Great news, congratulation Thierry!
Baptiste
On Sat, Feb 28, 2015 at 9:03 AM, Baptiste wrote:
> On Sat, Feb 28, 2015 at 8:42 AM, Vivek Malik wrote:
>> Hi Baptise,
>>
>> Using set-map on the stats socket gives the expected result (except
>> that I can't use functions there). set map motion.map monday 12345 di
epoll : pref=300, test result OK
> poll : pref=200, test result OK
> select : pref=150, test result OK
> Total: 3 (3 usable), will use epoll.
Hi Vivek,
I can reproduce the bug, I'm digging into it.
Baptiste
" is a value instead of key, the
> set-map works fine.
>
> echo "show map motion.map" | socat stdio /var/run/socket-haproxy
> 0x13c1b90 1425089710 monday
>
>
> Please suggest if I have stumbled across a bug or I am missing
> something in my configuration.
>
Hi Vivek,
could you try the 'set-map' on the stats socket directly and report if
you have the same result or not?
Baptiste
n error, or only the traffic from a single user?
You may use the 'stick store-response' when an error is returned by
the server and track it when traffic comes in with the in_table fetch.
This may require you to switch to HAProxy 1.6-dev.
Baptiste
On Fri, Feb 27, 2015 at 12:04 PM, Dmitry Sivachenko wrote:
>
>> On 27 февр. 2015 г., at 11:52, Baptiste wrote:
>>
>> On Fri, Feb 27, 2015 at 9:02 AM, Dmitry Sivachenko
>> wrote:
>>>
>>>> On 27 февр. 2015 г., at 2:56, Baptiste wrote:
>>>
On Fri, Feb 27, 2015 at 9:02 AM, Dmitry Sivachenko wrote:
>
>> On 27 февр. 2015 г., at 2:56, Baptiste wrote:
>>
>> On Thu, Feb 26, 2015 at 3:58 PM, Dmitry Sivachenko
>> wrote:
>>> Hello!
>>>
>>> Given the following configuration
>>>
e(30)=0
>
> Is it normal ? My goal is to keep theses counters across reload.
>
> Thanks for help.
>
> Regards.
>
> Aurélien
Hi Aurélien,
Yes, this is normal and by design.
Baptiste
ll be queued on the backend until one of the server has a free slot
b1 and b2 will be used when ALL s1, s2 and s3 will be operationnaly DOWN.
> 2) nbsrv(BC) will be still equal to 3 because checks for s1, s2 and s3 still
> succeed
nope, nbsrv is 5, since b1 and b2 should be counted as well.
Baptiste
you want to have a look at this file:
http://git.haproxy.org/?p=haproxy.git;a=blob_plain;f=src/sample.c;hb=HEAD
and with the upper and lower and any other converter functions.
Baptiste
Hi Mathieu,
There is no such MIB for HAProxy.
Baptiste
On Wed, Feb 25, 2015 at 4:17 PM, Mathieu Sergent
wrote:
> Hi,
>
> I want to know if a MIB for HAProxy is available ?
>
> Regards,
>
> Mathieu
a 400 has been emitted: "show errors"
Then HAProxy will print you why it has blocked the request and why it
considered this request was not HTTP compliant.
Baptiste
Here is the blog entry related to this solution:
http://blog.haproxy.com/2015/02/19/a-http-monitor-which-matches-multiple-conditions-in-haproxy/
Baptiste
On Tue, Feb 17, 2015 at 10:40 AM, Baptiste wrote:
> On Tue, Feb 17, 2015 at 10:29 AM, Sébastien ROHAUT
> wrote:
>> Of course !
Guys,
This is not an HAProxy related question, but more a system question.
simply test your configuration with -c and redirect stderr to a text
file in /var/log/ and you're done!
Baptiste
On Tue, Feb 17, 2015 at 2:57 PM, Cohen Galit wrote:
> Hello HAProxy team,
>
> We will a
> We can verify this quickly :
>
> - using haproxy 1.5.5 and later, remove "option http-server-close". It will
> default to "option http-keep-alive", and see if it's better.
