Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

2017-07-25 Thread Kevin McArthur
On 2017-07-25 10:51 AM, Willy Tarreau wrote: On Tue, Jul 25, 2017 at 10:37:10AM -0700, Kevin McArthur wrote: Hi Willy, I cant replicate your results here I cloned from git and built the package with the debian/ubuntu build scripts from https://launchpad.net/~vbernat/+archive/ubuntu/hapro

Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

2017-07-25 Thread Willy Tarreau
On Tue, Jul 25, 2017 at 10:37:10AM -0700, Kevin McArthur wrote: > Hi Willy, > > I cant replicate your results here > > I cloned from git and built the package with the debian/ubuntu build scripts > from https://launchpad.net/~vbernat/+archive/ubuntu/haproxy-1.7 ... updating > the changelog to

Re: HAProxy Timeout Oddity WebKit XHR Replay

2017-07-25 Thread Liam Middlebrook
Responses inline. On 07/25/2017 02:23 AM, Aleksandar Lazic wrote: > Hi Liam, > > Liam Middlebrook wrote on 25.07.2017: > >> Hi Aleksandar, > >> Responses inline. > >> On 07/24/2017 11:57 PM, Aleksandar Lazic wrote: >>> Hi Liam, >>> >>> Liam Middlebrook wrote on 24.07.2017: >>> Hi, >>> >>>

Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

2017-07-25 Thread Kevin McArthur
Hi Willy, I cant replicate your results here I cloned from git and built the package with the debian/ubuntu build scripts from https://launchpad.net/~vbernat/+archive/ubuntu/haproxy-1.7 ... updating the changelog to add a 1.8-dev2 version and calling ./debian/rules binary to build the pac

Re: X-Forwarded-For Balancing

2017-07-25 Thread Andrew Smalley
I just wanted to add a quick apology for the HTML footer. Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org

Re: X-Forwarded-For Balancing

2017-07-25 Thread Andrew Smalley
Hi Trenton I hope the below example will help you with X-Forward-For + Stick table + replication listen VIP_Name bind 192.168.100.50:65435 transparent mode http balance roundrobin option forwardfor if-none stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF hea

RE: X-Forwarded-For Balancing

2017-07-25 Thread Trenton Dyck
Hi Alek, I want to balance via round-robin, but I want stick-tables to use the X-Forwarded-For header instead of src ip. It makes sense in our use case because a vast majority of our clients are behind a NAT and have the same source IP, but the X-Forwarded-For header is unique to them. Thanks

Re: [PATCH] Support proxies with identical names in Lua core.proxies

2017-07-25 Thread Willy Tarreau
On Mon, Jul 24, 2017 at 02:38:41PM +0200, Willy Tarreau wrote: > On Mon, Jul 24, 2017 at 02:04:16PM +0200, Thierry FOURNIER wrote: > > On Thu, 20 Jul 2017 15:26:52 +0200 > > You will found in attchement a patch which add the proxy name as member > > of the proxy object. > > > > Willy, can you appl

Re: X-Forwarded-For Balancing

2017-07-25 Thread Aleksandar Lazic
Hi Trenton, Trenton Dyck wrote on 25.07.2017: > Hi, > > Is it possible to balance, via X-Forwarded-For header? We have come > across an issue with sticky-sessions and server weight that I can’t > seem to find the answer to online (Unbalanced traffic). I think > stick-tables with this acl opti

Re: Fix building haproxy with recent LibreSSL

2017-07-25 Thread Bernard Spil
On 2017-07-04 10:18, Willy Tarreau wrote: On Tue, Jul 04, 2017 at 11:12:20AM +0300, Dmitry Sivachenko wrote: >> https://www.mail-archive.com/haproxy@formilux.org/msg25819.html > > > Do you know if the patch applies to 1.8 (it was mangled so I didn't try). Sorry, hit reply too fast: no, one ch

X-Forwarded-For Balancing

2017-07-25 Thread Trenton Dyck
Hi, Is it possible to balance, via X-Forwarded-For header? We have come across an issue with sticky-sessions and server weight that I can't seem to find the answer to online (Unbalanced traffic). I think stick-tables with this acl option would be nice to have for a future version. Please kee

Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

2017-07-25 Thread Willy Tarreau
Hi again Kevin, On Tue, Jul 25, 2017 at 07:26:07AM +0200, Willy Tarreau wrote: > > frontend www-https > > bind :::443 v4v6 ssl crt /etc/haproxy/certs/default.example.ca.pem crt > > /etc/haproxy/certs/ > > use_backend www-backend-https > > > > backend www-backend-https > > server app d

hot reloading configuration

2017-07-25 Thread Stéphane Cottin
Hi, A blog article about hot reloading configurations. https://www.clever-cloud.com/blog/engineering/2017/07/24/hot-reloading-configuration-why-and-how/ This company was using haproxy, and because of reloading configuration problems, among other aspects, they switch to their home made open so

Re: HAProxy Timeout Oddity WebKit XHR Replay

2017-07-25 Thread Aleksandar Lazic
Hi Liam, Liam Middlebrook wrote on 25.07.2017: > Hi Aleksandar, > Responses inline. > On 07/24/2017 11:57 PM, Aleksandar Lazic wrote: >> Hi Liam, >> >> Liam Middlebrook wrote on 24.07.2017: >> >>> Hi, >> >>> I'm currently running HAProxy within an Openshift Origin cluster. Until >>> a recent

Re: HAProxy Timeout Oddity WebKit XHR Replay

2017-07-25 Thread Liam Middlebrook
Hi Aleksandar, Responses inline. On 07/24/2017 11:57 PM, Aleksandar Lazic wrote: > Hi Liam, > > Liam Middlebrook wrote on 24.07.2017: > >> Hi, > >> I'm currently running HAProxy within an Openshift Origin cluster. Until >> a recent update of Openshift I did not experience issues with connectio