[ Profitez de votre offre pour trouver le cadeau idéal ](
http://r.journaldujour.fr/2vdiyd6r1actsbd.html ) |
Vous recevez mes news car vous vous êtes abonnés à RV [ ](
http://r.journaldujour.fr/2vdiyd6rtqctsbd.html ) [ ](
http://r.journaldujour.fr/2vdiyd6sm6ctsbd.html ) [ ](
On Wed, Dec 2, 2015 at 3:14 PM, Olivier Doucet wrote:
> Hello all,
>
> I see parameter tune.ssl.cachesize with default value of 2
>
> But today, I have no idea how much of this cache I'm actually using, and I
> fail to find any information about it. Is there a way to know
On Wed, Dec 2, 2015 at 7:01 PM, John Pingel wrote:
> Willy, Thierry, and all:
>
> My employer uses an external service provider that requires that we do not
> over use their services.So, I need to use HAProxy to help throttle/limit
> the max number of user connections
On Fri, Dec 04, 2015 at 03:07:06AM +0100, Cyril Bonté wrote:
> Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when
> they were declared in the defaults section. This is due to the use of an
> internal attribute which is set once an email-alert is at least partially
>
On Wed, Nov 25, 2015 at 03:32:34PM +, David CARLIER wrote:
> HI all,
>
> there is it is a small patch which fix a wrong calloc call, I think.
Both are technically equivalent since calloc multiplies the two members,
but you're perfectly right and seeing them reversed is at least confusing.
I
Hi all,
I'm using this snippet in the config of version 1.5.14 of haproxy:
http-request redirect location
https://www.domain.%[req.fhdr(accept-language),lower,language(de-at;de-ch,de),map(/etc/haproxy/language-map.txt,de)]/
code 301
As soon as there is NO Accept-Language-Header in the request
i am looking to setup a transparent intercepting proxy, where i use
iptables to DNAT traffic on port 80 and redirect it to HAProxy and in
turn load balance to Squid for fulfillment. the DNAT to HAProxy works
and the load balance to Squid works, but Squid sees the request without
the correct
Hi Baiyang,
On Thu, Dec 03, 2015 at 06:44:29PM +0800, baiyang wrote:
> Hi Willy,
>
> It's a peaceful week, I think the root of the bug has been exactly located to
> "timeout client-fin" and "timeout server-fin" options.
Great, thanks for your encouraging feedback! I'm glad it worked in the end!
Hi,
I have HAPROXY in front of servers backend which are load balanced.
So, in https, we have only one address where the front https haproxy listen :
bind :443.
And we have some clients for which, we only pass-through the traffic, so we use
the mode tcp .
Frontend https-tcp-in
Mode tcp
Hi,
We just had a strange replication problem on our staging environment.
We have 2 HAproxy servers. They were running for 2 weeks now.
At the beginning, I checked that the stick tables were properly synced.
Today, stick tables were not synced, for example :
root@proxy1>: echo "show table
Hi,
Attached is a patch with an edit to the information in the README regarding
51Degrees installation and configuration.
Ben.
This email and any attachments are confidential and may also be privileged. If
you are not the named recipient, please notify the sender immediately and do
not
Hi Willy,
It's a peaceful week, I think the root of the bug has been exactly located to
"timeout client-fin" and "timeout server-fin" options.
Thanks :-)
--
Best Regards
BaiYang
baiy...@gmail.com
http://baiy.cn
< END OF EMAIL >
From: Willy Tarreau
Date: 2015-11-26
Hi,
I'm trying to use the cpu-map directive on haproxy 1.6 (Debian 8), but am
getting the error:
'cpu-map' is not enabled, please check build options for USE_CPU_AFFINITY
I understand from this that I need to recompile with some different
options, but could anyone point me in the direction of
-Original Message-
From: Lukas Tribus [mailto:luky...@hotmail.com]
Sent: Wednesday, December 02, 2015 4:42 PM
To: Cohen Galit; Igor Cicimov
Cc: HAProxy
Subject: RE: SSLv2Hello is disabled
Hi Galit,
> I want to emphasize that the following test succeeded:
>
> [root@proxy-au51
Is there any way to get haproxy to listen only on the public IP, other than
by specifying the IP?
I dont want this to listen on the loopback.
On Wed, Nov 18, 2015 at 06:18:19AM +, David CARLIER wrote:
> Hi all,
>
> this should be a harmless patch in order to silence the compiler
> warning in some operating systems regarding time_t / printf format
> specifier.
Applied, thanks David.
Willy
Looks like I might have messed something up with the original compilation
(since my target is showing as custom). I'll go back and take a look at
the procedure I used. Thanks.
>From -vv :
Build options :
TARGET = custom
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g
On 02/12/2015 01:35 μμ, Stefan Johansson wrote:
> Hello,
>
> the usage is based on session rate (i.e the percentage I listed, those are
> the approximate session rates per haProxy process). The CPU% of the
> respective core mirrors this as well (nothing else running on those cores
>
On Wed, Dec 02, 2015 at 12:21:52PM +, David Carlier wrote:
> HI all,
>
> another patch to fix an use case when the attended HTTP header by the
> convertor is not found, either by Haproxy req*del modifiers or even just
> the web browser, hence avoiding a segfault.
