Hello
Off the top of my head you could tell haproxy that the key is in a secured
directory of say something like /dev/shm
Then have your own init script that unlocks the private key and puts it
where haproxy expects it (openssl will do that). After haproxy starts it
can be deleted.
It can do it
Thanks, It works as expected.
A a note, if the cookie have already the secure flag, with this rule, pass to
have two secure flags, but I don't have any issue with this behavior.
Regards,
Date: Sat, 25 Jan 2014 11:26:55 +0100
From: w...@1wt.eu
To:
On 01/28/2014 03:58 PM, Emeric Brun wrote:
Hi Ilya,
Ah, interesting. Doing a bit more digging on this end, I see
SSL_set_max_send_fragment, albeit that's from back in 2005. Is that
what you guys are looking at?
This is also an issue for us (see my post from a few days ago) - on
HAProxy's first start, most hosts are marked DOWN with a Layer4 timeout,
even though they are fine, because there are a large number of them.
Some workaround or more forgiving initial health check would be useful here.
Hello Roland,
On Tue, Jan 28, 2014 at 05:21:48PM +0100, pechspilz wrote:
Hello Willy,
Thank you for your input. After you mentioned the potential 999 limit
I found out that uname -n showed a value of 1024. I increased the value
to 20 and thought that this would be enough to tackle the
On Mon, Jan 27, 2014 at 10:24:35PM +0100, Baptiste wrote:
Hi,
You can't do this from HAProxy's configuration file. The passphrase is
requested by your OpenSSL library.
If there is a passphrase on your private key, there is a good reason:
keep it secret.
Maybe hacking HAProxy start
Hey guys,
Do you still want me to bisect? Or should I wait? If you think the
problem is the same I'll just test the fix :-)
Don't waste your time bisecting. I'll propose you to test the patch
instead. The problem I've seen is always the same and is related to
the fact that the SSL layer
Hi Lukas,
On Tue, Jan 28, 2014 at 08:24:39PM +0100, Lukas Tribus wrote:
Hey guys,
Do you still want me to bisect? Or should I wait? If you think the
problem is the same I'll just test the fix :-)
Don't waste your time bisecting. I'll propose you to test the patch
instead. The
Hi guys,
Here's an update of current 1.5 status. All reported bugs were fixed.
I'm currently working on something that was just reported to me today
which is not exactly a bug but a design mistake around the way track-
counters are tracked between HTTP requests when they're done in content
Thanks. Looks like it is websocket connections for us too. So is killing
the process the only way?
Thanks,
Wei
On 1/27/14, 11:47 PM, k simon chio1...@gmail.com wrote:
We got the simlar problem, then capture the traffic and found it's
result in websocket. So we had to kill the old process
On Tue, Jan 28, 2014 at 10:16:39PM +, Wei Kong wrote:
Thanks. Looks like it is websocket connections for us too. So is killing
the process the only way?
It depends if you're willing to kill your websocket connections or not. At
some point they will disappear since the old process does not
11 matches
Mail list logo