Re: Lua patchset merged

Great news, congratulation Thierry! Baptiste

Re: http-request set-map key as fixed string

On Sat, Feb 28, 2015 at 9:03 AM, Baptiste wrote: > On Sat, Feb 28, 2015 at 8:42 AM, Vivek Malik wrote: >> Hi Baptise, >> >> Using set-map on the stats socket gives the expected result (except >> that I can't use functions there). set map motion.map monday 12345 di

Re: http-request set-map key as fixed string

epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. Hi Vivek, I can reproduce the bug, I'm digging into it. Baptiste

Re: http-request set-map key as fixed string

" is a value instead of key, the > set-map works fine. > > echo "show map motion.map" | socat stdio /var/run/socket-haproxy > 0x13c1b90 1425089710 monday > > > Please suggest if I have stumbled across a bug or I am missing > something in my configuration. > Hi Vivek, could you try the 'set-map' on the stats socket directly and report if you have the same result or not? Baptiste

Re: How to track 503's

n error, or only the traffic from a single user? You may use the 'stick store-response' when an error is returned by the server and track it when traffic comes in with the in_table fetch. This may require you to switch to HAProxy 1.6-dev. Baptiste

Re: Balancing requests and backup servers

On Fri, Feb 27, 2015 at 12:04 PM, Dmitry Sivachenko wrote: > >> On 27 февр. 2015 г., at 11:52, Baptiste wrote: >> >> On Fri, Feb 27, 2015 at 9:02 AM, Dmitry Sivachenko >> wrote: >>> >>>> On 27 февр. 2015 г., at 2:56, Baptiste wrote: >>>

Re: Balancing requests and backup servers

On Fri, Feb 27, 2015 at 9:02 AM, Dmitry Sivachenko wrote: > >> On 27 февр. 2015 г., at 2:56, Baptiste wrote: >> >> On Thu, Feb 26, 2015 at 3:58 PM, Dmitry Sivachenko >> wrote: >>> Hello! >>> >>> Given the following configuration >>>

Re: peer replication reset values of stick tables

e(30)=0 > > Is it normal ? My goal is to keep theses counters across reload. > > Thanks for help. > > Regards. > > Aurélien Hi Aurélien, Yes, this is normal and by design. Baptiste

Re: Balancing requests and backup servers

ll be queued on the backend until one of the server has a free slot b1 and b2 will be used when ALL s1, s2 and s3 will be operationnaly DOWN. > 2) nbsrv(BC) will be still equal to 3 because checks for s1, s2 and s3 still > succeed nope, nbsrv is 5, since b1 and b2 should be counted as well. Baptiste

Re: Integrating a third party library

you want to have a look at this file: http://git.haproxy.org/?p=haproxy.git;a=blob_plain;f=src/sample.c;hb=HEAD and with the upper and lower and any other converter functions. Baptiste

Re: MIB

Hi Mathieu, There is no such MIB for HAProxy. Baptiste On Wed, Feb 25, 2015 at 4:17 PM, Mathieu Sergent wrote: > Hi, > > I want to know if a MIB for HAProxy is available ? > > Regards, > > Mathieu

Re: NOSRV/BADREQ from some Java based clients

a 400 has been emitted: "show errors" Then HAProxy will print you why it has blocked the request and why it considered this request was not HTTP compliant. Baptiste

Re: http-check string and rerturn code != 200 behaviour

Here is the blog entry related to this solution: http://blog.haproxy.com/2015/02/19/a-http-monitor-which-matches-multiple-conditions-in-haproxy/ Baptiste On Tue, Feb 17, 2015 at 10:40 AM, Baptiste wrote: > On Tue, Feb 17, 2015 at 10:29 AM, Sébastien ROHAUT > wrote: >> Of course !

