Re: lots and lots of request erros - cR 408

2012-04-04 Thread Baptiste
hey, When a packet is lost, there is a retransmit 3s later (TCP protocol). Which is under the 10s of the timeout currently configured. So this can't be the reason of too many 408. Either you're under attack (somebody trying to take all the resources of your website using slowloris-like scripts).

Re: Header manipulation generates a response?

2012-04-04 Thread Baptiste
...@sapo.pt wrote: Hi, I really should've thought of that for myself, sorry about that... :-) Thanks so much, will try it tomorrow! Pedro. On 04/04/2012, at 21:01, Baptiste wrote: Hey, This is doable using content switching to route your request to a backend where where no servers

Re: Weird log output

2012-04-05 Thread Baptiste
Hi, Well, there is a directive called dontlog-normal to log only errors You should give it a try. cheers On Thu, Apr 5, 2012 at 6:30 PM, Guy Knights g...@eastsidegamestudio.com wrote: Thanks Baptiste. I turned on HTTP logging and I'm now getting the actual HTTP request path in the log output

Re: Header manipulation generates a response?

2012-04-05 Thread Baptiste
Hi, Indeed METH_OPTIONS is already an ACL by itself, so you can't include it in an other ACL. When listed at the end of your ACL, it was just understood as a possible path_match option. As Jonathan said, just use the implicit AND between ACLs when listed after a directive using them. Cheers

Re: [PATCH] DOC: cleanup indentation, alignment, columns and chapters

2012-04-09 Thread Baptiste
I guess it's related to: http://cbonte.github.com/haproxy-dconv/ great job :) cheers On Sun, Apr 8, 2012 at 11:19 PM, Willy Tarreau w...@1wt.eu wrote: On Sun, Apr 08, 2012 at 09:57:39PM +0200, Cyril Bonté wrote: This patch is a group commit simplify the parsing of the documenation : - remove

Re: nice wiki doc of haproxy

2012-04-09 Thread Baptiste
Hey, I'd be keen to participate as well. A few months I started my own script to do the same, using awk (https://github.com/bedis/haproxy_doc_to_html). cheers

Re: Q about mobile browser detection

2012-04-09 Thread Baptiste
Hey, As you said, device mobile detection can be achieved by an ACL. There is also an other good project (opensource), http://www.openddr.org/ It is just a question of a few ACLs. Cheers On Tue, Apr 10, 2012 at 1:22 AM, Aleksandar Lazic al-hapr...@none.at wrote: Hi, have anybody a haproxy

Re: haproxy keeps sending traffic to an offine backend

2012-04-10 Thread Baptiste
Hey, Have you enabled check on the server line? Are you using force-persist option? Could you at least share with us your HAProxy version and the backend configuration being in trouble? Regards On Wed, Apr 11, 2012 at 5:32 AM, Marcello Coutinho marcellocouti...@gmail.com wrote: Hi, I

Re: Performance optimization on VMWare VM's

2012-04-15 Thread Baptiste
Hey, You have to reserve resources for the VM. FYI, At exceliance, we were able to go up to 55K rps in a VM on a core i7. You'll need to tune your sysctl as well. cheers On Sun, Apr 15, 2012 at 6:30 PM, Willy Tarreau w...@1wt.eu wrote: On Sun, Apr 15, 2012 at 05:35:59PM +0200, Lukas Tribus

Re: Frontend outgoing bandwidth limit and concurrent source IP limit

2012-04-17 Thread Baptiste
Hi,, 1. not doable at this time with HAProxy And I don't even know if there is any plans to do it soon. 2. easily doable through the stick table with the counter conn_cur. Some examples are provided here

Re: Client Stickiness with Roundrobin Algorithm

2012-04-17 Thread Baptiste
On Wed, Apr 18, 2012 at 2:12 AM, Amit More am...@xetus.com wrote: Hello All, I have set up HAProxy (version 1.3.22 on Ubuntu Server 10.04 64-bit) with source as the load balancing algorithm and it works fine. I was wondering if  i could configure HAProxy to use roundrobin with client

