ed.
Now you said it, and I step back a bit, I also consider there is no value
in this action, appart being clear on the action name and gives us the
ability to be very cautious if we update the behavior of ACT_CUSTOM in the
future.
I can remove ACT_HTTP_DO_RESOLVE and add a comment in ACT_CUSTOM saying
that the do-resolve action relies on this code, just in case.
Baptiste
ephemeral services.
Baptiste
From c3baea8c50a7dcbe4557c4a578fcbd252ffb7c56 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Tue, 30 Jan 2018 08:10:20 +0100
Subject: [PATCH 3/4] MINOR: obj_type: new object type for struct stream
This patch creates a new obj_type for the struct stream
I can provide packet captures of the
> DNS
> > resolution and a sample config to reproduce the problem if you are
> interested.
> >
>
> this is indeed a regression in haproxy. thanks for reporting it.
> attached patch should fix it.
> CC'ing Remi as the original author, and Baptiste, as DNS maintainer.
>
> Jérôme
>
Hi Lehonard, Jerome,
Thanks for reporting and fixing this respectively.
@Willy you can apply.
Baptiste
> single session key can be stored per server.
>
> Willy
>
>
Hi,
I don't know H2 well, but can't we forge an HTTP/2 query using tcp-check
script?
Baptiste
nt errors / failure per client and why not block them at
the LB layer.
Baptiste
/haproxy_mqtt_lua
I hope this will be useful to some of you.
I am planning to write in native C the converter and the fetch above.
Baptiste
Hi,
You can also forge a http post with the tcp-check. This would be less hacky.
Baptiste
Le jeu. 6 déc. 2018 à 09:11, Māra Grīnberga a écrit :
> I mean, thanks! I'll look into it!
>
> Mara
>
> On Thu, Dec 6, 2018, 10:04 Jarno Huuskonen
>> Hi,
>>
>> On
You can see the cipher list for both connections.
I am unfortunately not familiar with reg-test, but I can have a look at it
and contribute one if you want.
Baptiste
On Thu, Nov 29, 2018 at 9:01 AM Willy Tarreau wrote:
> Hi Baptiste,
>
> On Wed, Nov 28, 2018 at 03:
this issue.
Baptiste
From f2c79803c6bcb69866f54c8a5833bd0178bea64c Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Wed, 28 Nov 2018 15:20:25 +0100
Subject: [PATCH] BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
In ssl_sock_parse_clienthello(), the code considers that SSL
Hi,
After debriefing internally, the fix will be much longer and may even
trigger a new server-state file format.
I keep you updated.
Baptiste
On Sun, Nov 4, 2018 at 7:11 PM Baptiste wrote:
> Hi Sven,
>
> I reviewed the whole thing and I think the support of port in state file
&g
it.
(it's more complicated than moving the code
"""
if (port_str)
srv->svc_port = port;
"""
a couple of lines above).
Baptiste
On Tue, Oct 9, 2018 at 10:52 AM Sven Wiltink wrote:
> Hey Baptiste,
>
>
> We noticed the SRV pa
On Mon, Oct 8, 2018 at 7:57 PM Aleksandar Lazic wrote:
> Am 08.10.2018 um 19:35 schrieb Willy Tarreau:
> > On Mon, Oct 08, 2018 at 07:27:39PM +0200, Aleksandar Lazic wrote:
> >> Hi Baptiste.
> >>
> >> Am 08.10.2018 um 16:20 schrieb Baptiste:
> >>>
rche?
Ou mieux, faire un arbre qui avec en point d'entrée "/" ?
Baptiste
On Wed, Oct 3, 2018 at 2:00 PM Pierre Cheynier
wrote:
> Hi Willy,
>
> > Not really. Maybe we should see how the state file parser works, because
> > multiple seconds to parse only 30K lines s
l fail
too:
[ALERT] 247/111027 (28758) : config : backend 'bk_pouet', server 'bla':
unable to find required resolvers 'dns'
[ALERT] 247/111027 (28758) : Fatal errors found in configuration.