Re: Logging to file when HAProxy failed to start

Guys, This is not an HAProxy related question, but more a system question. simply test your configuration with -c and redirect stderr to a text file in /var/log/ and you're done! Baptiste On Tue, Feb 17, 2015 at 2:57 PM, Cohen Galit wrote: > Hello HAProxy team, > > We will a

Re: Load Problem with v1.5.5+

> We can verify this quickly : > > - using haproxy 1.5.5 and later, remove "option http-server-close". It will > default to "option http-keep-alive", and see if it's better. > Don't forget to enable "option prefer-last-server" as well to ensure you'll keep the same connection. Baptiste

Re: http-check string and rerturn code != 200 behaviour

header addition. That said should not be there for 1.6... Baptiste

Re: http-check string and rerturn code != 200 behaviour

string HTTP/1.1\ 200\ OK > tcp-check expect ! string "healthStatus":"Unhealthy" > > And it works very well. Even in SSL. You now have my eternal gratitude :) > > Sébastien Rohaut Sébastien, Thanks for your feedback! If you don't mind, I'm going to post a blog article on blog.haproxy.com with this tip :) Baptiste

Re: http-check string and rerturn code != 200 behaviour

k you, > > Sébastien Rohaut Hi Sébastien, You can write such séquence using tcp-check, sending your HTTP request with tcp-check send and matching with two consecutive tcp-check expect rules: tcp-check expect string HTTP/1.1\ 200\ OK tcp-check expect ! string "healthStatus":"Unhealthy" Baptiste

Re: Active/Active

can have 2 nodes, both active/passive in 2 distincts VRRP instances. That said, you would have to load-balance each master node using DNS... If you want to avoid DNS, then use LVS to load-balance your L7 load-balancers. Baptiste

Re: tcp check health checks with expect fail sometimes

t;h=a448e16da00374b39ae30d6f5595d4060b140f17 > > > Last, keep in mind that haproxy will only check strings that feet in the > buffer. > > Without any logs, it's difficult to say which case you're encountering. > > > >> >> (have a feeling that unless an "idea" and/or "fix" comes today, that it >> will too late though... but feel free to respond anyhow maybe it will >> help somebody else!) >> >> >> >> > > > > -- > Cyril Bonté > The feeling I have is that the issue is at the network layer, so switching to an other product won't fix anything ;) Chris, just drop me a mail in private with a tcpdump of the error. also haproxy should report the reason of the fail in a log line, which can be easily anonymized. Please share with us these logs information. Baptiste

Re: tcp check health checks with expect fail sometimes

On Thu, Feb 12, 2015 at 9:23 PM, wrote: Is there a problem with health checks and haproxy? Again, using a machine gun approach on the health check service, we see no problems, but for whatever reason, occasionally (maybe 1 out 10, could be more), the haproxy tcp expe

Re: vip haproxy

s on frontends and binds. Your hardware knows the limit :) Baptiste

Re: SSL Performance Issues with Exchange 2010

r question and never give any feedback... In the blog article, I did not mention the global section because it is not visible by our customer in our appliances. That said, I should update the article as proposed. Baptiste On Wed, Feb 11, 2015 at 3:55 AM, Tod Schmidt wrote: > Wow, thanks for th

Re: SSL Performance Issues with Exchange 2010

tod, You're missing a global section and a maxconn into this section. By default, HAProxy allows only 2000 connection on the process and you're running our of free connections. Please add this in your production server and report us how it works: global maxconn 2 Baptiste

Re: SSL Performance Issues with Exchange 2010

rt indirect nocache > server SRV1 IP.IP.IP.14:80 maxconn 2000 weight 10 check cookie srv1 > server SRV2 IP.IP.IP.26:80 maxconn 2000 weight 10 check cookie srv2 > Hi Tod, I don't understand something. Do you have a performance issue or a connection problem under load? can you share the latest log lines generated by your HAProxy? Both traffic and events. Baptiste

Re: Hardware planning for SSL-heavy haproxy servers

On Mon, Feb 9, 2015 at 9:50 PM, Shawn Heisey wrote: > On 2/9/2015 1:08 PM, Baptiste wrote: >> could you define what you mean by "heavy" ? >> What type of web application do you host? >> How many req / conn per second do you expect? >> >> When doing

Re: Hardware planning for SSL-heavy haproxy servers

awn > Shawn, could you define what you mean by "heavy" ? What type of web application do you host? How many req / conn per second do you expect? When doing SSL, the CPU is not enough, the memory also matters. Baptiste

Re: SSL Performance increase?

- Tlf. 61281200 > > "Those who do not understand Unix are condemned to reinvent it, poorly." > --Henry Spencer > > Hi, If you can't, bear in mind we may help you through our HAProxy prof services offering: http://haproxy.com/services/haproxy-professional-services/ Baptiste

Re: tcp-response inspect-delay with WAIT_END

hris, Could you let us know why exactly you need to delay responses??? Because here you propose a response (which doesn't work) to a problem you're facing without explaining us the problem. So it's hard to help. Baptiste

Re: Setting uuid cookies not for sticky sessions

ing, > prefixing and/or for sticky session purposes. > > Is there a way to get haproxy just set a simple uuid cookie if > one isn't there? > > Thanks, > > Alberto > > Hi Alberto, You may be able to do something with the http-response set-header and the rand fetch. Baptiste

Re: SSL Performance increase?

