Hi Zack,
On Thu, Apr 25, 2013 at 08:46:57PM +, Connelly, Zachary (CGI Federal) wrote:
Lukas (et al),
I pulled down the latest code and compiled (thanks for the build fix). I'm
still getting the same problem with the latest code. Despite compiling with
the debug options as specified
Hi,
On Fri, Apr 26, 2013 at 12:55:23AM +0200, PiBa-NL wrote:
Hi All / Developers,
Seams i have tranparent proxying working now on FreeBSD 8.3 with
HAProxy1.5dev18 + small modification.
Needed to add a firewall forwarding rule to forward the traffic to the
localhost for socket processing.
Hi!
report the exact snapshot you used.
He is at current HEAD by using 20130425 with c621d36ba applied
manually on it (linux 2.6.18 without tproxy support).
He also saw the crashes in -dev18, but I had him update the code.
Thanks,
Lukas
Hello all,
My question is pretty simple.
I just want to know if it's possible to track/log a session from the
connexion to the disconnexion.
I've seen that it was possible with the capture cookie statement but i
don't want to change something from user side.
Is there another way please ?
Hi,
Capture cookie doesn't change anything, it adds to the log line the
cookie value!
pretty simple and straight forward, and this is how people usually track users.
Of course, you must enable HTTP logging, turn your frontend in HTTP
mode as well.
Baptiste
On Fri, Apr 26, 2013 at 9:39 AM,
Hi, all
I have tested CRL verification for master of haproxy git repository
under such conditions:
* two CAs(CA1CA2) used to do verification
* CRL file specified, but contains CRL only issued by CA1
When I send request with certificate issued by CA2, the verification
will fail with the reason of
Hi again Cyril,
On Thu, Apr 25, 2013 at 11:04:03PM +0200, Willy Tarreau wrote:
So I'll see how to enable this by default for health checks. The code
will be different for 1.4 and 1.5 but it's worth doing it anyway.
OK i've fixed it now in 1.4. In fact 1.5 already does this so no change
was
Hi don't understand:
You said using openssl version 0.9.8y, but haproxy -vv shows OpenSSL 1.0.0a.
Emeric
On 04/25/2013 04:45 PM, Connelly, Zachary (CGI Federal) wrote:
Lukas (et al),
Here’s what I have so far:
1.use latest snapshot from [1] – *I’ll* *work on this today*
2.provide the
Emeric,
I'm not sure about that either actually. We definitely only have 0.9.8~
versions on the box and I explicitly reference the 0.9.8y library when I
compile the executable:
TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 ADDLIB=-L/usr/local/openssl-0.9.8y/lib
LDFLAGS+=-ldl
Zack
Zack,
On Fri, Apr 26, 2013 at 02:12:46PM +, Connelly, Zachary (CGI Federal) wrote:
Emeric,
I'm not sure about that either actually. We definitely only have 0.9.8~
versions on the box and I explicitly reference the 0.9.8y library when I
compile the executable:
TARGET=linux26
On Fri, Apr 26, 2013 at 06:25:38PM +0200, Willy Tarreau wrote:
We've checked with Emeric and I can confirm that the SSL struct changed
between the two versions, which exactly explains the 8 bytes offset we
found for ssl-sid_ctx_length which pointed to some wrong location.
I have added a
Hi,
On Fri, Apr 26, 2013 at 06:10:24PM +0100, Pedro Mata-Mouros wrote:
Hi everyone,
Having some trouble with using unique-id in logs, in 1.5-dev18. The following
conf file will completely ignore log-format in defaults. I have to move it to
the frontend in order for something to appear in
Thanks Willy/Emeric! I will try and track down the OpenSSL and we have and
ensure we got the right versions. I did add the ADDINC parameter to the build
to explicitly point to the include linked with the lib and same error occurred.
I will also download the two fixes from today and see if the
Two things:
1. After taking the two patches, ran version and am definitely getting
different versions. I'll have to look into how this could be with the admins
some more.
Built with OpenSSL version : OpenSSL 1.0.0a 1 Jun 2010
Running on OpenSSL version : OpenSSL 0.9.8y 5 Feb 2013
Hi Willy,
Sorry for the weird syntax.. I made the text 'bold', but that seams to
have come out differently...
Anyway i hope the 'patch' below is something you can work with.?
As for renaming the CONFIG_HAP_LINUX_TPROXY to something different would
require everyone that on a regular basis
On Fri, Apr 26, 2013 at 06:22:57PM +, Connelly, Zachary (CGI Federal) wrote:
Two things:
1. After taking the two patches, ran version and am definitely getting
different versions. I'll have to look into how this could be with the admins
some more.
Built with OpenSSL
Hi,
On Fri, Apr 26, 2013 at 08:40:49PM +0200, PiBa-NL wrote:
Hi Willy,
Sorry for the weird syntax.. I made the text 'bold', but that seams to
have come out differently...