Baptiste
From e618d06562a41d44c6023f2ea4f5d4a2ff306490 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
D
On Tue, Sep 4, 2018 at 5:46 PM, Willy Tarreau wrote:
> On Tue, Sep 04, 2018 at 10:02:09AM +0200, Baptiste wrote:
> > This patch improve the server-state file to fix this issue: the srv
> record
> > used to manage this server is now saved by the previous process and
>
versions).
Baptiste
From 42dc52b1a992212e31b67a31441036b494a3d935 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Tue, 4 Sep 2018 09:57:17 +0200
Subject: [PATCH] BUG/MEDIUM: dns/server: fix incomatibility between SRV
resolution and server state file
Server state file has no indication
Dear,
I just have upgraded to the last release of HAProxy 1.8 and it's good
working now.
Regards
Le 20/08/2018 à 13:39, Aleksandar Lazic a écrit :
> Hi.
>
> Am 20.08.2018 um 10:20 schrieb Jean-Baptiste Berthelin:
>> Hello,
>>
>> Since I have upgrade my Chrome webbrows
oxy/domain_crt_list :
/etc/haproxy/domain-com.pem [verify optional] my.domain.com
/etc/haproxy/domain2-com.pem *.domain.com
~~~
The certificate provided by the haproxy server is different according to
the SNI, but the "verify" option is not take in account.
Is it a known bug or is there a workaround ?
Best regards
--
*Jean-Baptiste Berthelin*
~~
Le certificat présenté par le serveur est bien différent selon le SNI,
mais l'option "verify" ne semble pas interprétée.
Cordialement
--
*Jean-Baptiste Berthelin*
attachment fixes this behavior.
This patch should be backported into HAProxy 1.8 as well.
Baptiste
From 140432e3eeff0dfd36b48310a64b908bde7cc90f Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Fri, 10 Aug 2018 10:56:38 +0200
Subject: [PATCH] BUG/MINOR: dns: check and link servers' resolve
ontend testdomain
bind 172.16.0.17:80 <http://172.16.0.17/>
bind 172.16.0.17:443
mode http
acl redirectarchives path_beg -i /ua
use_backend testbe if redirectarchives
# default_backend stageweb
backend testbe
http-request redirect location %[path]/ code 302 unless { path_end / }
http-request set-path %[path,regsub(^/ua,)]
balance leastconn
option forwardfor
server ext1 172.17.0.18:80 <http://172.17.0.18/> check port 80
Baptiste
st result OK
> select : pref=150, test result FAILED
> Total: 3 (2 usable), will use epoll.
>
> Available filters :
> [SPOE] spoe
> [COMP] compression
> [TRACE] trace
> Using epoll() as the polling mechanism.
>
>
>
> On Wed, Aug 8, 2018 at 9:24
So I don't expect this is a bug
On Thu, Aug 9, 2018 at 4:16 AM, Dustin Schuemann
wrote:
> I don’t believe so.
>
> I just have IP addresses in my backend configuration
>
>
>
So I don't expect this is a bug.
Might be a misconfiguration somwhere.
What does HAProxy says when you run it in debug
rom-file global
>
> I've verified that the servers I changed via the socket are in the state
> file.
>
Hi Dustin,
Are you using DNS resolution based on SRV records for those servers?
Baptiste
On Wed, Aug 8, 2018 at 11:09 PM, Willy Tarreau wrote:
> Hi Baptiste,
>
> On Wed, Aug 08, 2018 at 08:14:31PM +0200, Baptiste wrote:
> > Hi Willy,
> >
> > Could you please also backport those patches to 1.8?
> > Actually, 1.8 broke a haproxy's default behavior
he right check, should it not be found by the configuration
> checker command?--> So we found a small little bug?;-).
>
> Thanks and have a nice day,
> Marcos Moreno.
>
Hi Marcos,
Thanks for reporting this!
You're testing procedure is the right one and I'm a bit suprised this is
happening!
I can also confirm I can reproduce this behavior and I will provide a fix
soon.
Baptiste
Amazing work. congrats all
Baptiste
In other words, you may want to enable "option prefer-last-server". But in
such case, you won't load-balance anymore (all requests should go to the
same server.