At HAproxy.com, we use the following: - httpterm as a web server: http://1wt.eu/tools/httpterm/ - inject as a client: http://1wt.eu/tools/inject/ Baptiste On Fri, Feb 6, 2015 at 2:59 AM, Dennis Jacobfeuerborn wrote: > On 05.02.2015 20:09, Baptiste wrote: >> On Thu, Feb 5, 2015 a

Re: SSL Performance increase?

On Thu, Feb 5, 2015 at 4:54 PM, Klavs Klavsen wrote: > Baptiste wrote on 02/05/2015 04:44 PM: > [CUT] >> >> >> 3000 req/s in clear is low and a so rounded number is not normal :) >> Move (far far) away from this provider. >> >> You're wasting you

Re: SSL Performance increase?

00 req/s in clear is low and a so rounded number is not normal :) Move (far far) away from this provider. You're wasting your time investigating perfomance issue while the limitation is in the hypervisor and multitenancy of your supplier. Baptiste

Re: HAProxy 1.5.10 on FreeBSD 9.3 - status page questions

Have you tried clicking on the "Refresh Now" button on the top right corner of the stats page?. The problem looks more global, since you have no statistics at all in your frontend and your main server as well. Could you share your configuration and the output of haproxy -vv ? Baptiste

Re: [PATCH/RFC 0/8] Email Alerts

would fail if number of server in a monitored farm goes below a threshold. That said, this is a dirty hack. Baptiste

Re: Cookies not being set consistently

sing server >> affinity to be lost. Any insight into this would be greatly appreciated. >> >> Also...is it possible to have cookies set for HTTPs as well and can it be >> the same cookie as the http cookie? >> >> I'm currently using HAproxy1.4. >> >> >> Thanks in advance! >> Aaron >> it_cont...@smartshoot.com >> -- >> > > - > If you received this communication by mistake, please don't forward it to > anyone else (it may contain confidential or privileged information), please > erase all copies of it, including all attachments, and please let the sender > know it went to the wrong person. Thank you. > Hi, Your statement "cookie PHP_SERVERID insert indirect nocache" means that HAProxy won't insert a cookie if the client sent a valid cookie for a valid server. Remove the 'indirect' keyword and HAProxy will send a cookie for all requests. Baptiste

Re: SPDY with Apache mod_spdy

nks. Hi Erwin, HAProxy does not send the ALPN (or NPN) SSL extension to the server side with your configuration. Simply failover to a SSL forward configuration: listen spdytest modetcp bind X.X.X.X:443 server backend1 10.X.X.X:1443 Baptiste

Re: Problem with string negation in httpcheck-expect

with something else than string), it doesn't work. We event tried with "toto" (which we be never here), it's the same : the server is always excluded from the backend's pool. > > At the end, we used to put a rstring : > > http-check expect rstring "healthStatus":"(Healthy|DegradedMode)" > > and it seems to work. > > What is the problem ? Are we doing something bad, or perhaps we don't understand the meaning of the negation ? > > Thank you for your help. > > Sébastien Rohaut > Hi, What does your option httpchk look like? Baptiste

Re: haproxy + tproxy problem

what does dmesg says then? Or errors logged by HAProxy? You may have some iptables issues or source port exhaustion. Baptiste On Mon, Jan 26, 2015 at 2:53 PM, Zbyněk Rozman wrote: > Hi Babtiste, > > yes we do have change that: > > [root@srvA ~]# cat /etc/sysconfig/network-scr

Re: haproxy + tproxy problem

Hi Zbynek, Have you changed the default gateway of your server? traffic from server to client must pass through HAProxy box. In your case, I guess HAProxy sends a SYN to the server and the servers sends the S/A to the client directly, bypassing HAProxy. Baptiste On Mon, Jan 26, 2015 at 1:24

Re: TPROXY - any functionality lost?

wall, because it just > gets in the way. > > Thanks, > Shawn > > Hi Shawn, Everything is explained here: http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ If you can't do it, maybe you should ask the HAProxy experts to help you: http://haproxy.com/services/haproxy-professional-services/ Baptiste