As you can guess, there is no bold attribute in source code, so it
must necessarily appear differently at some point.
Now that I'm seeing the patch in its context, I think it's not the
cleanest way to do it, because we redefine IPV6_TRANSPARENT and
IP_TRANSPARENT when IP_FREEBIND is not defined, while we don't use
this one and the other ones are defined below. Also I'm concerned
about the result of running this
Is there a way to debug ssl handshake failures? I occasionally see an error
message in the logs which says Connection error during SSL handshake. It
rarely happens so debugging it is difficult with something like packet
captures because we have over 5000 ssl requests per second. What I was
hoping
Hi,
throwing in my two cents here, based on a few uneducated guesses reading
the Makefile, etc. Feel free to disagree/correct/shout at me :)
(actually I wrote this before Willy answered)
As for renaming the CONFIG_HAP_LINUX_TPROXY to something different would
require everyone that on a
Hi Lukas,
On Fri, Apr 26, 2013 at 10:26:33PM +0200, Lukas Tribus wrote:
Hi,
throwing in my two cents here, based on a few uneducated guesses reading
the Makefile, etc. Feel free to disagree/correct/shout at me :)
Thanks for sharing your thoughts, I feel less alone sometimes when I can
Hi Willy / Lukas,
It seams to me OpenBSD doesn't support the IP_BINDANY flag..:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/netinet/in.h
http://www.openbsd.org/cgi-bin/cvsweb/%7Echeckout%7E/src/sys/netinet/in.h
While FreeBSD does:
On Fri, Apr 26, 2013 at 11:03:00PM +0200, PiBa-NL wrote:
Hi Willy / Lukas,
It seams to me OpenBSD doesn't support the IP_BINDANY flag..:
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/netinet/in.h
http://www.openbsd.org/cgi-bin/cvsweb/%7Echeckout%7E/src/sys/netinet/in.h
it seems
Hi Willy,
Le 26/04/2013 11:50, Willy Tarreau a écrit :
Hi again Cyril,
On Thu, Apr 25, 2013 at 11:04:03PM +0200, Willy Tarreau wrote:
So I'll see how to enable this by default for health checks. The code
will be different for 1.4 and 1.5 but it's worth doing it anyway.
OK i've fixed it now
Hi Willy,
Ill give it a try and send the patch as an attachment, though im not
100% comfortable with the code. I think i can do it.
Will take me a few days though..
Thanks sofar.
Op 26-4-2013 23:12, Willy Tarreau schreef:
On Fri, Apr 26, 2013 at 11:03:00PM +0200, PiBa-NL wrote:
Hi Willy /
Hi Lukas
Horribly late response but thanks for the thorough reply. I've been doing
additional testing and HAProxy is filling all our needs thus far (I've got one
implementation that I'll send to the DL separately). No bugs or odd behavior to
report yet.
- Ahmed Osman
-Original
Hello Everyone,
I'm wondering if anyone is able to tell me if this is default behavior or if I
need to configure this. In a nutshell I have this setup:
LB_Pool1
Server1:6060
Server2:6060
LB_Pool2
Server1:80
Server2:80
I can do a check pretty easily on LB_Pool2 however I don't have a method
On 4/26/13 8:09 PM, Ahmed Osman wrote:
Hello Everyone,
I'm wondering if anyone is able to tell me if this is default behavior
or if I need to configure this. In a nutshell I have this setup:
LB_Pool1
Server1:6060
Server2:6060
LB_Pool2
Server1:80
Server2:80
I can do a check pretty
It sounds like you're asking how to use a server's health state in one
backend as the health state in another. If so you can use the track
option on the servers
backend pool1
server server1 1.1.1.1:6060 track pool2/server1
server server2 1.1.1.2:6060 track pool2/server2
backend pool2
Is this in the latest stable release?
On Thu, Apr 25, 2013 at 11:38 AM, Baptiste bed...@gmail.com wrote:
Hi,
So basically, you want to rate limit on the URL including the query string.
something like:
frontend webservice
[...]
acl url_to_protect path /something/object
Hi,
If it can help, I've been in touch with Emeric about SSL handshake
failure since
some times now but it's maybe preferable to use the ML to share
experience.
I'm using the following cipher filter list :
'ALL:!SSLv2:!eNULL:!aNULL:!LOW:!EXPORT:!kECDH:!MD5:@STRENGTH'
The PEM file I used is
Hey Bryan,
That's exactly what I want, thanks! Looks like usage of track is pretty
straightforward too.
Re: Davids response, port 6060 only returns an auth prompt and depends on the
application on port 80 working. If something weird happens to the application
on port 80 that auth prompt will
32 matches
Mail list logo
