use_backend %[req.hdr(host),lower]
On Thu, Jun 23, 2016 at 6:21 AM, Mildis wrote:
> Hi,
>
> I’m in the process of setting HAProxy as an HTTPS frontend switch to
> different backends.
> As I have 10+ different backends, I’d like to replace
>
> acl to-server1 hdr_beg(host) -i server1.domain.tld
>
My previous post included a couple of spurious spaces after a couple of the
header values. Corrected here:
HTTP/1.0 503 Service Unavailable[0d][0a]Content-Type:
text/html[0d][0a]Cache-Control: no-cache[0d][0a]Connection:
close[0d][0a][0d][0a]...
Side note: be sure your body is at least 512 bytes
On Jun 22, 2016 7:06 PM, "Shawn Heisey" wrote:
>
> I have verified that there is nothing on the line after the headers. On
> the recommendation I saw elsewhere, the file is in DOS text format, so
> each line ends in CRLF, not just LF. Could the line endings be the
problem?
Most definitely.
Rev
On 6/22/2016 12:45 AM, Jarno Huuskonen wrote:
> On Tue, Jun 21, Shawn Heisey wrote:
>> When I take down the back end server and make a request, I get the
>> browser's standard unavailable page, I do not see the custom page I
>> defined. Have I done something wrong?
>
> With "browser's standard un
Hi,
I’m in the process of setting HAProxy as an HTTPS frontend switch to different
backends.
As I have 10+ different backends, I’d like to replace
acl to-server1 hdr_beg(host) -i server1.domain.tld
acl to-server2 hdr_beg(host) -i server2.domain.tld
…
acl to-serverN hdr_beg(host) -i serverN.domai
Hi,
Please find attached a patch which corrects ssl_sock.c.
It closes explicitly the FILE opened to read the ssl key file when parsing
fails to find a valid key.
Previous behavior : returned from the function after having set the error flags
but not closed the file.
Regards,
Mildis
0001-MINO
Hi Olivier,
Olivier Doucet wrote:
> Is there a way to not present the first loaded certificate and refuse
> connection instead ?
You can use the strict-sni argument on the bind line to force the client
to speak SNI and refuse the TLS handshake otherwise.
See the documentation for details at
htt
Hello,
I'm actually using HTTPS/SNI on HAProxy 1.6
Documentation states the following :
"If no SNI is provided by the client or if the SSL library does not support
TLS extensions, or if the client provides an SNI hostname which does not
match any certificate, then the first loaded certificate wi
Hello,
I'm trying to validate haproxy sources but git tags doesn't seems to be
signed using PGP and the HTTPS certificate is self signed.
Providing a signed commit/tags or, at the very least, using a valid TLS
certificate would do the job (it's now free with letsencrypt.org).
regards,
--
Danny
Yes I noticed there were more issues with the FD's. Thanks for all of your
work, I will test 1.6.6 as soon as it hits vbernat's PPA.
Best,
Luke
smime.p7s
Description: S/MIME Cryptographic Signature
1) Yes, session rate is connections per second. Sessions are active (open)
connections in the moment you display the stats page.
2) My numbers are more or less equal usually, but it could perhaps be that
you have a lot of HTTP requests that haProxy rejects (e.g. empty or invalid)
and
On Wed, Jun 22, 2016 at 11:00:48AM +0200, Eric Webster wrote:
> Willy,
>
> I tested the patch on top of the 1.6.5 source as well as a fresh git
> pull for the 1.6 line. In both cases server state was not loaded on
> restart. Anything else I can do to help out or information I can give
> to assist?
Willy,
I tested the patch on top of the 1.6.5 source as well as a fresh git
pull for the 1.6 line. In both cases server state was not loaded on
restart. Anything else I can do to help out or information I can give
to assist?
Best,
Eric
On Tue, Jun 21, 2016 at 6:57 PM, Willy Tarreau wrote:
> On
Hi,
the following configuration leads to "...while parsing 'http-response
capture' rule : expects 'id', found 'len'":
listen www
bind :8080
mode http
http-request capture req.hdr(X) len 1
http-response capture res.hdr(Y) len 1
server dummy 127.0.0.1:80
The
14 matches
Mail list logo