Re: 400 error on cookie string

Hello, Am 28.12.2016 um 11:38 schrieb c...@xmonetize.net: Tcpdump shows normal http requests(attached) Ok, I've looked through those traces and a lot of those HTTP 400 errors come from Browser pre-connect feature - which is not a problem. However, the TCP session 410 (tcp.stream eq 410)

Re: 400 error on cookie string

On Thu, Dec 29, 2016 at 08:31:51AM +0100, Willy Tarreau wrote: > I'm puzzled. I'm going to check the error path in the code as it's something > I've never ever seen yet! Thus I suspect a regression in 1.7 compared to 1.6. One of the report mentions 1.6.10 there, it's even more troubling. I'm

Re: Update of SSL certificate on haproxy.org

Hi Baptiste, On Wed, Dec 28, 2016 at 09:32:07AM +0100, Baptiste wrote: > I personally use a shell script (acme.sh https://github.com/Neilpang/acme.sh) > to setup my certificates with let's encrypt. I noticed this one but not tried it yet. > I run it in my init script, before HAProxy starts up

Re: [PATCH] MEDIUM : regex : draft of pcre2 support

Hi David, On Tue, Nov 22, 2016 at 11:11:09AM +0100, Willy TARREAU wrote: > Thanks, your patch looks pretty clean so I'm keeping it for 1.8. So I've merged it now. I had to slightly adapt the changes to regex.c to report the option in "-vv" since I made some changes in this area recently, but

Re: [PATCH 2/2] DOC: "block" deny_status documentation.

Hi, These patches update "block" keyword documentation. First patch adds deprecated notice to "block" (haproxy-1.7.1 warns if you have "block" in your config: "The 'block' directive is now deprecated in favor..."). Second patch documents block [deny_status ] usage. Both patches are against

[PATCH] BUG/MINOR: option prefer-last-server must be ignored in some case

when using "option prefer-last-server", we may not always stay on the same backend if we have one of the following option: balance uri balance url_param balance hdr() balance rdp-cookie --- src/backend.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/backend.c

Re: [PATCH] BUG/MINOR: option prefer-last-server must be ignored in some case

Hi all, This is my very first contribution in C in an important project. Please, be kind :) - format check with Torvald's checkpatch.pl : OK - compile test : OK - small working test : OK (working as expected on a very small test) Feel free to comment so I can improve next time. Olivier

Re: Update of SSL certificate on haproxy.org

On Wed, Dec 28, 2016 at 2:40 AM, Willy Tarreau wrote: > Hi Holger, > > On Tue, Dec 27, 2016 at 11:12:50PM +0100, Holger Just wrote: > > Hi Willy, > > > > Recently, you updated the SSL certificate of haproxy.org, > > git.haproxy.org, ... to a new certificate from StartSSL. > > Yep

SNI with multiple SSL certs

Hi Guys Trying implement SNI with HAProxy 1.6 version. How I want is: 1. Load all the certs to a directory as pem format (one site cert chain in one file). So there are multiple files (may be 20-30 pem files in the folder) 2. Configure HAProxy to dynamically load the appropriate ssl cert based

Re: Update of SSL certificate on haproxy.org

On Wed, Dec 28, 2016 at 11:50 AM, Willy Tarreau wrote: > Hi Baptiste, > > On Wed, Dec 28, 2016 at 09:32:07AM +0100, Baptiste wrote: > > I personally use a shell script (acme.sh https://github.com/Neilpang/ > acme.sh) > > to setup my certificates with let's encrypt. > > I noticed

Re: Haproxy 1.7 and Ipv6-only hosts

On Fri, Dec 23, 2016 at 5:21 PM, Willy Tarreau wrote: > Hi Baptiste, > > > On Fri, Dec 23, 2016 at 04:57:36PM +0100, Willy Tarreau wrote: > (...) > > The problem is that in order not > > to lose the port which was already parsed, we temporarily set the family > to > > AF_INET and

Re: [PATCH] MEDIUM : regex : draft of pcre2 support

Hi Willy looks good to me thanks. On 28 December 2016 at 11:54, Willy Tarreau wrote: > Hi David, > > On Tue, Nov 22, 2016 at 11:11:09AM +0100, Willy TARREAU wrote: >> Thanks, your patch looks pretty clean so I'm keeping it for 1.8. > > So I've merged it now. I had to slightly adapt

Re: [ANNOUNCE] haproxy-1.5.19

Hi Vincent, On Wed, Dec 28, 2016 at 09:42:29AM +0100, Vincent Bernat wrote: > ??? 28 décembre 2016 09:31 +0100, Vincent Bernat  : > > >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits > >> after version 1.5.18. > > > > Would it be possible to queue this

Re: [ANNOUNCE] haproxy-1.5.19

On Wed, Dec 28, 2016 at 11:00:32AM +0100, Vincent Bernat wrote: > ??? 28 décembre 2016 10:56 +0100, Willy Tarreau  : > > >> >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits > >> >> after version 1.5.18. > >> > > >> > Would it be possible to queue this patch as

Re: Update of SSL certificate on haproxy.org

On 16-12-28 09:32:07, Baptiste wrote: > I planned to release this script on gitlab at some point, and this > could be the right moment :) Yes! signature.asc Description: Digital signature

Re: [ANNOUNCE] haproxy-1.5.19

❦ 28 décembre 2016 10:56 +0100, Willy Tarreau  : >> >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits >> >> after version 1.5.18. >> > >> > Would it be possible to queue this patch as well for the next 1.5 (if >> > any)? >> > >> > commit

[PATCH 2/2] DOC: "block" deny_status documentation.

--- doc/configuration.txt | 16 +--- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index b66267e..775781d 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -2468,17 +2468,18 @@ bind-process [ all | odd |

[PATCH 1/2] DOC: add deprecation notice to "block"

--- doc/configuration.txt | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 6795166..b66267e 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1805,7 +1805,7 @@ backlog

[PATCH] MINOR: proto_http.c 502 error txt typo.

--- src/proto_http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proto_http.c b/src/proto_http.c index aa8d997..d804e60 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -343,7 +343,7 @@ const char *get_reason(unsigned int status) case 499: return "client

Re: SNI with multiple SSL certs

Hi Roshan, Am 28.12.2016 um 13:11 schrieb Roshan Pradeep: Hi Guys Trying implement SNI with HAProxy 1.6 version. How I want is: 1. Load all the certs to a directory as pem format (one site cert chain in one file). So there are multiple files (may be 20-30 pem files in the folder) 2.

Re: SNI with multiple SSL certs

Thanks Lukas for the reply. Regarding the second part of your reply: Then do I need to use like this? use_backend backend_site1 if { ssl_fc_sni site1 } use_backend backend_site2 if { ssl_fc_sni site2 } Because to minimize the admin overhead, do I need to add a new scl every time if I add a new

Re: SNI with multiple SSL certs

Hello, Am 28.12.2016 um 22:33 schrieb Roshan Pradeep: Thanks Lukas for the reply. Regarding the second part of your reply: Then do I need to use like this? use_backend backend_site1 if { ssl_fc_sni site1 } use_backend backend_site2 if { ssl_fc_sni site2 } Because to minimize the admin