Hi Ryan,
On Wed, Sep 10, 2014 at 04:36:24PM -0500, Ryan Brock wrote:
> Here is the change I made on the very latest 1.6 master dev. It is only in
> the one spot. There was discussion of changing it in a few other spots were
> status was checked for less than 200, but I wouldn't know how to test th
On Wed, Sep 10, 2014 at 10:38:55PM -0700, Matt Robenolt wrote:
> Awesome, thanks. :)
>
> Is it possible to also get this applied into the 1.5 branch since this is low
> risk and doesn???t break any backwards compatibility and whatnot?
I've just backported it as well. 1.5 was still missing Conrad
On Wed, Sep 10, 2014 at 07:09:13PM -0600, Shawn Heisey wrote:
> > having two different versions, we cannot rule out a problem there.
>
> I did manage to do that. My captures (of my test requests) don't show an
> improvement in wireshark's ability to decrypt.
>
> I suspect that the actual handshak
Awesome, thanks. :)
Is it possible to also get this applied into the 1.5 branch since this is low
risk and doesn’t break any backwards compatibility and whatnot?
--
Matt Robenolt
@mattrobenolt
On Thu, Sep 11, 2014 at 5:33 AM, Willy Tarreau wrote:
> Hi Matt,
> On Thu, Sep 11, 2014 at 05:19:3
Hi Matt,
On Thu, Sep 11, 2014 at 05:19:30AM +, Matt Robenolt wrote:
> My proposal is to let haproxy-systemd-wrapper also accept normal
> SIGHUP/SIGTERM signals to play nicely with other process managers
> besides just systemd. In my use case, this will be for using with
> runit which has to ab
My proposal is to let haproxy-systemd-wrapper also accept normal
SIGHUP/SIGTERM signals to play nicely with other process managers
besides just systemd. In my use case, this will be for using with
runit which has to ability to change the signal used for a
"reload" or "stop" command. It also might b
On Mon, Sep 08, 2014 at 11:28:37AM +0200, Olivier wrote:
> Hello,
>
> i've reworked my patch so that it can be applied smoothly :)
patch applied, thank you Olivier.
Willy
Hi
I have a scenario where i have two tomcat *servers A and B* behind the
haproxy, now one of the app servers have a new version of the war and the
other tomcat has a old version of the war file.So at a point of time we
will have only the server A active which has a set of users inside it ,
after
> having two different versions, we cannot rule out a problem there.
I did manage to do that. My captures (of my test requests) don't show an
improvement in wireshark's ability to decrypt.
I suspect that the actual handshake problem with the customer is on their
end. The certificate we were using
Here is the change I made on the very latest 1.6 master dev. It is only in
the one spot. There was discussion of changing it in a few other spots were
status was checked for less than 200, but I wouldn't know how to test that
correctly so I didn't feel it was a good idea to change it.
This change
On Wed, Sep 10, 2014 at 04:09:54PM +0200, bjun...@gmail.com wrote:
> 2014-09-04 14:33 GMT+02:00 bjun...@gmail.com :
> > Hi,
> >
> >
> > i'm using the following in a backend to rate-limit spider or bad
> > behavior clients:
> >
> >
> > backend be_spider
> >
> > tcp-request inspect-delay 2000ms
>
On Wed, Sep 10, 2014 at 12:20:00PM -0600, Shawn Heisey wrote:
> On 9/9/2014 11:45 PM, Willy Tarreau wrote:
> > It is possible that the more recent openssl lib above defined a few extra
> > fields that are not supported by the older one used at runtime, resulting
> > in undefined behaviour. If you c
On 10/09/2014 03:31 μμ, Franky Van Liedekerke wrote:
> Hi,
>
>
[..snip..]
> Any hints are very much appreciated. If more info is needed, let me know.
>
Is it possible to run tcpdump on both servers and see who is sending
RSTs? what about ldap logs? Do you know if you get this problem for all
On 9/9/2014 11:45 PM, Willy Tarreau wrote:
> It is possible that the more recent openssl lib above defined a few extra
> fields that are not supported by the older one used at runtime, resulting
> in undefined behaviour. If you cannot upgrade the production version, I
> suggest that instead you reb
Hi,
Le 10/09/2014 15:54, e...@cslab.ece.ntua.gr a écrit :
You can use the log-format directive below, in your frontend, to log SSL
related informations:
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\
%CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\
{%sslv/%sslc/%[
Hi Krisztian,
On Wed, Sep 10, 2014 at 06:02:13PM +0200, KOVACS Krisztian wrote:
> > > +void conn_clear_network_namespace(struct connection* conn)
> > > +{
> > > + if((conn->flags & CO_FL_NAMESPACE_RECV) &&
> > (conn->network_namespace != NULL))
> > > + {
> > > + free(conn->netw
Dear Willy,
First of all, thanks a lot for your comments. Please find our comments
inline.
