Re: [PATCH] MINOR: cli: ability to set per-server maxconn

[Andrew Hayworth]

Many thanks!

On Wed, Oct 28, 2015 at 2:04 AM, Willy Tarreau  wrote:
> On Tue, Oct 27, 2015 at 04:50:35PM -0500, Andrew Hayworth wrote:
>> Ah, thanks - I hadn't thought about the case where connections were
>> queued up. In my tests, I had a very low queue timeout. The code you
>> suggested seems to do the trick. Updated patch below.
>
> Applied, thanks. I fixed a minor indent issue, please be careful next
> time :
>
> if (sv->maxconn == sv->minconn) { // static maxconn
> - sv->maxconn = sv->minconn = v;
> +   sv->maxconn = sv->minconn = v;
> } else { // dynamic maxconn
> - sv->maxconn = v;
> +   sv->maxconn = v;
> }
> Thanks,
> willy
>



-- 
- Andrew Hayworth

[SPAM] Croisieres 2016 des 336 euros, Decembre en Belgique, Promos Marrakech

[Vacances Reussies - capdecision]

http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac0=haproxy@formilux.org=haproxy@formilux.org
 Signaler comme indésirable  


Pour visualiser ce message au format html, cliquez ici :
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac1=%40xahw9KLVf1JCJLLchY483xOjah3PjiYc3ecr4swxNGU%3D
ou copiez le lien dans votre navigateur Web


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac2=haproxy@formilux.org



 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac3=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac4=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac5=haproxy@formilux.org
 DECEMBRE EN BELGIQUE   
 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac6=haproxy@formilux.org
 4 villages vacances à découvrir

 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac7=haproxy@formilux.org
 À partir de   
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac8=haproxy@formilux.org
 139€  
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ac9=haproxy@formilux.org
 DÉCOUVRIR  




 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aca=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acb=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acc=haproxy@formilux.org
 PROMOS CROISIERES 2016 
 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acd=haproxy@formilux.org
 Jusqu'à 200 euros de réduction 

 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ace=haproxy@formilux.org
 À partir de   
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104acf=haproxy@formilux.org
 336€  
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad0=haproxy@formilux.org
 DÉCOUVRIR  




 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad1=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad2=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad3=haproxy@formilux.org
 SPECIAL MARRAKECH  
 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad4=haproxy@formilux.org
 Séjours 5j/4n vol + hôtel  

 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad5=haproxy@formilux.org
 À partir de   
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad6=haproxy@formilux.org
 145€  
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad7=haproxy@formilux.org
 DÉCOUVRIR  




 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad8=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ad9=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ada=haproxy@formilux.org
 MSC PREZIOSA 5*
 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104adb=haproxy@formilux.org
 France, Italie, Malte, Espagne 

 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104adc=haproxy@formilux.org
 À partir de   
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104add=haproxy@formilux.org
 359€  
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ade=haproxy@formilux.org
 DÉCOUVRIR  




 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104adf=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae0=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae1=haproxy@formilux.org
 CROISIERE PARFUM DES ILES  
 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae2=haproxy@formilux.org
 Rep Dom, St Barth, Venezuela   

 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae3=haproxy@formilux.org
 À partir de   
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae4=haproxy@formilux.org
 999€  
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae5=haproxy@formilux.org
 DÉCOUVRIR  




 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae6=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae7=haproxy@formilux.org


 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae8=haproxy@formilux.org
 VILLAGE SUNPARKS ARDENNEN  
 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104ae9=haproxy@formilux.org
 5j/4n en Maison Select 59m²

 
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aea=haproxy@formilux.org
 À partir de   
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aeb=haproxy@formilux.org
 149€  
http://lb.enquete-en-or.com/r/?id=t2f265531,21049cd,2104aec=haproxy@formilux.org
 DÉCOUVRIR  

   

Re: Haproxy: support for Haiku

[Jérôme Duval]

2015-11-01 21:27 GMT+01:00 Willy Tarreau :
> Ah OK indeed! Then that's fine. I'd prefer to split your patch in two
> because then it fixes a bug since the installation is forced on platforms
> which do not build it and will necessarily result in an error. And of
> course, I'm seeing that just a few minutes after I've tagged 1.5.15, as
> usual :-/

I agree, two commits are better in this case.

>
> If you can split it, I'd appreciate it, otherwise I'll do it once I'm
> done with the 1.5.15 changelog and announce.

Here is an updated patchset for git HEAD.

Bye,
Jérôme


haproxy-1.7.0.git.patchset
Description: Binary data

Potential Bug

[Michael Crilly]

I believe I may have discovered a bug in HAProxy 1.5.4 on CentOS 7.1,
installed via standard repositories.

I don't want to go into debugging levels of detail here, but instead
will provide a synopsis in the hopes someone knows of a bug already or
can confirm it warrants further investigation.