>
Don't forget to enable "option prefer-last-server" as well to ensure
you'll keep the same connection.
Baptiste
header addition.
That said should not be there for 1.6...
Baptiste
string HTTP/1.1\ 200\ OK
> tcp-check expect ! string "healthStatus":"Unhealthy"
>
> And it works very well. Even in SSL. You now have my eternal gratitude :)
>
> Sébastien Rohaut
Sébastien,
Thanks for your feedback!
If you don't mind, I'm going to post a blog article on
blog.haproxy.com with this tip :)
Baptiste
k you,
>
> Sébastien Rohaut
Hi Sébastien,
You can write such séquence using tcp-check, sending your HTTP request
with tcp-check send and matching with two consecutive tcp-check expect
rules:
tcp-check expect string HTTP/1.1\ 200\ OK
tcp-check expect ! string "healthStatus":"Unhealthy"
Baptiste
can have 2 nodes, both active/passive in 2
distincts VRRP instances.
That said, you would have to load-balance each master node using DNS...
If you want to avoid DNS, then use LVS to load-balance your L7 load-balancers.
Baptiste
t;h=a448e16da00374b39ae30d6f5595d4060b140f17
>
>
> Last, keep in mind that haproxy will only check strings that feet in the
> buffer.
>
> Without any logs, it's difficult to say which case you're encountering.
>
>
>
>>
>> (have a feeling that unless an "idea" and/or "fix" comes today, that it
>> will too late though... but feel free to respond anyhow maybe it will
>> help somebody else!)
>>
>>
>>
>>
>
>
>
> --
> Cyril Bonté
>
The feeling I have is that the issue is at the network layer, so
switching to an other product won't fix anything ;)
Chris, just drop me a mail in private with a tcpdump of the error.
also haproxy should report the reason of the fail in a log line, which
can be easily anonymized.
Please share with us these logs information.
Baptiste
On Thu, Feb 12, 2015 at 9:23 PM, wrote:
Is there a problem with health checks and haproxy? Again, using a
machine
gun approach on the health check service, we see no problems, but for
whatever reason, occasionally (maybe 1 out 10, could be more), the
haproxy
tcp expe
s on frontends and binds.
Your hardware knows the limit :)
Baptiste
r
question and never give any feedback...
In the blog article, I did not mention the global section because it
is not visible by our customer in our appliances.
That said, I should update the article as proposed.
Baptiste
On Wed, Feb 11, 2015 at 3:55 AM, Tod Schmidt wrote:
> Wow, thanks for th
tod,
You're missing a global section and a maxconn into this section.
By default, HAProxy allows only 2000 connection on the process and
you're running our of free connections.
Please add this in your production server and report us how it works:
global
maxconn 2
Baptiste
rt indirect nocache
> server SRV1 IP.IP.IP.14:80 maxconn 2000 weight 10 check cookie srv1
> server SRV2 IP.IP.IP.26:80 maxconn 2000 weight 10 check cookie srv2
>
Hi Tod,
I don't understand something. Do you have a performance issue or a
connection problem under load?
can you share the latest log lines generated by your HAProxy?
Both traffic and events.
Baptiste
On Mon, Feb 9, 2015 at 9:50 PM, Shawn Heisey wrote:
> On 2/9/2015 1:08 PM, Baptiste wrote:
>> could you define what you mean by "heavy" ?
>> What type of web application do you host?
>> How many req / conn per second do you expect?
>>
>> When doing
awn
>
Shawn,
could you define what you mean by "heavy" ?
What type of web application do you host?
How many req / conn per second do you expect?
When doing SSL, the CPU is not enough, the memory also matters.
Baptiste
- Tlf. 61281200
>
> "Those who do not understand Unix are condemned to reinvent it, poorly."
> --Henry Spencer
>
>
Hi,
If you can't, bear in mind we may help you through our HAProxy prof
services offering:
http://haproxy.com/services/haproxy-professional-services/
Baptiste
hris,
Could you let us know why exactly you need to delay responses???
Because here you propose a response (which doesn't work) to a problem
you're facing without explaining us the problem.
