Re: [PATCH] MINOR: cli: ability to set per-server maxconn
Many thanks! On Wed, Oct 28, 2015 at 2:04 AM, Willy Tarreauwrote: > On Tue, Oct 27, 2015 at 04:50:35PM -0500, Andrew Hayworth wrote: >> Ah, thanks - I hadn't thought about the case where connections were >> queued up. In my tests, I had a very low queue timeout. The code you >> suggested seems to do the trick. Updated patch below. > > Applied, thanks. I fixed a minor indent issue, please be careful next > time : > > if (sv->maxconn == sv->minconn) { // static maxconn > - sv->maxconn = sv->minconn = v; > + sv->maxconn = sv->minconn = v; > } else { // dynamic maxconn > - sv->maxconn = v; > + sv->maxconn = v; > } > Thanks, > willy > -- - Andrew Hayworth
[SPAM] Croisieres 2016 des 336 euros, Decembre en Belgique, Promos Marrakech
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac0=haproxy@formilux.org=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html, cliquez ici : http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac1=%40xahw9KLVf1JCJLLchY483xOjah3PjiYc3ecr4swxNGU%3D ou copiez le lien dans votre navigateur Web http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac2=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac3=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac4=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac5=haproxy@formilux.org DECEMBRE EN BELGIQUE http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac6=haproxy@formilux.org 4 villages vacances à découvrir http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac7=haproxy@formilux.org À partir de http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac8=haproxy@formilux.org 139€ http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac9=haproxy@formilux.org DÉCOUVRIR http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aca=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acb=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acc=haproxy@formilux.org PROMOS CROISIERES 2016 http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acd=haproxy@formilux.org Jusqu'à 200 euros de réduction http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ace=haproxy@formilux.org À partir de http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acf=haproxy@formilux.org 336€ http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad0=haproxy@formilux.org DÉCOUVRIR http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad1=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad2=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad3=haproxy@formilux.org SPECIAL MARRAKECH http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad4=haproxy@formilux.org Séjours 5j/4n vol + hôtel http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad5=haproxy@formilux.org À partir de http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad6=haproxy@formilux.org 145€ http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad7=haproxy@formilux.org DÉCOUVRIR http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad8=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad9=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ada=haproxy@formilux.org MSC PREZIOSA 5* http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104adb=haproxy@formilux.org France, Italie, Malte, Espagne http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104adc=haproxy@formilux.org À partir de http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104add=haproxy@formilux.org 359€ http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ade=haproxy@formilux.org DÉCOUVRIR http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104adf=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae0=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae1=haproxy@formilux.org CROISIERE PARFUM DES ILES http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae2=haproxy@formilux.org Rep Dom, St Barth, Venezuela http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae3=haproxy@formilux.org À partir de http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae4=haproxy@formilux.org 999€ http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae5=haproxy@formilux.org DÉCOUVRIR http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae6=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae7=haproxy@formilux.org http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae8=haproxy@formilux.org VILLAGE SUNPARKS ARDENNEN http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae9=haproxy@formilux.org 5j/4n en Maison Select 59m² http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aea=haproxy@formilux.org À partir de http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aeb=haproxy@formilux.org 149€ http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aec=haproxy@formilux.org DÉCOUVRIR
Re: Haproxy: support for Haiku