Systems details:

[root@(redacted) ~]# cat /etc/redhat-release 
CentOS Linux release 7.1.1503 (Core) 

[root@(redacted) ~]# haproxy --version
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau 

(redacted)

[root@(redacted) ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@(redacted) ~]# uname -a
Linux (redacted) 3.10.0-229.11.1.el7.x86_64 #1 SMP Thu Aug 6 01:06:18
UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Redacted configuration:

global
  daemon 
  chroot /var/lib/haproxy
  group haproxy
  log 127.0.0.1 local2
  tune.ssl.default-dh-param 2048
  user haproxy
  stats socket /var/lib/haproxy/stats level admin
  maxconn 3
  pidfile /var/run/haproxy.pid
  #ssl-default-bind-ciphers
  
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  #ssl-default-bind-options no-tls-tickets -- as a side note, this is an
  unknown option to 1.5.4

defaults
  retries 3
  log global
  timeout http-request 10s
  timeout queue 10s
  timeout connect 10s
  timeout client 10s
  timeout server 10s
  timeout http-keep-alive 10s
  timeout check 10s
  mode http
  balance roundrobin
  option dontlognull
  option redispatch
  
frontend https-in
  (redacted ...)
  bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/certs/(redacted)
  redirect scheme https if !{ ssl_fc }
  default_backend client
  option httplog
  (redacted ...)

(redacted ...)

Quite a lot has been removed from here for security reasons, so I
apologise if this obstructs efforts to help with this issue.

In the above configuration, the key component here is
'ssl-default-bind-ciphers'. With this line commented out, as it is
above, Qualys SSL Server Test
(https://www.ssllabs.com/ssltest/index.html) brings our HAProxy instance
to its knees when it reaches the stage of, "Testing deprecated cipher
suites". With the line uncommented, and HAProxy restarted, the tests
pass fine and we come away with an A rating.

As this is a semi-production system, I can't currently spend the time
taking out each cipher one at a time to determine which one could be
causing the issue, but I can at a later date if someone feels the need. 

And again, I can and will go into more detail if you peeps feel the need
is there to do so.

Regards,

Michael C.

Re: Potential Bug

[Michael Crilly]

I think is missing the line from the configuration was a silly thing to do on 
our part, without a doubt. Maybe Qualys' tests contain a test that is meant to 
crash the SSL implementation by design?

We're at the mercy of what version is available to use via the CentOS/EPEL 
mirrors, but I would actually like to see 1.6.1 in place, so perhaps I will 
take that route soon. Compiling from source is swift and our LBs are pretty 
static boxes. 

Thanks for the feedback! 

- Michael C. 

> On 3 Nov 2015, at 17:17, Marco Corte  wrote:
> 
> Hi, Michael!
> 
> The low Qualys rating is the problem, correct?
> 
>> [root@(redacted) ~]# haproxy --version
>> HA-Proxy version 1.5.4 2014/09/02
>> Copyright 2000-2014 Willy Tarreau 
> 
> I would use a newer version. 1.5.15 has been released.
> 
>> In the above configuration, the key component here is
>> 'ssl-default-bind-ciphers'. With this line commented out, as it is
>> above, Qualys SSL Server Test
>> (https://www.ssllabs.com/ssltest/index.html) brings our HAProxy instance
>> to its knees when it reaches the stage of, "Testing deprecated cipher
>> suites". With the line uncommented, and HAProxy restarted, the tests
>> pass fine and we come away with an A rating.
> 
> Without that line, I believe you are actually offering to the connecting 
> client all cyphers provided by your OpenSSL library.
> I am not sure, because I always specified the list of the cyphers that the 
> client should see.
> 
> I found very interesting this pages to find the mix suiting my needs.
> 
> https://mozilla.github.io/server-side-tls/ssl-config-generator/
> https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
> 
> Hope this helps
> 
> .marcoc
> 

Re: How to Externally Access PHP Application that has Internal Links to Itself

[Aleksandar Lazic]

Dear Susheel Jalali

Am 02-11-2015 20:24, schrieb Susheel Jalali:

Dear Aleks,


[snipp]


We modified this solution (of Apache) to work with HAProxy, but did
not succeed.  Is there any insight anyone could provide?


What have you changed?
Please post your current config.


+++
Internal Hyperlinks in our PHP page:
+++
,*" cols="*"
frameborder="NO" border="0" framespacing="0">
   
   
   



please add  to the PHP page and post the 
output.


You have not answered if my Assumption was right!

I still assume that you try to run

http://open-emr.org

therefore please take a look into this code.

https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L137

https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L38

Best regards
Aleks


On 10/31/15 14:36, Aleksandar Lazic wrote:

Dear Susheel Jalali.

Am 31-10-2015 08:43, schrieb Susheel Jalali:

Dear HAProxy Developers:


[snipp]


This is same as what Apache server’s mod_proxy_html serves to:
rewrite href="http://appserver.example.com/foo/bar.html;>foobar


to href="http://www.example.com/appserver/foo/bar.html;>foobar.


