Re: artificial maxconn imposed

use very high BDP paths net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 -jonah -Original Message- From: David Birdsong [mailto:david.birds...@gmail.com] Sent: Friday, September 18, 2009 3:06 PM To: haproxy Subject: artificial maxconn imposed

Re: Nbproc question

On Tue, Sep 29, 2009 at 10:30 AM, Willy Tarreau w...@1wt.eu wrote: On Tue, Sep 29, 2009 at 09:56:51AM -0700, Jonah Horowitz wrote: Here's the output of top on the system: top - 09:50:36 up 4 days, 18:50,  1 user,  load average: 1.31, 1.59, 1.55 Tasks: 117 total,   2 running, 115 sleeping,   0

slow tcp handshake

This isn't haproxy related, but this list is so knowledgable on network problems. I'm troubleshooting our slow webserver and I've drilled down to a TCP handshake taking up to 10 seconds. This handshake doesn't actually really start until the client sends it's 3rd syn. The first 2 syn's are

Re: slow tcp handshake

problem before with lighttpd. it is quite verbose about running out of file descriptors. -Original Message- From: David Birdsong [mailto:david.birds...@gmail.com] Sent: Wednesday, October 21, 2009 7:07 AM To: John Lauro Cc: haproxy Subject: Re: slow tcp handshake On Wed, Oct 21

Re: slow tcp handshake

that nothing shows, as most 0 values are not printed.  You could check for anything else that looks strange under netstat -s -Original Message- From: David Birdsong [mailto:david.birds...@gmail.com] Sent: Wednesday, October 21, 2009 7:07 AM To: John Lauro Cc: haproxy Subject: Re: slow

balance hdr

From the manual: snip hdr(name) The HTTP header name will be looked up in each HTTP request. Just as with the equivalent ACL 'hdr()' function, the header name in parenthesis is not case sensitive. If the header is absent or if it does not

anybody know how to health check a twisted xmlrpc server?

i see that POST is a valid httpchk parameter, but without ripping twisted apart, i'm not sure how it could allow an empty POST through to code that could return a 200 or 204. has anybody already gone through this?

Re: anybody know how to health check a twisted xmlrpc server?

On Wed, Dec 23, 2009 at 10:07 PM, David Birdsong david.birds...@gmail.com wrote: On Wed, Dec 23, 2009 at 9:57 PM, Willy Tarreau w...@1wt.eu wrote: On Wed, Dec 23, 2009 at 09:48:15PM -0800, David Birdsong wrote: i see that POST is a valid httpchk parameter, but without ripping twisted apart

Re: anybody know how to health check a twisted xmlrpc server?

On Wed, Dec 23, 2009 at 11:27 PM, Willy Tarreau w...@1wt.eu wrote: On Wed, Dec 23, 2009 at 10:52:52PM -0800, David Birdsong wrote: this can be dropped for now.  it turns out that twisted doesn't actually return error codes when you instruct it to.  it puts the error codes in the xml response

listen on a unix socket

I wonder about this with all the servers/proxies I work with. HAproxy can write to a unix socket, is there any reason why it can't listen on one? I have a setup where I string a few servers together over localhosI wonder about this with all the servers/proxies I work with. HAproxy can write to

Re: Does haproxy support listen on unix domain socket?

this for HTTP too. I wanted to extend the bind statement to support unix-domain socket paths, but this remained very low in my priority list. I know that David Birdsong (CCed) was interested in this too, though I don't know if he had any time to look at that. I would also love this option

high connection rates

I'm curious what others are doing to achieve high connection rates -say 10Kconnections/ second. We're serving objects averaging around 100KB, so 10K/sec is a fully utilized 1G ethernet card. I'd like to safely hit 7-800 Mb/sec, but interrupts are just eating the machine alive. Before adjusting

Re: [PATCH] add a maintenance mode to servers

This is really cool. I recently wrote a script to do a 'slow down' that writes decreasing percentages to the stats socket over a configurable time window. It would be really cool to be able to use the slow start logic internal to haproxy combined with this command to implement all of what I

Re: high connection rates

On Sat, Jan 30, 2010 at 1:04 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Fri, Jan 29, 2010 at 03:58:09PM -0800, David Birdsong wrote: I'm curious what others are doing to achieve high connection rates -say 10Kconnections/ second. We're serving objects averaging around 100KB, so 10K

Re: high connection rates

On Sun, Jan 31, 2010 at 12:24 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Sun, Jan 31, 2010 at 11:41:20AM -0800, David Birdsong wrote: we serve media.  i double checked the average size simply by reading content length values and averaging them for every 100 and 1000 requests over a 5

Re: pausing traffic?