2015-11-01 21:27 GMT+01:00 Willy Tarreau: > Ah OK indeed! Then that's fine. I'd prefer to split your patch in two > because then it fixes a bug since the installation is forced on platforms > which do not build it and will necessarily result in an error. And of > course, I'm seeing that just a few minutes after I've tagged 1.5.15, as > usual :-/ I agree, two commits are better in this case. > > If you can split it, I'd appreciate it, otherwise I'll do it once I'm > done with the 1.5.15 changelog and announce. Here is an updated patchset for git HEAD. Bye, Jérôme haproxy-1.7.0.git.patchset Description: Binary data
Potential Bug
I believe I may have discovered a bug in HAProxy 1.5.4 on CentOS 7.1, installed via standard repositories. I don't want to go into debugging levels of detail here, but instead will provide a synopsis in the hopes someone knows of a bug already or can confirm it warrants further investigation. Systems details: [root@(redacted) ~]# cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) [root@(redacted) ~]# haproxy --version HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy Tarreau(redacted) [root@(redacted) ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@(redacted) ~]# uname -a Linux (redacted) 3.10.0-229.11.1.el7.x86_64 #1 SMP Thu Aug 6 01:06:18 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Redacted configuration: global daemon chroot /var/lib/haproxy group haproxy log 127.0.0.1 local2 tune.ssl.default-dh-param 2048 user haproxy stats socket /var/lib/haproxy/stats level admin maxconn 3 pidfile /var/run/haproxy.pid #ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA #ssl-default-bind-options no-tls-tickets -- as a side note, this is an unknown option to 1.5.4 defaults retries 3 log global timeout http-request 10s timeout queue 10s timeout connect 10s timeout client 10s timeout server 10s timeout http-keep-alive 10s timeout check 10s mode http balance roundrobin option dontlognull option redispatch frontend https-in (redacted ...) bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/certs/(redacted) redirect scheme https if !{ ssl_fc } default_backend client option httplog (redacted ...) (redacted ...) Quite a lot has been removed from here for security reasons, so I apologise if this obstructs efforts to help with this issue. In the above configuration, the key component here is 'ssl-default-bind-ciphers'. With this line commented out, as it is above, Qualys SSL Server Test (https://www.ssllabs.com/ssltest/index.html) brings our HAProxy instance to its knees when it reaches the stage of, "Testing deprecated cipher suites". With the line uncommented, and HAProxy restarted, the tests pass fine and we come away with an A rating. As this is a semi-production system, I can't currently spend the time taking out each cipher one at a time to determine which one could be causing the issue, but I can at a later date if someone feels the need. And again, I can and will go into more detail if you peeps feel the need is there to do so. Regards, Michael C.
Re: Potential Bug
I think is missing the line from the configuration was a silly thing to do on our part, without a doubt. Maybe Qualys' tests contain a test that is meant to crash the SSL implementation by design? We're at the mercy of what version is available to use via the CentOS/EPEL mirrors, but I would actually like to see 1.6.1 in place, so perhaps I will take that route soon. Compiling from source is swift and our LBs are pretty static boxes. Thanks for the feedback! - Michael C. > On 3 Nov 2015, at 17:17, Marco Cortewrote: > > Hi, Michael! > > The low Qualys rating is the problem, correct? > >> [root@(redacted) ~]# haproxy --version >> HA-Proxy version 1.5.4 2014/09/02 >> Copyright 2000-2014 Willy Tarreau > > I would use a newer version. 1.5.15 has been released. > >> In the above configuration, the key component here is >> 'ssl-default-bind-ciphers'. With this line commented out, as it is >> above, Qualys SSL Server Test >> (https://www.ssllabs.com/ssltest/index.html) brings our HAProxy instance >> to its knees when it reaches the stage of, "Testing deprecated cipher >> suites". With the line uncommented, and HAProxy restarted, the tests >> pass fine and we come away with an A rating. > > Without that line, I believe you are actually offering to the connecting > client all cyphers provided by your OpenSSL library. > I am not sure, because I always specified the list of the cyphers that the > client should see. > > I found very interesting this pages to find the mix suiting my needs. > > https://mozilla.github.io/server-side-tls/ssl-config-generator/ > https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ > > Hope this helps > > .marcoc >
Re: How to Externally Access PHP Application that has Internal Links to Itself
