Re: [ANNOUNCE] haproxy-2.8-dev1

Hi Willy. On 07.01.23 19:49, Willy Tarreau wrote: Hi Alex, On Sat, Jan 07, 2023 at 06:31:40PM +0100, Aleksandar Lazic wrote: On 07.01.23 10:38, Willy Tarreau wrote: Hi, HAProxy 2.8-dev1 was released on 2023/01/07. It added 206 new commits after version 2.8-dev0. [snipp] Any chance to

Re: proxy

Hi Adam. On 12.01.23 01:30, Adam wrote: Dear Friend I have a service to broadcast channels and movies over the Internet by panel iptv And I have servers that I want to hide the real IP of in order to protect them from attacks It is on the other hand a complaint of abuse How do you help me with

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi. Any chance to add this Patch? Regards Alex On 10.01.23 21:27, Aleksandar Lazic wrote: On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" d

Re: HAProxy CE Docker Alpine image with QUIC

Hi Dinko. On 17.03.23 20:59, Dinko Korunic wrote: Dear community, Upon many requests, we have started building HAProxy CE for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) as Docker Alpine 3.17 images. That's great news :-). What should keep in mind is that A

Re: HAProxy CE Docker Debian and Ubuntu images with QUIC

Hi Dinko. On 19.03.23 19:54, Dinko Korunic wrote: Dear community, As previously requested, we have also started building HAProxy CE  for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) built on top of Debian 11 Bullseye and Ubuntu 22.04 Jammy Jellyfish base image

Re: RFQ HAPROXY SERVER for CTBC Bank

HI. On 29.03.23 05:02, Procurement - TTSolution wrote: Hi Sir/Madam, Please help to provide quotation below for: 1. *HAPROXY SERVER – QTY: 1* As willy already written is this list mainly for the OpenSource HAProxy. You can get in touch for the Enterprise Version on this page. https://www.h

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Ping? On 10.01.23 21:27, Aleksandar Lazic wrote: On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" decision to which server should the reque

Re: Interest in HA Proxy from Sonicwall

Hi Kenny. On 05.04.23 20:04, Kenny Lederman wrote: Hi team, Do you have an account rep assigned to Sonicwall that could help me with getting a POC set up? This is the Open Source Mailing list, if you want to get in touch with the Company behind HAProxy please use this. https://www.haproxy

Re: Problems using custom error files with HTTP/2

Hi Nic, On 15.04.23 19:35, Nick Wood wrote: Hello all, I have recently enabled HTTP/2 on our HAProxy server by adding the following to the bind line: alpn h2,http/1.1 Everything appears to be working fine, apart from our custom error pages. Rather than serving the custom page as before,

Re: Opinions desired on HTTP/2 config simplification

Hi. On 15.04.23 11:32, Willy Tarreau wrote: Hi everyone, I was discussing with Tristan a few hours ago about the widespread deployment of H2 and H3, with Cloudflare showing that H1 only accounts for less than 7% of their traffic and H3 getting close to 30% [1], and the fact that on the opposite

Re: Problems using custom error files with HTTP/2

On 17.04.23 15:08, Willy Tarreau wrote: On Mon, Apr 17, 2023 at 03:04:05PM +0200, Lukas Tribus wrote: On Sat, 15 Apr 2023 at 23:08, Willy Tarreau wrote: On Sat, Apr 15, 2023 at 10:59:42PM +0200, Willy Tarreau wrote: Hi Nick, On Sat, Apr 15, 2023 at 09:44:32PM +0100, Nick Wood wrote: And

Re: Puzzlement : empty field vs. ,field() -m

Hi. On 18.04.23 00:55, Jim Freeman wrote: In splitting out fields from req.cook, populated fields work well, but detecting an unset field has me befuddled: acl COOK_META_MISSING req.cook(cook2hdr),field(3,\#) ! -m found -m str '' does not detect that a cookie/field is empty ? Running the

Re: Reproducible ERR_QUIC_PROTOCOL_ERROR with all QUIC-enabled versions (2.6 to latest 2.8-dev)