On Fri, Feb 5, 2010 at 7:50 PM, Greg Gard gg...@carepaths.com wrote: hi, i would like to be able to pause traffic for a minute or so whilst i reload rails servers to use a different database. i have three different webservers and can probably write a script to nolb one server, reboot with

long ip acl's

I'm autogenerating haproxy configs on some of our front ends and appending a growing set of IP addresses that we'll ban. Does this scale well in haproxy? Can I expect performance to drop as the list grows and grows or is this implemented in a way that scales pretty horizontally?

Re: long ip acl's

On Thu, Feb 25, 2010 at 12:48 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Wed, Feb 24, 2010 at 06:06:26PM -0800, David Birdsong wrote: I'm autogenerating haproxy configs on some of our front ends and appending a growing set of IP addresses that we'll ban.  Does this scale well

Re: long ip acl's

2010/2/25 XANi xani...@gmail.com Hi Dnia 2010-02-25, czw o godzinie 15:35 -0800, David Birdsong pisze: On Thu, Feb 25, 2010 at 12:48 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Wed, Feb 24, 2010 at 06:06:26PM -0800, David Birdsong wrote: I'm autogenerating haproxy configs

Re: Problems serving HTTP content (lingering connections?)

On Mon, Mar 8, 2010 at 2:29 AM, Stefan Johansson phu...@hotmail.com wrote: Obviously this is seemingly not related to haproxy, but in case anyone might have an idea... I've been trying more with lighttpd with max connections set to 2048 and it is still reaching the connection limit.. and this

Re: Question regarding url_param hashing

On Sat, Apr 10, 2010 at 11:08 AM, Dirk Taggesell dirk.tagges...@googlemail.com wrote: On Thu, Apr 8, 2010 at 10:57 PM, Willy Tarreau w...@1wt.eu wrote: In 1.4 you should probably use hash-type consistent to avoid redispatching everyone when one server falls down. Thanks for eyplaining,

Re: layer 7 proxy hierarchy

On Wed, Jun 9, 2010 at 8:55 AM, Rapsey rap...@gmail.com wrote: I use it to dispatch to another app. As for ordering, I think you would need to do it from the app if I understand your use case correctly. Sergej It's true that X-Accel-Redirect would require this chaining logic in your app. If

help with halog

I'm pretty excited to start using halog, but dumping out the usage is about the only documentation I can turn up -which is not explaining anything to me. Is there anything more substantial on how to use halog?

Re: help with halog

On Wed, Jun 9, 2010 at 10:09 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Wed, Jun 09, 2010 at 04:37:28PM -0700, David Birdsong wrote: I'm pretty excited to start using halog, but dumping out the usage is about the only documentation I can turn up -which is not explaining anything to me

Re: 'haproxy' in AIX OS for C++ Applications

If you want haproxy to load balance across your databases and do so by some value in the traffic, you'll need to expose your database via a protocol that haproxy supports. Write an RPC service that speaks HTTP and have haproxy load balance across your RPC servers using HTTP values. This is

Re: TCP Splicing with HAProxy 1.4.8

On Thu, Oct 7, 2010 at 1:01 PM, Maurice Kelly list-hapr...@chatswood.org.uk wrote: Hi, I've been trying out HAProxy 1.4.8 on RHEL 6 beta (running kernel 2.6.32-44.1.el6.x86_64). I created a very simple configuration with which I'd been testing with and without the option splice-response

Re: hot reconfiguration, how to?

On Wed, Dec 8, 2010 at 6:13 PM, Bryan Talbot btal...@aeriagames.com wrote: See the architecture doc section 4.3 http://haproxy.1wt.eu/download/1.3/doc/architecture.txt -Bryan When a new haproxy pid is started after it sends a SIGTTOU to the prior running haproxy pid, what is the state of the

feature request - slowdeath

Hey Willy, Haproxy rocks! I've been using slowstart lately and was wondering if it would be possible to add the opposite--something like 'slowdeath'. Some external event would trigger, perhaps a very specific HTTP code, or a command coming through the control socket, haproxy would un-weight the

Re: feature request - slowdeath

On Mon, Dec 20, 2010 at 12:25 AM, Willy Tarreau w...@1wt.eu wrote: On Sun, Dec 19, 2010 at 11:35:37PM +0100, Bedis 9 wrote: Hey, A slowdown would be interesting if you want to avoid any huge traffic to be redirected to quickly to other backends. That's the only use I can think of, and I