Re: Tproxy issue

PROXY? > > Thanks, > Marcello > Hi Marcello, When using TProxy, the traffic from the server to the client must pass through the Load-balancer. Also, the server and the client can't be in the same subnet. Baptiste

Re: New to haproxy questions

with limited > success; pacemaker has been very problematic for us. For now, we're managing > manually. We use keepalived a lot :) Baptiste

Re: Converting listen directive to frontend/backend config

e_XXX # Reject blacklisted IPs tcp-request connection reject if { src -f ABC } # Slow down abusive clients acl too_fast fe_sess_rate ge X tcp-request inspect-delay X tcp-request connection reject if { src_conn_cur ge X } tcp-request connection track-sc1 src table(bk_XXX) tcp-request content accept if ! too_fast tcp-request content accept if WAIT_END Baptiste

Re: No TCP RST on tcp-request connection reject

to the remote side. The connections on the remote > side > will be kept open until timeout. > > Wouldn't it make sense to implement an option for b) so it can be used during > major attacks or so? > Hi Christian, Have you had a look at tarpit related options from HAProxy? You can slowdown the attack thanks to it. Baptiste

Re: Health Probes not working with http-send-name-header

On Mon, Jan 12, 2015 at 9:03 PM, Srinivas Kotaru wrote: > Baptiste writes: > >> >> On Thu, Jan 8, 2015 at 10:16 PM, Srinivas Kotaru wrote: >> > Srinivas Kotaru ...> writes: >> > >> >> >> >> I hit similar issue of below post. Any so

Re: Health Probes not working with http-send-name-header

he doc, it is said nowhere that this header should be sent during health check. There is a very dirty workaround to do what you want: is to "offload" monitoring into a dedicated backend (one per server). Baptiste

Re: rspitarpit ?

e, about load-balancing WAF: http://blog.haproxy.com/2012/10/16/high-performance-waf-platform-with-naxsi-and-haproxy/ Look for the http_err_rate keyword. Baptiste

Re: Stick table and http headers

gt; HAS_CF_CONNECTING_IP > tcp-request content track-sc0 hdr_ip(x-forwarded-for,-1) if HTTP > !HAS_CF_CONNECTING_IP HAS_X_FORWARDED_FOR > > So use CF-Connecting-IP if present, X-Forwarded-For else. > > Thanks, > > Mathias Hi Mathias, I've not run your conf, but it sounds good. Baptiste

Re: HProxy - HTTPS for Stats

By default, HAProxy will use the openssl library installed on your system. Don't forget to install the openssl dev packages as well. And also, you have to create a self signed certificate and to put it somewhere in your server (use the 'crt' keyword to point to it). Baptiste

Re: HProxy - HTTPS for Stats

Hi Yosef, Please keep the ML in Cc. You first need to compile HAProxy to support SSL. Use the USE_OPENSSL compilation directive. Baptiste On Mon, Dec 29, 2014 at 2:25 PM, Yosef Amir wrote: > Hi, > I get the following error : > # haproxy -f /etc/haproxy/haproxy.cfg > [ALERT] 362/1

Re: HProxy - HTTPS for Stats

elete all copies and contact > us by e-mailing to: secur...@comverse.com. Thank You." Hi Yosef, You can simply bind the port using SSL and point to your certificate: listen stats bind :8050 ssl crt /path/to/crt [...] Baptiste

Re: Multiprocess and backends

On Wed, Dec 17, 2014 at 10:39 PM, Pavlos Parissis wrote: > Hi, > > I remember someone( maybe Baptiste) saying that in multi process mode > backends will be picked up by the process which frontend is bound to. > But, I found not to be the case in 1.5.9. > I also remember that th

Re: 1.5.9 crashes every 4 hours, like clockwork

> Cyril Bonté > mhh David may have enabled the global 'autokill' feature. Baptiste

Re: using HAProxy in front of SSO

xy: http://haproxy.com/doc/hapee/1.5/introduction.html#backported-features Baptiste > > On Tue, Dec 9, 2014 at 6:54 PM, Patrick Kaeding > wrote: >> Hello >> >> I'm interested in using HAProxy as my external-facing proxy, in front >> of my applic