Is there an output filter equivalent of Apache server’s 
mod_proxy_html

in HAProxy to rewrite internal links in:
(i) a PHP page?
(ii) an HTML page?


Assumption:

you use http://open-emr.org

conclusion:

http://www.open-emr.org/wiki/index.php/Apache2_Notes

follow up

http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ 
Have I assumed right and was you able to step forward?


BR Aleks

Re: Potential Bug

[Marco Corte]

Hi, Michael!

The low Qualys rating is the problem, correct?


[root@(redacted) ~]# haproxy --version
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau 


I would use a newer version. 1.5.15 has been released.


In the above configuration, the key component here is
'ssl-default-bind-ciphers'. With this line commented out, as it is
above, Qualys SSL Server Test
(https://www.ssllabs.com/ssltest/index.html) brings our HAProxy instance
to its knees when it reaches the stage of, "Testing deprecated cipher
suites". With the line uncommented, and HAProxy restarted, the tests
pass fine and we come away with an A rating.


Without that line, I believe you are actually offering to the connecting 
client all cyphers provided by your OpenSSL library.
I am not sure, because I always specified the list of the cyphers that 
the client should see.


I found very interesting this pages to find the mix suiting my needs.

https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

Hope this helps

.marcoc

RE: How to Externally Access PHP Application that has Internal Links to Itself

[Susheel Jalali]

Dear Aleks,

Apologies we missed answering one of your previous questions.

I still assume that you try to run http://open-emr.org

We have three products written in PHP and HTML5.  All of these are 
facing similar issues due to relative hyperlinks to itself.   One of 
these is OpenEMR, whose code we posted.  We will work on the others 
after we succeed here.


We are working on the two pointers you provided and will share with you 
later today:


(i)   openemr/../globals.php and

(ii)   output.

(iii) current HAProxy config


Thank you.

Sincerely,
--

Susheel Jalali

www.Coscend.com


 Original Message 
From: Aleksandar Lazic 
Date: Mon, November 02, 2015 11:30 pm
Dear Susheel Jalali

Am 02-11-2015 20:24, schrieb Susheel Jalali:
> Dear Aleks,

[snipp]

> We modified this solution (of Apache) to work with HAProxy, but did
> not succeed. Is there any insight anyone could provide?

What have you changed?
Please post your current config.

> +++
> Internal Hyperlinks in our PHP page:
> +++
>  "$GLOBALS[logoBarHeight],$GLOBALS[titleBarHeight]" ?>,*" cols="*"
> frameborder="NO" border="0" framespacing="0">
>  $rootdir;?>/login/filler.php" name="Filler Top" scrolling="no"
> noresize frameborder="NO">
>  $rootdir;?>/login/login_title.php" name="Title" scrolling="no"
> noresize frameborder="NO">
> /login/login.php" name="Login"
> scrolling="auto" frameborder="NO">
> 

please add  to the PHP page and post the
output.

You have not answered if my Assumption was right!

I still assume that you try to run

http://open-emr.org

therefore please take a look into this code.

https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L137

https://github.com/openemr/openemr/blob/8b9d250de3c76aeb4f706342c2f3c3f1e1b9c6db/interface/globals.php#L38

Best regards
Aleks

> On 10/31/15 14:36, Aleksandar Lazic wrote:
>> Dear Susheel Jalali.
>>
>> Am 31-10-2015 08:43, schrieb Susheel Jalali:
>>> Dear HAProxy Developers:
>>
>> [snipp]
>>
>>> This is same as what Apache server’s mod_proxy_html serves to:
>>> rewrite >>> href="http://appserver.example.com/foo/bar.html;>foobar
>>
>>> to >>> href="http://www.example.com/appserver/foo/bar.html;>foobar.
>>
>>> Is there an output filter equivalent of Apache server’s
>>> mod_proxy_html
>>> in HAProxy to rewrite internal links in:
>>> (i) a PHP page?
>>> (ii) an HTML page?
>>
>> Assumption:
>>
>> you use http://open-emr.org
>>
>> conclusion:
>>
>> http://www.open-emr.org/wiki/index.php/Apache2_Notes
>>
>> follow up
>>
>> 
http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ 


>> Have I assumed right and was you able to step forward?
>>
>> BR Aleks
>>

Re: Haproxy: support for Haiku

[Willy Tarreau]

Hi Jérôme,

On Mon, Nov 02, 2015 at 06:21:31PM +0100, Jérôme Duval wrote:
> 2015-11-01 21:27 GMT+01:00 Willy Tarreau :
> > Ah OK indeed! Then that's fine. I'd prefer to split your patch in two
> > because then it fixes a bug since the installation is forced on platforms
> > which do not build it and will necessarily result in an error. And of
> > course, I'm seeing that just a few minutes after I've tagged 1.5.15, as
> > usual :-/
> 
> I agree, two commits are better in this case.
> 
> >
> > If you can split it, I'd appreciate it, otherwise I'll do it once I'm
> > done with the 1.5.15 changelog and announce.
> 
> Here is an updated patchset for git HEAD.