Re: TCP proxy capabilities

On Mon, Mar 14, 2011 at 8:15 PM, g...@desgames.com g...@desgames.com wrote: Actually, I should clarify something. We don't really actually want the 'black hole' situation I described - instead, what we want is for haproxy to accept and queue the messages that come in from the requesting server,

Re: TCP proxy capabilities

your normal backend. if another is true, use your backup. there might be better ways to do this in just the backend itself also. Thanks, Guy On Mon, Mar 14, 2011 at 5:34 PM, David Birdsong david.birds...@gmail.com wrote: On Mon, Mar 14, 2011 at 8:15 PM, g...@desgames.com g...@desgames.com

format for ip ranges in acl source file

this line in my haproxy config: acl bad_guys_ip hdr(X-Forwarded-For) -f /etc/haproxy/block_ip.txt will block a single ip, but i can't figure out the syntax for specifying a subnet this block_ip.txt blocks my ip snip # comment lines ok # block an ip x.x.x.86 # block a subnet doesn't work for

Re: format for ip ranges in acl source file

On Fri, Mar 18, 2011 at 4:56 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Thu, Mar 17, 2011 at 04:17:15AM -0400, David Birdsong wrote: this line in my haproxy config: acl bad_guys_ip hdr(X-Forwarded-For) -f /etc/haproxy/block_ip.txt will block a single ip, but i can't figure out

Re: Half--NAT

I don't think you'll find NAT capabilities in any proxy. I think a fair distinction between a proxy and a NAT device is: - a proxy actually listens and will call accept to create a separate socket connection with both client and server - a NATing device doesn't know about sockets at all and will

Re: Half--NAT

On Thu, Mar 24, 2011 at 5:27 PM, Ben Timby bti...@gmail.com wrote: On Thu, Mar 24, 2011 at 4:59 PM, Jason J. W. Williams jasonjwwilli...@gmail.com wrote: Hi All, I'm trying to find documentation on configuring HAProxy to do half-NAT, but can't seem to find any. Does HAProxy not support

halog assitance

I'm in the process of trying to debug a somewhat sluggish set of backends. The backends are ~20 python tornado web servers that implement a simple blocking db call to mongodb. I would theorize that the request rate can overload the number of backends and their ability to service periodically when

Re: halog assitance

-0700, David Birdsong wrote: I'm in the process of trying to debug a somewhat sluggish set of backends. The backends are ~20 python tornado web servers that implement a simple blocking db call to mongodb. I would theorize that the request rate can overload the number of backends and their ability

help with tcp-request content track-sc1

I've poured over 1.5 docs, and I'm pretty sure this should be possible. Is there a way to extract a header string from an http header and track that in a stick-table of type 'string'? If so, what is the syntax, where does the extraction take place? Also, is there any way to concatenate two

Re: help with tcp-request content track-sc1

On Sat, Aug 27, 2011 at 5:26 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Thu, Aug 25, 2011 at 12:28:43PM -0700, David Birdsong wrote: I've poured over 1.5 docs, and I'm pretty sure this should be possible. Is there a way to extract a header string from an http header and track

Re: help with tcp-request content track-sc1

On Mon, Aug 29, 2011 at 1:46 PM, Willy Tarreau w...@1wt.eu wrote: On Mon, Aug 29, 2011 at 01:40:53PM -0700, David Birdsong wrote: On Mon, Aug 29, 2011 at 1:36 PM, Willy Tarreau w...@1wt.eu wrote: On Mon, Aug 29, 2011 at 12:22:18PM -0700, David Birdsong wrote: On Sat, Aug 27, 2011 at 5:26 AM

Re: acl and multiple header values

On Tue, Aug 30, 2011 at 4:04 PM, Baptiste bed...@gmail.com wrote: On Wed, Aug 31, 2011 at 12:37 AM, David Birdsong david.birds...@gmail.com wrote: On Tue, Jun 14, 2011 at 10:41 PM, Willy Tarreau w...@1wt.eu wrote: On Tue, Jun 14, 2011 at 04:43:47PM -0700, John Fieber wrote: I want to create

Re: how do people have multiple haproxy servers?

There are simple ways and big fancy ways. I'd recommend a simple way to start out. DNS can serve more than 1 ip address for a single name via 2 or more A records. On Wed, Jan 4, 2012 at 6:48 PM, S Ahmed sahmed1...@gmail.com wrote: How is it possible for a single domain like www.example.com

Re: HAProxy and DDOS protection

I set out to leverage gpc's and stick tables a few months back, but alas was stopped in my tracks as only layer 4 data is useful to match on. The info I'd need to work with would be found in HTTP headers, ie. X-Forwarded-For or some other sort of of custom header. Please correct me if I'm wrong.