Hi Bob. On 18.04.23 17:07, Zakharychev, Bob wrote: While experimenting with enabling QUIC in HAProxy sitting in front of our closed-source application I stumbled upon a reproducible QUIC protocol failure/malfunction while accessing specific CSS resource, which is served via internal applicatio

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Willy. On 30.03.23 06:23, Willy Tarreau wrote: On Thu, Mar 30, 2023 at 06:16:34AM +0200, Willy Tarreau wrote: Hi Alex, On Wed, Mar 29, 2023 at 04:06:10PM +0200, Aleksandar Lazic wrote: Ping? thanks for the ping, I missed it a few times when being busy with some painful bugs in the past

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Will. On 28.04.23 11:07, Willy Tarreau wrote: Hi Alex, On Fri, Apr 28, 2023 at 10:59:46AM +0200, Aleksandar Lazic wrote: Hi Willy. On 30.03.23 06:23, Willy Tarreau wrote: On Thu, Mar 30, 2023 at 06:16:34AM +0200, Willy Tarreau wrote: Hi Alex, On Wed, Mar 29, 2023 at 04:06:10PM +0200

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Willy. On 28.04.23 11:14, Aleksandar Lazic wrote: Hi Will. On 28.04.23 11:07, Willy Tarreau wrote: [snipp] So from what I'm reading above, the regtest is fake and doesn't test the presence of digits in the returned value. Could you please correct it so that it properly ver

Any Roadmap for "Server weight modulation based on smoothed average measurement" ( https://github.com/haproxy/haproxy/issues/1977 )

Hi. Is there any Plan when the work on this part will start or will be this a smooth forward :-) Regards Alex

Re: Drain L4 host that fronts a L7 cluster

Isn't is a similar request to https://github.com/haproxy/haproxy/issues/969 as I mentioned in the issue https://github.com/haproxy/haproxy/issues/2149 On 06.05.23 01:18, Abhijeet Rastogi wrote: Thanks for the response Tristan. For the future reader of this thread, a feature request was create

Re: equivalent of url32+src for hdr_ip(x-forwarded-for)?

Dear Nathan. On 11.05.23 23:59, Nathan Rixham wrote: Hi All, I've run into an issue I can't figure out, essentially need to use url32+src in stick tables, but where src is the x-forwarded-for address rather than the connecting source - any advice would be appreciated. As this is a quite gen

Re: equivalent of url32+src for hdr_ip(x-forwarded-for)?

mode=TCP        side=FE|BE     mux=PASS     flags=NO_UPG Available services : prometheus-exporter Available filters :         [SPOE] spoe         [CACHE] cache         [FCGI] fcgi-app         [COMP] compression         [TRACE] trace Hope that helps Regards Alex On Thu, May 11, 2023 at 11:21 PM Al

Re: unsubscribe

Hi. On 14.05.23 22:07, Roman Gelfand wrote: Here is the unsubscribe address. https://www.haproxy.org/#tact Regards Alex

Re: Followup on openssl 3.0 note seen in another thread

Hi Shawn. On 2023-05-28 (So.) 05:30, Shawn Heisey wrote: On 5/27/23 18:03, Shawn Heisey wrote: On 5/27/23 14:56, Shawn Heisey wrote: Yup.  It was using keepalive.  I turned keepalive off and repeated the tests. I did the tests again with 200 threads.  The system running the tests has 12 hyp

@Wolfssl: any plans to add "ECH (Encrypted client hello) support" and question about Roadmap

Hi, As we have now a shiny new LTS let's take a look into the future :-) As the Wolfssl looks like a good future alternative for OpenSSL is there any plan to add ECH (Encrypted client hello) ( https://github.com/haproxy/haproxy/issues/1924 ) into Wolfssl? Is there any Idea which feature is p

Re: OCSP renewal with 2.8

Hi. On 2023-06-02 (Fr.) 22:42, Lukas Tribus wrote: On Fri, 2 Jun 2023 at 21:55, Willy Tarreau wrote: Initially during the design phase we thought about having 3 states: "off", "on", "auto", with the last one only enabling updates for certs that already had a .ocsp file. But along discussions w