Nice, I've merged the new target into 1.7-dev and the bug into 1.7, 1.6,
and 1.5.

Thank you!
Willy

Re: LUA, 'retry' failed requests

[PiBa-NL]

Op 2-11-2015 om 10:03 schreef Thierry FOURNIER:

On Sat, 31 Oct 2015 21:22:14 +0100
PiBa-NL  wrote:


Hi Thierry, haproxy-list,


Hi Pieter,

Hi Thierry,




I've created another possibly interesting lua script, and it works :)
(mostly). (on my test machine..)

When i visit the 192.168.0.120:9003 website i always see the 'Hello
World' page. So in that regard this is usable, it is left to the browser
to send the request again, not sure how safe this is in regard to
mutations being send twice. It should probably check for POST requests
and then just return the error without replacing it with a redirect..
Not sure if that would catch all problem cases..

Ive created a lua service that counts how many requests are made, and
returns a error status every 5th request.
Second there is a lua response script that checks the status, and
replaces it by a redirect if it sees the faulty status 500.
This does currently result in the connection being closed and reopened
probably due to the txn.res:send().?.

Though i am still struggling with what is and isn't supposed to be possible.
For example the scripts below are running in 'mode http' and mostly just
changing 'headers'.
I expected to be able to simply read the status by calling
txn.f:status() but this always seems to result in 'null'.
Manually parsing the response buffer duplicate works but seems ugly..

txn.f:status()  <  it doesnt result in the actual status.


This is a bug wich I reproduce. Can you try the attached patches ?

With the patches it works without my 'workaround', thanks.



txn.res:set()  < if used in place of send() causes 30 second delay


This function put data in the input part of the response buffer. This
new data follows the HAProxy stream when the Lua script is finished.
It is your case.

I can't reproduce this behaviour, I suppose that its because I work
locally, and I'm not impacted by the network latency.
Even when i bind everything to 0.0.0.0 and use 127.0.0.1 to query the 
9003 port it still waits for the timeout to strike..
I'm not sure why it doesn't happen in your setup.. Of course i'm running 
on FreeBSD, but i don't expect that to affect this..




txn.done()  < dumps core. (im not sure when ever to call it? the script
below seems to match the description that this function has.?.)


I can't reproduce too, for the same reasons, I guess.
Please note that both set() and done() need to be uncommented for the 
dump to happen, with the 5th request.


Not sure if it helps, but backtrace of the dump below (would 'bt full' 
be more usefull?):

(gdb) bt
#0  0x000801a76bb5 in memmove () from /lib/libc.so.7
#1  0x00417523 in buffer_insert_line2 (b=0x8024a,
pos=0x8024a0035 "\r\n\ncontent-type: text/plain\r\ncontent-length: 
394\r\n\r\nError 5\r\nversion\t\n[HTTP/1.1]\t\nf\t\n   0\t\n   
[userdata: 0x802683a68]\t\nsc\t\n   0\t\n   [userdata: 
0x802683be8]\t\nc\t\n 0\t\n   [userdata: 0x802683b68]\t\nheader"...,

str=0x58c695 "Connection: keep-alive", len=22) at src/buffer.c:126
#2  0x0047b3a5 in http_header_add_tail2 (msg=0x8024bb290, 
hdr_idx=0x8024bb280, text=0x58c695 "Connection: keep-alive", len=22)

at src/proto_http.c:595
#3  0x0047f943 in http_change_connection_header 
(txn=0x8024bb280, msg=0x8024bb290, wanted=8388608) at src/proto_http.c:2079
#4  0x004900fd in http_process_res_common (s=0x802485600, 
rep=0x802485650, an_bit=262144, px=0x8024de000) at src/proto_http.c:6882
#5  0x004d6c90 in process_stream (t=0x8024ab710) at 
src/stream.c:1918

#6  0x00420588 in process_runnable_tasks () at src/task.c:238
#7  0x0040ce0e in run_poll_loop () at src/haproxy.c:1559
#8  0x0040dcb2 in main (argc=4, argv=0x7fffeb00) at 
src/haproxy.c:1912





Am i trying to do it wrong?

p.s. Is 'health checking' using lua possible? The redis example looks
like a health 'ping'.. It could possibly be much much more flexible then
the tcp-check send  / tcp-check expect routines..


It is not possible. You can write a task which do something (like an
http request) and reuse the result in the request processing Lua code,
but this task cannot set the status of the server.
The doc does say for core.register_task(func) "For example this type of 
tasks can be executed to perform complex health checks." but if i 
understand correctly it is so that we can perform healthchecks with it, 
but the results of such a check cannot be used to change a servers 
health.? Probably the text near this register_task could use some 
tweaking then?.



