Re: Is www.haproxy.org down?
Hi Vivek, On Mon, Apr 03, 2017 at 07:36:13PM -0500, Vivek Malik wrote: > Hi, > > I am getting 500 Internal Server Error on the haproxy.org website. > Various websites like > > http://downforeveryoneorjustme.com/www.haproxy.org > http://www.isitdownrightnow.com/haproxy.org.html > http://www.websitenotworking.com/haproxy.org > > confirm that the website is down for them too. It seems that the front cache has just died, switched back to the old one now and that fixed it. I'll take a look to understand what's happening. Thanks, Willy
Is www.haproxy.org down?
Hi, I am getting 500 Internal Server Error on the haproxy.org website. Various websites like http://downforeveryoneorjustme.com/www.haproxy.org http://www.isitdownrightnow.com/haproxy.org.html http://www.websitenotworking.com/haproxy.org confirm that the website is down for them too. Regards, Vivek
PATCH : CLEANUP
Hi all, This is small necessary change for OpenBSD at least, hopes it finds its way. Kind regards. From 334acf5219fcc3bad9c965ce9f8725a48444ff34 Mon Sep 17 00:00:00 2001 From: David CarlierDate: Mon, 3 Apr 2017 21:58:04 +0100 Subject: [PATCH] CLEANUP: server: moving netinet/tcp.h inclusion netinet/tcp.h needs sys/types.h for u_int* types usage, issue found while building on OpenBSD. --- src/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server.c b/src/server.c index 0795e256..23343d86 100644 --- a/src/server.c +++ b/src/server.c @@ -13,7 +13,6 @@ #include #include -#include #include @@ -43,6 +42,7 @@ #include #include #include +#include static void srv_update_state(struct server *srv, int version, char **params); static int srv_apply_lastaddr(struct server *srv, int *err_code); -- 2.12.2
Re: ssl & default_backend
Hi Antonio, Op 3-4-2017 om 13:29 schreef Antonio Trujillo Carmona: It's well documented that Windows XP with Internet Explorer don't support sni, so I try to redirect call through "default_backend", but I got ERROR-404, it work fine with all other combination of OS/surfer. If I (only for test purpose) comment the four line with "ssiiprovincial" (witch mean all the traffic must be redirected through default_backend) it don't work with any OS/surfer. frontend Aplicaciones bind *:443 mode tcp log global tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } # Parametros para utilizar SNI (Server Name Indication) acl aplicaciones req_ssl_sni -i aplicaciones.gra.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial.gra.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial01.gra.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial.hvn.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial01.hvn.sas.junta-andalucia.es use_backend CitrixSF-SSL if citrixsf use_backend SevidoresWeblogic-12c-Balanceador-SSL There is no acl for the backend above? so probably the default_backend below will never be reached. Could it be the above backend returns the 404 your seeing? default_backend CitrixSF-SSL Regards, PiBa-NL
Re: HaProxy Hang
On Mon, 13 Mar 2017, at 13:31, David King wrote: > Hi All > > Apologies for the delay in response, i've been out of the country for the > last week > > Mark, my gut feeling is that is network related in someway, so thought we > could compare the networking setup of our systems > > You mentioned you see the hang across geo locations, so i assume there > isn't layer 2 connectivity between all of the hosts? is there any back > end > connectivity between the haproxy hosts? Following up on this, some interesting points but nothing useful. - Mark & I see the hang at almost exactly the same time on the same day: 2017-02-27T14:36Z give or take a minute either way - I see the hang in 3 different regions using 2 different hosting providers on both clustered and non-clustered services, but all on FreeBSD 11.0R amd64. There is some dependency between these systems but nothing unusual (logging backends, reverse proxied services etc). - our servers don't have a specific workload that would allow them all to run out of some internal resource at the same time, as their reboot and patch cycles are reasonably different - typically a few days elapse between first patches and last reboots unless its deemed high risk - our networking setup is not complex but typical FreeBSD: - LACP bonded Gbit igb(4) NICs - CARP failover for both ipv4 & ipv6 addresses - either direct to haproxy for http & TLS traffic, or via spiped to decrypt intra-server traffic - haproxy directs traffic into jailed services - our overall load and throughput is low but consistent - pf firewall - rsyslog for logging, along with riemann and graphite for metrics - all our db traffic (couchdb, kyoto tycoon) and rabbitmq go via haproxy - haproxy 1.6.10 + libressl at the time As I'm not one for conspiracy theories or weird coincidences, somebody port scanning the internet with an Unexpectedly Evil Packet Combo seems the most plausible explanation. I cannot find an alternative that would fit the scenario of 3 different organisations with geographically distributed equipment and unconnected services reporting an unusual interruption on the same day and almost the same time. Since then, I've moved to FreeBSD 11.0p8, haproxy 1.7.3 and latest libressl and seen no recurrence, just like the last 8+ months or so since first deploying haproxy on FreeBSD instead of debian & nginx. If the issue recurs I plan to run a small cyclic traffic capture with tcpdump and wait for a re-repeat, see https://superuser.com/questions/286062/practical-tcpdump-examples Let me know if I can help or clarify further. A+ Dave