Baptiste
On Fri, Jul 27, 2018 at 7:09 PM, Cyril Bonté wrote:
> Hi Alessandro,
>
>
> Le 27/07/2018 à 17:5
).
The first 3 patches are clean up and the code is in the 4th one.
Note that I may move the other resolve-* keywords into the resolve-opts
(older keywords will still be valid for backward compatibility).
Baptiste
From 348effd9e5182687a51b52312ac054286599af07 Mon Sep 17 00:00:00 2001
From: Baptiste
TCP won't help.
As I stated in my previous mail, AWS DNS servers only returns 8 records per
response (they are "roundrobined"), even in TCP (I did try with "drill" DNS
client).
So, your only way to go is to use the "hold obsolete" timer.
On Thu, Jul 5, 2018 at 3:
into the state file. (WIP, but last mile)
Once it has been merged, we'll be able to fix this issue (by applying the
port only when the server is being managed by an SRV record).
Baptiste
On Tue, Jul 3, 2018 at 3:41 PM, Sven Wiltink wrote:
> Hey Baptiste,
>
>
> Thank you
Sorry to wake up an old thread, but I'm very concerned by the lack of
"architecture guide" documentation with HAProxy.
Did we make any progress on this topic?
Baptiste
I have a question: what would be the impact on "retries" ? At first, we
could use it as of today. But later, we may want to retry from a different
source IP.
Baptiste
Ah yes, I also added the following "init-addr none" statement on the
server-template line.
This prevents HAProxy from using libc resolvers, which might end up in
unpredictible behavior in that enviroment
Baptiste
On Tue, Jul 3, 2018 at 3:18 PM, Baptiste wrote:
> Well, I
le even if
the DNS server did not return it in the SRV record list.
Baptiste
On Tue, Jul 3, 2018 at 1:26 PM, Baptiste wrote:
> Answering myself... I found my way in the menu to be able to allow port
> 9000 to read the stats page and to find the public IP associated to my
> "a
ou updated.
On Tue, Jul 3, 2018 at 1:06 PM, Baptiste wrote:
> Hi Jim,
>
> I think I have something running...
> At least, terraform did not complain and I can see "stuff" in my AWS
> dashoard.
> Now, I have no idea how I can get connected to my running HAProxy
>
ppreciated.
Baptiste
On Tue, Jul 3, 2018 at 11:39 AM, Baptiste wrote:
> Hi Jim,
>
> Sorry for the long pause :)
> I was dealing with some travel, conferences and catching up on my backlog.
> So, the good news, is that this issue is now my priority :)
>
> I'll try to first reprodu
repo to help me speed up in that step).
Baptiste
On Mon, Jun 25, 2018 at 10:54 PM, Jim Deville
wrote:
> Hi Bapiste,
>
>
> I just wanted to follow up to see if you were able to repro and perhaps
> had a patch we could try?
>
>
> Jim
> -
state (where port is X)
- update conf to v2, where port is Y
reload HAProxy => X is applied, while you expect to get Y instead
Baptiste
On Mon, Jun 25, 2018 at 12:55 PM, Sven Wiltink wrote:
> Hello,
>
>
> So we've dug a little deeper and the issue seems to be caused by t
Hi,
Actually, the problem was deeper than my first thought.
In its current state, statefile and SRV records are simply not compatible.
I had to add a new field in the state file format to add support to this.
Could you please confirm the patch attached fixes your issues?
Baptiste
On Mon, Jun
ou extract the second word, starting at the end of the
string.
Baptiste
On Mon, Jun 25, 2018 at 12:29 PM, Daniel Schneller <
daniel.schnel...@centerdevice.com> wrote:
> Hi!
>
> Just double checking to make sure I am not simply blind: Is there a way to
> reverse a string using a samp
by
HAProxy)
If your servers are fully operational, can you try set 'timeout check' to
1s and see what happens?
and also, the output of 'haproxy -vv' would be interesting.