Re: Client Stickiness with Roundrobin Algorithm

2012-04-18 Thread Baptiste
persistence using roundrobin algorithm for load balancing and operating HAProxy in TCP mode? Thanks, Amit On Apr 17, 2012, at 8:47 PM, Baptiste wrote: On Wed, Apr 18, 2012 at 2:12 AM, Amit More am...@xetus.com wrote: Hello All, I have set up HAProxy (version 1.3.22 on Ubuntu Server 10.04 64-bit

Re: Frontend outgoing bandwidth limit and concurrent source IP limit

2012-04-18 Thread Baptiste
Ah yes, I misunderstood the question, sorry for the confusion! I thought it was 3 connections per source IP. cheers

Re: Stopping new sessions from going to backend server

2012-04-19 Thread Baptiste
BTW to respond to the weight method, it will do what you expect (and you have to re-enable it using weight 100%). The 404 that Baptiste describes above does exactly that : switch the weight to zero. The difference is that the 404 is controlled from the server while the set weight is controlled

Re: HAProxy Performance test

2012-04-19 Thread Baptiste
Brilliant email, thanks :) I have some tests to run today and tomorrow and some of these tips are very interesting (mainly on inject) ttyl

Re: HAProxy Performance test

2012-04-19 Thread Baptiste
By the way, you could try to bind inject to a single CPU core. I got better performance when I run it bound to a core (but it's true my laptop was client and server in the mean time). cheers

Re: Layer4 session concurrency

2012-04-19 Thread Baptiste
On Thu, Apr 19, 2012 at 3:48 PM, Joel Svensson joel__svens...@hotmail.com wrote: Hi! From the text below I can't figure out if HAProxy will handle more sessions (than ~2/GB ram) in Layer4 mode? The session concurrency This factor is tied to the previous one. Generally, the session rate

Re: unresolvable host names as errors

2012-04-27 Thread Baptiste
Hi, The only moment HAProxy tries to resolve the IP of a hostname found in the conf is at startup. So if it can't find a way to reach the server at this moment, then HAProxy refuses to startup because it knows he will never be able to reach it. Note, there may be some improvement on this point

Re: HAProxy and SSL traffic termination

2012-05-02 Thread Baptiste
On Wed, May 2, 2012 at 3:46 PM, Alexander Kamardash alexander.kamard...@trusteer.com wrote: Hi, We want to perform LB, SSL termination and L7 on HAProxy. Could you please advise the best approach for it? We are interested in max performance and not complicated configuration. If you are

Re: Performance optimization on VMWare VM's

2012-05-02 Thread Baptiste
? Best regards Sebastian On 16.04.2012 07:01, Baptiste wrote: Hey, You have to reserve resources for the VM. FYI, At exceliance, we were able to go up to 55K rps in a VM on a core i7. You'll need to tune your sysctl as well. cheers On Sun, Apr 15, 2012 at 6:30 PM, Willy Tarreauw

Re: Missing log entries

2012-05-02 Thread Baptiste
Hi, You should enable http-server-close option in both frontend and backend or in defaults section. Otherwise, the first request is the only logged (tunnel mode). cheers On Wed, May 2, 2012 at 12:53 PM, Peter Gillard-Moss pgill...@thoughtworks.com wrote: Hello, I am observing some strange

Re: Rate limiting based on backend response

2012-05-02 Thread Baptiste
Hi, Currently, you can only do this based on source IP address. I know Willy is working to improve this and in1.5-dev9 you'll be able to do it, since you'll be able to track any users using strings (ie your token) then apply conn_rate or sess_rate, http_req_rate, etc... using gpc0 as a trigger.

Re: Possible to healthy check backend server's link speed?

2012-05-02 Thread Baptiste
Hi, There s a timeout check you can try to play with, as well as the classical options like inter, rise and fall. cheers On Tue, May 1, 2012 at 5:13 PM, Igor j...@owind.com wrote: Hi, Sometimes, some backend servers' link quality become very poor ( test by wget a test file from server),

Re: Randomly wrong backend on http request

2012-05-03 Thread Baptiste
to hdr_sub. By the way, I think you're misusing hdr_dom. You should use it like that: acl is_gateway_bringr hdr_dom(host) -i brin bringr At least, this is my understanding of the documentation :) cheers On Wed, May 2, 2012 at 11:48 PM, Baptiste bed...@gmail.com wrote: on the backend

