When visitors try to download a file that takes more
than roughly 40 seconds to download the download stalls.
I thought the timeout settings in the config where for acknowledges between
server and clien
Im not 100% sure but if i remember something i read correctly it was
like using a "stick on dst" stick-table.
That way the sticktable will make sure all traffic go's to a single
server, and only when it fails another server will be put in the
sticktable that will only have 1 entry.
You might
ok found it again in the part about "Automatic failover without failback"
http://blog.exceliance.fr/2014/01/17/emulating-activepassing-application-clustering-with-haproxy/
PiBa-NL schreef op 30-1-2014 19:14:
Im not 100% sure but if i remember something i read correctly it was
like using a "stick
On Thu, Jan 30, 2014 at 07:14:30PM +0100, PiBa-NL wrote:
> Im not 100% sure but if i remember something i read correctly it was
> like using a "stick on dst" stick-table.
>
> That way the sticktable will make sure all traffic go's to a single
> server, and only when it fails another server will be
This should (i expect) work with any number of backup servers, as long
as you only need 1 active.
Ryan O'Hara schreef op 30-1-2014 19:34:
On Thu, Jan 30, 2014 at 07:14:30PM +0100, PiBa-NL wrote:
Im not 100% sure but if i remember something i read correctly it was
like using a "stick on dst" st
On Thu, Jan 30, 2014 at 07:39:29PM +0100, PiBa-NL wrote:
> This should (i expect) work with any number of backup servers, as
> long as you only need 1 active.
Yes, it appears this is exactly what I want. A quick test shows that
once failback is still occurring. Not sure why. Once my primary fails,
Hi all,
We carried out an update from dev12 to dev21 as per my previous message to
the list and the specific issue I mentioned before no longer occurred -
good.
Unfortunately we hit a fairly major problem which summed up is a 'packet of
death' scenario that affects dev21 (have not built backwards
On Thu, Jan 30, 2014 at 08:03:37PM +0100, PiBa-NL wrote:
> can you doublecheck the sticktable fills properly with the socket
> commands, and you are running with "nbproc 1" ?
It appears that 1.4 does support 'show table' via the stats
socket. Yes, nbproc is 1.
> can you post the (anonimized) conf
Hi,
> If anyone has any thoughts or insights I'd be intrigued to hear them
> and if you want to reproduce and have difficulties doing so I'd be
> happy to help.
Please provide the smallest config you can reproduce the problem with
and the output of "haproxy -vv". I cannot currently reproduce
please update to the latest
snapshot (ss-20140130) and retry? A lot of bugfixes have been committed
recently.
If you still got 408 errors, than lets focus on fixing the 408 errors first
(because there are likely faster to troubleshoot and the other problem
could be connected to what was fixed in 4
On 30 January 2014 22:21, Lukas Tribus wrote:
> Hi,
>
>
> > If anyone has any thoughts or insights I'd be intrigued to hear them
> > and if you want to reproduce and have difficulties doing so I'd be
> > happy to help.
>
> Please provide the smallest config you can reproduce the problem with
> an
On 30 January 2014 22:21, Lukas Tribus wrote:
> Please provide the smallest config you can reproduce the problem with
> and the output of "haproxy -vv". I cannot currently reproduce this.
>
Sorry I missed config and -vvv :
[root@localhost ~]# haproxy -vvv
HA-Proxy version 1.5-dev21-6b07bf7 +20
Hi Jérôme,
On Thu, Jan 30, 2014 at 06:09:27PM +0100, Jérôme Féneau wrote:
> Hi,
>
> I would like to replace incoming request's User Agent with a custom one
> before it reaches the destination server.
>
> Here is the incoming User Agent :
>
> Mozilla/5.0 (;;;) AppleWebKit/534.6 HbbTV/1.1.1 (+DL+
On Thu, Jan 30, 2014 at 06:41:57PM +0100, Magnus Thomé wrote:
> I feel like a really stupid noob But I've searched and searched and do
> not understand this. When visitors try to download a file that takes more
> than roughly 40 seconds to download the download stalls.
>
> I thought the timeou
On Thu, Jan 30, 2014 at 03:57:56PM -0600, Ryan O'Hara wrote:
> On Thu, Jan 30, 2014 at 08:03:37PM +0100, PiBa-NL wrote:
> > can you doublecheck the sticktable fills properly with the socket
> > commands, and you are running with "nbproc 1" ?
>
> It appears that 1.4 does support 'show table' via th
Hi James,
On Thu, Jan 30, 2014 at 11:20:07PM +, James Hogarth wrote:
> On 30 January 2014 22:21, Lukas Tribus wrote:
>
> > Please provide the smallest config you can reproduce the problem with
> > and the output of "haproxy -vv". I cannot currently reproduce this.
> >
>
> Sorry I missed con
On Thu, Jan 30, 2014 at 04:30:28PM +0100, Baptiste wrote:
> Hu Dmitry,
>
> In Post, the parameters are in the body.
> You may be able to match them using the payload ACLs (HAProxy 1.5 only).
No it will not work. Payload does not make it easy to extract just some
parts, and there's no way to wait
35 matches
Mail list logo