Dear Susheel Jalali Am 02-11-2015 20:24, schrieb Susheel Jalali: Dear Aleks, [snipp] We modified this solution (of Apache) to work with HAProxy, but did not succeed. Is there any insight anyone could provide? What have you changed? Please post your current config. +++ Internal Hyperlinks in our PHP page: +++ ,*" cols="*" frameborder="NO" border="0" framespacing="0"> please add to the PHP page and post the output. You have not answered if my Assumption was right! I still assume that you try to run http://open-emr.org therefore please take a look into this code. https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L137 https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L38 Best regards Aleks On 10/31/15 14:36, Aleksandar Lazic wrote: Dear Susheel Jalali. Am 31-10-2015 08:43, schrieb Susheel Jalali: Dear HAProxy Developers: [snipp] This is same as what Apache server’s mod_proxy_html serves to: rewrite href="http://appserver.example.com/foo/bar.html;>foobar to href="http://www.example.com/appserver/foo/bar.html;>foobar. Is there an output filter equivalent of Apache server’s mod_proxy_html in HAProxy to rewrite internal links in: (i) a PHP page? (ii) an HTML page? Assumption: you use http://open-emr.org conclusion: http://www.open-emr.org/wiki/index.php/Apache2_Notes follow up http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ Have I assumed right and was you able to step forward? BR Aleks
Re: Potential Bug
Hi, Michael! The low Qualys rating is the problem, correct? [root@(redacted) ~]# haproxy --version HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy TarreauI would use a newer version. 1.5.15 has been released. In the above configuration, the key component here is 'ssl-default-bind-ciphers'. With this line commented out, as it is above, Qualys SSL Server Test (https://www.ssllabs.com/ssltest/index.html) brings our HAProxy instance to its knees when it reaches the stage of, "Testing deprecated cipher suites". With the line uncommented, and HAProxy restarted, the tests pass fine and we come away with an A rating. Without that line, I believe you are actually offering to the connecting client all cyphers provided by your OpenSSL library. I am not sure, because I always specified the list of the cyphers that the client should see. I found very interesting this pages to find the mix suiting my needs. https://mozilla.github.io/server-side-tls/ssl-config-generator/ https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Hope this helps .marcoc
RE: How to Externally Access PHP Application that has Internal Links to Itself
Dear Aleks, Apologies we missed answering one of your previous questions. I still assume that you try to run http://open-emr.org We have three products written in PHP and HTML5. All of these are facing similar issues due to relative hyperlinks to itself. One of these is OpenEMR, whose code we posted. We will work on the others after we succeed here. We are working on the two pointers you provided and will share with you later today: (i) openemr/../globals.php and (ii) output. (iii) current HAProxy config Thank you. Sincerely, -- Susheel Jalali www.Coscend.com Original Message From: Aleksandar LazicDate: Mon, November 02, 2015 11:30 pm Dear Susheel Jalali Am 02-11-2015 20:24, schrieb Susheel Jalali: > Dear Aleks, [snipp] > We modified this solution (of Apache) to work with HAProxy, but did > not succeed. Is there any insight anyone could provide? What have you changed? Please post your current config. > +++ > Internal Hyperlinks in our PHP page: > +++ > "$GLOBALS[logoBarHeight],$GLOBALS[titleBarHeight]" ?>,*" cols="*" > frameborder="NO" border="0" framespacing="0"> > $rootdir;?>/login/filler.php" name="Filler Top" scrolling="no" > noresize frameborder="NO"> > $rootdir;?>/login/login_title.php" name="Title" scrolling="no" > noresize frameborder="NO"> > /login/login.php" name="Login" > scrolling="auto" frameborder="NO"> > please add to the PHP page and post the output. You have not answered if my Assumption was right! I still assume that you try to run http://open-emr.org therefore please take a look into this code. https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L137 https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L38 Best regards Aleks > On 10/31/15 14:36, Aleksandar Lazic wrote: >> Dear Susheel Jalali. >> >> Am 31-10-2015 08:43, schrieb Susheel Jalali: >>> Dear HAProxy Developers: >> >> [snipp] >> >>> This is same as what Apache server’s mod_proxy_html serves to: >>> rewrite >>> href="http://appserver.example.com/foo/bar.html;>foobar >> >>> to >>> href="http://www.example.com/appserver/foo/bar.html;>foobar. >> >>> Is there an output filter equivalent of Apache server’s >>> mod_proxy_html >>> in HAProxy to rewrite internal links in: >>> (i) a PHP page? >>> (ii) an HTML page? >> >> Assumption: >> >> you use http://open-emr.org >> >> conclusion: >> >> http://www.open-emr.org/wiki/index.php/Apache2_Notes >> >> follow up >> >> http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ >> Have I assumed right and was you able to step forward? >> >> BR Aleks >>