Re: could a single ha proxy server sustain 1500 requests per second

2012-05-03 Thread Baptiste
Hi, You'll need one gig interface (two looks better, one for the frontend and one for the backend servers), but it should work without any issues. cheers On Thu, May 3, 2012 at 9:35 PM, S Ahmed sahmed1...@gmail.com wrote: I have a service where people will be http posting documents that will

Re: could a single ha proxy server sustain 1500 requests per second

2012-05-04 Thread Baptiste
On Fri, May 4, 2012 at 5:39 PM, S Ahmed sahmed1...@gmail.com wrote: how can I calculate if this will work in theory? On Thu, May 3, 2012 at 5:30 PM, Baptiste bed...@gmail.com wrote: Hi, You'll need one gig interface (two looks better, one for the frontend and one for the backend servers

Re: Randomly wrong backend on http request

2012-05-06 Thread Baptiste
On Sat, May 5, 2012 at 10:20 AM, Finn Arne Gangstad fin...@gmail.comwrote: You may be hit by the fact that hdr_dom(host) is sort of broken before 1.4.18. Some clients include the port number in the Host header, and hdr_dom() would not match those. If this is your problem, either upgrade

Re: Randomly wrong backend on http request

2012-05-07 Thread Baptiste
On Mon, May 7, 2012 at 10:42 PM, Willy Tarreau w...@1wt.eu wrote: Hi Baptiste, On Thu, May 03, 2012 at 09:50:39PM +0200, Baptiste wrote: When using HAProxy with the option http-server-close or forceclose, haproxy will close the TCP conection on either the server or both the client

Re: could haproxy call redis for a result?

2012-05-07 Thread Baptiste
On Tue, May 8, 2012 at 12:26 AM, S Ahmed sahmed1...@gmail.com wrote: I'm sure this isn't possible but it would be cool if it is. My backend services write to redis, and if a client reaches a certain threshold, I want to hard drop all further requests until x minutes have passed. Would it be

Re: could haproxy call redis for a result?

2012-05-08 Thread Baptiste
On Tue, May 8, 2012 at 4:39 AM, S Ahmed sahmed1...@gmail.com wrote: I agree it will add overheard for each call. Well would there a way for me to somehow tell haproxy from my application to block a particular url, and then send another api call to allow traffic from that url? This is

Re: could haproxy call redis for a result?

2012-05-08 Thread Baptiste
On Tue, May 8, 2012 at 3:25 PM, S Ahmed sahmed1...@gmail.com wrote: Ok that sounds awesome, how will that work though?  i.e. from say java, how will I do that? From what your saying it sounds like I will just have to modify the response add and a particular header.  And on the flip side, if I

Re: SPDY support?

2012-05-08 Thread Baptiste
://www.slideshare.net/f5dotcom/f5-ado-slide-share I appreciate it is not a standard... yet ... but never is such a strong word and seems shortsighted is there something I am missing why you would say never? On Wed, May 2, 2012 at 6:25 PM, Baptiste bed...@gmail.com wrote: Hi, As far as I know, never

Re: [ANNOUNCE] haproxy 1.5-dev9

2012-05-08 Thread Baptiste
I thought I could make the track-sc1 and track-sc2 actions track headers but some more changes were needed that were out of the scope of all these changes, so I left them for later. That is really sad :) Hopefully you'll be able to add string tracking to track-sc[12] soon, cause we'll be able

Re: could haproxy call redis for a result?

2012-05-08 Thread Baptiste
? On Tue, May 8, 2012 at 11:26 AM, Baptiste bed...@gmail.com wrote: On Tue, May 8, 2012 at 3:25 PM, S Ahmed sahmed1...@gmail.com wrote: Ok that sounds awesome, how will that work though?  i.e. from say java, how will I do that? From what your saying it sounds like I will just have to modify

Re: [ANNOUNCE] haproxy 1.5-dev9

2012-05-08 Thread Baptiste
I know but as you're well aware, the most important for me is to ensure that we can concurrently work on this code. So I sometimes prefer delay minor features to focus on architectural changes which allow multiple persons to develop in parallel. This is the most important as I'm still too

Re: [ANNOUNCE] haproxy 1.5-dev9

2012-05-08 Thread Baptiste
Hi, Yes, appsession has been obsoleted by cookie and set-cookie stick tables pattern extraction (in HAProxy 1.5-dev7 as far as I remember). As an example: stick-table type string len 32 size 10K stick store-response set-cookie(PHPSESSID) stick on cookie(PHPSESSID) or, better, if your cookie

