Re: Capture entire HTTP request (all headers one shot)

Hi Willy Other captures work. Here are the examples https://gist.github.com/manasg/7f4d674a5e07b140e170eadad6858a24 Length 0 in req.payload did not change anything. Also isn't this dump a binary blob? I am open to trying the Lua approach. On Fri, Sep 16, 2016 at 11:11 PM, Willy Tarreau

srv_conn vs be_conn

Hello, I have few questions: 1) in documentation about srv_conn we have: --- Returns an integer value corresponding to the number of currently established connections on the designated server, possibly including the connection being evaluated. What does it mean

[PATCH 2/4] Compute a "cumulative weight" to allow chash balancing to hit its target

For active servers, this is the sum of the eweights of all active servers before this one in the backend, and [srv->cumulative_weight .. srv_cumulative_weight + srv_eweight) is a space occupied by this server in the range [0 .. lbprm.tot_wact), and likewise for backup servers with tot_wbck. This

[PATCH 3/4] Add hash-balance-factor option for hash-type consistent

0 will mean no balancing occurs; otherwise it represents the ratio between the highest-loaded server and the average load, times 100 (i.e. a value of 150 means a 1.5x ratio), assuming equal weights. --- include/types/lb_chash.h | 1 + src/cfgparse.c | 13 + 2 files changed,

[PATCH 4/4] Implement bounded-load hash algorithm

The consistent hash lookup is done as normal, then if balancing is enabled, we progress through the hash ring until we find a server that doesn't have "too much" load. In the case of equal weights for all servers, the allowed number of requests for a server is either the floor or the ceil of

transparent or intercepting proxy with https

i am trying to setup a transparent or intercepting proxy, that works with HTTPS, and have hit a bit of a wall. i am using IPTables to intercept the port 80 and 443 traffic, and DNAT'ing the traffic to a HAProxy VIP. i have the front end configured as such: frontend tproxy bind

Re: resolvers section: nameservers required?

On Thu, Sep 15, 2016 at 10:53 PM, Topher Cullen wrote: > The documentation is unclear to me which, if any, of the resolver options > are required for run time resolution. I defined a resolver section like > this: > > resolver mydns > hold valid 2s > > I then

Re: [PATCH] MAJOR: filters: Add filters support

Hi Bertrand, On Tue, Sep 20, 2016 at 12:13:32AM +0100, Bertrand Jacquin wrote: > > And finally, If you can share with me your HA and > > Nginx configurations, this could help. > > I'm attaching a strip down version of haproxy/nginx/php-fpm on which I > can reproduice this issue. I think another

Re: haproxy - namespece implementation and usage

Hi Martin, On Sat, Sep 17, 2016 at 11:16:15PM +0200, Martin Tóth wrote: > Hi fellow haproxy users, > > i just wanted to ask if new implementation of haproxy (implemented in v. > 1.6.9) namespaces can work like this. I have Zabbix proxy daemon running > inside network namespace in Linux, let???s

Re: envoy LB is now an open source project

Hi, Pavlos, On Thu, Sep 15, 2016 at 01:09:16AM +0200, Pavlos Parissis wrote: > Hi, > > It is a very interesting project, https://lyft.github.io/envoy/ > > Here is a comparison with HAProxy > https://lyft.github.io/envoy/docs/intro/comparison.html Thanks for the link, it sounds interesting. It

Re: [PATCH] MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections

Hi Pavlos, On Wed, Sep 14, 2016 at 11:01:36PM +0200, Pavlos Parissis wrote: > in our setup where we have haproxy in PoPs which forwards traffic to haproxy > servers in main data-centers, I am planning to address the ephemeral port > exhaustion symptom by having the frontends in data centers