Re: Haproxy: support for Haiku
Hi Jérôme, On Mon, Nov 02, 2015 at 06:21:31PM +0100, Jérôme Duval wrote: > 2015-11-01 21:27 GMT+01:00 Willy Tarreau: > > Ah OK indeed! Then that's fine. I'd prefer to split your patch in two > > because then it fixes a bug since the installation is forced on platforms > > which do not build it and will necessarily result in an error. And of > > course, I'm seeing that just a few minutes after I've tagged 1.5.15, as > > usual :-/ > > I agree, two commits are better in this case. > > > > > If you can split it, I'd appreciate it, otherwise I'll do it once I'm > > done with the 1.5.15 changelog and announce. > > Here is an updated patchset for git HEAD. Nice, I've merged the new target into 1.7-dev and the bug into 1.7, 1.6, and 1.5. Thank you! Willy
Re: LUA, 'retry' failed requests
Op 2-11-2015 om 10:03 schreef Thierry FOURNIER: On Sat, 31 Oct 2015 21:22:14 +0100 PiBa-NLwrote: Hi Thierry, haproxy-list, Hi Pieter, Hi Thierry, I've created another possibly interesting lua script, and it works :) (mostly). (on my test machine..) When i visit the 192.168.0.120:9003 website i always see the 'Hello World' page. So in that regard this is usable, it is left to the browser to send the request again, not sure how safe this is in regard to mutations being send twice. It should probably check for POST requests and then just return the error without replacing it with a redirect.. Not sure if that would catch all problem cases.. Ive created a lua service that counts how many requests are made, and returns a error status every 5th request. Second there is a lua response script that checks the status, and replaces it by a redirect if it sees the faulty status 500. This does currently result in the connection being closed and reopened probably due to the txn.res:send().?. Though i am still struggling with what is and isn't supposed to be possible. For example the scripts below are running in 'mode http' and mostly just changing 'headers'. I expected to be able to simply read the status by calling txn.f:status() but this always seems to result in 'null'. Manually parsing the response buffer duplicate works but seems ugly.. txn.f:status() < it doesnt result in the actual status. This is a bug wich I reproduce. Can you try the attached patches ? With the patches it works without my 'workaround', thanks. txn.res:set() < if used in place of send() causes 30 second delay This function put data in the input part of the response buffer. This new data follows the HAProxy stream when the Lua script is finished. It is your case. I can't reproduce this behaviour, I suppose that its because I work locally, and I'm not impacted by the network latency. Even when i bind everything to 0.0.0.0 and use 127.0.0.1 to query the 9003 port it still waits for the timeout to strike.. I'm not sure why it doesn't happen in your setup.. Of course i'm running on FreeBSD, but i don't expect that to affect this.. txn.done() < dumps core. (im not sure when ever to call it? the script below seems to match the description that this function has.?.) I can't reproduce too, for the same reasons, I guess. Please note that both set() and done() need to be uncommented for the dump to happen, with the 5th request. Not sure if it helps, but backtrace of the dump below (would 'bt full' be more usefull?): (gdb) bt #0 0x000801a76bb5 in memmove () from /lib/libc.so.7 #1 0x00417523 in buffer_insert_line2 (b=0x8024a, pos=0x8024a0035 "\r\n\ncontent-type: text/plain\r\ncontent-length: 394\r\n\r\nError 5\r\nversion\t\n[HTTP/1.1]\t\nf\t\n 0\t\n [userdata: 0x802683a68]\t\nsc\t\n 0\t\n [userdata: 0x802683be8]\t\nc\t\n 0\t\n [userdata: 0x802683b68]\t\nheader"..., str=0x58c695 "Connection: keep-alive", len=22) at src/buffer.c:126 #2 0x0047b3a5 in http_header_add_tail2 (msg=0x8024bb290, hdr_idx=0x8024bb280, text=0x58c695 "Connection: keep-alive", len=22) at src/proto_http.c:595 #3 0x0047f943 in http_change_connection_header (txn=0x8024bb280, msg=0x8024bb290, wanted=8388608) at src/proto_http.c:2079 #4 0x004900fd in http_process_res_common (s=0x802485600, rep=0x802485650, an_bit=262144, px=0x8024de000) at src/proto_http.c:6882 #5 0x004d6c90 in process_stream (t=0x8024ab710) at src/stream.c:1918 #6 0x00420588 in process_runnable_tasks () at src/task.c:238 #7 0x0040ce0e in run_poll_loop () at src/haproxy.c:1559 #8 0x0040dcb2 in main (argc=4, argv=0x7fffeb00) at src/haproxy.c:1912 Am i trying to do it wrong? p.s. Is 'health checking' using lua possible? The redis example looks like a health 'ping'.. It could possibly be much much more flexible then the tcp-check send / tcp-check