Re: Can't git clone haproxy repo

2012-05-09 Thread Baptiste
sometimes, it happens that HAProxy git is not available (or very very slow) :) just try again a bit later. cheers On Wed, May 9, 2012 at 6:52 PM, Aleksandar Lazic al-hapr...@none.at wrote: Hi, I just copied the git command to clone the repo from

Re: How can I benchmark the 'source' balance scheme

2012-05-11 Thread Baptiste
On Fri, May 11, 2012 at 4:36 PM, Joeri Blokhuis | DongIT joeri.blokh...@dongit.nl wrote: Hello guys, I would like to benchmark and test the 'source' balance algorithm of HAProxy before any loadbalancers are put in production. The 'source' algorithm is based on the IP source address, so when

Re: unresolvable host names as error

2012-05-11 Thread Baptiste
On Fri, May 11, 2012 at 6:09 PM, Andres Thomas Stivalet atstiva...@gmail.com wrote: Currently, if haproxy tries to start up and a webserver is down (and it's defined as a hostname in the config file) haproxy refuses to start. Looking at the previous change logs and announcements it seems this

Re: unresolvable host names as error

2012-05-12 Thread Baptiste
Well, I must say I'm unsure what we'll do upon startup, because if we accept to start with buggy host names, a number of admins will get trapped with errors in their configs causing servers to remain down forever. At least right now they know from the beginning that they have to fix their

Re: Stats for backend queue

2012-05-12 Thread Baptiste
On Sat, May 12, 2012 at 6:01 PM, Bar Ziony bar...@gmail.com wrote: Hey, I have a dynamic backend with maxconn 80 with multiple servers. Many times I can see on the haproxy stats page that servers on this backend are reaching their maximum 80, but I don't see the number of requests currently

Re: Localhost (local vip) time out with LVS. Will haproxy be able to help?

2012-05-15 Thread Baptiste
On Tue, May 15, 2012 at 10:44 AM, Brent Clark brentgclarkl...@gmail.com wrote: Hi Guys I wonder if someone will be able to tell me if haproxy will fix my issue. I just have two servers, running heartbeat, LVS, and apache2. The problem I have, is that if I make HTTP calls to the VIP from the

Re: When a server is marked down by a service check...

2012-05-15 Thread Baptiste
On Tue, May 15, 2012 at 8:48 PM, Foreman, Tim tfore...@ibsys.com wrote: Using an 'option httpchk' service check, what happens to the existing connections to the server when it is marked down? We are trying to take servers out of the backend by making them fail the service check and it

Re: HAProxy: redirection algorithm

2012-05-17 Thread Baptiste
On Thu, May 17, 2012 at 3:18 PM, Виктор Ефимчик 4bl...@rambler.ru wrote: Hello, There is a question regarding HAProxy redirection algorithm: Is it possible to force HAProxy to redirect the request which reaches the server and while processing the request the server crashes? Can HAProxy

Re: Unexpected balance uri behavior

2012-05-17 Thread Baptiste
Hi, Before pointing the load-balancing algorithm, have you tried an other one? (if yes, what was the result) Are you sure HAProxy can reach the server? Could you first enable halth checking (add the keyword check on the server line description), and logging as well? That may provide useful

Re: SSL farm

2012-05-23 Thread Baptiste
Without SSL resume, the client will make the server to generate a new asymetric key. Which takes much more resources than a simple SSL transaction. So it's better to be able to resume if your clients move from one LB to an other one very often ;) cheers

Re: haproxy conditional healthchecks/failover

2012-05-23 Thread Baptiste
Hi, My questions and remarks inline. On Wed, May 23, 2012 at 11:42 PM, Zulu Chas zuluc...@hotmail.com wrote: Hi! I'm trying to use HAproxy to support the concepts of offline, in maintenance mode, and not working servers. Any good reason to do that??? (I'm a bit curious)  I have separate

Re: mysql failover and forcing disconnects

2012-05-24 Thread Baptiste
On Thu, May 24, 2012 at 10:59 AM, Willy Tarreau w...@1wt.eu wrote: On Thu, May 24, 2012 at 01:12:14AM -0700, Justin Karneges wrote: Well, the network could fail at anytime and have a similar effect. I'm not sure if killing all connections to the backup is really any worse than killing all

Re: Problems with layer7 check timeout

2012-05-24 Thread Baptiste
Hi Lange, Would it be possible to take a trace (tcpdump) of the health check? This may help as well. Cheers On Fri, May 25, 2012 at 4:01 AM, Lange, Kevin M. (GSFC-423.0)[RAYTHEON COMPANY] kevin.m.la...@nasa.gov wrote: Monsieur Tarreau, Actually, we are seeing frontend service availability

Re: could haproxy call redis for a result?

