Hello,
I have a question about the network design. I think there are two options:
one arm vs two arm
For performance critical applications I think it's better to use one
arm. In several howto's on the web there are no informations about
direct-routing and loopback ip. When my real-servers
Hello,
On 12/30/2013 06:54 AM, Delta Yeh wrote:
Hi,
In one of my setup, I failed to loadbalance a fortiweb WAF protected
website.
Haproxy return 502, but the browser works OK.
With the help of wireshark, I notice that the response header returned
by fortiweb WAF is not RFC
Thanks you.
I have tried 'option accept-invalid-http-response' both in frontend and
backend, but it doesn't help.
2013/12/30 Nenad Merdanovic ni...@nimzo.info
Hello,
On 12/30/2013 06:54 AM, Delta Yeh wrote:
Hi,
In one of my setup, I failed to loadbalance a fortiweb WAF protected
Hi,
I have made a patch to add proxy protocol to Varnish 3.0
you can find it at http://varnish.hocdet.net
Emmanuel
Hi Delta,
Normal, the returned response is too crappy!!!
Your only solution is to switch to TCP mode.
Baptiste
On Mon, Dec 30, 2013 at 4:16 PM, Delta Yeh delta@gmail.com wrote:
Thanks you.
I have tried 'option accept-invalid-http-response' both in frontend and
backend, but it doesn't
On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote:
Hi,
I have made a patch to add proxy protocol to V arnish 3.0
you can find it at http://varnish.hocdet.net
Emmanuel
Brilliant!!!
I'm going to play with it soon :)
Baptiste
Hi,
We recently needed an ACL to match a request's SNI host against a suffix (i.e.
create an ACL to match *.my.domain.com against the SNI hostname).
I was surprised to find out that req_ssl_sni had no search wrappers like _end
and _reg.
I saw that adding them was really trivial (kudos!) and I
Hi Noam,
Le 30/12/2013 19:38, Noam Liran a écrit :
Hi,
We recently needed an ACL to match a request's SNI host against a suffix (i.e.
create an ACL to match *.my.domain.com against the SNI hostname).
I was surprised to find out that req_ssl_sni had no search wrappers like _end
and _reg.
I
Hi,
I know haproxy doesn't do UDP loadbalancing, but I figured someone here
might now A nice tool which can doe this for me. (If haproxy could do it
it would have been nice though... ;-) )
I've looked at pen but it doesn't seem to do IPV6.
LVS can do the trick but I need to reconfigure a
Hi,
I'm using haproxy ss-20131229 to reverse proxy some windows iis server
with ntlm-auth enabled (one of them being exchange 2012).
While I understood that using 'option http-keep-alive' would make
ntlm-auth work, it doesn't work for me. Are there still some issue with
http-keep-alive and
Hi,
I have made a patch to add proxy protocol to Varnish 3.0
you can find it at http://varnish.hocdet.net
Nice!
Btw, is there any patch available for apache? Google search
with the apache, haproxy, proxy keywords isn't very helpful,
as you can immagine ...
We need more exotic names for
Hi,
HTTP/1.1 200 OK
Date: Mon, 30 Dec 2013 05:40:02 GMT
X
MicrosoftOfficeWebServer: 5.0_Pub
X
XXX
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 73803
!DOCTYPE html PUBLIC
Hi,
Hi,
I know haproxy doesn't do UDP loadbalancing, but I figured someone here
might now A nice tool which can doe this for me. (If haproxy could do it
it would have been nice though... ;-) )
I've looked at pen but it doesn't seem to do IPV6.
LVS can do the trick but I need to
Hi,
Subject: http-keep-alive broken?
Hi,
I'm using haproxy ss-20131229 to reverse proxy some windows iis server
with ntlm-auth enabled (one of them being exchange 2012).
While I understood that using 'option http-keep-alive' would make
ntlm-auth work, it doesn't work for me. Are there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 31.12.2013 00:50, Lukas Tribus wrote:
Hi,
Subject: http-keep-alive broken?
Hi,
I'm using haproxy ss-20131229 to reverse proxy some windows iis server
with ntlm-auth enabled (one of them being exchange 2012).
While I understood
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 30.12.2013 19:00, Baptiste wrote:
On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote:
Hi,
I have made a patch to add proxy protocol to V arnish 3.0
you can find it at http://varnish.hocdet.net
Emmanuel
Hi,
For proxy, server side keepalive works OK.
But it seemed haproxy dev21 server side keepalive does not work with
tproxy.
The config is :
backend www
source 0.0.0.0 usesrc hdr_ip(X-Real-IP)
server SERVER 1.2.3.4:80
no option http-server-close
option http-keep-alive
no
Hi Lukas,
I know the response is crappy like Baptiste said.
But as a reverse proxy, nginx works OK for this website, it would be
better if haproxy also works for such website.
The debug output of wget is:
---request begin---
GET / HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64;
Hi,
On Tue, Dec 31, 2013 at 01:58:57PM +0800, Delta Yeh wrote:
Hi,
For proxy, server side keepalive works OK.
But it seemed haproxy dev21 server side keepalive does not work with
tproxy.
The config is :
backend www
source 0.0.0.0 usesrc hdr_ip(X-Real-IP)
server SERVER
Hi Willy,
Good to know it is an known limitation for 1.5dev21, hope good news from
1.5 final in near future.
Thank you and the team for haproxy.
Happy New Year!!
BR,
DeltaY
2013/12/31 Willy Tarreau w...@1wt.eu
Hi,
On Tue, Dec 31, 2013 at 01:58:57PM +0800, Delta Yeh wrote:
Hi,
On Tue, Dec 31, 2013 at 02:04:02PM +0800, Delta Yeh wrote:
Hi Lukas,
I know the response is crappy like Baptiste said.
But as a reverse proxy, nginx works OK for this website, it would be
better if haproxy also works for such website.
The debug output of wget is:
Could you please
On Tue, Dec 31, 2013 at 03:23:59AM +0100, Thomas Heil wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 30.12.2013 19:00, Baptiste wrote:
On Mon, Dec 30, 2013 at 6:36 PM, Emmanuel Hocdet m...@gandi.net wrote:
Hi,
I have made a patch to add proxy protocol to V arnish
On Tue, Dec 31, 2013 at 12:34:43AM +0100, Lukas Tribus wrote:
Hi,
I have made a patch to add proxy protocol to Varnish 3.0
you can find it at http://varnish.hocdet.net
Nice!
Btw, is there any patch available for apache? Google search
with the apache, haproxy, proxy keywords isn't
On Tue, Dec 31, 2013 at 03:22:43AM +0100, Thomas Heil wrote:
While I understood that using 'option http-keep-alive' would make
ntlm-auth work, it doesn't work for me. Are there still some issue with
http-keep-alive and ntlm-auth?
Honestly I would just use the default tunnel mode for
On Tue, Dec 31, 2013 at 12:44:26AM +0100, Lukas Tribus wrote:
Hi,
Hi,
I know haproxy doesn't do UDP loadbalancing, but I figured someone here
might now A nice tool which can doe this for me. (If haproxy could do it
it would have been nice though... ;-) )
I've looked at pen but
Hello,
On Mon, Dec 30, 2013 at 10:27:52AM +0100, Willi Fehler wrote:
Hello,
I have a question about the network design. I think there are two options:
one arm vs two arm
For performance critical applications I think it's better to use one
arm. In several howto's on the web there are
26 matches
Mail list logo