Thierry



I'm currently testing with HA-Proxy version 1.7-dev0-e4c4b7d and the
following configuration files:

 haproxy.cfg ###
global
  maxconn6000
  lua-load/var/etc/haproxy/luascript_lua-count5error
defaults
  timeout connect3
  timeout server3
  timeout client3
  modehttp
  logglobal
frontend TEST-lua-count
  

Re: How to Externally Access PHP Application that has Internal Links to Itself

[Susheel Jalali]

Dear Aleks,

Thank you for the information.  We implemented your insights (i.e., 
http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/). 
It only rewrites the URL in the address bar.  The PHP application has 
internal hyperlinks in each page (see frameset, frame class in the code 
below) .


In the request generated by the application server, the /product1 in 
path is replaced with / by the PHP application.  Those links need to be 
rewritten to work through HAProxy to make it accessible from outside.  
Here is an example of how internal links are being rewritten for proxy 
by Apache HTTP server: 
http://serverfault.com/questions/222823/phpapache-as-forward-reverse-proxy-how-to-process-client-requests-and-server-r?answertab=active#tab-top


This is same as what Apache server’s mod_proxy_html serves to:
rewrite http://appserver.example.com/foo/bar.html;>foobar
to http://www.example.com/appserver/foo/bar.html;>foobar.

We modified this solution (of Apache) to work with HAProxy, but did not 
succeed.  Is there any insight anyone could provide?


+++
Internal Hyperlinks in our PHP page:
+++
,*" cols="*" 
frameborder="NO" border="0" framespacing="0">
   name="Filler Top" scrolling="no" noresize frameborder="NO">
   frameborder="NO">
   scrolling="auto" frameborder="NO">




Thank you.

Sincerely,

Susheel Jalali

www.Coscend.com
On 10/31/15 14:36, Aleksandar Lazic wrote:

Dear Susheel Jalali.

Am 31-10-2015 08:43, schrieb Susheel Jalali:

Dear HAProxy Developers:


[snipp]


This is same as what Apache server’s mod_proxy_html serves to:
rewrite http://appserver.example.com/foo/bar.html;>foobar



to http://www.example.com/appserver/foo/bar.html;>foobar.



Is there an output filter equivalent of Apache server’s mod_proxy_html
in HAProxy to rewrite internal links in:
(i) a PHP page?
(ii) an HTML page?


Assumption:

you use http://open-emr.org

conclusion:

http://www.open-emr.org/wiki/index.php/Apache2_Notes

follow up

http://blog.haproxy.com/2014/04/28/howto-write-apache-proxypass-rules-in-haproxy/ 



Have I assumed right and was you able to step forward?

BR Aleks

Echo server in Lua

[Thrawn]

Now that HAProxy has Lua support, I'm looking at the possibility of setting up 
an echo server, which simply responds with the observed remote address of the 
client (currently implemented in PHP as ).


Does anyone have a suggestion of the most efficient possible implementation of 
this? If possible, it should handle millions of clients polling it regularly, 
so speed is essential.


Thanks

Re: Multiple nameservers with the same ID is allowed

[Baptiste]

On Fri, Oct 30, 2015 at 3:22 PM, Pavlos Parissis
 wrote:
> Hi,
>
> Following resolver section passes configuration check
> resolvers mydns1
> nameserver ns1 8.8.8.8:53
> nameserver ns1 8.8.4.4:53
> resolve_retries   3
> timeout retry 1s
> hold valid   10s
>
> IMHO: allowing same ID for 2 different objects, which have stats attached to
> them, may not be the best approach here. Since, HAProxy doesn't allow more
> than one resolver sections with same name, I would say for consistency
> reasons should do the same for nameserver parameters within the same
> resolver section.
>
> If IDs for nameserver are different then you can fetch stats per nameserver:
> echo 'show stat resolvers mydns1 ns1'|socat /run/haproxy/admin1.sock stdio
>
> Cheers,
> Pavlos
>


Hi Pavlos,

I agree with you.
If you think you can contribute this, feel free, otherwise, let me
know and I'll do it.
If we go into this direction, we also may add an 'id' keyword, to
force the nameserver uuid, like on the server line.

We may backport only uuid in 1.6, since other changes may break
existing configuration.
I'll discuss this point with Willy.

Batpiste

Re: GET HAPROXY HOST INFO VIA Api/JSON

[Baptiste]

I was delivering the "quick" answer to have this feature right now :)

This is a need we identified and I already talked to Willy about it.
There is technically nothing against such feature.
We need time or resource to develop it.
If you want to contribute, write a similar function than csv_enc() in
src/standard.c.