So it's hard to help.
Baptiste
ing,
> prefixing and/or for sticky session purposes.
>
> Is there a way to get haproxy just set a simple uuid cookie if
> one isn't there?
>
> Thanks,
>
> Alberto
>
>
Hi Alberto,
You may be able to do something with the http-response set-header and
the rand fetch.
Baptiste
At HAproxy.com, we use the following:
- httpterm as a web server: http://1wt.eu/tools/httpterm/
- inject as a client: http://1wt.eu/tools/inject/
Baptiste
On Fri, Feb 6, 2015 at 2:59 AM, Dennis Jacobfeuerborn
wrote:
> On 05.02.2015 20:09, Baptiste wrote:
>> On Thu, Feb 5, 2015 a
On Thu, Feb 5, 2015 at 4:54 PM, Klavs Klavsen wrote:
> Baptiste wrote on 02/05/2015 04:44 PM:
> [CUT]
>>
>>
>> 3000 req/s in clear is low and a so rounded number is not normal :)
>> Move (far far) away from this provider.
>>
>> You're wasting you
00 req/s in clear is low and a so rounded number is not normal :)
Move (far far) away from this provider.
You're wasting your time investigating perfomance issue while the
limitation is in the hypervisor and multitenancy of your supplier.
Baptiste
Have you tried clicking on the
"Refresh Now" button on the top right corner of the stats page?.
The problem looks more global, since you have no statistics at all in
your frontend and your main server as well.
Could you share your configuration and the output of haproxy -vv ?
Baptiste
would fail if number of server in a
monitored farm goes below a threshold.
That said, this is a dirty hack.
Baptiste
sing server
>> affinity to be lost. Any insight into this would be greatly appreciated.
>>
>> Also...is it possible to have cookies set for HTTPs as well and can it be
>> the same cookie as the http cookie?
>>
>> I'm currently using HAproxy1.4.
>>
>>
>> Thanks in advance!
>> Aaron
>> it_cont...@smartshoot.com
>> --
>>
>
> -
> If you received this communication by mistake, please don't forward it to
> anyone else (it may contain confidential or privileged information), please
> erase all copies of it, including all attachments, and please let the sender
> know it went to the wrong person. Thank you.
>
Hi,
Your statement "cookie PHP_SERVERID insert indirect nocache" means
that HAProxy won't insert a cookie if the client sent a valid cookie
for a valid server.
Remove the 'indirect' keyword and HAProxy will send a cookie for all requests.
Baptiste
nks.
Hi Erwin,
HAProxy does not send the ALPN (or NPN) SSL extension to the server
side with your configuration.
Simply failover to a SSL forward configuration:
listen spdytest
modetcp
bind X.X.X.X:443
server backend1 10.X.X.X:1443
Baptiste
with something else than string), it doesn't
work. We event tried with "toto" (which we be never here), it's the same :
the server is always excluded from the backend's pool.
>
> At the end, we used to put a rstring :
>
> http-check expect rstring "healthStatus":"(Healthy|DegradedMode)"
>
> and it seems to work.
>
> What is the problem ? Are we doing something bad, or perhaps we don't
understand the meaning of the negation ?
>
> Thank you for your help.
>
> Sébastien Rohaut
>
Hi,
What does your option httpchk look like?
Baptiste
what does dmesg says then?
Or errors logged by HAProxy?
You may have some iptables issues or source port exhaustion.
Baptiste
On Mon, Jan 26, 2015 at 2:53 PM, Zbyněk Rozman wrote:
> Hi Babtiste,
>
> yes we do have change that:
>
> [root@srvA ~]# cat /etc/sysconfig/network-scr
Hi Zbynek,
Have you changed the default gateway of your server?
traffic from server to client must pass through HAProxy box.
In your case, I guess HAProxy sends a SYN to the server and the
servers sends the S/A to the client directly, bypassing HAProxy.
Baptiste
On Mon, Jan 26, 2015 at 1:24
wall, because it just
> gets in the way.
