On Tue, Jan 28, 2014 at 10:16:39PM +, Wei Kong wrote:
> Thanks. Looks like it is websocket connections for us too. So is killing
> the process the only way?
It depends if you're willing to kill your websocket connections or not. At
some point they will disappear since the old process does not
Thanks. Looks like it is websocket connections for us too. So is killing
the process the only way?
Thanks,
Wei
On 1/27/14, 11:47 PM, "k simon" wrote:
> We got the simlar problem, then capture the traffic and found it's
>result in websocket. So we had to kill the old process manually when
>fini
Hi guys,
Here's an update of current 1.5 status. All reported bugs were fixed.
I'm currently working on something that was just reported to me today
which is not exactly a bug but a design mistake around the way track-
counters are tracked between HTTP requests when they're done in "content"
rule
Hi Lukas,
On Tue, Jan 28, 2014 at 08:24:39PM +0100, Lukas Tribus wrote:
> Hey guys,
>
>
> >> Do you still want me to bisect? Or should I wait? If you think the
> >> problem is the same I'll just test the fix :-)
> >
> > Don't waste your time bisecting. I'll propose you to test the patch
> > inst
Hey guys,
>> Do you still want me to bisect? Or should I wait? If you think the
>> problem is the same I'll just test the fix :-)
>
> Don't waste your time bisecting. I'll propose you to test the patch
> instead. The problem I've seen is always the same and is related to
> the fact that the SSL l
>>> On Mon, Jan 27, 2014 at 10:24:35PM +0100, Baptiste wrote:
>>> > Hi,
>>> >
>>> > You can't do this from HAProxy's configuration file. The passphrase is
>>> > requested by your OpenSSL library.
>>> > If there is a passphrase on your private key, there is a good reason:
>>> > keep it secret.
>>> >
Hello Roland,
On Tue, Jan 28, 2014 at 05:21:48PM +0100, pechspilz wrote:
> Hello Willy,
>
> Thank you for your input. After you mentioned the potential "999 limit"
> I found out that uname -n showed a value of 1024. I increased the value
> to 20 and thought that this would be enough to tack
This is also an issue for us (see my post from a few days ago) - on
HAProxy's first start, most hosts are marked DOWN with a Layer4 timeout,
even though they are fine, because there are a large number of them.
Some workaround or more forgiving initial health check would be useful here.
Kevi
Hello Willy,
Thank you for your input. After you mentioned the potential "999 limit"
I found out that uname -n showed a value of 1024. I increased the value
to 20 and thought that this would be enough to tackle the problem.
It wasn't. The problem returned two days later. However, now it's
*From: *Willy Tarreau
*Sent: * 2014-01-25 05:45:11 E
*To: *Patrick Hemmer
*CC: *Malcolm Turnbull , haproxy@formilux.org
*Subject: *Re: Just a simple thought on health checks after a soft
reload of HAProxy
> On Tue, Jan 21, 2014 at 09:04:12PM -0500, Patrick Hemmer wrote:
>> Personally I woul
On 01/28/2014 03:58 PM, Emeric Brun wrote:
Hi Ilya,
Ah, interesting. Doing a bit more digging on this end, I see
"SSL_set_max_send_fragment", albeit that's from back in 2005. Is that
what you guys are looking at?
https://github.com/openssl/openssl/commit/566dda07ba16f9d3b9774fd5c8d526d7cc93f
Hi Ilya,
Ah, interesting. Doing a bit more digging on this end, I see
"SSL_set_max_send_fragment", albeit that's from back in 2005. Is that
what you guys are looking at?
https://github.com/openssl/openssl/commit/566dda07ba16f9d3b9774fd5c8d526d7cc93f179
Yes, that's it! it appears in openssl
Hi,
You could fix this with an acl to prevent adding the secure flag if one is
present.
Baptiste
Le 28 janv. 2014 12:09, "Ricardo" a écrit :
> Thanks, It works as expected.
>
> A a note, if the cookie have already the secure flag, with this rule, pass
> to have two secure flags, but I don't ha
Thanks, It works as expected.
A a note, if the cookie have already the secure flag, with this rule, pass to
have two secure flags, but I don't have any issue with this behavior.
Regards,
> Date: Sat, 25 Jan 2014 11:26:55 +0100
> From: w...@1wt.eu
> To:
Hello
Off the top of my head you could tell haproxy that the key is in a secured
directory of say something like /dev/shm
Then have your own init script that unlocks the private key and puts it
where haproxy expects it (openssl will do that). After haproxy starts it
can be deleted.
It can do it a
15 matches
Mail list logo