Re: Modify http response code

maint > acl www1nb nbsrv(man-www1) gt 0 > use_backend man-www1 if www1 www1nb > > backend man-maint > rsprep ^HTTP/1.1\ 200\ OK HTTP/1.0\ 503\ Service\ Unavailable > server local_maint localhost:8001 > I would rather use: rspirep ^HTTP/1\..\ 200\ OK HTTP/1.0\ 503\ Service\ Unavailable\r\nConnection:\ Close Baptiste

Re: Modify http response code

o modify the > response code like this? > > Regards, > Dennis > Hi Dennis, Yes you can using rspirep. Baptiste

Re: HAProxy and LDAP authentication

> Cordialement, > -- > Antoine LAGARDE > Technicien Supérieur Informatique > Référent équipe système - CIL > Centre Hospitalier Pierre Oudot > 30 Avenue du Médipole > 38300 BOURGOIN-JALLIEU > Tél : 04.69.15.70.39 > Fax : 04.69.15.71.00 > a.laga...@ch-bourgoin.fr Hi Antoine, HAProxy can't do this, unfortunately. Baptiste

Re: Override maintainance setting for special source IP

On Wed, Dec 10, 2014 at 1:39 PM, Philipp Kolmann wrote: > Hi Baptiste, > > Am 10.12.14 um 12:37 schrieb Baptiste: >> >> Which version of HAProxy are you running? In 1.5, you can do: use-server >> htc1 if { src 10.0.0.1 } add as many IPs as needed. > > > Yes

Re: Override maintainance setting for special source IP

DVR: 0005886 > --- > Hi Philip, Which version of HAProxy are you running? In 1.5, you can do: use-server htc1 if { src 10.0.0.1 } add as many IPs as needed. Baptiste

Re: connection pooling

> >> Cheers, >> Pavlos > > > C A > Well, given the experience of 'http-keep-alive', Willy doesn't want to promise any feature for any version any more :) So it may happen in 1.6, or later. Baptiste

Re: eliminate per-server queuing?

On Fri, Dec 5, 2014 at 7:20 PM, Daniel Lieberman wrote: > On Dec 5, 2014, at 5:21 AM, Baptiste wrote: >> >> On Thu, Dec 4, 2014 at 11:50 PM, Daniel Lieberman >> wrote: >>> We have a situation where our app servers sometimes get into a bad state, >>&g

Re: connection pooling

ys have plans to introduce this functionality in 1.6 release? > > Cheers, > Pavlos > Hi Pavlos, I'm speaking on behalf of Willy, so he may complete my answer. I don't know if this will be available in 1.6, but in order to support HTTP/2.0, HAProxy will have to support connection pooling. Baptiste

Re: Disable HTTP logging for specific backend in HAProxy

option called "dontlog-normal" which logs only errors. http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20dontlog-normal Baptiste

Re: Disable HTTP logging for specific backend in HAProxy

at > is notice-or-more-sever to /dev/log". I know you're "no log" looks > like it should override this logging, but I just thought I'd mention > it as it looks a little odd. ] > > Regards, > Jonathan > Hi Alexander, You don't disable logging in a backend, since the frontend is responsible to generate the log line. If you don't want to log static content, you can do something like this: acl static ###put your acl rule here http-request set-log-level silent if static Baptiste

Re: Three questions about stick-tables and request rate limiting

tends? There should be no difference between SSL and clear traffic. I can reproduce the behavior: there might a bug when passing through a unix socket. As a workaround, you can failover to a loopback IP address. In order to populate a blacklist between clear and SSL frontends, you can use the 'http-response add-acl'. Hope this helps. Baptiste

Re: for help about haproxy + tproxy

an you tell me how to use the Haproxy + TPROXY (like the picture below)? Hi, At least, your scheme looks good. Please have a look at the link below and let me know what you don't understand: http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ Baptiste

Re: eliminate per-server queuing?

rently. Please send us your simplest frontend and backend configuration. Baptiste

Re: Haproxy for sso internal web failure

mode http > > option httpclose > option forwardfor except 127.0.0.0/8 > default_backend SGproxy > > > B/R > Sean Hi, If you don't give us any information on how your SSO works, we can't help you. If I were you I would start by removing option httpclose. Baptiste

Re: Set header with value extracted from path

for now: acl url_id path_reg ^/([0-9]+)/.*$ http-request set-header X_ID %[path] if url_id http-request replace-value X_ID ^/([0-9]+)/.*$ \1 if { req.hdr(X_ID) -m found } should do the trick. Baptiste