2012-05-24 Thread Baptiste
will arrive soon too :) cheers On Thu, May 24, 2012 at 6:33 PM, S Ahmed sahmed1...@gmail.com wrote: Baptiste, Whenever this feature will be implemented, will it work for a specific url like: subdomain1.example.com What about by query string?  like: www.example.com/customer/12345

Re: programatically checking failed machines

2012-05-30 Thread Baptiste
Hi, You could also use stunnel in client mode and run your health checks over it :) cheers On Wed, May 30, 2012 at 9:03 PM, Miah Johnson m...@chia-pet.org wrote: Cord, Yes! You can use 'stats socket' or 'stats uri', and a small program that reads that to monitor your haproxy system. From

Re: reqadd srcIP for header

2012-06-05 Thread Baptiste
Hey, Using stunnel and haproxy, both with the proxy protocol may help when you want to add the X-SRC-IP header for a SSL connection. cheers

Re: programatically checking failed machines

2012-06-05 Thread Baptiste
Could you at least provide your config? cheers On Mon, Jun 4, 2012 at 10:13 PM, Cord MacLeod cordmacl...@gmail.com wrote: Just got around to attempting this, it appears not to work with SSL.  Is there any other option (stunnel breaks a lot and doesn't support 1 off connections)?  *

Re: haproxy - varnish - backend server

2012-06-05 Thread Baptiste
On Wed, Jun 6, 2012 at 3:50 AM, David Coulson da...@davidcoulson.net wrote: you might also want to look at having varnish prepend the haproxy IP to the X-Forwarded-For line, rather than just pass it along - Most proxies seem to comma delimit a list of IPs of all the devices the request has

Re: Rate limiting based on X-Forwarded-For

2012-06-15 Thread Baptiste
Hey, You could do it through 2 HAProxy instances: - the first instance use the IP address from the X-forward-for header to get connected on the second one (through the proxy protocol, using a patched kernel). - the second can rate limit based on the source IP provided through the proxy protocol.

Re: try other backend when backlog is full or backend unavailable, but only in that case

2012-06-15 Thread Baptiste
Hey, You can use options retries and redispatch. As soon as HAProxy has sent a request to a server, it's not available anymore in its buffer. So you're sure it won't be sent again to an other server. Cheers On Fri, Jun 15, 2012 at 2:06 PM, Gábor Farkas gabor.far...@gmail.com wrote: hi,

Re: acl routing/redirect to specific backend system

2012-06-25 Thread Baptiste
Hi, Lately, a use-server directive has been added in HAProxy, you should have a look at it ;) Note that it will work only if HAProxy can see plain HTTP protocol. In your example, you're using HTTPS, so everything is encrypted from a HAProxy point of view. cheers On Mon, Jun 25, 2012 at 5:44 PM,

Re: acl routing/redirect to specific backend system

2012-06-26 Thread Baptiste
How do you want to do content switching when the traffic is encrypted nobody can't. The only thing you can use is SNI or TCP port which are not encrypted You could dedicate a port per server, leaving the 443 for the global farm. IE: use-server srv1 if { dst_port eq 444 } And in your bind

Re: Can't omit port number using server directive...

2012-06-27 Thread Baptiste
Hi, A single cookie name can be used in two farms, if you keep the same name and cookie value for the server and if SSL offloading is done before HAProxy. You can't check 2 ports in HAProxy, there are some dirty work arounds like using a single backend to monitor all the ports on your server.