Baptiste


On Mon, Nov 2, 2015 at 8:44 AM, Melvil JA  wrote:
> CSV to json conversion,there are lots of options.
> Is it possible to get direct restful output from haproxy.
> Suppoes i have hundreds of servers..is it good to parse hundreds of csv o/p
> to json ?
>
> On Mon, Nov 2, 2015 at 1:07 PM, Baptiste  wrote:
>>
>> Yes, using jq:
>> http://infiniteundo.com/post/99336704013/convert-csv-to-json-with-jq
>>
>> Baptiste
>>
>> On Mon, Nov 2, 2015 at 6:36 AM, Melvil JA 
>> wrote:
>> > Is it possible to get haproxy host information via api/json  other than
>> > via
>> > ui and csv ?
>> >
>> > --
>> > Thanks
>> >
>> > who/melvil
>> >
>> > _
>> > The information contained in this communication is intended solely for
>> > the
>> > use of the individual or entity to whom it is addressed and others
>> > authorized to receive it. It may contain confidential or legally
>> > privileged
>> > information. If you are not the intended recipient you are hereby
>> > notified
>> > that any disclosure, copying, distribution or taking any action in
>> > reliance
>> > on the contents of this information is strictly prohibited and may be
>> > unlawful. If you have received this communication in error, please
>> > notify us
>> > immediately by responding to this email and then delete it from your
>> > system.
>> > The firm is neither liable for the proper and complete transmission of
>> > the
>> > information contained in this communication nor for any delay in its
>> > receipt.
>
>
>
>
> --
> Thanks
>
> who/melvil
>
> _
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify us
> immediately by responding to this email and then delete it from your system.
> The firm is neither liable for the proper and complete transmission of the
> information contained in this communication nor for any delay in its
> receipt.

[SPAM] Prix direct producteur : Champagne, Crozes-Hermitage, Saint-Emilion...

[Vigneron independant]

http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fb=haproxy@formilux.org=haproxy@formilux.org
 Signaler comme indésirable


Pour visualiser ce message au format html, cliquez ici :
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fc=%40K6jVxlDh4pJcilxNjmAPLVezIOhjKbI3HXwhC%2B2Xacg%3D
ou copiez le lien dans votre navigateur Web




  



 
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fd=haproxy@formilux.org=haproxy@formilux.org
 

 
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63fe=haproxy@formilux.org=haproxy@formilux.org
  
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c63ff=haproxy@formilux.org=haproxy@formilux.org
  
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6400=haproxy@formilux.org=haproxy@formilux.org

 
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6401=haproxy@formilux.org=haproxy@formilux.org
  
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6402=haproxy@formilux.org=haproxy@formilux.org
  
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6403=haproxy@formilux.org=haproxy@formilux.org

 
http://lb.top-monnaie.com/r/?id=t2ee07237,20c5788,20c6404=haproxy@formilux.org=haproxy@formilux.org
  
L'abus d'alcool est dangereux pour la sante, consommez avec modération. 
La vente d'alcool à des mineurs de moins de 18 ans est interdite



Confidentialité des données : conformément à la Loi Informatique et 
Libertés
du 6 Janvier 1978, vous disposez d'un droit d'accès et de rectification des
données vous concernant. Vous recevez cette invitation car vous avez été en
contact avec le Service Commercial de CapDecision ou de ses partenaires. Pour ne
plus recevoir de messages de CapDecision
http://lb.capmail.fr/webApp/unsub?id=%40IUS02hPN68y00E7dRGGvAw%3D%3D; 
_label="Lien de désinscription" _type="optout">cliquez ici.

Re: LUA, 'retry' failed requests

[Thierry FOURNIER]

On Sat, 31 Oct 2015 21:22:14 +0100
PiBa-NL  wrote:

> Hi Thierry, haproxy-list,


Hi Pieter,


> I've created another possibly interesting lua script, and it works :) 
> (mostly). (on my test machine..)
> 
> When i visit the 192.168.0.120:9003 website i always see the 'Hello 
> World' page. So in that regard this is usable, it is left to the browser 
> to send the request again, not sure how safe this is in regard to 
> mutations being send twice. It should probably check for POST requests 
> and then just return the error without replacing it with a redirect.. 
> Not sure if that would catch all problem cases..
> 
> Ive created a lua service that counts how many requests are made, and 
> returns a error status every 5th request.
> Second there is a lua response script that checks the status, and 
> replaces it by a redirect if it sees the faulty status 500.
> This does currently result in the connection being closed and reopened 
> probably due to the txn.res:send().?.
> 
> Though i am still struggling with what is and isn't supposed to be possible.
> For example the scripts below are running in 'mode http' and mostly just 
> changing 'headers'.
> I expected to be able to simply read the status by calling 
> txn.f:status() but this always seems to result in 'null'.
> Manually parsing the response buffer duplicate works but seems ugly..
> 
> txn.f:status()  <  it doesnt result in the actual status.


This is a bug wich I reproduce. Can you try the attached patches ?


> txn.res:set()  < if used in place of send() causes 30 second delay


This function put data in the input part of the response buffer. This
new data follows the HAProxy stream when the Lua script is finished.
It is your case.

I can't reproduce this behaviour, I suppose that its because I work
locally, and I'm not impacted by the network latency.


> txn.done()  < dumps core. (im not sure when ever to call it? the script 
> below seems to match the description that this function has.?.)


I can't reproduce too, for the same reasons, I guess.


> Am i trying to do it wrong?
> 
> p.s. Is 'health checking' using lua possible? The redis example looks 
> like a health 'ping'.. It could possibly be much much more flexible then 
> the tcp-check send  / tcp-check expect routines..