Re: [PATCH 1/1] MEDIUM: ssl: new sample fetch method to get curve name

Hi. On 2023-06-20 (Di.) 18:50, Mariam John wrote: Adds a new sample fetch method to get the curve name used in the key agreement to enable better observability. In OpenSSLv3, the function `SSL_get_negotiated_group` returns the NID of the curve and from the NID, we get the curve name by passing t

Re: QUIC (mostly) working on top of unpatched OpenSSL

Hi Willy On 2023-07-06 (Do.) 22:05, Willy Tarreau wrote: Hi all, as the subject says it, Fred managed to make QUIC mostly work on top of a regular OpenSSL. Credit goes to the NGINX team who found a clever and absolutely ugly way to abuse OpenSSL callbacks to intercept and inject data from/to th

Re: QUIC (mostly) working on top of unpatched OpenSSL

Hi. Just a addendum below to my last mail. On 2023-07-07 (Fr.) 00:33, Aleksandar Lazic wrote: Hi Willy On 2023-07-06 (Do.) 22:05, Willy Tarreau wrote: Hi all, as the subject says it, Fred managed to make QUIC mostly work on top of a regular OpenSSL. Credit goes to the NGINX team who found a

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hi Andrew. On 2023-07-12 (Mi.) 02:26, Hopkins, Andrew wrote: Hello HAProxy maintainers, I work on the AWS libcrypto (AWS-LC) project [1]. Our goal is to improve the cryptography we use internally at AWS and help our customers externally. In the spirit of helping people use good crypto we know it

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

are handled by AWS-LC? [1] https://github.com/aws/s2n-quic [2] https://github.com/aws/s2n-quic/pull/1840 [3] https://github.com/aws/aws-lc-rs [4] https://github.com/aws/aws-lc/issues/804 Thanks, Andrew -------- *From:* Aleksandar Lazi

Re: QUIC with a fcgi backend

Hi. On 2023-07-22 (Sa.) 21:48, Yaacov Akiba Slama wrote: Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of the uploaded data is more than bufsize, the server returns 400 Bad request and shows PH-- in the logs. The problem occurs with both haproxy

Re: QUIC with a fcgi backend

Yaacov. On 2023-07-24 (Mo.) 15:08, Christopher Faulet wrote: Le 7/24/23 à 12:24, Yaacov Akiba Slama a écrit : Hi Christopher, Thanks for report. It is not a known issue, but I can confirm it. When H3 HEADERS frames are converted to the internal HTTP representation (HTX), a flag is missing to s

libcrypt may be removed completely in future Glibc releases

Hi. I have seen this lines in the current glibc release notes https://sourceware.org/glibc/wiki/Release/2.38 ``` 2.1. Building libcrypt is disabled by default If you still need Glibc libcrypt, pass --enable-crypt to the configure script. Note that libcrypt may be removed completely in future

Re: Problems using custom error files with HTTP/2

ut window sizes was addressed by having a setting for each side (front vs back). ``` That the doc link to the alpn keyword. http://docs.haproxy.org/2.8/configuration.html#5.1-alpn Thanks, Nick Regards Alex On 17/04/2023 15:09, Aleksandar Lazic wrote: On 17.04.23 15:08, Willy Tarreau

Re: WebTransport support/roadmap

Hi. On 2023-08-16 (Mi.) 17:29, Artur wrote: Hello ! I wonder if there is a roadmap to support WebTransport protocol in haproxy. There are some explanations/references (if needed) from socket.io dev team that started to support it : https://socket.io/get-started/webtransport Looks like tha

Re: WebTransport support/roadmap

Hi. On 2023-08-17 (Do.) 10:14, Artur wrote: Feature request submitted: https://github.com/haproxy/haproxy/issues/2256 Thank you. I have added a simple picture based on your E-Mails, hope I have understood your request properly. Regards Alex

Re: how to upgrade haproxy

Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: Hi, On Thu, Aug 24, 2023 at 03:23:59PM +0530, Atharva Shripad Dudwadkar wrote: Hi haproxy Team, Can you please help me with the upgrading process regarding haproxy from 2.0.7 to 2.5. in RHEL. Could you please share

Please what is 'new protocol named "reverse_connect"' for?

