Re: Certificate bundles seem to be non-functional

On Dec 20, 2017 01:19, "Andrew Heberle" wrote: just wanting to know where the failing is... With me, in this case. Apologies for the complete misunderstanding of your question. I have not used the feature you're referring to and mistakenly assumed "bundle" was a reference to cert + intermedia

Re: [PATCH] BUG: NetScaler CIP handling is incorrect

On Tue, Dec 19, 2017 at 11:10:58PM +, Bertrand Jacquin wrote: > Hi Andreas and Willy, > > Please find attached a patch serie adding support for both legacy and > standard CIP protocol while keeping compatibility with current > configuration format. Excellent, now applied to 1.9, will backport

Re: [PATCH] DOC/MINOR: intro: typo, wording, formatting fixes

On Tue, Dec 19, 2017 at 06:01:51PM -0500, Davor Ocelic wrote: > - Fix a couple typos > - Introduce a couple simple rewordings > - Eliminate > 80 column lines > > Changes do not affect technical content and can be backported. Thanks a lot Davor, I've read it all and it's all quite good stuff. We'l

Re: Certificate bundles seem to be non-functional

On Dec 19, 2017 20:46, "Andrew Heberle" wrote: I am attempting to utilise certificate bundles so we can have multi-type certs in haproxy however this seems non-functional. I have a two cert bundles as follows (only testing with RSA certs at the moment): /etc/haproxy/ssl # ls -l /etc/haproxy/ssl

Certificate bundles seem to be non-functional

I am attempting to utilise certificate bundles so we can have multi-type certs in haproxy however this seems non-functional. I have a two cert bundles as follows (only testing with RSA certs at the moment): /etc/haproxy/ssl # ls -l /etc/haproxy/ssl/ total 16 -rw-r--r-- 1 root root 1184 Dec 20 01:

Re: [PATCH] BUG: NetScaler CIP handling is incorrect

Hi Andreas and Willy, Please find attached a patch serie adding support for both legacy and standard CIP protocol while keeping compatibility with current configuration format. This also fixes numerous bugs spotted during this dev cycle and present since the first version of the patch. This seri

[PATCH] DOC/MINOR: intro: typo, wording, formatting fixes

- Fix a couple typos - Introduce a couple simple rewordings - Eliminate > 80 column lines Changes do not affect technical content and can be backported. >From b6a7b7f6948033d54660a9895487766081634663 Mon Sep 17 00:00:00 2001 From: Davor Ocelic Date: Tue, 19 Dec 2017 23:30:39 +0100 Subject: [PATCH

回复：Haproxy SSl Termination performance issue

Hi, Thierry.Thanks again.One more question about you talking about, can i just think like this way: assume we got a 8core cpu, we use 7 of them for ssl termination and one is for http forward? If it is, is there any document for this soulution?Thanks a lotMike 原始邮件 主题：Re: Haproxy S

haproxy and solarflare onload

Hi, I recently bought a solarflare NIC with (ScaleOut) Onload / OpenOnload to test it with HAproxy. Have anyone tried running haproxy with solarflare onload functions? After I started haproxy with onload, this started spamming on the kernel log: Dec 12 14:11:54 dflb06 kernel: [357643.035355] [on

回复：Haproxy SSl Termination performance issue

Hi，ThierryMany thanksMike发自我的华为手机 原始邮件 主题：Re: Haproxy SSl Termination performance issue发件人：Thierry Fournier 收件人：Mike G 抄送：Haproxy Ok, you’re using HAProxy as SSL offloading. HAProxy is one of theright solutions for doing this. You’re performance problem is notdue to HAProxy, each co

Re: [PATCH] BUG/MEDIUM: mworker: Close log socket during a reload

On Tue, Dec 19, 2017 at 01:52:16PM +0100, Christopher Faulet wrote: > This is a better way to fix the bug, you're right. Here is the updated > patch. Thanks. Applied now, thanks! Willy

Re: [PATCH] BUG/MEDIUM: mworker: Close log socket during a reload

Le 18/12/2017 à 20:11, Willy TARREAU a écrit : On Mon, Dec 18, 2017 at 03:00:15PM +0100, Christopher Faulet wrote: This patch should fix the following bug reported on discourse: https://discourse.haproxy.org/t/freeze-sockets-in-1-8-1-no-http-2/1912 I reproduced the bug described on discourse

Re: Haproxy SSl Termination performance issue

Ok, you’re using HAProxy as SSL offloading. HAProxy is one of the right solutions for doing this. You’re performance problem is not due to HAProxy, each component using OpenSSL will reach the same limits. Classic setup is to configure many process for the SSL offloading (proxy in TCP mode), and on

Re:Re: Haproxy SSl Termination performance issue

Hi, Thierry. our case is like this: we put a haproxy as ssl termination. and haproxy got the https requirement. and then go throught SSL ternimation. and then forward the request to web (by HTTP), also, get the Http request and encrypt it, and return HTTPS to client. thanks Mike

Re: Haproxy SSl Termination performance issue

Hi, What kind of job ? Thierry > On 19 Dec 2017, at 12:17, hongw...@163.com wrote: > > Hi，Thierry > > got it. Thanks！ > > By the way, may I ask the ssl termination is best solution for this kind of > job? > > > Many thanks > > Mike > > > > 原始邮件 > 主题：Re: Haproxy SSl Te

Stats with nproc > 1 and Haproxy 1.8

Hi Haproxy Team, If I'm not wrong, with the previous versions, the stats was separated in each process if the nproc > 1 was used. But what is the state now in 1.8 if the "master-worker" configuration is used? In the following configuration snippet, the socket is bounded to process 1, but have it

回复：Haproxy SSl Termination performance issue

Hi，Thierrygot it. Thanks！By the way, may I ask the ssl termination is best solution for this kind of job?Many thanksMike 原始邮件 主题：Re: Haproxy SSl Termination performance issue发件人：Thierry Fournier 收件人：Mike G 抄送：Haproxy Hi,I gues that 130 is 130 SSL requests per seconds ?SSL is a very

1.8.1 Segfault + slowdown

Hi list, We upgraded from 1.5 to 1.8 recently - then to 1.8.1 Now we're seeing segfaults and slowdowns with haproxy Repeating: Dec 19 11:14:26 haproxy02 kernel: [122635.295196] haproxy[29582]: segfault at 55d5152279b2 ip 7f9c2dcc5a28 sp 7fff07caf4b8 error 6 in libc-2.23.so[7f9c2dc26000+1

Re: Haproxy SSl Termination performance issue

Hi, I gues that 130 is 130 SSL requests per seconds ? SSL is a very heavy processing. The 4096 bits certificates consume more CPU that 2048 (thanks captain obvious). Your capacity processing is capped by your CPU. You must check the CPU of your server during your test. If the CPU consummation is

Re: 1.8.1 backend stays 'DOWN' when dns resolvers and http health checks are used

> Am 18.12.2017 um 15:52 schrieb Christopher Faulet : > > There have been some fixes since the 1.8.1. One of them could fix your > problem: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=80b92902 > Thanks Christopher, that fi