Re: errorfile headers/body split (haproxy-1.8-dev1)
Hi, On Mon, Apr 03, Willy Tarreau wrote: > - improve handling of error-file by splitting headers and body -- I > don't know if someone is still working on this, but it's still > welcome and should not interfer with the other devs (Unless someone is already actively working on this). I might have some time to work on this(read errorfile to headers/body, and with errors send headers + \r\n + body). I guess there're few special cases when reading errorfiles: - empty file (errorfile 408 /dev/null): empty headers/empty body - Hdrs: ...\r\n\r\nEOF -> Only headers, empty body - \r\n\r\nBody...EOF -> Only body, use default headers ? - \r\n\r\nEOF -> warning and use default headers/body ? - something\r\nsomething2EOF -> is this only body, use default headers ? Is the approach suggested by Michael Hamburger ("Introduction and small changes to HAProxy for adding custom errorfiles for 401 and 407 http status page" email thread): struct err_hdr_body { struct chunk *hdr; struct chunk *body; } struct err_hdr_body http_err_chunks[HTTP_ERR_SIZE]; ok ? How should for example http_server_error send headers/body ? bo_inject headers, bo_inject "\r\n" and bo_inject body, or copy headers/\r\n/body to trash/chunk etc. and then bo_inject ? -Jarno -- Jarno Huuskonen
bind with cert but w/out ssl ?
Hi, Is there a use case for bind with certificate BUT without "ssl": frontend xyz bind ipv4@127.0.0.1:8443 crt ./test-cert.pem #missing ssl keyword config parser accepts this w/out warning and plain http works, but obviously https fails. Maybe parser could emit a warning if "ssl" keyword is missing and certificate is configured ? -Jarno -- Jarno Huuskonen
Re: configuration.txt questions
Hi, On Fri, Mar 31, Willy Tarreau wrote: > On Fri, Mar 31, 2017 at 02:59:37PM +0300, Jarno Huuskonen wrote: > > On Fri, Mar 31, Jarno Huuskonen wrote: > > > First I'm attaching a patch that corrects ]) order for urlp_val > > > and adds 'Example:' string to > > > src_clr_gpc0,src_inc_gpc0,sc2_clr_gpc0,sc2_inc_gpc0,ssl_c_sha1 > > > (I assume that Example: is what generates the example formatting in > > > html/dconv documentation). > > > > This time with correct attachment(patch). > > Now merged, and fixed the mangled subject line / commit message : > > Subject: [PATCH] DOC: urlp_val missing ) DOC: >src_clr_gpc0,src_inc_gpc0,sc2_clr_gpc0,sc2_inc_gpc0,ssl_c_sha1 Example: >string. I'm attaching two more patches for configuration.txt (hopefully with better subject/commit messages this time:) First one updates "block" examples to use http-request deny. Second one adds some comments to examples, and few links/cross references and adds ignore-persist example (from 7.2 Using ACLs to form conditions). -Jarno -- Jarno Huuskonen >From 5b5e16daff85681eb11a786b8639adf1e3bdc2ae Mon Sep 17 00:00:00 2001 From: Jarno HuuskonenDate: Mon, 3 Apr 2017 14:20:34 +0300 Subject: [PATCH 1/2] DOC: changed "block"(deprecated) examples to http-request deny --- doc/configuration.txt | 17 ++--- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index e3f2b21..0c6816a 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -2510,7 +2510,9 @@ block { if | unless } (deprecated) acl invalid_src src 0.0.0.0/7 224.0.0.0/3 acl invalid_src src_port 0:1023 acl local_dsthdr(host) -i localhost -block if invalid_src || local_dst +# block is deprecated. Use http-request deny instead: +#block if invalid_src || local_dst +http-request deny if invalid_src || local_dst See section 7 about ACL usage. @@ -12187,9 +12189,9 @@ requests with a content-length greater than 0, and finally every request which is not either GET/HEAD/POST/OPTIONS ! acl missing_cl hdr_cnt(Content-length) eq 0 - block if HTTP_URL_STAR !METH_OPTIONS || METH_POST missing_cl - block if METH_GET HTTP_CONTENT - block unless METH_GET or METH_POST or METH_OPTIONS + http-request deny if HTTP_URL_STAR !METH_OPTIONS || METH_POST missing_cl + http-request deny if METH_GET HTTP_CONTENT + http-request deny unless METH_GET or METH_POST or METH_OPTIONS To select a different backend for requests to static contents on the "www" site and to every request on the "img", "video", "download" and "ftp" hosts : @@ -12212,11 +12214,11 @@ the braces must be seen as independent words). Example : The following rule : acl missing_cl hdr_cnt(Content-length) eq 0 - block if METH_POST missing_cl + http-request deny if METH_POST missing_cl Can also be written that way : - block if METH_POST { hdr_cnt(Content-length) eq 0 } + http-request deny if METH_POST { hdr_cnt(Content-length) eq 0 } It is generally not recommended to use this construct because it's a lot easier to leave errors in the configuration when written that way. However, for very @@ -12234,7 +12236,8 @@ good use is the following : monitor fail if { nbsrv(dynamic) lt 2 } || { nbsrv(static) lt 2 } -See section 4.2 for detailed help on the "block" and "use_backend" keywords. +See section 4.2 for detailed help on the "http-request deny" and "use_backend" +keywords. 7.3. Fetching samples -- 1.8.3.1 >From 2a4ef45b258b241c16c79bd183c2acc2a92bff03 Mon Sep 17 00:00:00 2001 From: Jarno Huuskonen Date: Mon, 3 Apr 2017 14:36:21 +0300 Subject: [PATCH 2/2] DOC: add few comments to examples. - http-check expect rstring is missing html comment closing tag. - option redis-check: See also "option tcp-check", "tcp-check expect". - ignore-persist static url example ((from 7.2 Using ACLs to form conditions) - tcp-request content: hdr(x-forwarded-for) example: added hdr_ip(x-forwarded-for) version. - tcp-request content: added comments to sc0_inc_gpc0 stick table example. - timeout tarpit: mention http-request tarpit. --- doc/configuration.txt | 24 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 0c6816a..176a975 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3637,7 +3637,7 @@ http-check expect [!] http-check expect ! rstatus ^5 # check that we have a correct hexadecimal tag before /html - http-check expect rstring See also : "option httpchk", "http-check disable-on-404" @@ -4594,6 +4594,11 @@ ignore-persist { if | unless } The persistence is ignored when an "if" condition is met, or unless an "unless" condition is met. + Example: + acl url_static path_beg /static
Re: ssl & default_backend
El 31/03/17 a las 20:26, Lukas Tribus escribió: > Hello Antonio, > > > Am 31.03.2017 um 19:36 schrieb Antonio Trujillo Carmona: >> El 30/03/17 a las 10:51:58, Antonio Trujillo Carmona escribió: >> >>> I'm try to use haproxy for balancing Citrix. >>> >>> I prove with: >>> >>> acl aplicaciones req_ssl_sni -i aplicaciones.gra.sas.junta-andalucia.es >>> acl citrixsf req_ssl_sni -i ssiiprovincial.hvn.sas.junta-andalucia.es >>> >>> use_backend CitrixSF-SSL if citrixsf >>> use_backend SevidoresWeblogic-12c-Balanceador-SSL >>> default_backend CitrixSF-SSL >>> >>> The goal is Wpx witch can't use sni are redirected to CitrixSF-SSL. > > You did not tell us what Wpx is. We also don't know your complete > configuration. > > Please post the complete configuration and the output of haproxy -vv. > > > >>> >>> I try commenting acl req_ssl_sni (right now, I have no Wpx to probe) >>> but >>> I recive. Error-404 Not Found. > > With that statement I don't know which of the above lines you > commented. Can > you explain? > > Haproxy never generates a "404 Not found message", this comes from one > of your > backends. > > > >> >> The issue of get diferent result in be redirected from a use_backend or >> from default_backend occurs in all equipmen, Windows XP,7 or even in >> linux. >> I can't understand it > > I don't understand what you are saying. I suggest you explain in a few > sentences > what you expect from haproxy, and then, explain what the actual result > is. > > > > Lukas > It's well documented that Windows XP with Internet Explorer don't support sni, so I try to redirect call through "default_backend", but I got ERROR-404, it work fine with all other combination of OS/surfer. If I (only for test purpose) comment the four line with "ssiiprovincial" (witch mean all the traffic must be redirected through default_backend) it don't work with any OS/surfer. # haproxy -vv HA-Proxy version 1.5.18 2016/05/10 Copyright 2000-2016 Willy TarreauBuild options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18 OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. This is my configuration file: # # Fichero configuracion del HAPROXY # global #Este log es especifico para sistemas basados en RED HAT log 127.0.0.1 local2 debug chroot /var/lib/haproxy user haproxy group haproxy daemon node BALANCEADOR-PRINCIPAL #para sincronizar las tablas de sesión peers pares #disable peer gr43stemis01 10.107.20.7:1024 peer gr43stemis02 10.107.20.8:1024 defaults log global modehttp option dontlognull option httpchk retries 3 option redispatch maxconn 5000 timeout connect 5s timeout client 15min timeout server 15s frontend Estadisticas# bind *:80 option httplog mode http stats show-node stats enable # Opcion para redirigir las peticiones que entran por http a https # solo se puede poner en este frontend redirect scheme https if !