Hi. I just seen some commits about protocol for active reverse connect and ask me, what's the main use case for that protocol could be? As far as I have seen is it for now for H2 Settings but I'm not sure if I understood the commits right. Regards Alex

Re: [ANNOUNCE] haproxy-2.9-dev4

Hi. On 2023-08-25 (Fr.) 19:35, Willy Tarreau wrote: Hi, HAProxy 2.9-dev4 was released on 2023/08/25. It added 59 new commits after version 2.9-dev3. Some interesting new stuff continues to arrive in this version: [snipp] - reverse HTTP: see below for a complete description. I hope it w

Re: how to upgrade haproxy

=8492a4f37208a6099629101466fec3378a28e73c;hb=HEAD Regards Alex On Thu, 24 Aug 2023 at 4:00 PM, Aleksandar Lazic <mailto:al-hapr...@none.at>> wrote: Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: > Hi, > > On Thu, Aug 24, 2023 at 03:23:59PM +053

Re: HaProxy does not updating DNS cache

Hi. On 2023-09-13 (Mi.) 14:39, Henning Svane wrote: Hi I have tried using a DNS with a TTL of 600 sec. and the DNS changes once in a while, but every time I have to restart Haproxy to get the updated DNS to work. Even if I wait for hours. I can see with nslookup that the server can see the

Re: HAProxy and musl (was: Re: HAproxy Error)

Hi. Resuscitate this old thread with a musl lib update. https://musl.libc.org/releases.html ``` musl-1.2.4.tar.gz (sig) - May 1, 2023 This release adds TCP fallback to the DNS stub resolver, fixing the longstanding inability to query large DNS records and incompatibility with recursive n

Re: Patch sample_conv_json_query in sample.c to return array values

Dear Jens. Please can you create a patch as mentioned in https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING as suggested in https://github.com/haproxy/haproxy/issues/2281#issuecomment-1721014384 Regards Alex On 2023-09-15 (Fr.) 14:57, Jens Popp wrote: Hi, currently the method samp

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6. This version fixes a number of issues in previous development releases and prepares the work for subsequent patch series: [snip] - t

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 14:45, Willy Tarreau wrote: Hi Alex, On Sat, Oct 07, 2023 at 01:51:43PM +0200, Aleksandar Lazic wrote: Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6

Re: [ANNOUNCE] haproxy-2.9-dev7

On 2023-10-08 (So.) 14:15, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: […] Maybe this will then bring up SPOE to a level where the body of a request can be scanned and bring it to a full WAF level or as WASM filter. Any thoughts on the feasib

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi. On 2023-10-10 (Di.) 09:08, Willy Tarreau wrote: Hi Tristan, On Sun, Oct 08, 2023 at 12:15:00PM +, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: [...] Maybe this will then bring up SPOE to a level where the body of a request can be scanned

Re: HA Proxy

Hi Mohammed. Yes HAProxy supports all of the requested capacity and features from below. For a nice example what HAProxy is able to handle can you read this Blog post. https://www.haproxy.com/blog/haproxy-forwards-over-2-million-http-requests-per-second-on-a-single-aws-arm-instance The very

Some filter discussion for the future

Hi. As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options. As far as I know have we this filters. Available filters : [SPOE] spoe [CACHE] cache [FCGI] fcgi-app [COMP] compression [TRACE] trace There is also the httpclien

Re: CVE-2023-44487 and haproxy-1.8

Hi Ryan. On 2023-10-16 (Mo.) 17:49, Ryan O'Hara wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 and later are *not* affetced, w

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. On Mon, Oct 16, 2023, 18:58 Ryan O'Hara > wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Re

Re: CVE-2023-44487 and haproxy-1.8

Proxy.com blog quite accurate why 1.8 is not affected with that CVE. Ryan Regards Alex On Mon, Oct 16, 2023 at 12:41 PM Aleksandar Lazic <mailto:al-hapr...@none.at>> wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: > Does 1.8 support http/2? No. > On

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 20:12, Lukas Tribus wrote: On Mon, 16 Oct 2023 at 19:41, Aleksandar Lazic wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. Actually haproxy 1.8 supports H2 (without implementing HTX), as per the documentation and announcements

Re: Some filter discussion for the future

Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow-up to the tangent we went on in the announce thread. Thanks :-) As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options. [..