On Fri, Sep 5, 2014 at 6:23 PM, Willy Tarreau wrote:
> Hi László,
>
> On Fri, Sep 05, 2014 at 10:18:25AM +0200, Sárközi, László wrote:
> > Dear haproxy list,
> >
> > We've been working on a project that i
Hi,
Are you targeting Magento Users list for your email marketing campaign?
We provide the Database across North America, EMEA, APAC and Latin America.
Information Fields - Name, Title, Email, Company Name, and Company Details
like, Physical Address, Web Address, Revenue Size, Employee Size a
2014-09-04 14:33 GMT+02:00 bjun...@gmail.com :
> Hi,
>
>
> i'm using the following in a backend to rate-limit spider or bad
> behavior clients:
>
>
> backend be_spider
>
> tcp-request inspect-delay 2000ms
> tcp-request content accept if WAIT_END
>
> server node01 192.168.1.10:80 maxconn
> On Tue, Sep 9, 2014 at 4:47 PM, wrote:
>>> On Tue, Sep 9, 2014 at 4:01 PM, wrote:
Hello,
I have HAproxy 1.5.4 installed in Debian Wheezy x64. My configuration
file
is attached. I want session stickiness so i use appsession attribute but
I
have a serious performance is
Hi,
I'm using haproxy on centos 6.5 KVM virtual machines to loadbalance
some ldap traffic. Both virtual servers (haproxy and ldap server) are
running on the same KVM host (for testing I disabled the other ldap
servers in the balanced setup).
Now I'm seeing in the error logs all the time connection
Any thoughts on why my reqirep is not working properly on the below
configuration file?
The replace does not seem to work after putting this in place.
The reqirep should be searching for any url with
/ordering/vaporencroachment/vaporencroachment.html in it to
/ordering/lightbox/vecapp.html.
I
Please add me to mailing list
---
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.com
On wo, 2014-09-10 at 11:47 +0200, Pavlos Parissis wrote:
> On 10/09/2014 07:02 πμ, Juho Mäkinen wrote:
> > Thanks Pavlos for your help. Fortunately (and embarrassedly for me) the
> > mistake was not anywhere near haproxy but instead my haproxy configure
> > template system had a bug which mixed up
Hello,
we merged all neccessary SSL-related parameters leads to A+ without HSTS errors:
1) Use secure ciphers
bind no-sslv3 ciphers
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!L
On 10/09/2014 07:02 πμ, Juho Mäkinen wrote:
> Thanks Pavlos for your help. Fortunately (and embarrassedly for me) the
> mistake was not anywhere near haproxy but instead my haproxy configure
> template system had a bug which mixed up the backend name and ip
> address. Because of this haproxy showed
On Wed, Sep 10, 2014 at 09:21:21AM +, Andreas Mock wrote:
> Hi Willy,
>
> which trace would help?
> On the server side?
> Do you mean a TCP dump or which trace do you think of?
Yes, a tcpdump with full packets on the server side (clear text) so that
we know whether the response is compatible
Hi Willy,
which trace would help?
On the server side?
Do you mean a TCP dump or which trace do you think of?
Best regards
Andreas
> -Ursprüngliche Nachricht-
> Von: Willy Tarreau [mailto:w...@1wt.eu]
> Gesendet: Mittwoch, 10. September 2014 11:13
> An: Andreas Mock
> Cc: haproxy
> Betr
On Wed, Sep 10, 2014 at 08:32:05AM +, Andreas Mock wrote:
> Hi Willy,
>
> thank you for your answer.
>
> Do you have an explanation for the fact that
> ab keep-alive without SSL seems to work correct but
> as soon as SSL is enabled performance degrades as
> shown?
Unfortunately no, I have
Hi Willy,
thank you for your answer.
Do you have an explanation for the fact that
ab keep-alive without SSL seems to work correct but
as soon as SSL is enabled performance degrades as
shown?
Best regards
Andreas Mock
> -Ursprüngliche Nachricht-
> Von: Willy Tarreau [mailto:w...@1wt.eu
Vision du Monde
Si vous ne visualisez pas correctement
cette page, [
http://mail.votreinscription.com/V1021549620560.cfm?WL=11099&WS=21273755_4382550&WA=20934?WL=11099&WS=21273755_4382550&WA=20934
] cliquez ici
[
http://
Hi,
On 09.09.2014 15:08, pablo platt wrote:
> rspadd Strict-Transport-Security:\ max-age=31536000;\
> includeSubDomains if ssl-proxy
>
> Do I need to add it to the frontend or backend?
so its response, so better do it in the backend but it will work in the
frontend too.
> Will it break raw TLS (no
32 matches
Mail list logo