Baptiste
On Tue, Jun 26, 2018 at 7:11 PM, Adwait Gokhale
wrote:
> Hi Baptiste,
>
> Here is the haproxy configura
know that I think I found the cause of the issue but I
don’t have a fix yet.
I’ll come back to you this week with more info and hopefully a fix.
The issue seem to be in srv_init_addr(), because srv->hostname is not
set (null).
Baptiste
the backend id.
Baptiste
hes in attachment, 3 of them can be backported. They are
more cosmetic than anything, but it took me some time to figure out who,
from the code or the comment was wrong...
This feature was requested by Ryuzaki on discource. I just provide him the
patches, so waiting for his feedback.
Baptiste
F
> master_sync_in_progress:1
>>
>
> Try using *rstring* intead of *string*. I that fails too try escaping
> the column like "master_sync_in_progress\:1"
>
> tcp-check send QUIT\r\n
>> tcp-check expect string +OK
>>
>> server sc-redis1_63811 10.10.68.61:63811 check
>> server sc-redis1_63812 10.10.68.61:63812 check
>> server sc-redis1_63813 10.10.68.61:63813 check
>>
>>
>> Best regards,
>> Dmitriy Kuzmin
>>
>
>
I'm not sure what string you're trying to match. Could you paste the output
of "info replication" somewhere on pastebin or gist?
Baptiste
and by the way, I had a quick look at the pcap file and could not find
anything weird.
The function you're pointing seem to say there is not enough space to store
a server's dns name, but the allocated space is larger that your current
records.
Baptiste
helpful as well.
>
> Thanks,
> Jim
>
Hi guys,
Thanks for the report and the troubleshooting already done.
Something that would help me a lot, is to be able to reproduce the issue.
2 options from here, either you provide the smallest terraform script which
allows to reproduce the platform or you provide me an access to a temporary
platform so I could troubleshoot live.
(we can carry on this conversation off list of course).
Baptiste
Le dim. 17 juin 2018 à 14:10, Patrick Gansterer a
écrit :
>
> > On 17 Jun 2018, at 13:36, Baptiste wrote:
> >
> > Can they be used to validate oauth tokens too?
>
> Depends on the implementation of the tokens, but if they are HMACSHA256
> signed JWT, it’s very
_list sample_conv_kws = {ILH, {
> + { "digest", sample_conv_crypto_digest, ARG1(1,STR), NULL,
> SMP_T_BIN, SMP_T_BIN },
> + { "hmac", sample_conv_crypto_hmac, ARG2(2,STR,STR), NULL,
> SMP_T_BIN, SMP_T_BIN },
> + { /* END */ },
> +}};
> +
> +__attribute__((constructor))
> +static void __crypto_init(void)
> +{
> + sample_register_convs(_conv_kws);
> +}
> --
> 2.17.1
>
Hi,
Nice ones.
Can they be used to validate oauth tokens too?
Note: maybe an update for configuration.txt would be helpful too.
Baptiste
nown bug or is it a misconfiguration of some sorts? Appreciate
> your help with this.
>
> Thanks,
> Adwait
>
Hi,
Maybe you could share your entire configuration?
That would help a lot.
Baptiste
time. I don't have any insight into doing that - I can just see that
> it might be ... interesting :-)
>
> If Willy and the rest of the folks who'd have to support this in the
> future feel like this feature is worth it, please take this as an
> enthusiastic "yes please!" from a user!
>
> Jonathan
>
>
Hi,
what's the use case?
Is this API gateway kind of thing?
Baptiste
do it, I'm afraid it's a huge task and I
won't have enough time to do it.
Baptiste
ps://github.com/bedis/dnsserver
So feel free to contribute to it or write your own :)
I'm going to use it to troubleshoot the issue you reported. That said,
nothing is better than other real DNS servers (bind / unbound / powerdns
and others) for real production.
Baptiste
try and reduce up the time it
> takes to populate the backend servers with addresses in an effort to lessen
> the effects of #1
>
>
I'll work on this one as soon as I fixed the bug above/
Baptiste
Hi Fred,
Amazing work. Looking forward to write some of those :)
According to you, would it be compicated to automate tests on the DNS
resolvers, the stats socket, etc...