>
> Thanks,
> Shawn
>
>
Hi Shawn,
Everything is explained here:
http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
If you can't do it, maybe you should ask the HAProxy experts to help you:
http://haproxy.com/services/haproxy-professional-services/
Baptiste
PROXY?
>
> Thanks,
> Marcello
>
Hi Marcello,
When using TProxy, the traffic from the server to the client must pass
through the Load-balancer.
Also, the server and the client can't be in the same subnet.
Baptiste
with limited
> success; pacemaker has been very problematic for us. For now, we're managing
> manually.
We use keepalived a lot :)
Baptiste
e_XXX
# Reject blacklisted IPs
tcp-request connection reject if { src -f ABC }
# Slow down abusive clients
acl too_fast fe_sess_rate ge X
tcp-request inspect-delay X
tcp-request connection reject if { src_conn_cur ge X }
tcp-request connection track-sc1 src table(bk_XXX)
tcp-request content accept if ! too_fast
tcp-request content accept if WAIT_END
Baptiste
to the remote side. The connections on the remote
> side
> will be kept open until timeout.
>
> Wouldn't it make sense to implement an option for b) so it can be used during
> major attacks or so?
>
Hi Christian,
Have you had a look at tarpit related options from HAProxy?
You can slowdown the attack thanks to it.
Baptiste
On Mon, Jan 12, 2015 at 9:03 PM, Srinivas Kotaru wrote:
> Baptiste writes:
>
>>
>> On Thu, Jan 8, 2015 at 10:16 PM, Srinivas Kotaru wrote:
>> > Srinivas Kotaru ...> writes:
>> >
>> >>
>> >> I hit similar issue of below post. Any so
he doc, it is said nowhere that this header should be sent
during health check.
There is a very dirty workaround to do what you want: is to "offload"
monitoring into a dedicated backend (one per server).
Baptiste
e, about load-balancing WAF:
http://blog.haproxy.com/2012/10/16/high-performance-waf-platform-with-naxsi-and-haproxy/
Look for the http_err_rate keyword.
Baptiste
gt; HAS_CF_CONNECTING_IP
> tcp-request content track-sc0 hdr_ip(x-forwarded-for,-1) if HTTP
> !HAS_CF_CONNECTING_IP HAS_X_FORWARDED_FOR
>
> So use CF-Connecting-IP if present, X-Forwarded-For else.
>
> Thanks,
>
> Mathias
Hi Mathias,
I've not run your conf, but it sounds good.
Baptiste
By default, HAProxy will use the openssl library installed on your system.
Don't forget to install the openssl dev packages as well.
And also, you have to create a self signed certificate and to put it
somewhere in your server (use the 'crt' keyword to point to it).
Baptiste
Hi Yosef,
Please keep the ML in Cc.
You first need to compile HAProxy to support SSL.
Use the USE_OPENSSL compilation directive.
Baptiste
On Mon, Dec 29, 2014 at 2:25 PM, Yosef Amir wrote:
> Hi,
> I get the following error :
> # haproxy -f /etc/haproxy/haproxy.cfg
> [ALERT] 362/1
elete all copies and contact
> us by e-mailing to: secur...@comverse.com. Thank You."
Hi Yosef,
You can simply bind the port using SSL and point to your certificate:
listen stats
bind :8050 ssl crt /path/to/crt
[...]
Baptiste
On Wed, Dec 17, 2014 at 10:39 PM, Pavlos Parissis
wrote:
> Hi,
>
> I remember someone( maybe Baptiste) saying that in multi process mode
> backends will be picked up by the process which frontend is bound to.
> But, I found not to be the case in 1.5.9.
> I also remember that th
> Cyril Bonté
>
mhh
David may have enabled the global 'autokill' feature.