Re: Some filter discussion for the future

Hi. FYI: I have created a repo for the rs filter https://github.com/git001/hap-rs-filter feel free to participate/contribute :-) Regards Alex On 2023-10-19 (Do.) 22:53, Aleksandar Lazic wrote: Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow

Missing doc entities in doc/internals

Hi. As I go thru the filter.txt now is this statement written. https://github.com/haproxy/haproxy/blob/master/doc/internals/api/filters.txt#L50C15-L50C23 ``` First of all, to fully understand how filters work and how to create one, it is best to know, at least from a distance, what is a proxy

Re: Missing doc entities in doc/internals

Hi Willy. On 2023-10-20 (Fr.) 23:21, Willy Tarreau wrote: Hi Alex, On Fri, Oct 20, 2023 at 11:11:59PM +0200, Aleksandar Lazic wrote: I can't find any doc about entities in the current git alex@alex-tuxedoinfinitybooks1517gen7 on 20/10/2023 at 23:06:19 /datadisk/git-repos/haproxy $

[PATCH] DOC: internal: filters: fix reference to entities.pdf

Hi. Here the patch to fix the filter.txt file. Regards AlexFrom 68bb30b6ad1b0ca5348a95219b09964aafe9ba36 Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Sun, 22 Oct 2023 18:36:54 +0200 Subject: [PATCH] DOC: internal: filters: fix reference to entities.pdf In doc/internals/api

Re: How to limit client body/upload size?

Hi. On 2023-10-17 (Di.) 16:46, Gilles Van Vlasselaer wrote: Hi, we are currently migrating servers and decided to drop NGINX in favour of HAProxy, however we had issues in the past where people would bomb us with massive file uploads on some services. Is there an equivalent like nginx's 'clien

Re: Question about syslog forwarding with HAProxy with keeping the client IP

Hi, On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote: Hello Support-Team, we are using the HAProxy as load balancer for our Graylog servers. Which version of HAProxy? haproxy -vv The TCP based protocols works fine, but we have some trouble with the syslog forwarding. Our configuration fil

Re: AW: [EXT] Re: Question about syslog forwarding with HAProxy with keeping the client IP

mpression [FCGI] fcgi-app [SPOE] spoe [TRACE] trace Best regards, Sören Hellwig -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Montag, 30. Oktober 2023 17:58 An: Hellwig, Sören ; haproxy@formilux.org Betreff: [EXT] Re: Question about syslog forwarding with HAPr

Re: AW: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP

suggestions how to solve the issue? Best regards, Sören Hellwig Regards Alex -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Mittwoch, 1. November 2023 15:36 An: Hellwig, Sören ; haproxy@formilux.org Betreff: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with

Re: Understanding haproxy's regex

Hi Christoph. On 2023-11-17 (Fr.) 10:26, Christoph Kukulies wrote: I have the following line in my config: backend website     http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ /opencms/\2     server www.mydomain.org 127.0.0.1:8080 Actually I'm used the

Re: [ANNOUNCE] haproxy-2.9-dev10

Hi Willy. On 2023-11-18 (Sa.) 15:40, Willy Tarreau wrote: Hi, HAProxy 2.9-dev10 was released on 2023/11/18. It added 154 new commits after version 2.9-dev9. Wow what a release :-) [snipp] BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() BUG/MEDIUM: mux-h1: fail earlie

Re: [ANNOUNCE] haproxy-2.9-dev10

Hi Tristan. On 2023-11-20 (Mo.) 15:14, Tristan wrote: Hi Aleksandar, On 20 Nov 2023, at 17:18, Aleksandar Lazic wrote: at configuration Change the reload leaves the old processes alive until "hard-stop-after" value and after that is the connection terminated which does not