expect routines.. It is not possible. You can write a task which do something (like an http request) and reuse the result in the request processing Lua code, but this task cannot set the status of the server. The doc does say for core.register_task(func) "For example this type of tasks can be executed to perform complex health checks." but if i understand correctly it is so that we can perform healthchecks with it, but the results of such a check cannot be used to change a servers health.? Probably the text near this register_task could use some tweaking then?. Thierry I'm currently testing with HA-Proxy version 1.7-dev0-e4c4b7d and the following configuration files: haproxy.cfg ### global maxconn6000 lua-load/var/etc/haproxy/luascript_lua-count5error defaults timeout connect3 timeout server3 timeout client3 modehttp logglobal frontend TEST-lua-count
Re: How to Externally Access PHP Application that has Internal Links to Itself
Dear Aleks, Thank you for the information. We implemented your insights (i.e., http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/). It only rewrites the URL in the address bar. The PHP application has internal hyperlinks in each page (see frameset, frame class in the code below) . In the request generated by the application server, the /product1 in path is replaced with / by the PHP application. Those links need to be rewritten to work through HAProxy to make it accessible from outside. Here is an example of how internal links are being rewritten for proxy by Apache HTTP server: http://serverfault.com/questions/222823/phpapache-as-forward-reverse-proxy-how-to-process-client-requests-and-server-r?answertab=active#tab-top This is same as what Apache server’s mod_proxy_html serves to: rewrite http://appserver.example.com/foo/bar.html;>foobar to http://www.example.com/appserver/foo/bar.html;>foobar. We modified this solution (of Apache) to work with HAProxy, but did not succeed. Is there any insight anyone could provide? +++ Internal Hyperlinks in our PHP page: +++ ,*" cols="*" frameborder="NO" border="0" framespacing="0"> name="Filler Top" scrolling="no" noresize frameborder="NO"> frameborder="NO"> scrolling="auto" frameborder="NO"> Thank you. Sincerely, Susheel Jalali www.Coscend.com On 10/31/15 14:36, Aleksandar Lazic wrote: Dear Susheel Jalali. Am 31-10-2015 08:43, schrieb Susheel Jalali: Dear HAProxy Developers: [snipp] This is same as what Apache server’s mod_proxy_html serves to: rewrite http://appserver.example.com/foo/bar.html;>foobar to http://www.example.com/appserver/foo/bar.html;>foobar. Is there an output filter equivalent of Apache server’s mod_proxy_html in HAProxy to rewrite internal links in: (i) a PHP page? (ii) an HTML page? Assumption: you use http://open-emr.org conclusion: http://www.open-emr.org/wiki/index.php/Apache2_Notes follow up http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ Have I assumed right and was you able to step forward? BR Aleks
Echo server in Lua
Now that HAProxy has Lua support, I'm looking at the possibility of setting up an echo server, which simply responds with the observed remote address of the client (currently implemented in PHP as ). Does anyone have a suggestion of the most efficient possible implementation of this? If possible, it should handle millions of clients polling it regularly, so speed is essential. Thanks
Re: Multiple nameservers with the same ID is allowed
On Fri, Oct 30, 2015 at 3:22 PM, Pavlos Parissiswrote: > Hi, > > Following resolver section passes configuration check > resolvers mydns1 > nameserver ns1 8.8.8.8:53 > nameserver ns1 8.8.4.4:53 > resolve_retries 3 > timeout retry 1s > hold valid 10s > > IMHO: allowing same ID for 2 different objects, which have stats attached to > them, may not be the best approach here. Since, HAProxy doesn't allow more > than one resolver sections with same name, I would say for consistency > reasons should do the same for nameserver parameters within the same > resolver section. > > If IDs for nameserver are different then you can fetch stats per nameserver: > echo 'show stat resolvers mydns1 ns1'|socat /run/haproxy/admin1.sock stdio > > Cheers, > Pavlos > Hi Pavlos, I agree with you. If you think you can contribute this, feel free, otherwise, let me know and I'll do it. If we go into this direction, we also may add an 'id' keyword, to force the nameserver uuid, like on the server line. We may backport only uuid in 1.6, since other changes may break existing configuration. I'll discuss this point with Willy. Batpiste
Re: GET HAPROXY HOST INFO VIA Api/JSON