Re: HAProxy and DDOS protection

On Mon, Feb 27, 2012 at 9:12 AM, hapr...@serverphorums.com wrote: Sweet researching this for past week so very timely! Thanks --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,452070,452187#msg-452187

Re: new balance algorithm

On Sat, Mar 31, 2012 at 7:55 PM, Kevin Heatwole ke...@heatwoles.us wrote: I am just investigating use of haproxy for the first time. I'd like the balancing algorithm to send http request to the first server in the list until the number of requests hits a configurable number.  When the

Re: acl re-using in another acl ?

On Tue, Apr 3, 2012 at 1:42 AM, Guillaume Demillecamps guilla...@multipurpose.be wrote: Hello all, I am starting to hit some limitations in haproxy's configuration options ! I have decided to use this product to sit in front of a cloud environment hosting several websites as I have used it

clarification on peers and inclusion into 1.4 soon?

Hi, I've got a situation where I need to update haproxy every 1-2 mins to apprise it of a new list of ip addresses to tarpit. I've rigged up a fairly hacky pipeline to detect scrapers on our site based on entries found X-Forwarded-For. To get around the fact the stick-table entries are only

Re: clarification on peers and inclusion into 1.4 soon?

work either, iptables works on TCP/IP not HTTP i'd like to keep IP blocking in haproxy. On Apr 23, 2012, at 2:45 PM, David Birdsong wrote: Hi, I've got a situation where I need to update haproxy every  1-2 mins to apprise it of a new list of ip addresses to tarpit. I've rigged up a fairly

Re: clarification on peers and inclusion into 1.4 soon?

On Mon, Apr 23, 2012 at 5:07 PM, Kevin Heatwole ke...@heatwoles.us wrote: On Apr 23, 2012, at 7:31 PM, David Birdsong wrote: ... - nginx is already in front of haproxy, but nginx is not the first listener, so it sees the IP addresses as HTTP headers too. the last time I checked nginx only

Re: clarification on peers and inclusion into 1.4 soon?

On Mon, Apr 23, 2012 at 10:47 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Mon, Apr 23, 2012 at 11:45:51AM -0700, David Birdsong wrote: Hi, I've got a situation where I need to update haproxy every  1-2 mins to apprise it of a new list of ip addresses to tarpit. I've rigged up a fairly

Re: clarification on peers and inclusion into 1.4 soon?

On Tue, Apr 24, 2012 at 12:21 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Tue, Apr 24, 2012 at 11:46:52AM -0700, David Birdsong wrote: i'm not seeing my response that swear i sent last night... I swear I didn't see it :-) so strange, gmail doesn't even have a saved draft to recall

maxqueue for a backend?

Is there a way to set the maxqueu for an entire backend? I set maxqueu on default-server to 1, and on the frontend ACL required that connslots be greater than 1. I expected connslots to be maxconn * num server + 1 * num servers (connections + queue slots). I found that the backend still queued

Re: maxqueue for a backend?

in a manual, but to link out to this discussion would be so awesome. maybe this what stackexchange could be used for, but it'd require us to copy and replay the whole discussion. On Tue, Jun 05, 2012 at 06:17:15PM -0700, David Birdsong wrote: Is there a way to set the maxqueu for an entire backend

Re: clarification on peers and inclusion into 1.4 soon?

On Tue, Apr 24, 2012 at 2:33 PM, David Birdsong david.birds...@gmail.com wrote: On Tue, Apr 24, 2012 at 2:18 PM, David Birdsong david.birds...@gmail.com wrote: On Tue, Apr 24, 2012 at 12:21 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Tue, Apr 24, 2012 at 11:46:52AM -0700, David

Re: clarification on peers and inclusion into 1.4 soon?

On Wed, Jul 18, 2012 at 3:01 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Thu, Jul 12, 2012 at 11:56:40AM -0700, David Birdsong wrote: On Tue, Apr 24, 2012 at 2:33 PM, David Birdsong david.birds...@gmail.com wrote: On Tue, Apr 24, 2012 at 2:18 PM, David Birdsong david.birds

Re: Backend per-server rate limiting

On Tue, Aug 7, 2012 at 11:51 PM, Andrew Davidoff david...@qedmf.net wrote: Willy, Thanks for the quick response. I haven't fully digested your example suggestion yet but I will sit down with it and the haproxy configuration documentation and sort it out in my brain. Here's the basic idea of

is balance uri a form of stickiness?