{ ssl_fc } frontend Aplicaciones bind *:443 mode tcp log global tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } # Parametros para utilizar SNI (Server Name Indication) acl aplicaciones req_ssl_sni -i aplicaciones.gra.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial.gra.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial01.gra.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial.hvn.sas.junta-andalucia.es acl citrixsf req_ssl_sni -i ssiiprovincial01.hvn.sas.junta-andalucia.es use_backend CitrixSF-SSL if citrixsf use_backend SevidoresWeblogic-12c-Balanceador-SSL default_backend CitrixSF-SSL BACKEND DE LOS SERVIDORES DE WEBLOGIC PRE PRODUCCION SSL # #backend SevidoresWeblogic-12c-Balanceador-SSL backend SevrWlogSSL
Re: [ANNOUNCE] haproxy-1.7.5
On Mon, Apr 03, 2017 at 12:04:46PM +0200, Aleksandar Lazic wrote: > Hi. > > Am 03-04-2017 10:37, schrieb Willy Tarreau: > > Hi, > > > > HAProxy 1.7.5 was released on 2017/04/03. It added 8 new commits > > after version 1.7.4. The main goal was to fix an incomplete fix > > on the compression filter in 1.7.4, that now manifests itself as > > the haproxy spinning at 100% CPU until the connection dies. > > It's now available on docker hub. > > https://hub.docker.com/u/me2digital/ Thanks Aleks. Do you want me to add links to your gitlab repo in the download sections ? I'm seeing you have haproxy 1.6 an 1.7, that could be of interest to lots of people. If so, please suggest what links are most appropriate (I'm seeing centos and rhel but I'm not sure about the benefit of differenciating them). Regards, Willy
Re: [ANNOUNCE] haproxy-1.7.5
Hi. Am 03-04-2017 10:37, schrieb Willy Tarreau: Hi, HAProxy 1.7.5 was released on 2017/04/03. It added 8 new commits after version 1.7.4. The main goal was to fix an incomplete fix on the compression filter in 1.7.4, that now manifests itself as the haproxy spinning at 100% CPU until the connection dies. It's now available on docker hub. https://hub.docker.com/u/me2digital/ Regards Aleks There was also a potential read-past-end for one byte fixed in the peers protocol, though it can only happen after the handshake, which means it can only be triggered from one of the authorized peers. The impact is quite limited but it's better to get it fixed. A warning was added for situations where "option tcp/httplog" could override a log-format in the defaults section. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse: http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.7/src/ Git repository : http://git.haproxy.org/git/haproxy-1.7.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git Changelog: http://www.haproxy.org/download/1.7/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (3): BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze Emeric Brun (1): BUG/MEDIUM: peers: fix buffer overflow control in intdecode. Guillaume de Lafond (2): DOC: log-format/tcplog/httplog update MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections Jarno Huuskonen (1): DOC: fix parenthesis and add missing "Example" tags Willy Tarreau (1): DOC: update the contributing file ---
[ANNOUNCE] haproxy-1.7.5
Hi, HAProxy 1.7.5 was released on 2017/04/03. It added 8 new commits after version 1.7.4. The main goal was to fix an incomplete fix on the compression filter in 1.7.4, that now manifests itself as the haproxy spinning at 100% CPU until the connection dies. There was also a potential read-past-end for one byte fixed in the peers protocol, though it can only happen after the handshake, which means it can only be triggered from one of the authorized peers. The impact is quite limited but it's better to get it fixed. A warning was added for situations where "option tcp/httplog" could override a log-format in the defaults section. Please find the usual URLs below : Site index : http://www.haproxy.org/ Discourse: http://discourse.haproxy.org/ Sources : http://www.haproxy.org/download/1.7/src/ Git repository : http://git.haproxy.org/git/haproxy-1.7.git/ Git Web browsing : http://git.haproxy.org/?p=haproxy-1.7.git Changelog: http://www.haproxy.org/download/1.7/src/CHANGELOG Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/ Willy --- Complete changelog : Christopher Faulet (3): BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze Emeric Brun (1): BUG/MEDIUM: peers: fix buffer overflow control in intdecode. Guillaume de Lafond (2): DOC: log-format/tcplog/httplog update MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections Jarno Huuskonen (1): DOC: fix parenthesis and add missing "Example" tags Willy Tarreau (1): DOC: update the contributing file ---
[ANNOUNCE] haproxy-1.8-dev1