Baptiste
xy:
http://haproxy.com/doc/hapee/1.5/introduction.html#backported-features
Baptiste
>
> On Tue, Dec 9, 2014 at 6:54 PM, Patrick Kaeding
> wrote:
>> Hello
>>
>> I'm interested in using HAProxy as my external-facing proxy, in front
>> of my applic
maint
> acl www1nb nbsrv(man-www1) gt 0
> use_backend man-www1 if www1 www1nb
>
> backend man-maint
> rsprep ^HTTP/1.1\ 200\ OK HTTP/1.0\ 503\ Service\ Unavailable
> server local_maint localhost:8001
>
I would rather use:
rspirep ^HTTP/1\..\ 200\ OK HTTP/1.0\ 503\ Service\
Unavailable\r\nConnection:\ Close
Baptiste
o modify the
> response code like this?
>
> Regards,
> Dennis
>
Hi Dennis,
Yes you can using rspirep.
Baptiste
> Cordialement,
> --
> Antoine LAGARDE
> Technicien Supérieur Informatique
> Référent équipe système - CIL
> Centre Hospitalier Pierre Oudot
> 30 Avenue du Médipole
> 38300 BOURGOIN-JALLIEU
> Tél : 04.69.15.70.39
> Fax : 04.69.15.71.00
> a.laga...@ch-bourgoin.fr
Hi Antoine,
HAProxy can't do this, unfortunately.
Baptiste
On Wed, Dec 10, 2014 at 1:39 PM, Philipp Kolmann
wrote:
> Hi Baptiste,
>
> Am 10.12.14 um 12:37 schrieb Baptiste:
>>
>> Which version of HAProxy are you running? In 1.5, you can do: use-server
>> htc1 if { src 10.0.0.1 } add as many IPs as needed.
>
>
> Yes
DVR: 0005886
> ---
>
Hi Philip,
Which version of HAProxy are you running?
In 1.5, you can do:
use-server htc1 if { src 10.0.0.1 }
add as many IPs as needed.
Baptiste
>
>> Cheers,
>> Pavlos
>
>
> C A
>
Well, given the experience of 'http-keep-alive', Willy doesn't want to
promise any feature for any version any more :)
So it may happen in 1.6, or later.
Baptiste
On Fri, Dec 5, 2014 at 7:20 PM, Daniel Lieberman
wrote:
> On Dec 5, 2014, at 5:21 AM, Baptiste wrote:
>>
>> On Thu, Dec 4, 2014 at 11:50 PM, Daniel Lieberman
>> wrote:
>>> We have a situation where our app servers sometimes get into a bad state,
>>&g
ys have plans to introduce this functionality in 1.6 release?
>
> Cheers,
> Pavlos
>
Hi Pavlos,
I'm speaking on behalf of Willy, so he may complete my answer.
I don't know if this will be available in 1.6, but in order to support
HTTP/2.0, HAProxy will have to support connection pooling.
Baptiste
option called "dontlog-normal" which logs only errors.
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20dontlog-normal
Baptiste
at
> is notice-or-more-sever to /dev/log". I know you're "no log" looks
> like it should override this logging, but I just thought I'd mention
> it as it looks a little odd. ]
>
> Regards,
> Jonathan
>
Hi Alexander,
You don't disable logging in a backend, since the frontend is
responsible to generate the log line.
If you don't want to log static content, you can do something like this:
acl static ###put your acl rule here
http-request set-log-level silent if static
Baptiste
tends?
There should be no difference between SSL and clear traffic.
I can reproduce the behavior: there might a bug when passing through a
unix socket.
As a workaround, you can failover to a loopback IP address.
In order to populate a blacklist between clear and SSL frontends, you
can use the 'http-response add-acl'.
Hope this helps.
Baptiste
an you tell me how to use the Haproxy + TPROXY (like the picture below)?
Hi,
At least, your scheme looks good.
Please have a look at the link below and let me know what you don't understand:
http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
Baptiste
rently.
Please send us your simplest frontend and backend configuration.
Baptiste
mode http
>
> option httpclose
> option forwardfor except 127.0.0.0/8
> default_backend SGproxy
>
>
> B/R
> Sean
Hi,
If you don't give us any information on how your SSO works, we can't help you.
If I were you I would start by removing option httpclose.
Baptiste
for now:
acl url_id path_reg ^/([0-9]+)/.*$
http-request set-header X_ID %[path] if url_id
http-request replace-value X_ID ^/([0-9]+)/.*$ \1 if { req.hdr(X_ID) -m found }
should do the trick.