Re: Postfix 2.10 introduces support for the PROXY protocol

2012-06-27 Thread Baptiste
Hi Willy, I just tested it and it seems to work: Postfix logs, depending on the configuration: No proxy protocol: Jun 28 06:14:46 sd-33932 postfix/smtpd[25335]: connect from localhost[127.0.0.1] Jun 28 06:15:07 sd-33932 postfix/smtpd[25335]: disconnect from localhost[127.0.0.1] With proxy

Re: Postfix 2.10 introduces support for the PROXY protocol

2012-06-27 Thread Baptiste
On Thu, Jun 28, 2012 at 7:28 AM, Willy Tarreau w...@1wt.eu wrote: Hi Baptiste, On Thu, Jun 28, 2012 at 06:22:16AM +0200, Baptiste wrote: Hi Willy, I just tested it and it seems to work: Postfix logs, depending on the configuration: No proxy protocol: Jun 28 06:14:46 sd-33932 postfix

Re: Postfix 2.10 introduces support for the PROXY protocol

2012-06-29 Thread Baptiste
Hi all, The blog article about it: http://blog.exceliance.fr/2012/06/30/efficient-smtp-relay-infrastructure-with-postfix-and-load-balancers/ I'll come later with a longer article on spam fighting using HAProxy and postfix and the proxy protocol :) Cheers

Re: Rewriting Question

2012-07-02 Thread Baptiste
On Mon, Jul 2, 2012 at 10:27 PM, Dave d...@raven.za.net wrote: Hello, I have a question about rewriting URLs with HAProxy. I'm aware this isn't the correct place to do it, but due to a long story essentially it has to be. What I would like to do is rewrite URLs going to the webserver like

Re: select a backend based on header value

2012-07-07 Thread Baptiste
Hi, Varnish is a pure reverse proxy as well: http://blog.exceliance.fr/2012/07/04/haproxy-and-varnish-comparison/ cheers

Re: Cookie Reset / Move

2012-07-09 Thread Baptiste
I don't understand what you mean! Maybe a cleaner explanation of your problem would ease the resolution of it. cheers On Mon, Jul 9, 2012 at 9:21 PM, Les Stroud l...@lesstroud.com wrote: For a sticky session impl, is there anyway to tell haproxy to change the cookie assignment for a particular

Re: With SSH Load balancing, haproxy not responding.

2012-07-11 Thread Baptiste
Hey, Can you let me know why you're using a minconn parameter on SSH protocol? Also, do you have a patch for the proxy protocol on your SSH server? If yes, I'm interested to get it :) Saying that, I can't see anything weird in you conf, unless you have reach the maxconn allowed. What does the

Re: SSL Backends

2012-07-16 Thread Baptiste
Hi, I agree with Chris. It's a common setup: client == stunnel == haproxy == stunnel == server First stunnel runs in server mode while second one runs in client more. that way, HAProxy sees traffic in clear but the connection from the client and to the server are encrypted. cheers

Re: SSL Backends

2012-07-16 Thread Baptiste
Guys, some applications provided in black boxes only accept connections on SSL, port 443. Or some type of company like banks don't want to have traffic in clear, even on their LAN... So you must encrypt traffic. By the way, stud has now a client mode:

Re: Queue is going rampage?

2012-07-17 Thread Baptiste
Hi, To track down where your issue could come from, have a look in your logs. You will find information about server response time. Second, your minconn parameter seems very low. As soon as you reached the minconn, HAProxy will start queueing on your server. The logs should tell as well how long

Re: HAProxy

2012-07-19 Thread Baptiste
Hey guys, Could you please remove HAProxy mailing list from your private discussion cheers On Fri, Jul 20, 2012 at 5:06 AM, Haroon Rasheed haroonrasheedj...@gmail.com wrote: Dear Chua, We should be able to receive UDP Data from field devices via Round Robin Load Balancing logic on

Re: Queue is going rampage?