>
> Please cc
True.
This day I spent a lot of time doing a lot of calloc call writing
hence that is probably why it caught my eyes in first place :) thanks.
On 3 December 2015 at 10:33, Willy Tarreau wrote:
> On Wed, Nov 25, 2015 at 03:32:34PM +, David CARLIER wrote:
>> HI all,
>>
>> there
Hi Unkown User!
> Is there any way to get haproxy to listen only on the public IP, other
> than by specifying the IP?
> I dont want this to listen on the loopback.
Use the interface keyword:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-interface
Regards,
Lukas
❦ 3 décembre 2015 08:59 +0100, SL :
> I'm trying to use the cpu-map directive on haproxy 1.6 (Debian 8), but
> am getting the error:
>
> 'cpu-map' is not enabled, please check build options for
> USE_CPU_AFFINITY
>
> I understand from this that I need to recompile with some
On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote:
> Hi all,
>
> Here it is a slight change, the DeviceAtlas module logging is silented by
> default.
> Also via the -vv flag, the DeviceAtlas support should be displayed.
Applied, thanks!
Willy
Hi Sylvain,
On Thu, Dec 03, 2015 at 12:05:02PM +0100, Sylvain Faivre wrote:
> Hi,
>
> We just had a strange replication problem on our staging environment.
> We have 2 HAproxy servers. They were running for 2 weeks now.
> At the beginning, I checked that the stick tables were properly synced.
>
On 12/02/2015 08:17 PM, Dave Zhu (yanbzhu) wrote:
> Hello all,
>
> I¹ve written up Willy and Emeric¹s proposal and it seems to test fine, at
> least from a functionality standpoint.
>
> I would appreciate it if interested parties would beat on this harder than
> I did to work out kinks.
>
> To
Hi Guys , how do unsubscribe :)
Thanks
Alex
> On Dec 3, 2015, at 2:35 AM, Willy Tarreau wrote:
>
> On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote:
>> Hi all,
>>
>> Here it is a slight change, the DeviceAtlas module logging is silented by
>> default.
>> Also via
Hi Alain,
On Thu, Dec 03, 2015 at 12:14:20PM +, Labedan, Alain wrote:
>
> Hi,
>
> I have HAPROXY in front of servers backend which are load balanced.
>
> So, in https, we have only one address where the front https haproxy listen
> : bind :443.
> And we have some clients for which, we
Hi,
> I'll try to pack again the OpenSSL files (must work with rpm) from
> original repository and will let you know. Thanks.
Ok, but first try the other proposal (takes less time):
>> Should I just add to haproxy.cfg the following?
>> force-tlsv10
>
> Yes, you can try:
>
> global
>
Hi Alex,
On Thu, Dec 03, 2015 at 05:32:16AM -0800, Alex wrote:
> Hi Guys , how do unsubscribe :)
As indicated on the site, by sending an e-mail to :
haproxy+unsubscr...@formilux.org
but I've done it for you right now.
Best regards,
Willy
On Thu, Dec 03, 2015 at 10:43:56AM +, Ben Shillito wrote:
> Hi,
>
> Attached is a patch with an edit to the information in the README regarding
> 51Degrees installation and configuration.
Applied to 1.7 and 1.6, thanks Ben.
Willy
Dear Sir / Madam ,
Good day.
I'm Agnes from HMX Electronic, a professional PCB manufacturer of Prototype,
Small volume and Medium volume orders with the certificates of UL, ISO9001, and
RoHs.
Our factory highlights as below:
1, High Quality and Technology Capability
We process the
Hey Emeric,
I’m in the process of cleaning up the patches, indentation and style so
I’ll post up another set to the mailing list as Willy suggested.
-Dave
On 12/3/15, 9:56 AM, "Emeric Brun" wrote:
>On 12/02/2015 08:17 PM, Dave Zhu (yanbzhu) wrote:
>> Hello all,
>>
>> I¹ve
Hi Bernd, Willy,
> Hello,
>
> im getting segfault, it happens on 1 of ~500 million requests that are
> processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems
> updated, crash stayed).
>
> If you need more informations, let me know.
>
> Thank You.
>
> Trace:
> (gdb) thread apply all bt
Hey Willy
On 12/3/15, 1:40 AM, "Willy Tarreau" wrote:
>I didn't understand what you meant with this last sentence, it sounds like
>there could be multiple default contexts which are more or less randomly
>chosen so that confuses me.
Sorry if that was confusing. I was merely trying
On Thu, Dec 03, 2015 at 03:56:45PM +0100, Sylvain Faivre wrote:
> According to our logs, both HAproxy processes were started at Nov 24
> 11:25:xx and application errors caused by lack of session replication
> started happenning at Dec 1 17:05:35
> So that's a bit more than 1 week later.
>
>
Hello,
im getting segfault, it happens on 1 of ~500 million requests that are
processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems
updated, crash stayed).
If you need more informations, let me know.
Thank You.
Trace:
(gdb) thread apply all bt full
Thread 1 (Thread
Already did.