It is not possible. You can write a task which do something (like an
http request) and reuse the result in the request processing Lua code,
but this task cannot set the status of the server.

Thierry


> I'm currently testing with HA-Proxy version 1.7-dev0-e4c4b7d and the 
> following configuration files:
> 
>  haproxy.cfg ###
> global
>  maxconn6000
>  lua-load/var/etc/haproxy/luascript_lua-count5error
> defaults
>  timeout connect3
>  timeout server3
>  timeout client3
>  modehttp
>  logglobal
> frontend TEST-lua-count
>  bind192.168.0.120:9002
>  optionhttp-keep-alive
>  http-request use-service lua.lua-count
> 
> frontend TEST-lua-retry-serverror
>  bind192.168.0.120:9003
>  optionhttp-keep-alive
>  http-request lua.retrystorerequest
>  http-response lua.retryerrors
>  default_backend hap_9002_http_ipvANY
> 
> backend hap_9002_http_ipvANY
>  modehttp
>  retries3
>  server192.168.0.120_9002 192.168.0.120:9002
> 
> ### luascript_lua-count5error ###
> core.register_action("retryerrors" , { "http-res" }, function(txn)
>  local clientip = txn.f:src()
>  txn:Info("  LUA client " .. clientip)
> 
>  local s = txn.f:status() -- doesnt work?
>  if s == null then
>  core.Info("LUA txn.s:status RETURNED: NULL, fallback needed ??")
>  local req = txn.res:dup()
>  local statusstr = string.sub(req, 10, 13)
>  s = tonumber(statusstr)
>  end
>  core.Info("LUA status " .. s)
> 
>  if s ~= 200 then
>  txn:Info("LUA REDIRECT IT ! " .. s)
> 
>  local url = txn:get_priv()
>  local response = ""
>  response = response .. "HTTP/1.1 302 Moved\r\n"
>  response = response .. "Location: " .. url .."\r\n"
>  response = response .. "\r\n"
> 
>  txn.res:send(response)
>  --txn.res:set(response) -- causes 30 second delay..
>  --txn:done() --dumps core..
>  end
> end);
> 
> core.register_action("retrystorerequest" , { "http-req" }, function(txn)
>  local url = txn.f:url()
>  txn:set_priv(url);
> end);
> 
> core.register_service("lua-count", "http", function(applet)
> if test == null then
>test = 0
> end
> test = test + 1
> local response = ""
> if test % 5 == 0 then
>applet:set_status(500)
>response = "Error " .. test
> else
>applet:set_status(200)
>response = "Hello World !" .. test
> end
> applet:add_header("content-length", 

www.formilux.org

[Steven | FinCrop Capital Inc]

Hi,

My name is Steven and I work with FinCorp Cap. Inc. We provide immediate  
funding, business loans and merchant card services to help you power you  
company's growth.



We more often say "yes" and faster than traditional lenders in granting  
Business Loans. And that lets owners spend their time where it should be--on  
growing their business, not seeking financing.


We serve to 4 Plus Businesses & more than 700 Industries Served.

To receive PRI CE QUOTE Simply REPLY to this email with your contact  
information and please indicate if your busi ness currently accepting cre  
ditcards or not.


I look forward to talk to you soon.

Best regards,

Steven | LO AN Specialist

FinCorp Capital Inc
1400 Broadway, New York, New York
PHN: 1800 800 6398

F W !How to buy the best fiber optic accessories

[h0Ti8l9PdR]

Dear, 
Ijustvisitedyourwebsite,knowingthatyouareonthemark=etforFiberOpticProduct! 
That'sgreatforwesupplythesamequalityproductsasyoud=o. 
FiberopticPatchCords,Adaptors,Connectors,Terminalbox,=Fibertools,etc.areourmainofferings.Thequalityandpricesarea=ttractive!
  Doyoumindtofurtherknowthem?Pleasereplythisemailget=freeproductpricelist. 
Happyeveryday! Bestregards, SunnyHOLIGHTFIBEROPTIC

Re: Multiple nameservers with the same ID is allowed

[Pavlos Parissis]

On 02/11/2015 09:34 πμ, Baptiste wrote:
> On Fri, Oct 30, 2015 at 3:22 PM, Pavlos Parissis
>  wrote:
>> Hi,
>>
>> Following resolver section passes configuration check
>> resolvers mydns1
>> nameserver ns1 8.8.8.8:53
>> nameserver ns1 8.8.4.4:53
>> resolve_retries   3
>> timeout retry 1s
>> hold valid   10s
>>
>> IMHO: allowing same ID for 2 different objects, which have stats attached to
>> them, may not be the best approach here. Since, HAProxy doesn't allow more
>> than one resolver sections with same name, I would say for consistency
>> reasons should do the same for nameserver parameters within the same
>> resolver section.
>>
>> If IDs for nameserver are different then you can fetch stats per nameserver:
>> echo 'show stat resolvers mydns1 ns1'|socat /run/haproxy/admin1.sock stdio
>>
>> Cheers,
>> Pavlos
>>
> 
> 
> Hi Pavlos,
> 
> I agree with you.
> If you think you can contribute this, feel free, otherwise, let me
> know and I'll do it.