I was delivering the "quick" answer to have this feature right now :) This is a need we identified and I already talked to Willy about it. There is technically nothing against such feature. We need time or resource to develop it. If you want to contribute, write a similar function than csv_enc() in src/standard.c. Baptiste On Mon, Nov 2, 2015 at 8:44 AM, Melvil JAwrote: > CSV to json conversion,there are lots of options. > Is it possible to get direct restful output from haproxy. > Suppoes i have hundreds of servers..is it good to parse hundreds of csv o/p > to json ? > > On Mon, Nov 2, 2015 at 1:07 PM, Baptiste wrote: >> >> Yes, using jq: >> http://infiniteundo.com/post/99336704013/convert-csv-to-json-with-jq >> >> Baptiste >> >> On Mon, Nov 2, 2015 at 6:36 AM, Melvil JA >> wrote: >> > Is it possible to get haproxy host information via api/json other than >> > via >> > ui and csv ? >> > >> > -- >> > Thanks >> > >> > who/melvil >> > >> > _ >> > The information contained in this communication is intended solely for >> > the >> > use of the individual or entity to whom it is addressed and others >> > authorized to receive it. It may contain confidential or legally >> > privileged >> > information. If you are not the intended recipient you are hereby >> > notified >> > that any disclosure, copying, distribution or taking any action in >> > reliance >> > on the contents of this information is strictly prohibited and may be >> > unlawful. If you have received this communication in error, please >> > notify us >> > immediately by responding to this email and then delete it from your >> > system. >> > The firm is neither liable for the proper and complete transmission of >> > the >> > information contained in this communication nor for any delay in its >> > receipt. > > > > > -- > Thanks > > who/melvil > > _ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others > authorized to receive it. It may contain confidential or legally privileged > information. If you are not the intended recipient you are hereby notified > that any disclosure, copying, distribution or taking any action in reliance > on the contents of this information is strictly prohibited and may be > unlawful. If you have received this communication in error, please notify us > immediately by responding to this email and then delete it from your system. > The firm is neither liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt.
[SPAM] Prix direct producteur : Champagne, Crozes-Hermitage, Saint-Emilion...
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fb=haproxy@formilux.org=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html, cliquez ici : http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fc=%40K6jVxlDh4pJcilxNjmAPLVezIOhjKbI3HXwhC%2B2Xacg%3D ou copiez le lien dans votre navigateur Web http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fd=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fe=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63ff=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6400=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6401=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6402=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6403=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6404=haproxy@formilux.org=haproxy@formilux.org L'abus d'alcool est dangereux pour la sante, consommez avec modération. La vente d'alcool à des mineurs de moins de 18 ans est interdite Confidentialité des données : conformément à la Loi Informatique et Libertés du 6 Janvier 1978, vous disposez d'un droit d'accès et de rectification des données vous concernant. Vous recevez cette invitation car vous avez été en contact avec le Service Commercial de CapDecision ou de ses partenaires. Pour ne plus recevoir de messages de CapDecision http://lb.capmail.fr/webApp/unsub?id=%40IUS02hPN68y00E7dRGGvAw%3D%3D; _label="Lien de désinscription" _type="optout">cliquez ici.
Re: LUA, 'retry' failed requests
On Sat, 31 Oct 2015 21:22:14 +0100 PiBa-NLwrote: > Hi Thierry, haproxy-list, Hi Pieter, > I've created another possibly interesting lua script, and it works :) > (mostly). (on my test machine..) > > When i visit the 192.168.0.120:9003 website i always see the 'Hello > World' page. So in that regard this is usable, it is left to the browser > to send the request again, not sure how safe this is in regard to > mutations being send twice. It should probably check for POST requests > and then just return the error without replacing it with a redirect.. > Not sure if that would catch all problem cases.. > > Ive created a lua service that counts how many requests are made, and > returns a error status every 5th request. > Second there is a lua response script that checks the status, and > replaces it by a redirect if it sees the faulty status 500. > This does currently result in the connection being closed and reopened > probably due to the txn.res:send().?. > > Though i am still struggling with what is and isn't supposed to be possible. > For example the scripts below are running in 'mode http' and mostly just > changing 