Unfortunately same error in servers
-Original Message-
From: Lukas Tribus [mailto:luky...@hotmail.com]
Sent: Thursday, December 03, 2015 3:36 PM
To: Cohen Galit
Cc: HAProxy
Subject: RE: SSLv2Hello is disabled
Hi,
> I'll try to pack again the OpenSSL files (must
Hey Willy
On 12/3/15, 1:34 PM, "Willy Tarreau" wrote:
>
>I'm sorry but I'm missing something. In which case could we have the
>choice
>between multiple SSL_CTX ? My understanding is that if the SNI is not
>found
>in the list, we currenlty fall back to the default cert. Now the
On Thu, Dec 3, 2015 at 2:00 PM, Dave Zhu (yanbzhu)
wrote:
> Hey Bryan.
>
> I noticed that you gave HAProxy a directory. You have to give it the name
> of the cert instead of the directory.
>
> So your config should be:
>
> bind :8443 ssl crt ./var/tls/localhost.pem
>
>
>
I
Another odd thing is that both certs are loaded even if the ECC cert
doesn't have the proper name.
In my testing with a bind line of
bind :8443 ssl crt ./var/tls/localhost.pem
the ECC cert is loaded if it is in that directory no matter what the file
name is.
-Bryan
On Thu, Dec 3, 2015 at
Thats exactly what I am wanting to code, I just need an example of how to do
auth, like userlist, inside of lua.
- Original Message -
From: "Igor Cicimov"
To: "Grant Haywood"
Cc: "HAProxy"
Sent: Thursday,
Hi Grant,
On Fri, Dec 4, 2015 at 7:46 AM, Grant Haywood
wrote:
> Hello,
>
> I was wondering if there is a basic example of using lua to do
> authentication?
>
> I am specificaly interested in constructing 'ldap' and 'jwt' versions of
> the 'userlist' block
>
> thx in
Hey Bryan.
I noticed that you gave HAProxy a directory. You have to give it the name of
the cert instead of the directory.
So your config should be:
bind :8443 ssl crt ./var/tls/localhost.pem
-Dave
From: Bryan Talbot >
Date: Thursday,
Hi Dave.
I've applied the patches but things are not working as I expected. It could
be that my expectations are incorrect though. I'm expecting that with two
(ECC and RSA) self-signed testing certificates deployed with the haproxy
config shown below that ECC capable clients will connect and use
Hello,
I see that you are one of the promising exhibitors at NAHB International
Builders' Show JAN 19-21, 2016. I am wondering if you are interested in
acquiring the potential Attendees List for this event which you can leverage
for your pre and post event campaigns.
Each record in our database
Hey Emeric,
On 12/3/15, 9:56 AM, "Emeric Brun" wrote:
>
>But i notice some inconsistencies.
>
>Patch2 (crt conf keywoard):
>If the file without key extension is present, this file is loaded but
>also the multi_load is called.
>
>However in Patch3 (crt-list)
>If the file
Hi Dave,
On Thu, Dec 03, 2015 at 05:36:36PM +, Dave Zhu (yanbzhu) wrote:
> On 12/3/15, 1:40 AM, "Willy Tarreau" wrote:
>
> >I didn't understand what you meant with this last sentence, it sounds like
> >there could be multiple default contexts which are more or less randomly
>
Hi Sylvain and Tommy,
Le 30/11/2015 10:34, Sylvain Faivre a écrit :
On 11/01/2015 06:34 PM, Tommy Atkinson wrote:
I want to enable email alerts for all my backends so I added the
"email-alert" options to the defaults section and a mailers section at
the top level. The documentation indicates
A segfault can occur during at the initialization phase, when an unknown
"mailers" name is configured. This happens when "email-alert myhostname" is not
set, where a direct pointer to an array is used instead of copying the string,
causing the segfault when haproxy tries to free the memory.
This
When the email alert message couldn't be formatted, the logged error message
said the contrary.
This fix must be backported to 1.6.
---
src/checks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/checks.c b/src/checks.c
index e77926a..bc7eaa7 100644
--- a/src/checks.c
Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when
they were declared in the defaults section. This is due to the use of an
internal attribute which is set once an email-alert is at least partially
configured. But this attribute was not propagated to the current proxy
Hi,
All my backend servers are connected to a private, IPv6-only network.
When I'm trying to use their addresses in "server" directive, HAProxy
fails to connect to them.
Here's some configurations I've tried (fe80::ec4:7aff:fe59:91dd =
backend server, fe80::ec4:7aff:fe6c:4a89 = haproxy):
server
Hi,
I have two backends named "nginx-http" and "nginx-https": the first
one handle HTTP connections, the second one HTTPS connections.
The proxy protocol works successfully on nginx-http backend:
server server1 10.0.80.1:8080 send-proxy check check-send-proxy fall
3 inter 2s weight 10
But the
On Wed, Dec 2, 2015 at 8:50 PM, Ruoshan Huang
wrote:
> hi,
> I’m a confused about the difference between `rspdel` and
> `http-response del-header`. if all I want is to delete a hdr of plain text
> instead of regular expression, does `http-response del-header` perform
54 matches
Mail list logo