2012-07-20 Thread Baptiste
On Fri, Jul 20, 2012 at 12:45 PM, Jakov Sosic jso...@srce.hr wrote: On 07/17/2012 08:53 PM, Baptiste wrote: My advice: read the documentation about minconn, maxconn and fullconn and review your configuration Second advice, you should do content swithcing, routing your static content outside

Re: Haproxy and UTF8-encoded chars

2012-08-01 Thread Baptiste
not to run character compliance testing. This could be used temporary, the time for the applications to be fixed. Baptiste

Re: how to decide a http transaction is commpleted

2012-08-02 Thread Baptiste
, a new TCP connection will be opened per each HTTP requests. I don't understand your last question. Could you be clearer? Baptiste

Re: what is the difference between EV_FD_CLR, EV_FD_CLO and EV_FD_REM

2012-08-02 Thread Baptiste
event manager used by HAProxy (poll, epoll, kqueue, etc...) It source code is available in include/proto/fd.h. Baptiste

Re: how to decide a http transaction is commpleted

2012-08-02 Thread Baptiste
On Thu, Aug 2, 2012 at 10:34 AM, mark green httpproxy1...@gmail.com wrote: Hi, Baptiste Thanks for your explanation. the second question is from this: I want to change the current behavior of connection between haproxy and backend servers as following: pre-setup some persistent connections

Re: work flow chart of haproxy

2012-08-06 Thread Baptiste
Hi, It's on my TODO (at Exceliance) with Willy. As soon as I'll do it, I'll update the list. There is an old one in the doc directory, as far as I remember, not really up to date, but the main idea is there. cheers On Mon, Aug 6, 2012 at 9:34 AM, mark green httpproxy1...@gmail.com wrote: Hi,

Re: HA queues when it should not (yet)?

2012-08-07 Thread Baptiste
Hi, If you have enabled minconn, it's an expected behavior :) otherwise, sharing your conf, screenshot and haproxy version would help a lot. Baptiste

Re: HA queues when it should not (yet)?

2012-08-08 Thread Baptiste
available (unless you have a predictible algorithm or persistence enabled). Baptiste On Tue, Aug 7, 2012 at 4:52 PM, Christian Parpart tra...@gmail.com wrote: On Tue, Aug 7, 2012 at 4:44 PM, Baptiste bed...@gmail.com wrote: Hi, If you have enabled minconn, it's an expected behavior :) otherwise

Re: HAProxy stops working all of a sudden

2012-08-13 Thread Baptiste
Hi, Are you using 2 NICs or a single one? Have you enable ip_forward on the HAProxy box? cheers

Re: encounter a problem when testing HAProxy

2012-08-15 Thread Baptiste
Hi, Amol forgot to mention it, but the conntrack table full should appear on the LB, not on the servers. Could you paste here a few log lines from when the problem occurs? HAProxy logs are very verbose and we may find something here. Which version of HAProxy are you running? cheers

Re: HAProxy stops working all of a sudden

2012-08-15 Thread Baptiste
On Mon, Aug 13, 2012 at 9:11 AM, Rahul Nair rahul.n...@finicity.com wrote: Hi, I am using single NIC card and IPs of both the network (VIP Real servers network) are configured on virtual ethernet adapters (eth0:0 eth0:1). Ip_forward is enabled on the HAProxy server. Thanks Rahul N. Hi,

Re: Detecting Flapping Service

2012-08-15 Thread Baptiste
Hi, An accurate health check as well, playing with timeout check could be a good option too. cheers

Re: major performance decrease in total throughput with HAproxy 1.4.20

2012-08-16 Thread Baptiste
Any ideas? Thanks Hi, Could be interesting to have a look at HAProxy logs :) They may provide useful information about network and application response time (enable the http-server-close option). cheers

Re: major performance decrease in total throughput with HAproxy 1.4.20

2012-08-17 Thread Baptiste
Hi, To summary, with httpclose, you have around 100 rps. With no option, you get 2K rps (which means your servers can do http keepalives). when you enable option http-server-close only, you have also 2K rps, because HAProxy does HTTP keepalive on the server side. 2 options: 1. there is a magic

Re: urls in stick-table, any timeline?

2012-08-21 Thread Baptiste
Hey, Nothing coming right now. Maybe for Christmas :) cheers On Tue, Aug 21, 2012 at 5:19 PM, S Ahmed sahmed1...@gmail.com wrote: Hello, Any updates or guestimates on if sticky-table feature will be released? Just haven't been watching this list for a while and curious if there has been

Re: HAproxy as a reverse+transparent proxy help (pfsense)

2012-08-24 Thread Baptiste
Hi, Are you sure pfsense kernel has been compiled with TPROXY enabled? cheers On Fri, Aug 24, 2012 at 9:09 AM, hapr...@serverphorums.com wrote: Good morning people, since yesterday i have an existing problem that i can't solve without any help.. Topology: pfsense (Reverse+transparent