I can't code in C, sorry:-), but I can test your patch.

> If we go into this direction, we also may add an 'id' keyword, to
> force the nameserver uuid, like on the server line.
> 
> We may backport only uuid in 1.6, since other changes may break
> existing configuration.

Only if the configuration has 2 nameservers with the same id, which
isn't very likely as nobody wont configure HAProxy like this. I found it
while I was adding support for nameservers in haproxyadmin lib and
accidentally used the same id:-)


> I'll discuss this point with Willy.
> 
> Batpiste


Thanks a lot,
Pavlos




signature.asc
Description: OpenPGP digital signature

[SPAM] Ventes Flash : Week-ends prestige

[Sejours de reve]

http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb68d=haproxy@formilux.org=haproxy@formilux.org
 Signaler comme indésirable


Pour visualiser ce message au format html, cliquez ici :
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb68e=%40MmrQ84JuZ0jNmqADkpjTi3I4I%2Bit8legIuxhsTzLzsc%3D
ou copiez le lien dans votre navigateur Web


 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb68f=haproxy@formilux.org=haproxy@formilux.org
  
 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb690=haproxy@formilux.org=haproxy@formilux.org
  


Ventes Flash: Weekend prestige en Europe dès 59€ !  

Rome, Valence, ou encore Vienne... Le temps d'un week-end, nous vous 
emmenons au coeur de villes palpitantes pour une escapade Version Luxe. 

Réservez dès maintenant votre séjour de rêve en Europe et bénéficiez de 
réductions exceptionnelles jusqu'à -70%.



 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb691=haproxy@formilux.org=haproxy@formilux.org
  


Portugal - Porto 
City break zen et design 
Sheraton Porto Hotel & Spa 5*   
Jusqu'à 
-68%
 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb692=haproxy@formilux.org=haproxy@formilux.org
  


 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb693=haproxy@formilux.org=haproxy@formilux.org
  




 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb694=haproxy@formilux.org=haproxy@formilux.org
  


Rép. Tchèque - Prague 
Escapade luxe & romantisme 
Sheraton Prague Charles Square Hotel 5* 
Jusqu'à 
-70%
 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb695=haproxy@formilux.org=haproxy@formilux.org
  


 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb696=haproxy@formilux.org=haproxy@formilux.org
  




 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb697=haproxy@formilux.org=haproxy@formilux.org
  


Espagne - Barcelone 
Design et démesure face à la mer 
Hôtel W Barcelona 5*
Jusqu'à 
-70%
 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb698=haproxy@formilux.org=haproxy@formilux.org
  


 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb699=haproxy@formilux.org=haproxy@formilux.org
  




 
http://lb.top-monnaie.com/r/?id=t2eed6aa3,20fb518,20fb69a=haproxy@formilux.org=haproxy@formilux.org
 Découvrir toutes nos ventes privées en cours  >> 




Des voyages d’exception 

Des offres de voyage haut de gamme 
rigoureusement sélectionnées



Les meilleures réductions   

Des prix exclusifs et des réductions 
exceptionnelles jusqu’à -70%



Nos experts à votre service 

Un service client fiable et réactif, 
à votre écoute 7 jours / 7  









Confidentialité des données : conformément à la Loi Informatique et 
Libertés
du 6 Janvier 1978, vous disposez d'un droit d'accès et de rectification des
données vous concernant. Vous recevez cette invitation car vous avez été en
contact avec le Service Commercial de CapDecision ou de ses partenaires. Pour ne
plus recevoir de messages de CapDecision
http://lb.capmail.fr/webApp/unsub?id=%40HQ50Ox%2FusTLlIseMGGW0gA%3D%3D; 
_label="Lien de désinscription" _type="optout">cliquez ici.

[SPAM] DISTRIBUTORS WANTED WORLDWIDE

[Jeremy Dwight]

26 YEAR OLD U.S. COMPANY NEEDS DISTRIBUTORS IN MANY COUNTRIES for our
amazing slip-resistant floor product..

One application with our Anti-Slip Floor Treatment makes floors slip
resistant and safe for 4 years - Guaranteed!

Use Indoors or Outdoors

No Change in Appearance

Use on Ceramic, Porcelain and quarry Tiles, marble, granite, concrete,
terrazzo, etc.

Typical Prospects: Hotels, Restaurants, Supermarkets, Office Buildings,
Retail stores, etc.

Some of our satisfied Customers: McDonalds, Burger King, KFC, Hilton,
Sheraton, Pfizer, Mercedes, BMW, etc.

$5,000 USD - $20,000 USD INVENTORY INVESTMENT REQUIRED

Please contact us for details and to see if there is a distributorship
available in your country.

INCLUDE YOUR NAME, COUNTRY and E-MAIL ADDRESS.

Jeremy Dwight
Email: suiny...@sina.com