I mean, anything which is not really HTTP?
Baptiste
pp
[...]
balance hdr(X-Cook-Uuid)
hash-type consistent sdbm
http-request set-header X-Cook-Uuid %[req.cook(UUID)]
http-request set-header X-Cook-Uuid-Hashed %[req.hdr(X-Cook-Uuid),sdbm]
Simply adjust hash-type algorithm to the right converter name.
More on converter:
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.1-sdbm
Baptiste
e the limitations I discovered. My
> knowledge of C (and the internal workings of HAproxy) is not great
> otherwise this would probably be a patch submission for #1 :)
>
> Tait
>
>
I'll check that for you. (In the mean time, please keep on answering to
Aleksandar emails, the more info I'll have, the best).
Baptiste
Hi,
Thanks all for the amazing work :)
I just like to focus on a particular point:
- wiki : we all know that the architecture guide is obsolete, everyone
> wants to refresh it and nobody can because it's a tedious task that
> no single person can address, and nobody anymore knows all
this and you get my Ack :)
And thanks for your patience and your retransmits.
Baptiste
On Tue, May 29, 2018 at 9:16 PM, Ben Draut wrote:
> This should be it. The only outstanding item was a couple of:
>
> if (... != NULL)
> free(...)
>
> at the bottom. Willy said he'd fix t
Hi,
I'm a bit lost: could you please re-send me the latest version of this
patch?
Baptiste
On Thu, May 24, 2018 at 5:02 PM, Ben Draut wrote:
> Willy, I think you've reviewed this one already. :) I fixed a few
> things after your review, then you said you just wanted to wait
> for
cess, like this in your
frontend:
bind :80 process 1
bind :80 process 2
...
Maybe one of your process is being saturated and you don't see it . The
configuration above will ensure an even load distribution of the incoming
connections to the HAProxy process.
Baptiste
On Fri, May 11, 2018
On Tue, May 8, 2018 at 8:17 PM, Baptiste <bed...@gmail.com> wrote:
> Hi All, Thierry,
>
> I'm trying to use the converter 'table_http_req_cnt()' from a Lua script,
> but I'm not successful and so I wonder how I'm supposed to use the
> converter class (txn.c:)...
>
&g
-class
Like for the fetches class:
https://www.arpalert.org/src/haproxy-lua-api/1.8/index.html#fetches-class
Any help would be appreciated. (HAProxy 1.8, HTTP action context, where I
want to pass a string to the converter table_http_req_cnt to read some data
from my table).
Baptiste
ture, and we reserve
> >> 'use-system-resolvers' for the feature that Jonathan described?
> >
> > Perfect! "parse" is quite explicit at least!
>
> Works for me :-)
>
>
Great, amazing!!!
Ben, could you provide a patch using native code? (no third party libraries)
Baptiste
Hi all,
Thanks a lot for your various investigations!
As a conclusion, HAProxy's behavior is "as expected".
Baptiste
So, it seems that responses that does not match the case should be dropped:
https://twitter.com/PowerDNS_Bert/status/983254222694240257
Baptiste
is ASCII.
>
> Section 4.1 "DNS Output Case Preservation" mentions this: "No "case
> conversion" or "case folding" is done during such output operations,
> thus "preserving" case."
>
> Regrads,
> Dennis
>
>
Hi All,
Let me ask some advices to our friends of PowerDNS :)
Baptiste
in conjunction with nameserver
directives in the resolvers section
- HAProxy should emit a warning message when parsing a configuration which
has no resolv.conf neither nameserver directives enabled
Is that correct?
Baptiste
d natively in HAProxy
- (for Lukas) what do you think is better, a configuration option to
trigger parsing of resolv.conf or as proposed, if no nameserver are found,
we use resolv.conf as a failback?
As the maintainer of the DNS code in HAProxy, don't hesitate to ask me any
questions.
Baptiste
gers the issue:
> (Note the reply CaSe does not match query. I can also provide a simple
> Python server that performs uppercase in its reply, for replication of
> this.)
