t thing to be able to use external scripts for
rewriting, what do you think?
Or is it possible to do this cleanly with some option I haven't seen? I thought
about somehow rewriting headers, inserting a Location header etc. - but could
that work?
Best regards,
Craig
Hi,
you need to add the header in stunnel, not in haproxy. Have alook at the
xforwarded-for patches at http://haproxy.1wt.eu/download/patches/. There are at
least two people using them in a productive environment, so you should have a
try, too. ;)
Best regards,
Craig
- original
that after a specific limit is reached by haproxy, the connections get slower
and slower.
It might also be a linux kernel setting but, any hint would be much
appreciated...
Best regards,
Craig
My config:
# haproxy.cfg
global
user haproxy
group haproxy
maxconn 75000
ulimit-n 192000
log
r misunderstanding
on my part?
Thanks,
Craig
haproxy.cfg:
---
global
user haproxy
group haproxy
maxconn 75000
log 127.0.0.1 local0
stats socket /var/run/haproxy.stat mode 600
defaults
timeout client 300s
timeout server
em is reproducable with this config, I used need netcat here.
Running with #1 config ("reqidel ^X-Forwarded-For:.*" in frontend_btg not set).
case a) jumps between backends:
nc 127.0.0.1 8085 <
> Hi Craig,
>
> On Mon, Feb 07, 2011 at 09:24:24PM +0100, Craig wrote:
> > Hi
Case e) same expections as with case a) and config-1
> Case h) should really stay on one backend. I haproxy to delete
> X-Forwarded-For on the frontend, add new "X-Forwarded-For: SRC-IP", and
> balance based on that header in the backend.
>
> With this behaviour you will get
Hi,
a patch is already upstream. I put some effort into getting patches upstream:
http://groups.google.com/group/mailing.unix.stunnel-users/tree/browse_frm/month/2011-02/a1956cc49beaf689?rnum=11&_done=%2Fgroup%2Fmailing.unix.stunnel-users%2Fbrowse_frm%2Fmonth%2F2011-02%3Ffwc%3D1%26#doc_2d06864707
th an additional config option
like disable_permanent or the like?
Any opinions on this?
Best regards,
Craig
had done it before or has some ideas. :)
Best regards,
craig
7;t do
that with haproxy.
I'm pretty sure my boss would be willing to invest some €€€ if that helps.
- Craig
ds behave in the same way as the Least
Connections methods."
(https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_pools.html)
If my understanding is correct, haproxy does take the server weight into account
when calculating leastconn?
Thank you,
Craig
The connections on the remote
> > side
> > will be kept open until timeout.
>
> An attacker doesn't keeps states on his local machine if his intention is to
> SYN
> flood you.
I think he's talking about established connections.
- Craig
he load-balancing -
which won't work based on source, because it's always 127.0.0.1.
I've searched the docs, but can't think about a possibility (or maybe
I'm a bit blind...).
Thanks,
Craig
Hi,
The code is available at:
[...]
If many people are interested, I know it will be quite easy to backport it
to 1.3, and I can merge it into 1.3.19 once I have a few other things to
put with it.
What's your opinion ?
I'd like to see it backported.
Best regards,
Craig
by the stunnel machine's address?
You can balance on X-Forwarded-For or sourceip (you want x-forwarded-for).
You could also inject cookies to archieve stickyness. Just read the
documentation. ;)
Best regards,
Craig
ing. Maybe that's an option for
you, too?
regards,
Craig
Am 30.03.2010 23:55, schrieb Óscar Frías Barranco:
> I am forced to use http-server-close because in our application we need to
> know the remote IP addresses of the users which are connecting to our
> service.
> And for t
anks!
I'm relatively certain maxconn that was the issue, some tests will
verify it...thank you very much Willy!
Bests,
Craig
tm
https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=willy%40nerim%2enet&lc=FR&item_name=Willy%20Tarreau¤cy_code=EUR&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
;)
Best regards,
Craig
pe this helps.
Thanks from me, too! I think we still need the patches until 1.5 is
stable and included in linux distributions.
Willy, can you put them on the haproxy page?
Craig
se is a special server from you cluster that fullfills a
maintainance special task, I guess it's a common use-case. Any opinions
on this?
This is just a discussion/feature request, unfortunately my C is weak. ;(
Best wishes,
Craig
anpage, too. No one reviewed the patch yet, so if someone
from the list is willing to do, I'd be glad.
- Craig
could leave out the reqidel of the header, but then a malicious
party could theoretically choose the server it accesses (by forging
x-forwarded-for) and overload one after another; I prefer to take away
this possibility (yea I am overdoing it, maybe). ;)
Best regards,
Craig
really has to be like that! That was just a (too) quick
thought and I was misleaded...
Well thanks again for this great piece of software! :)
Best regards,
Craig
ing able to do that, even more
so if a different party administrates the servers.
Best regards,
Craig
Hi,
> On Wed, Jul 13, 2011 at 5:57 PM, Craig wrote:
>
>> I hereby request the feature to do https to backends
>> Sometimes it's really troublesome not being able to do that, even more
>> so if a different party administrates the servers.
>
> I'm n
hen I see
botnet attacks, they are not widely spread throughout the internet but
mostly come from <10 AS.
Nice to see that AWS performed here, thanks for sharing. :)
- Craig
Hi,
> Just wondering what is the best way to find the haproxy version.
haproxy -v
- craig
e load balancing over a bunch of haproxy
> machines, with the capability to add more machines to the pool easily, if
> required?