Re: Mirror concepts

Hi. Feb 13, 2020 1:04:58 AM Panneer Selvam : > Hi I need quick helping for HAproxy mirroring concepts Please can you tell us a little bit more what you need and please answer to all, thanks. Have you read an understand the post? https://www.haproxy.com/blog/haproxy-traffic-mirroring-for-rea

Re: Enquiry regarding Loadbalancer functionality

Hi Mohamed. On 22.02.20 18:24, Mohamed Sherif wrote: Hello, I am writing to you to enquire if the load balancer is capable of determine the target node address and path that address to the source allowing a direct communication between the source and destination with load balancer in between

Let's Encrypt ca-file for check-ssl on server line

Hi. I try to use HA-Proxy version 2.1.3-1ppa1~bionic with Let's Encrypt and ssl-check. My Serverline looks like this ``` server static_stor storage.sbg.cloud.ovh.net:443 resolvers mydns check check-ssl check-sni str("storage.sbg.cloud.ovh.net") ca-file /etc/ssl/certs/ISRG_Root_X1.pem backup

Re: Let's Encrypt ca-file for check-ssl on server line

Hi Lukas. On 02.03.20 22:38, Lukas Tribus wrote: Hello Aleks, On Mon, 2 Mar 2020 at 22:21, Aleksandar Lazic wrote: check-ssl check-sni str("storage.sbg.cloud.ovh.net") For the health check it's: check-sni storage.sbg.cloud.ovh.net (not a expression as per the doc: check-

Re: Let's Encrypt ca-file for check-ssl on server line

On 02.03.20 22:52, Aleksandar Lazic wrote: Hi Lukas. On 02.03.20 22:38, Lukas Tribus wrote: Hello Aleks, On Mon, 2 Mar 2020 at 22:21, Aleksandar Lazic wrote: check-ssl check-sni str("storage.sbg.cloud.ovh.net") For the health check it's: check-sni storage.sbg.cloud.

Re: Let's Encrypt ca-file for check-ssl on server line

Hi all. Thanks for help. Regards Aleks On 02.03.20 23:25, Tim Düsterhus wrote: Aleks, Am 02.03.20 um 23:19 schrieb Aleksandar Lazic: I think I found the solution. ``` curl -vO https://letsencrypt.org/certs/isrgrootx1.pem.txt curl -vo https://letsencrypt.org/certs/lets-encrypt-x3-cross

s390x and HAProxy?

Hi. I'm wondering that this target is tested. http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=d726386421dcd184ca2518d17332f82e9cd79f2d Are there really user which runs HAProxy on Host? 8-O How perform HAProxy on that platform? Regards Aleks

Re: s390x and HAProxy?

t on Host or power. > пт, 13 мар. 2020 г. в 16:07, Aleksandar Lazic < al-hapr...@none.at >: > > > > Hi. > > > > I'm wondering that this target is tested. > > http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=d726386421dcd184ca2518d17332f82e9cd79f2d >

Re: [PATCH]: BUILD link to lib atomic on ARM

On 15.03.20 11:33, David CARLIER wrote: Hi Here a little patch proposal to fix build on ARM. Regards. Ähm, maybe my mail client hide the Patch because I can't see it ;-)? Regards Aleks

Re: LogParser friendly logs

Hi. On 20.03.20 13:15, Илья Шипицин wrote: Hello, there's Microsoft LogParser. good thing about it, it likes self-consistent CSV logs (or TSV), when first line is fields. it helps to change log format on the fly (for example, in IIS), so IIS starts new log once format is changed. you can qu

Re: LogParser friendly logs

Trident/4.0) - 404 0 2 1 2017-06-26 13:11:23 192.168.183.152 GET /favicon.iso - 808 - 10.33.41.142 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0) - 404 0 2 2 Ah okay, well as far as I know is this not implemented. пт, 20 мар. 2020 г. в 17:54, Aleksandar Lazic mailto:al-hapr..