Re: add response header based on presence of request header

in new release that would dedicated to what you want to do. And so, you should have update your configuration accordingly. That's what Willy mentionned: http-request capture rules from 1.6. Baptiste

Re: rewritting headers on the fly using CORS

n with different way of > "rspadd Access-Control-Allow-Origin: X" that will be not funny to > manage. > > Regards, > > Charles Hi Charles, What is CORS ??? What should $origin return? The content of a HTTP header called Origin? Or something else? Baptiste

Re: and response header based on presence of request header

Please read: capture request header LBBEBUG len 5 http-response set-header LBNODENAME if { capture.req.hdr(2) -i true } instead of ugly X-Blah and X-Found Baptiste

Re: and response header based on presence of request header

k. Put this in your frontend, after your existing capture request directives: capture request header X-Blah len 5 http-response set-header X-Found Yes if { capture.req.hdr(2) -i true } NOTE to you and to everyone: this is a dirty hack. Use it for debugging purpose only. Hopefully we'll have session variables in HAProxy soon and you could replace such type of configuration. Baptiste

Re: Better understanding of nbproc vs distributing interrupts for cpu load management

ith HAProxy 1.5, we can now start multiple stats socket and stats pages and bind them to each process, lowering the impact. That said, if stats, peers, etc matters and you still need a huge SSL processing capacity, then the best way is to use a first layer of HAProxy multi-process to decipher the traffic and make it point to a second layer of HAProxy in single process mode. Baptiste

Re: termination state "SQ"

ot, what's your timeout connect value?) redispatch and retries are only used when HAProxy tries to establish connections to the server. Here, you were not even in this phase. Baptiste

Re: Health-check with banner for IMAP over SSL

143 tcp-check expect string *\ OK tcp-check connect port 993 ssl tcp-check expect string *\ OK Replace the expected string by the one sent by your server. Don't forget to escape spaces in the expected string. The example above applies on Exchange 2013 and is issued from the HAProxy deployment guide for Exchange 2013 (page 39): http://www.haproxy.com/static/media/uploads/eng/resources/aloha_load_balancer_appnotes_0065_exchange_2013_deployment_guide_en.pdf Baptiste

Re: Stick-tables with roundrobin backend

rithm is being ignored, and we > are pinning sites to the same server still. Is there a way for me to have > it honor the balance algorithm (roundrobin in this case) for requests in a > stick-table, and not use the server_id value to auto-determine the server > to use? > > Thanks! > Dan Dubovik > Senior Linux Systems Engineer > 480-505-8800 x4257 > Hi daniel Can you give a try to "option http-server-close" in your roundrobin backend? Baptiste

Re: HAProxy - DNS

On Mon, Nov 24, 2014 at 3:43 PM, Yosef Amir wrote: > Hi Baptiste, > First, I would like to thank you for your great support! > Now, I have few questions related HAProxy 1.5.8. IMAP SSL health-check > mechanism and configuration. > For plain IMAP configuration (no SSl) the healt

Re: How to negate options

e defaults in this single frontend? > > Thanks. > > Regards, > > Erwin Hi Erwin, A defaults section applies parameters until the next defaults section. Simply create a defaults section for HTTP, one for TCP and move your frontends and backends accordingly and the warnings will disappear. Baptiste

Re: http-request redirect prefix, substituting *only* the hostname without port

ssed in the same way they written. So next rule benefit from processing of previous one. Baptiste

Re: Strange behavior on "reqirep"

On Wed, Nov 19, 2014 at 8:05 PM, Qingshan Xie wrote: > CORRECTION: > > Sorry Baptiste. I mistyped your name in my previous email. > > Thanks, Q.Xie > > > On Tuesday, November 18, 2014 11:37 PM, Qingshan Xie > wrote: > > > I configured my HAProxy to use '

Re: http-request redirect prefix, substituting *only* the hostname without port

there > any other way to substitute just the requested hostname? > > Thanks! > --Scott Hi Scott, You can try to strip it before generating the rewrite: http-request replace-value Host (.*):.* \1 if { hdr_sub(Host) : } http-request redirect prefix http://%[hdr(host)].example.com code 301 Baptiste

Re: Send client to a specific backend if header found in previous reply from server

nt accept { if res.hdr(X-test) -m found } mark_as_high_usage be careful, there are no gpc1... its gpc0 everywhere. Baptiste