> ---
> $ dig @127.0.0.1 -p 1153 example.com
>
> ;; QUESTION SECTION:
> ;EXAMPLE.COM. IN A
>
> ;; ANSWER SECTION:
> EXAMPLE.COM. 60 IN A 127.0.0.1
>
>
>
> Thanks for any assistance,
> Dale Smith
>
>
Hi Dale,
Thanks for the report!
Please share your patch here and I'll have a look, so we could merge it.
Baptiste
On Thu, Feb 22, 2018 at 2:04 AM, Lukas Tribus <lu...@ltri.eu> wrote:
> Hello Baptiste,
>
>
>
> On 21 February 2018 at 19:59, Lukas Tribus <lu...@ltri.eu> wrote:
> > Baptiste, I don't think you'd find the symptoms I have in mind
> > acce
On Wed, Feb 21, 2018 at 11:07 AM, Lukas Tribus <lu...@ltri.eu> wrote:
> Hello Baptiste,
>
>
> On 21 February 2018 at 08:45, Baptiste <bed...@gmail.com> wrote:
> >> Is this downgrade at good thing in the first place? Doesn't it hide
> >> configuration and
Hi Lukas,
Le 19 févr. 2018 23:37, "Lukas Tribus" <lu...@ltri.eu> a écrit :
Hello Baptiste,
On 19 February 2018 at 18:59, Baptiste <bed...@gmail.com> wrote:
> Hi guys,
>
> While working with consul, I discovered a "false positive"
st practice is to implement an application layer "ping" every
1 minute and set the timeout tunnel to 61s.
Baptiste
DNS over TCP :)
ot related to Mike's case, but deserves a fix. I'll work on it
asap.
Baptiste
On Mon, Feb 12, 2018 at 10:17 AM, Baptiste <bed...@gmail.com> wrote:
> Continuing on my investigation I found an other interesting piece of
> information:
> I run haproxy and my consul environment in a dock
is starting
Now I can reproduce the bug, I'm going to investigate what's happening and
provide a fix asap.
Thanks a gain Mike for reporting!!!
Baptiste
On Mon, Feb 12, 2018 at 10:17 AM, Baptiste <bed...@gmail.com> wrote:
> Continuing on my investigation I found an other interest
if there are too
many sensitive information)
Baptiste
On Mon, Feb 12, 2018 at 9:25 AM, Baptiste <bed...@gmail.com> wrote:
> First, I confirm the following bug in consul 1.0.5:
> - start a X instances of a service
> - scale the service to X+Y (with Y > 1)
> ==> then consul crashes..
1 -p 8600 -t SRV _mfm-monitor-opentsdb
._tcp.service.consul
Baptiste
On Mon, Feb 12, 2018 at 8:27 AM, Чепайкин Михаил <mchepay...@gmail.com>
wrote:
> Im on Consul 1.0.2.
>
> Why do you think this issue is about serving SRV over UDP, rather than
> about different order o
rvice name in consul.
Baptiste
On Wed, Feb 7, 2018 at 2:52 PM, Чепайкин Михаил <mchepay...@gmail.com>
wrote:
> Hi!
>
> I have a Consul as service discovery tool and HAProxy as load balancer.
>
> In Consul registered a service running on a number of servers, and this
&g
or logging purpose,
etc...).
This feature should not be used "as is" to find out the server IP address
since an attacker may use it to scan your network. So always combine it
with some ACLs to refuse destination IP such as loopback, private subnets,
HAProxy's public IP,etc...
Enjoy!
Unfortunately, this may not be backported into 1.8.
We do backport only bug fixes and this is a feature.
Baptiste
On Mon, Jan 8, 2018 at 10:20 PM, Jim Freeman <sovr...@gmail.com> wrote:
> Your proposal aligns with what I was thinking over the weekend.
>
> I'll try to be cle
fallback to resolv.conf parsing.
If you fill comfortable enough, please send me / the ml a patch and I can
review it.
If you have any questions on the design, don't hesitate to ask.