Re: [RFC] BUG/MEDIUM: Checks: support for HTTP health checks with POST and data corrupted by extra connection close

On 26.03.20 09:42, Willy Tarreau wrote: On Thu, Mar 26, 2020 at 09:25:31AM +0100, Christopher Faulet wrote: It is a good idea. For now, I have only few idea though. For the header part, it must not be a raw block. Because it will be really hard to keep the same syntax with the HTX. I propose to

Re: testing and validating complex haproxy.conf rules

Hi Dave. On 31.03.20 09:24, Dave Cottlehuber wrote: hi all, Our main haproxy.conf has practically become sentient... it's reached the point where the number of url redirects and similar incantations is very hard to reason about, and certainly not test or validate, until it's shipped. In fact I

Re: testing and validating complex haproxy.conf rules

Hi Dave On 01.04.20 00:36, Dave Cottlehuber wrote: On Tue, 31 Mar 2020, at 07:53, Aleksandar Lazic wrote: Hi Dave. On 31.03.20 09:24, Dave Cottlehuber wrote: hi all, Our main haproxy.conf has practically become sentient... it's reached the point where the number of url redirects and si

Re: SameSite=None for persistent session cookie, problem with old browsers

Hi. On 02.04.20 09:36, Matthias Zepf wrote: Hi, for a client we develop a web shop application that handles payment by redirecting the user to a page of a payment service provider. After successful (or failed) payment the user is redirected back to our application with a post request. With C

Re: [RFC] Consistent Hashing for Replica Sharding

Hi. On 03.04.20 09:16, Dario Di Pasquale wrote: Hi! I write on behalf of Immobiliare.it, an Italian company leader in the real estate services and advertising market, we are using almost exclusively HAProxy for our load-balancing. In particular, we are using a patched version of HAProxy to bal

Re: 503 SC with fcgi

What's in the php error log? Apr 7, 2020 5:18:11 PM Ionel GARDAIS : > Hi, > > I'm giving a try to FCGI. > I'm running 2.1.3-3 on debian. > I follow > https://www.haproxy.com/fr/blog/load-balancing-php-fpm-with-haproxy-and-fastcgi/ > > Here are the relevant parts of the config : > > acl to-sl

Re: [*EXT*] Re: 503 SC with fcgi

*De: *"Ionel GARDAIS" *À: *"Aleksandar Lazic" *Cc: *"haproxy" *Envoyé: *Mardi 7 Avril 2020 20:23:42 *Objet: *Re: [*EXT*] Re: 503 SC with fcgi Nothing. Quiet as the streets during COVID-19. --

Re: [*EXT*] Re: 503 SC with fcgi

On 08.04.20 08:52, Ionel GARDAIS wrote: It works with 127.0.0.1:29001 (the listener I configured for this pool) That's an important successful test. I personally prefer the tcp way to afoid such problems. About the socket : - it lives in /run/php with $ ls -alF /run/php/speedtest-fpm.sock srw

Re: [*EXT*] Re: 503 SC with fcgi

On 08.04.20 09:46, Ionel GARDAIS wrote: Oh my ! This is a chroot issue. haproxy is running in chroot but the fpm socket is outside. When placing the socket inside the jail, it works with the socket. Does the performance difference between IP and socket is worth the trouble ? I'm sure there are

Re: Crazy anomaly!

Hi Nicolas. On 08.04.20 20:34, Nicolas Pujol wrote: Hi, I installed haproxy and two test servers with the basic configuration of nginx + listening on port 443. The HAProxy server provides the Let's encrypt SSL certificates. When I consult the 2 sites in HTTP, I have no problem. With HTTPS i

Check if backup server is active

Hi. I try to use automatically the backend server when the primary serve is not available. The following snipplet is my solution with haproxy (2.1.3-3ppa1~bionic). Is there a bette solution or is this a okay solution from HAProxy point of view? ``` backend be_static   log global   option httpc

FYI OKD (OpenShift Origin) 3.11 Router with HAProxy 2.1 and TLS 1.3

Hi. There was a question in the openshift-dev channel from @Josef how to build the OKD 3.11 Router with newer HAProxy version. I have now created a new OKD Router image with HAProxy 2.1 and TLS 1.3 and pushed it to docker hub. https://hub.docker.com/repository/docker/me2digital/okd-router-hap2