Re: Server definitions in backend require "check ssl" parameter in order for haproxy to work

alance roundrobin > server jsoc70 9.30.71.70:8445 check ssl > server jsoc80 9.30.71.80:8443 check ssl > > > *Michael Walker* > CLM Certified > miwal...@us.ibm.com > 408-463-5023 > Team Member > IM DevOps Enablement > Need help with DevOps? https://ibm.biz/IMDevOpsCoC > > Hi Michael, in your email, you speak about "check ssl" as a single parameter, while they are 2 different ones. Although, a check-ssl parameter exists. Something not obvious as well, is when does the 502 errors occurs? Is that to health checks or when browsing the application? Baptiste

Re: Strange behavior on "reqirep"

you paste your whole configuration and tell us which version of HAProxy you are using. Baptiste

Re: Error file and keep-alive

is the expected behavior. Have you observed something else? Baptiste

Re: Support for fair share concurrent request scheduling?

On Mon, Nov 17, 2014 at 3:48 PM, Jesse Hathaway wrote: > Baptiste writes: > >> >> On Fri, Nov 14, 2014 at 10:11 PM, Jesse Hathaway wrote: >> > Does haproxy have support for fair share concurrent request scheduling? >> > >> > Description: >>

Re: HAProxy - DNS

n will get ip from the latest DNS response by health > check i.g 10.0.0.4, right ? no, if the DNS server changes its response, it means the server has change its IP address. existing sessions will time out while new ones will be established to the new IP. It doesn't affect persistence at all. Baptiste

Re: HAProxy - DNS

as its current IP belongs to the list. If you think your DNS server has a different behavior, please let me know which one you're using and how it is configured, so I can give it a try. Baptiste

Re: HAProxy - DNS

7;s IP in the list returned by the DNS server, nothing will happen. Now, if you DNS server updates its list to 20.0.0.1 and 20.0.0.11, then HAProxy won't find anymore 10.0.0.1, so an IP update will be triggered and the first IP of the list will be used. Baptiste

Re: HAProxy - DNS

com returns 2 IPs, then current IP is searched in the list. If found, then nothing happens. If not found, the first IP of the list will be used for this server. Baptiste

Re: Support for fair share concurrent request scheduling?

urrent connections Hi Jesse, there's no way for now to do this in HAProxy. I don't even understand how this could be doable, since HAProxy processes requests are they are coming and HAProxy can't choose this order. Baptiste

Re: HAProxy - DNS

this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: secur...@comverse.com. Thank You." Hi, Server name resolution is under development in 1.6 branch. Baptiste

Re: Haproxy SSL termination - will it be fast enough?

looks quite weak for SSL processing. That said, for a few hundreds of reqs per second, it should be enough. Hopefully you won't have too many SSL keys to compute! Baptiste

Re: Multi-line reqirep?

ation/1400/path -> > http://evaluation.domain.com:1400/dynamic/path > > (The 'evaluation' parts aren't known ahead of time). > > Or is there another way to do it? Hi rodney, Unfortunately, there is no sample yet capable of fetching the 3rd directory in the path, so you can't do this in a dynamic way. Baptiste

Re: Can I insert a prefix cookie rather than read an existing one?

kie set by the application. Are you sure there is no X-Forwarded-For headers, or whatever other you could use to identify a user? There is no way for now in HAProxy to generate a random cookie... well, no "clean" way :) Baptiste

Re: HTTP : having /foo/ served by another backend

a specific ACL can be used: acl foo path_beg -i /foo/ use_backend bk_foo if foo this is the equivalent of use_backend bk_foo if { path_beg -i /foo/ } Baptiste

Re: Question concerning ACL match

No it won't. It performs a strick string match, not a regex. So it will look for a dot first. Baptiste On Mon, Nov 10, 2014 at 3:10 PM, Andreas Mock wrote: > Hi Baptist, > > thank you for answering. > > acl ismydomain hdr_end(host) -i .mydomain.de > > wouldn

Re: Question concerning ACL match

om. But I don't really > understand the semantics of this match modifier. > Would someone please enlighten me. > > Thank you in advance. > > Best regards > Andreas Mock > > Hi Andreas, Why not simply using acl ismydomain hdr_end(host) -i .mydomain.de Baptiste

<    2   3   4   5   6   7   8   9   10   11   >