Baptiste
On Mon, Jan 8, 2018 at 1:56 PM, Jim Freeman <sovr...@gmail.com> wrote:
> No new libs needed.
haproxy.
>
>
> Any other solution?
>
>
Hi Michael,
Maybe you could tell us more about your workload and share with us your
configuration.
This will help the diagnostic.
Also, can you confirm you tuned some sysctls? (I mainly think about the
port range one)
Baptiste
to do the http routing. Nothing is provided by Swarm mode
yet for this purpose. So you must use labels, as traefik has designed it.
Baptiste
Hi,
This is due to the way the configuration parser works currently.
It parses those lines "atomically". We might want to move this
configuration checking in the sanity checks which is executed once we
launched the conf.
Baptiste
On Thu, Nov 2, 2017 at 11:08 PM, Thayne Mc
hi
You miss a "maxconn 8000" in your frontend as well.
maxconn in the global section is process-wide, but it does not apply to the
frontend (which is limited to 2000 connections by default).
Baptiste
On Fri, Oct 27, 2017 at 2:58 PM, kushal bhattacharya <
bhattacharya.kush...@gma
Hi,
I saw that the UUID was missing in the Proxy Class in Lua, so I added it.
The patch is in attachment.
Baptiste
From 7fc0433e3f2da0e86bc5ae0cd845856ec23743b7 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann <bed...@gmail.com>
Date: Thu, 26 Oct 2017 21:51:58 +0200
Subject: [PATCH] MINO
Hi,
While testing Christopher's DNS "thread-safe" code, I found a bug in
srv_update_status following a recent update (related to threads too).
The patch is in attachment.
Cheers
From 441b65d0d7df8f84c19663f57a4ec6a35f4e8d1e Mon Sep 17 00:00:00 2001
From: Baptiste Assmann <bed...@gm
Hi Joel,
You can also use the server-state file with init-addr set to last,libc.
That way, if an IP address is found in the state file, HAProxy will apply
it and won't perform a DNS resolution at configuration parsing time.
Baptiste
On Fri, Oct 13, 2017 at 4:32 PM, Joel W Kall <j...@loop54.
I also fixed it in a patch set to make the resolution pool dynamic :)
Baptiste
Hi,
A regression has been introduced into the function handling TCP/HTTP action
"set-dst-port".
It actually does not change the right port (changing the source port on the
server side connection instead of changing the destination one).
The patch in attachment fixes this issue.
Bap
get to mix this with server-templates, such as:
backend red
server-template red 20 _http._tcp.red.default.svc.cluster.local:8080
resolvers kube inter 1s check resolve-prefer ipv4
Enjoy and report any issues!!!
Baptiste
urfer/haproxytool
You may still have to configure one stats socket per process :)
Baptiste
aking time to test and report your findings!
>
> On 08/11/2017 11:10 AM, Baptiste Assmann wrote:
> >
> > Hi All
> >
> > So, I enabled latest (brilliant) contribution from Olivier into my
> > Kubernetes cluster and I discovered it did not work as expected.
> > Af
se only...
For production purpose, HAProxy Technologies contributes to the haproxy
ingress implementation in kubernetes (the one you linked). This
implementation is based on HAProxy stable and does not take into
account the SRV records yet (should be updated later once HAProxy 1.8.0
will be available).
Baptiste
e a headless service called 'red' in my kubernetes, it
points to my 'red' application)
backend red
server-template red 20 _http._tcp.red.default.svc.cluster.local:8080
inter 1s resolvers kube check
In one line, we can enable automatic "scalling follow-up" in HAProxy.
Baptist
On Wed, Aug 9, 2017 at 4:40 PM, Willy Tarreau <w...@1wt.eu> wrote:
> On Wed, Aug 09, 2017 at 04:00:04PM +0200, Olivier Houchard wrote:
> >
> > Hi,
> >
> > After some review and tests by Baptiste, here comes an updated patchset,
> > with a few bugfixes.
>
http-buffer-request" (since HAProxy 1.6) to
collect the request body (up to a tune.bifsize size).
Baptiste
101 - 200 of 1451 matches
Mail list logo