You might want to have a look at the iptables CLUSTERIP target. I
haven't tested it much, though.
Best regards,
- craig
On 14.01.2014 15:01, Timh Bergström wrote:
> I would really love a clean/native way to basically do "includes" in
> the configuration file;
+1 on what Timh said.
Dear friend:
This is Craig, from 1style In A Million Industrial Co.,Limited, from China.
We can provide you with a lot of fashions.
Currently, we have bulk quantity of new nice stock T shirts/polo shirts for sale, we might cooperate in two ways:
1) If you can INTRODUCE our T
your business.
Thanks and Regards,
Craig Wilson
Marketing Manager
If you don’t want to receive any more emails from us REPLY “Unsubscribe”.
Hi,
I really liked haproxy-auth-request's idea[0] () but needed some extra stuff, so
I forked it and implemented what I needed/wanted[1], by doing a sub-request
against hashicorp vault.
One of the things I need is the full requesting URL, with scheme, etc. So far
I've come up with:
http-reque
All -
I installed from source so I could set USE_PCRE=1. It doesn't look
like the make process included a startup script for /etc/init.d/. The
two included files (init.haproxy, haproxy.init) both look to be for RedHat.
Does anyone know where I can find a /etc/init.d/haproxy script fo
Thank you all very much, I got everything working, I appreciate your help.
Craig
Craig Carl
408 829 9953
Willy Tarreau wrote:
On Sun, Jan 10, 2010 at 11:41:47AM +0100, Holger Just wrote:
Hi Craig,
(sorry, for double posting, missed the correct button...)
On 10.01.10 11:01, Craig Carl
documentation incorrect?
Craig
Ryan Schlesinger wrote:
Craig,
It looks like you're trying to specify the listen section's bind as its
name. I think this is what you want:
listen www 64.164.194.16:80
(Any name will work in place of www).
Ryan
On 01/13/2010 08:09 PM, Craig Carl wrote:
All
ownload/1.3/bin/haproxy-1.3.18-pcre-solaris-sparc.notstripped
Be sure to check the hash -
http://haproxy.1wt.eu/download/1.3/bin/haproxy-1.3.18-pcre-solaris-sparc.notstripped.md5
--
Craig Carl
408 829 9953
Gustavo JIménez wrote:
Hi
I need work HAproxy 1.3 in solaris 10 but when i
Cyril -
The file - haproxy-1.3.18-pcre-solaris-sparc.notstripped.gz - does
exist, it just appears to be corrupted somehow.
Craig
Cyril Bonté wrote:
Le Vendredi 29 Janvier 2010 18:26:20, Craig Carl a écrit :
Gustavo -
I'm getting different errors on the .gz file depending o
I totally missed the *.23. Sorry about my confusion.
C
Cyril Bonté wrote:
Le Vendredi 29 Janvier 2010 19:28:15, Craig Carl a écrit :
Cyril -
The file - haproxy-1.3.18-pcre-solaris-sparc.notstripped.gz - does
exist, it just appears to be corrupted somehow.
Yes of course :) This one
write
redirect prefix if www_subdom
redirect prefix if !stunnel
Thanks for all your help.
Craig
Anne -
Your would need an application to handle SSL and forward HTTP. I use
stunnel for that with no problem. This is the guide I used, the basics are
the same on any distro -
http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-and-https/
Craig
On Sat, Mar 13, 2010 at
rname.domain.com ? And then that forwards requests the
> webservers and load balances them?
>
> Sorry for so many questions! I'm totally new at this.
>
> Thank you again for taking the time to help.
>
> Anne
>
> --
> *From:* Craig Car
r down?
Thanks.
Craig
ng
style? Given that it's rare that two subsequent requests on a single
connection will arrive at the same server, is it even worth having
keep-alive support on the backends?
Hopefully you guys can help.
Thanks!
--
Craig McLure
haproxy?
Thanks.
On 22 March 2016 at 20:44, Baptiste wrote:
> On Tue, Mar 22, 2016 at 2:17 PM, Craig McLure wrote:
> > Hi,
> >
> > I'm hoping to experiment with enabling keep-alive on my service, but the
> > documentation isn't entirely clear for my use ca
Hi,
Does HAProxy support the Keep-Alive header, and a 'max connection duration'
for Keep-Alive connections?
I've poured through the manual, but can't see anything obvious, but it
would be useful for better control over Keep-Alive connections.
Thanks.
obviously, I'd like for haproxy to have a way to close the
connection as gracefully as possible after X minutes, rather than the
current scenario where it may get killed ungracefully.
Running v1.6.4
Cheers.
On Mon, Apr 25, 2016 at 2:20 PM, Aleksandar Lazic wrote:
> Hi.
>
> Am 25-0
Hi,
On Mon, Apr 25, 2016 at 3:39 PM, Lukas Tribus wrote:
> Hi,
>
>
> Am 25.04.2016 um 15:51 schrieb Craig McLure:
>>
>> >From a firewall perspective all sockets are configured to forcefully
>> stop after about 20 minutes after which time a connection will go
Hi, my name is Joseph Craig and I'm the Marketing Director here at Private
Internet Access. I came across haproxy.org and considering our
organizations' similar goals in Internet security, I wanted to speak with
someone from your organization about donations. Can we perhaps schedule a
ti
48 matches
Mail list logo