'headers'. > I expected to be able to simply read the status by calling > txn.f:status() but this always seems to result in 'null'. > Manually parsing the response buffer duplicate works but seems ugly.. > > txn.f:status() < it doesnt result in the actual status. This is a bug wich I reproduce. Can you try the attached patches ? > txn.res:set() < if used in place of send() causes 30 second delay This function put data in the input part of the response buffer. This new data follows the HAProxy stream when the Lua script is finished. It is your case. I can't reproduce this behaviour, I suppose that its because I work locally, and I'm not impacted by the network latency. > txn.done() < dumps core. (im not sure when ever to call it? the script > below seems to match the description that this function has.?.) I can't reproduce too, for the same reasons, I guess. > Am i trying to do it wrong? > > p.s. Is 'health checking' using lua possible? The redis example looks > like a health 'ping'.. It could possibly be much much more flexible then > the tcp-check send / tcp-check expect routines.. It is not possible. You can write a task which do something (like an http request) and reuse the result in the request processing Lua code, but this task cannot set the status of the server. Thierry > I'm currently testing with HA-Proxy version 1.7-dev0-e4c4b7d and the > following configuration files: > > haproxy.cfg ### > global > maxconn6000 > lua-load/var/etc/haproxy/luascript_lua-count5error > defaults > timeout connect3 > timeout server3 > timeout client3 > modehttp > logglobal > frontend TEST-lua-count > bind192.168.0.120:9002 > optionhttp-keep-alive > http-request use-service lua.lua-count > > frontend TEST-lua-retry-serverror > bind192.168.0.120:9003 > optionhttp-keep-alive > http-request lua.retrystorerequest > http-response lua.retryerrors > default_backend hap_9002_http_ipvANY > > backend hap_9002_http_ipvANY > modehttp > retries3 > server192.168.0.120_9002 192.168.0.120:9002 > > ### luascript_lua-count5error ### > core.register_action("retryerrors" , { "http-res" }, function(txn) > local clientip = txn.f:src() > txn:Info(" LUA client " .. clientip) > > local s = txn.f:status() -- doesnt work? > if s == null then > core.Info("LUA txn.s:status RETURNED: NULL, fallback needed ??") > local req = txn.res:dup() > local statusstr = string.sub(req, 10, 13) > s = tonumber(statusstr) > end > core.Info("LUA status " .. s) > > if s ~= 200 then > txn:Info("LUA REDIRECT IT ! " .. s) > > local url = txn:get_priv() > local response = "" > response = response .. "HTTP/1.1 302 Moved\r\n" > response = response .. "Location: " .. url .."\r\n" > response = response .. "\r\n" > > txn.res:send(response) > --txn.res:set(response) -- causes 30 second delay.. > --txn:done() --dumps core.. > end > end); > > core.register_action("retrystorerequest" , { "http-req" }, function(txn) > local url = txn.f:url() > txn:set_priv(url); > end); > > core.register_service("lua-count", "http", function(applet) > if test == null then >test = 0 > end > test = test + 1 > local response = "" > if test % 5 == 0 then >applet:set_status(500) >response = "Error " .. test > else >applet:set_status(200) >response = "Hello World !" .. test > end > applet:add_header("content-length",
www.formilux.org
Hi, My name is Steven and I work with FinCorp Cap. Inc. We provide immediate funding, business loans and merchant card services to help you power you company's growth. We more often say "yes" and faster than traditional lenders in granting Business Loans. And that lets owners spend their time where it should be--on growing their business, not seeking financing. We serve to 4 Plus Businesses & more than 700 Industries Served. To receive PRI CE QUOTE Simply REPLY to this email with your contact information and please indicate if your busi ness currently accepting cre ditcards or not. I look forward to talk to you soon. Best regards, Steven | LO AN Specialist FinCorp Capital Inc 1400 Broadway, New York, New York PHN: 1800 800 6398
F W !How to buy the best fiber optic accessories
Dear, Ijustvisitedyourwebsite,knowingthatyouareonthemark=etforFiberOpticProduct! That'sgreatforwesupplythesamequalityproductsasyoud=o. FiberopticPatchCords,Adaptors,Connectors,Terminalbox,=Fibertools,etc.areourmainofferings.Thequalityandpricesarea=ttractive! Doyoumindtofurtherknowthem?Pleasereplythisemailget=freeproductpricelist. Happyeveryday! Bestregards, SunnyHOLIGHTFIBEROPTIC
Re: Multiple nameservers with the same ID is allowed