Baptiste
in new release
that would dedicated to what you want to do.
And so, you should have update your configuration accordingly.
That's what Willy mentionned: http-request capture rules from 1.6.
Baptiste
n with different way of
> "rspadd Access-Control-Allow-Origin: X" that will be not funny to
> manage.
>
> Regards,
>
> Charles
Hi Charles,
What is CORS ???
What should $origin return? The content of a HTTP header called Origin?
Or something else?
Baptiste
Please read:
capture request header LBBEBUG len 5
http-response set-header LBNODENAME if {
capture.req.hdr(2) -i true }
instead of ugly X-Blah and X-Found
Baptiste
k. Put this in your frontend, after your existing capture
request directives:
capture request header X-Blah len 5
http-response set-header X-Found Yes if { capture.req.hdr(2) -i true }
NOTE to you and to everyone: this is a dirty hack. Use it for
debugging purpose only.
Hopefully we'll have session variables in HAProxy soon and you could
replace such type of configuration.
Baptiste
ith HAProxy 1.5, we can now start multiple stats socket and stats
pages and bind them to each process, lowering the impact.
That said, if stats, peers, etc matters and you still need a huge SSL
processing capacity, then the best way is to use a first layer of
HAProxy multi-process to decipher the traffic and make it point to a
second layer of HAProxy in single process mode.
Baptiste
ot, what's your timeout connect value?)
redispatch and retries are only used when HAProxy tries to establish
connections to the server. Here, you were not even in this phase.
Baptiste
143
tcp-check expect string *\ OK
tcp-check connect port 993 ssl
tcp-check expect string *\ OK
Replace the expected string by the one sent by your server. Don't
forget to escape spaces in the expected string.
The example above applies on Exchange 2013 and is issued from the
HAProxy deployment guide for Exchange 2013 (page 39):
http://www.haproxy.com/static/media/uploads/eng/resources/aloha_load_balancer_appnotes_0065_exchange_2013_deployment_guide_en.pdf
Baptiste
rithm is being ignored, and we
> are pinning sites to the same server still. Is there a way for me to have
> it honor the balance algorithm (roundrobin in this case) for requests in a
> stick-table, and not use the server_id value to auto-determine the server
> to use?
>
> Thanks!
> Dan Dubovik
> Senior Linux Systems Engineer
> 480-505-8800 x4257
>
Hi daniel
Can you give a try to "option http-server-close" in your roundrobin backend?
Baptiste
On Mon, Nov 24, 2014 at 3:43 PM, Yosef Amir wrote:
> Hi Baptiste,
> First, I would like to thank you for your great support!
> Now, I have few questions related HAProxy 1.5.8. IMAP SSL health-check
> mechanism and configuration.
> For plain IMAP configuration (no SSl) the healt
e defaults in this single frontend?
>
> Thanks.
>
> Regards,
>
> Erwin
Hi Erwin,
A defaults section applies parameters until the next defaults section.
Simply create a defaults section for HTTP, one for TCP and move your
frontends and backends accordingly and the warnings will disappear.
Baptiste
ssed in the same way they written. So next rule benefit
from processing of previous one.
Baptiste
On Wed, Nov 19, 2014 at 8:05 PM, Qingshan Xie wrote:
> CORRECTION:
>
> Sorry Baptiste. I mistyped your name in my previous email.
>
> Thanks, Q.Xie
>
>
> On Tuesday, November 18, 2014 11:37 PM, Qingshan Xie
> wrote:
>
>
> I configured my HAProxy to use '
there
> any other way to substitute just the requested hostname?
>
> Thanks!
> --Scott
Hi Scott,
You can try to strip it before generating the rewrite:
http-request replace-value Host (.*):.* \1 if { hdr_sub(Host) : }
http-request redirect prefix http://%[hdr(host)].example.com code 301
Baptiste
nt accept { if res.hdr(X-test) -m found } mark_as_high_usage
be careful, there are no gpc1... its gpc0 everywhere.
