OoO En cette nuit nuageuse du jeudi 03 novembre 2011, vers 01:21, Erik
Torlen disait :
> Yes, I'm currently on Ubuntu 10.04.
> So basically I could grab this (http://packages.ubuntu.com/oneiric/openssl)
> .deb package and then
> add the patch you linked for me to it?
> Can I then compile s
because writting the tool to do it is more fun and easier to maintain
than a whole doc to parse again after each patch.
:)
On Thu, Nov 3, 2011 at 6:23 AM, carlo flores wrote:
> Just curious: why not rewrite the docs in markdown?
>
> Would a rewrite formulinix could just add to be welcome?
>
> On
Just curious: why not rewrite the docs in markdown?
Would a rewrite formulinix could just add to be welcome?
On Wednesday, November 2, 2011, Baptiste wrote:
> Hi Aleks,
>
> It's a good and interesting start.
> I already talked to Willy about the doc format, and unfortunately for
> you, the way y
I'm writting currently writting the blog article about it, but last
Emeric patch will allow you scale OUT your SSL perfomance through a
shared SSL session ID cache.
cheers
On Thu, Nov 3, 2011 at 1:21 AM, Erik Torlen wrote:
> Yes, I'm currently on Ubuntu 10.04.
> So basically I could grab this (
Hi Aleks,
It's a good and interesting start.
I already talked to Willy about the doc format, and unfortunately for
you, the way you're doing is not the one wanted by him.
As you have remarked, the doc format is quite "open", each
documentation contributors tries to maintain the format, but there
Yes, I'm currently on Ubuntu 10.04.
So basically I could grab this (http://packages.ubuntu.com/oneiric/openssl)
.deb package and then
add the patch you linked for me to it?
Can I then compile stud as default or do I have to modify the Makefile?
/E
-Original Message-
From: Vincent Bernat
Hi all,
I have now started do change the configuration.txt in that way
that asciidoc an produce nice HTML output.
asciidoc -b html5 -o haproxy-conf.html configuration.txt
http://www.none.at/haproxy-conf.html
I have stopped at section 2.3 to get your feedback.
As you can see in the diff there
OoO En cette nuit nuageuse du jeudi 03 novembre 2011, vers 00:32, Erik
Torlen disait :
> Ok, could be an idea to use that then.
> Btw, I am on a system that I can't upgrade to a later version of the
> dist and take advantage of openssl 1.0.0 through apt.
> Could I make stud use openssl with sta
OoO La nuit ayant déjà recouvert d'encre ce jour du mercredi 02 novembre
2011, vers 23:55, Erik Torlen disait :
> Okey, good to know Vincent.
> Do you know the memory impact using 10k, 20k etc?
Yes. Divide by two to get the size in kbytes. So a 10k cache will be
about 5Mbytes. There is als
Ok, could be an idea to use that then.
Btw, I am on a system that I can't upgrade to a later version of the dist and
take advantage of openssl 1.0.0 through apt.
Could I make stud use openssl with static libs? E.g compiling openssl from
source and the linking it in Makefile for stud.
/E
OoO La nuit ayant déjà recouvert d'encre ce jour du mercredi 02 novembre
2011, vers 23:50, Erik Torlen disait :
> How big difference is it between OpenSSL 0.9.8k and 1.0.0?
> I tried to get openssl 1.0.0 into the system before but had problems
> with other programs where their dependencies got br
Okey, good to know Vincent.
Do you know the memory impact using 10k, 20k etc?
/E
-Original Message-
From: Vincent Bernat [mailto:ber...@luffy.cx]
Sent: den 2 november 2011 15:40
To: Erik Torlen
Cc: Lukas Tribus; haproxy@formilux.org
Subject: Re: Haproxy timing issues
OoO En ce début de
How big difference is it between OpenSSL 0.9.8k and 1.0.0?
I tried to get openssl 1.0.0 into the system before but had problems with other
programs where their dependencies got broken.
/E
-Original Message-
From: Vincent Bernat [mailto:ber...@luffy.cx]
Sent: den 2 november 2011 15:43
OoO En cette soirée bien amorcée du mercredi 02 novembre 2011, vers
22:21, Baptiste disait :
> when doing load-balancing, swapping is the worst thing that could happen.
> Actually, the worst thing would to swap in a VM :)
And with SSL, this can happen quickly. Upgrading to OpenSSL 1.0.0 w
OoO En ce début de soirée du mercredi 02 novembre 2011, vers 21:13, Erik
Torlen disait :
> /usr/local/bin/stud -b 127.0.0.1 85 -f *,443 --ssl -B 1000 -n 2 -C
> 4 -u stud -r /home/stud --write-proxy /usr/share/ssl-cert/
> cert.pem
> I have tried stud using 10k of shared cache which gave me
OoO En ce début de soirée du mercredi 02 novembre 2011, vers 21:34,
"David Prothero" disait :
> I have been looking for a way to disable client-initiated
> renegotiation on stunnel/openssl but haven’t found a way. On the
> options description here:
[...]
As far as I know, there is no easy w
Yes, Vincent Bernat blog posts is really good. However, using these softwares
on EC2 which are VMs does not give the
same performance in all meanings. But I think that it stills perform pretty
good.
I am using taskset for all processes. Haproxy goes to cpu 01 and each stud
process gets bound to
Hi Erik,
I doubt this could improve things because of virtualization, but have
you tried binding processes to CPUs?
On a physical hardware, the purpose is to benefit of the l2/l3 CPU
cache, mainly for network IO and HAProxy, and also reducing the
overhead of the CPU moving processes from a core to
Note: We did not make use of re-negotiation for every connection, only for the
first 2000.
I have started to do the same loadtests now with re-negotiation for each
connection.
/E
-Original Message-
From: Baptiste [mailto:bed...@gmail.com]
Sent: den 1 november 2011 16:08
To: Erik Torl
HAProxy version 1.4.18
stunnel 4.44 with X-Forwarded-For patch
OpenSSL 0.9.8k 25 Mar 2009
Ubuntu 10.04.3 LTS
I'm submitting this here rather than to stunnel's list as I'm not using
the most recent version of stunnel due to needing the X-Forwarded-For
patch.
When I scan my domain (https:/
Thank you, will do that.
Btw, stud is started with these params:
/usr/local/bin/stud -b 127.0.0.1 85 -f *,443 --ssl -B 1000 -n 2 -C 4 -u
stud -r /home/stud --write-proxy /usr/share/ssl-cert/cert.pem
I have tried stud using 10k of shared cache which gave me worse performance.
Has anyone trie
Hi,
you should switch net.ipv4.tcp_tw_recycle off; you have already tcp_tw_reuse
on, which serves the same purpose (and it's less dangerous with NATted clients).
http://www.serverphorums.com/read.php?10,182544
Lukas
> From: erik.tor...@apicasystem.com
> To: bed...@gmail.com
> CC: haproxy@
Hi,
Yeah the clients are not the problem, we are using 5 different datacenters with
5 machines each so ~25 machines. Hardcore loadtesting :)
Btw, the loadtest are done transatlantic so that is causing latency etc.
After some more testing yesterday we found at just what you mentioned here:
usin
23 matches
Mail list logo