Re: HAproxy as a reverse+transparent proxy help (pfsense)

2012-08-24 Thread Baptiste
so please clarify your question cause I don't understand anything and I'm not the only one. cheers On Fri, Aug 24, 2012 at 10:27 AM, hapr...@serverphorums.com wrote: Yeah, the all thing is not this. The transparent proxy is the last thing i want to know. --- posted at

Re: Dynamic DNS lookup

2012-08-24 Thread Baptiste
Hi, no way for now. In the roadmap ther is a feature to fix this problem: HAProxy will do nslookup during the health check to know if the server IP has changed. Not any date for this dev to be done for now. cheers On Fri, Aug 24, 2012 at 1:30 PM, Igor j...@owind.com wrote: I have dynamic FQDN

Re: HAproxy as a reverse+transparent proxy help (pfsense)

2012-08-24 Thread Baptiste
On Fri, Aug 24, 2012 at 1:15 PM, hapr...@serverphorums.com wrote: I said it very clearly, that i have found how to make it transparent, No you didn't... But maybe my english understanding is too bad :) and i said also the exact way to do it. I want help with the set up of the reverse proxy.

Re: External Monitoring of https on LB's

2012-08-26 Thread Baptiste
be useful too. BAptiste

Re: cofigure HAProxy for TCP/IP socket based application

2012-08-29 Thread Baptiste
hi nothing more easy listen myappli bind 0.0.0.0:1200 server srv1 10.0.0.1:1200 server srv2 10.0.0.2:1200 replace 1200 by the tcp port of your application. cheers

Re: HAProxy stunnel Mutual Auth HTTPS

2012-08-30 Thread Baptiste
Hello, Is your problem related to health check only or related to your mutual authentication not working with HAProxy? Have you tried with a simple TCP health check? Otherwise you could use stunnel in client mode and run a HTTP check which would be encrypted by stunnel before hitting the web

Re: HAProxy with native SSL support !

2012-09-04 Thread Baptiste
All, A small howto to play with it can be found here: http://blog.exceliance.fr/2012/09/04/howto-ssl-native-in-haproxy/ cheers

[PATCH] halog sort URLs by avg bytes_read or total bytes_read

2012-09-08 Thread Baptiste
Hi Willy, The patch attached to this mail brings ability to sort URLs by averaged bytes read and total bytes read in HALog tool. In most cases, bytes read is also the object size. The purpose of this patch is to know which URL consume the most bandwith, in average or in total. It may be

Re: [ANNOUNCE] haproxy 1.5-dev12

2012-09-10 Thread Baptiste
And of course, the article on Exceliance blog: http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/ have fun

Re: issues with very long URLs.

2012-09-10 Thread Baptiste
On Mon, Sep 10, 2012 at 7:24 PM, Lange, Kevin M. (GSFC-423.0)[RAYTHEON COMPANY] kevin.m.la...@nasa.gov wrote: Hi, Our public-facing service provides a REST api to search for products (geospatial science data), which requires in many cases very long URLs to craft the search. We seem to be

Re: HTTP redirect using domain extract from original request

2012-09-10 Thread Baptiste
Hi Guillaume, You're right, this is not doable with HAProxy, unfortunately. The only way you could do that is through redirect with hardcoded hostname + acl, as you mentionned in your mail. cheers

Re: issues with very long URLs.

2012-09-10 Thread Baptiste
We may have more accurate information about the error in the logs. Please turn on logging and report the error here. Maybe issueing a show errors on HAProxy socket may give some interesting clue as well. And then we'll see if playing with tune.bufsize makes sense or not. cheers Baptiste

Re: How many backends and servers does Haproxy support

2012-09-11 Thread Baptiste
Hi, HAProxy can support as many backend as you need, and as many servers as well. As you said, health check could take some CPU ressources, but depends on what does your architecture look likes, there may be advatange to configure HAProxy to use several process and let the kernel bind them on

Re: HAProxy with native SSL support !

2012-09-13 Thread Baptiste
A few links on our blogs related to Willy's mail and your problem: - SSLID persistence: http://blog.exceliance.fr/2011/07/04/maintain-affinity-based-on-ssl-session-id/ - Content switching based on SNI in HAProxy:

<    1   2   3   4   5   6   7   8   9   10   >