Baptiste
alance roundrobin
> server jsoc70 9.30.71.70:8445 check ssl
> server jsoc80 9.30.71.80:8443 check ssl
>
>
> *Michael Walker*
> CLM Certified
> miwal...@us.ibm.com
> 408-463-5023
> Team Member
> IM DevOps Enablement
> Need help with DevOps? https://ibm.biz/IMDevOpsCoC
>
>
Hi Michael,
in your email, you speak about "check ssl" as a single parameter, while
they are 2 different ones.
Although, a check-ssl parameter exists.
Something not obvious as well, is when does the 502 errors occurs? Is that
to health checks or when browsing the application?
Baptiste
you paste your whole configuration and tell us which version
of HAProxy you are using.
Baptiste
is the expected behavior.
Have you observed something else?
Baptiste
On Mon, Nov 17, 2014 at 3:48 PM, Jesse Hathaway wrote:
> Baptiste writes:
>
>>
>> On Fri, Nov 14, 2014 at 10:11 PM, Jesse Hathaway wrote:
>> > Does haproxy have support for fair share concurrent request scheduling?
>> >
>> > Description:
>>
n will get ip from the latest DNS response by health
> check i.g 10.0.0.4, right ?
no, if the DNS server changes its response, it means the server has
change its IP address.
existing sessions will time out while new ones will be established to
the new IP.
It doesn't affect persistence at all.
Baptiste
as its current IP belongs to the list.
If you think your DNS server has a different behavior, please let me
know which one you're using and how it is configured, so I can give it
a try.
Baptiste
7;s IP in the list returned
by the DNS server, nothing will happen.
Now, if you DNS server updates its list to 20.0.0.1 and 20.0.0.11,
then HAProxy won't find anymore 10.0.0.1, so an IP update will be
triggered and the first IP of the list will be used.
Baptiste
com returns 2 IPs, then current IP is searched in the
list. If found, then nothing happens. If not found, the first IP of
the list will be used for this server.
Baptiste
urrent connections
Hi Jesse,
there's no way for now to do this in HAProxy.
I don't even understand how this could be doable, since HAProxy
processes requests are they are coming and HAProxy can't choose this
order.
Baptiste
this message,
you are hereby notified that any review, use or distribution of this
information is absolutely prohibited and we request that you delete all
copies and contact us by e-mailing to: secur...@comverse.com. Thank You."
Hi,
Server name resolution is under development in 1.6 branch.
Baptiste
looks quite weak for SSL processing.
That said, for a few hundreds of reqs per second, it should be enough.
Hopefully you won't have too many SSL keys to compute!
Baptiste
ation/1400/path ->
> http://evaluation.domain.com:1400/dynamic/path
>
> (The 'evaluation' parts aren't known ahead of time).
>
> Or is there another way to do it?
Hi rodney,
Unfortunately, there is no sample yet capable of fetching the 3rd
directory in the path, so you can't do this in a dynamic way.
Baptiste
kie set by the application.
Are you sure there is no X-Forwarded-For headers, or whatever other
you could use to identify a user?
There is no way for now in HAProxy to generate a random cookie...
well, no "clean" way :)
Baptiste
a specific ACL can be used:
acl foo path_beg -i /foo/
use_backend bk_foo if foo
this is the equivalent of
use_backend bk_foo if { path_beg -i /foo/ }
Baptiste
No it won't.
It performs a strick string match, not a regex.
So it will look for a dot first.
Baptiste
On Mon, Nov 10, 2014 at 3:10 PM, Andreas Mock wrote:
> Hi Baptist,
>
> thank you for answering.
>
> acl ismydomain hdr_end(host) -i .mydomain.de
>
> wouldn
om. But I don't really
> understand the semantics of this match modifier.
> Would someone please enlighten me.
>
> Thank you in advance.
>
> Best regards
> Andreas Mock
>
>
Hi Andreas,
Why not simply using
acl ismydomain hdr_end(host) -i .mydomain.de
Baptiste
601 - 700 of 1624 matches
Mail list logo