Hi, HAProxy 1.8-dev1 was released on 2017/04/03. It added 319 new commits after version 1.8-dev0, brought by 33 contributors among which the following 13 ones were newcomers : Andriy Palamarchuk David Harrigan Felipe Guerreiro Barbosa Ruiz Guillaume de Lafond Hongbo Long Luca Pizzamiglio Marcin Deranek Matthieu Guegan Misiek Olivier Houchard Robin H. Johnson Ryabin Sergey Steven Davidovitz Tim Düsterhus So this is the end of development phase 1. Now please don't submit stuff that has not been previously discussed. Developers working on various features should now have more time to focus on finishing what they've started and to fix their bugs. Compared to 1.7.0, 1.8-dev1 brought a few new features : - pipelined and asynchronous SPOE to improve performance of remote processing / content validation ; - bind configuration is now per certificate, which means that you can expect some client authentication on certain host names only if you want, while they're shared on the same IP:port as others not having such a requirement (it also works for alpn, ciphers etc) - BoringSSL and LibreSSL are supposed to be much better supported - DNS multiple responses are now better spread over the server farm to limit duplicates so that all servers get a different one when there are more addresses than servers. - stats output now supports JSON format - support for "no-" for all server keywords and support for all such keywords in the default-server directive - a few new sample fetch functions like hostname, or the ability to extract the cipher list presented by a browser, apparently it's sometimes useful to distinguish real vs fake browsers - "show cli sockets" is supported on the CLI to report what other sockets are available, useful in multi-process mode. - "hard-stop-after" allows an old process to die after a grace period during reloads, to avoid accumulation of very old processes when facing never-ending connections. (backported to 1.7 as well). - check agent's address can now be set using agent-addr, and all agent settings can be changed over the CLI (useful in some auto-scale environments where a central controller informs about the availability of each server). - dynamic cookie valuation : the new keyword "dynamic" on the "cookie" line will compute an automatic, unique and consistent cookie value for a server based on its proto:ip:port so that it's possible to maintain stickiness over a cluster of load balancers regardless of the order of the servers they learned over DNS or other means - support for setting the status code on http-request tarpit, and setting a custom reason as well on various rules. - pcre2 support for regex - improved Lua memory usage using pools - improved error/warning reporting during config parsing - small performance improvements with the kqueue poller (FreeBSD/OpenBSD) - large number of documentation fixes and cleanups - for developers, the code is now cleaner and more callback-based, it's possible to create new files which register their own config, version reporting, deinit code and even CLI keywords, meaning that it's easier to add optional support for some stuff. As an exercise (and a cleanup process), we could move the 3 device detection engines to their own file without any reference at all from the rest of the code, this will also significantly improve their maintenance and limit the risk of accidental breakage when other contributors don't have everything necessary to test them. - for developers, the code builds significantly faster on machines with many cores, after having reordered the sources in the makefile according to their build time, so that slower ones are started first. That's about all for now (I might have missed a few things, sorry if that's the case and it's the feature you implemented, feel free to blame me here). Now for the next steps, we have some pending stuff already that several of us are still working on : - openssl async API (Grant Zhang, under tests by Emeric, still facing a few issues, possibly related to the engine we're using, should be sorted out soon -- hopefully) - dealing with the openssl version configuration mess revealed by the new APIs (Manu and Emeric) -- this will impact some server keywords. At this point I think there's agreement on what the config should look like, maybe it's going to be OK with the implementation, I expect this to get merged soon. - HTTP/2 frontend (not kidding, but still quite a hard work) - initial multi-threading support (Emeric and Christopher) : things start to look scarier once observed closer :-) - RAM-based "favicon" cache (William) - make userlists updatable from the CLI (William) -- turning them to maps was done already but never merged,
Re: Mailing list server migration
On Mon, Apr 03, 2017 at 09:20:28AM +0200, Baptiste wrote: > Hi Willy, > > You should be "in ze cloud", so your hardware won't be EOLed :p Hehe, but as you know in such situations your "hardware" can be EOLed every few minutes :-) Willy
Re: Mailing list server migration
Hi Willy, You should be "in ze cloud", so your hardware won't be EOLed :p Baptiste