On 02/11/2015 09:34 πμ, Baptiste wrote: > On Fri, Oct 30, 2015 at 3:22 PM, Pavlos Parissis >wrote: >> Hi, >> >> Following resolver section passes configuration check >> resolvers mydns1 >> nameserver ns1 8.8.8.8:53 >> nameserver ns1 8.8.4.4:53 >> resolve_retries 3 >> timeout retry 1s >> hold valid 10s >> >> IMHO: allowing same ID for 2 different objects, which have stats attached to >> them, may not be the best approach here. Since, HAProxy doesn't allow more >> than one resolver sections with same name, I would say for consistency >> reasons should do the same for nameserver parameters within the same >> resolver section. >> >> If IDs for nameserver are different then you can fetch stats per nameserver: >> echo 'show stat resolvers mydns1 ns1'|socat /run/haproxy/admin1.sock stdio >> >> Cheers, >> Pavlos >> > > > Hi Pavlos, > > I agree with you. > If you think you can contribute this, feel free, otherwise, let me > know and I'll do it. I can't code in C, sorry:-), but I can test your patch. > If we go into this direction, we also may add an 'id' keyword, to > force the nameserver uuid, like on the server line. > > We may backport only uuid in 1.6, since other changes may break > existing configuration. Only if the configuration has 2 nameservers with the same id, which isn't very likely as nobody wont configure HAProxy like this. I found it while I was adding support for nameservers in haproxyadmin lib and accidentally used the same id:-) > I'll discuss this point with Willy. > > Batpiste Thanks a lot, Pavlos signature.asc Description: OpenPGP digital signature
[SPAM] Ventes Flash : Week-ends prestige
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb68d=haproxy@formilux.org=haproxy@formilux.org Signaler comme indésirable Pour visualiser ce message au format html, cliquez ici : http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb68e=%40MmrQ84JuZ0jNmqADkpjTi3I4I%2Bit8legIuxhsTzLzsc%3D ou copiez le lien dans votre navigateur Web http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb68f=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb690=haproxy@formilux.org=haproxy@formilux.org Ventes Flash: Weekend prestige en Europe dès 59€ ! Rome, Valence, ou encore Vienne... Le temps d'un week-end, nous vous emmenons au coeur de villes palpitantes pour une escapade Version Luxe. Réservez dès maintenant votre séjour de rêve en Europe et bénéficiez de réductions exceptionnelles jusqu'à -70%. http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb691=haproxy@formilux.org=haproxy@formilux.org Portugal - Porto City break zen et design Sheraton Porto Hotel & Spa 5* Jusqu'à -68% http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb692=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb693=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb694=haproxy@formilux.org=haproxy@formilux.org Rép. Tchèque - Prague Escapade luxe & romantisme Sheraton Prague Charles Square Hotel 5* Jusqu'à -70% http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb695=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb696=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb697=haproxy@formilux.org=haproxy@formilux.org Espagne - Barcelone Design et démesure face à la mer Hôtel W Barcelona 5* Jusqu'à -70% http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb698=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb699=haproxy@formilux.org=haproxy@formilux.org http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb69a=haproxy@formilux.org=haproxy@formilux.org Découvrir toutes nos ventes privées en cours >> Des voyages d’exception Des offres de voyage haut de gamme rigoureusement sélectionnées Les meilleures réductions Des prix exclusifs et des réductions exceptionnelles jusqu’à -70% Nos experts à votre service Un service client fiable et réactif, à votre écoute 7 jours / 7 Confidentialité des données : conformément à la Loi Informatique et Libertés du 6 Janvier 1978, vous disposez d'un droit d'accès et de rectification des données vous concernant. Vous recevez cette invitation car vous avez été en contact avec le Service Commercial de CapDecision ou de ses partenaires. Pour ne plus recevoir de messages de CapDecision http://lb.capmail.fr/webApp/unsub?id=%40HQ50Ox%2FusTLlIseMGGW0gA%3D%3D; _label="Lien de désinscription" _type="optout">cliquez ici.
[SPAM] DISTRIBUTORS WANTED WORLDWIDE
26 YEAR OLD U.S. COMPANY NEEDS DISTRIBUTORS IN MANY COUNTRIES for our amazing slip-resistant floor product.. One application with our Anti-Slip Floor Treatment makes floors slip resistant and safe for 4 years - Guaranteed! Use Indoors or Outdoors No Change in Appearance Use on Ceramic, Porcelain and quarry Tiles, marble, granite, concrete, terrazzo, etc. Typical Prospects: Hotels, Restaurants, Supermarkets, Office Buildings, Retail stores, etc. Some of our satisfied Customers: McDonalds, Burger King, KFC, Hilton, Sheraton, Pfizer, Mercedes, BMW, etc. $5,000 USD - $20,000 USD INVENTORY INVESTMENT REQUIRED Please contact us for details and to see if there is a distributorship available in your country. INCLUDE YOUR NAME, COUNTRY and E-MAIL ADDRESS. Jeremy Dwight Email: suiny...@sina.com