Re: interpreting haproxy 2.1 EOL statement

On 03.03.20 15:28, Andrew McDermott wrote: Hi, From the following: $ ~/git.haproxy.org/haproxy-2.1/haproxy -v HA-Proxy version 2.1.3-ce757f-13 2020/02/21 - https://haproxy.org/ Status: stable branch - will stop receiving fixes around Q1 2021. Known bugs: http://www.haproxy.org/bu

Re: Question regarding increasing requests more than 32kb

Hi. On 13.04.20 08:18, Aravind Viswanathan wrote: Hi Team, Good Morning. We are using HaProxy as a load balancer in our bitbucket system and Bitbucket is linked to JIRA via Application links. Please can you share the haproxy version and your config. haproxy -vv Recently we noticed an err

Re: Use lua setting a server port

Apr 13, 2020 2:43:06 PM io Sen : > we have a function to setting server ip address : set_addr > and we have a function to query server ip address and server port now : > get_addr > but not have a setting server port function , > Is it possible for set_addr to support setting ports? > like this: >

Re: Question regarding increasing requests more than 32kb

set, because it's not just set a parameter. I strongly recommend to understand what this parameter do, which impact it have and why it's in the specific section. Regards, Aravind Viswanathan -Original Message----- From: Aleksandar Lazic Sent: Monday, April 13, 2020 4:14 PM T

Re: HAproxy Error

Hi. On 15.04.20 13:39, bindushree...@cognizant.com wrote: ++Adding attachement Thank you in advance. Thanks, Bindushree D B *From:* D B, Bindushree (Cognizant) *Sent:* Wednesday, April 15, 2020 5:08 PM *To:* haproxy@formilux.org *Subject:* HAproxy Error *Importance:* High Hi Team, We are i

Re: HAproxy Error

On 15.04.20 14:57, Tim Düsterhus wrote: Aleks, Ilya, Am 15.04.20 um 14:35 schrieb Aleksandar Lazic: Useless disclaimer for a public mailing list! Am 15.04.20 um 14:25 schrieb Илья Шипицин:> hello. should we destroy this message ? Can we please stop complaining about these disclaimers?

Re: Disclaimer in emails

On 15.04.20 16:28, Lukas Tribus wrote: Hello Tim, Aleks, I fully agree with everything Tim just said. Let's keep the list about haproxy. I agree with this line only. Lukas

Re: HAproxy Error

On 16.04.20 10:57, Willy Tarreau wrote: On Thu, Apr 16, 2020 at 10:26:54AM +0200, Willy Tarreau wrote: Hi Lukas, On Thu, Apr 16, 2020 at 09:44:39AM +0200, Lukas Tribus wrote: Provide the output of "which haproxy" and "haproxy -vv", I doubt you are actually running the Redhat package you indica

New color on www.haproxy.org

Hi. I like the new table on https://www.haproxy.org/ . The color show now much easier which version is in which state ;-) Regards Aleks

Log Backend call

Hi. I haven't seen any option to log the request after the `http-request set-... ` phase. Is this covered in %HP or is this the request from the client? That's the code and it looks to me that this isn't set after the rewrite phase. http://git.haproxy.org/?p=haproxy.git;a=blob;f=src/log.c;hb=d

Re: Log Backend call

I have created a issue for this. https://github.com/haproxy/haproxy/issues/589 On 19.04.20 00:15, Aleksandar Lazic wrote: > Hi. > > I haven't seen any option to log the request after the `http-request set-... > ` phase. > > Is this covered in %HP or is this the

OT: I love this Project ;-)

Hi all. I know it's a little bit off topic but because I have in another project reached a big milestone, with the support of the People here, I would like to say. HAProxy People and Community and Program is really great ;-) ;-) ;-) ;-). Very best wishes Aleks

'http-check connect default linger proto fcgi' keeps connections open?

Hi. I wanted to use the shiny new http-check feature and have seen that the connection keeps alive after the health check. I have also tried to remove "linger" but this does not change anything. Maybe I make something wrong. My setup: I used here the docker hub haproxy Dockerfile and just used

<    1   2   3   4   5   6   7   8   9   10   >