I've got a backend where the balancing is done via url hash (consistent.) I set default-server maxconn to 4 and I notice that when one of the servers hit it's maxconn, it queued requests on the server and didn't get redistributed to other servers in the backend. The backend queue has remained 0.

Re: is balance uri a form of stickiness?

On Thu, Jul 18, 2013 at 1:49 PM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Thu, Jul 18, 2013 at 11:56:13AM -0700, David Birdsong wrote: I've got a backend where the balancing is done via url hash (consistent.) I set default-server maxconn to 4 and I notice that when one

Re: is balance uri a form of stickiness?

On Thu, Jul 18, 2013 at 3:12 PM, Willy Tarreau w...@1wt.eu wrote: On Thu, Jul 18, 2013 at 02:37:16PM -0700, David Birdsong wrote: A tuneable would be interesting to have, but how would you envision the implementation? In the case of consistent hashing, would the request be re-routed

Re: balance leastconn does not honor weight?

On Fri, Mar 7, 2014 at 1:08 AM, Dmitry Sivachenko trtrmi...@gmail.comwrote: On 07 марта 2014 г., at 13:02, Willy Tarreau w...@1wt.eu wrote: On Fri, Mar 07, 2014 at 01:01:04PM +0400, Dmitry Sivachenko wrote: Now it behaves almost this way but without honoring specified weights. We

when does pem file get read?

Before or after haproxy setuid's?

custom log format question

Could I get more clarification on %ms or accept date milliseconds? I'm not sure what that phrase means. Is it simply the number of milliseconds after the timestamp? Is this a valid use of that field? %Ts.%ms ...can I add it to the timestamp to get more precise log time?

acl rand help

I'm having trouble getting a rand acl to pass the configuration test. When did rand show up? I don't see mention of it here: http://haproxy.1wt.eu/download/1.5/src/CHANGELOG I'm running 1.5-dev22-1a34d57 Error message: unknown fetch method 'rand' in ACL expression 'rand() config line: acl

Re: acl rand help

On Mon, Mar 31, 2014 at 9:35 PM, Cyril Bonté cyril.bo...@free.fr wrote: Hi, Le 31/03/2014 22:26, David Birdsong a écrit : I'm having trouble getting a rand acl to pass the configuration test. When did rand show up? I don't see mention of it here: http://haproxy.1wt.eu/download/1.5/src

Re: [ANNOUNCE] haproxy-1.5.0

congrats! On Thu, Jun 19, 2014 at 12:54 PM, Willy Tarreau w...@1wt.eu wrote: Hi everyone, The list has been unusually silent today, just as if everyone was waiting for something to happen :-) Today is a great day, the reward of 4 years of hard work. I'm announcing the release of HAProxy

Re: how to sync HaProxy config with ZooKeeper

It's not zookeeper backed, but I'm curious if anybody's using: https://github.com/kelseyhightower/confd to rewrite haproxy config and reloading. On Thu, Jul 10, 2014 at 12:19 AM, Зайцев Сергей Александрович s.zayt...@r-style.com wrote: Hi, thanks! Looking forward to look at it and try to

Re: Achieving Zero Downtime Restarts at Yelp

Wow, this is a really informative blog post. Thanks for sharing! I'm curious, did you weight the costs of simply converting your proxies to run on one of the BSD's? As I understand it, their implementation of SO_REUSEPORT would mean zero downtime reloads just work as hoped-for/expected. On Mon,

Re: possible header capture corruption when timeout queue

On Sat, Apr 11, 2015 at 2:16 AM, Willy Tarreau w...@1wt.eu wrote: Hi David, On Thu, Apr 09, 2015 at 04:01:44PM -0700, David Birdsong wrote: Ok, false alarm. We have corruption in our log parsing stream so that's what the rest of my week will be centered around. OK, cool

Re: dumb question ACL question

great, thanks! On Tue, Apr 28, 2015 at 12:56 PM, Cyril Bonté cyril.bo...@free.fr wrote: Hi David, Le 28/04/2015 21:46, David Birdsong a écrit : I'm only looking for the presence of a header to set an ACL, nothing more. header is XAMGIF conf snippet: acl anim_gif req.fhdr_cnt(XAMGIF) 1

dumb question ACL question

I'm only looking for the presence of a header to set an ACL, nothing more. header is XAMGIF conf snippet: acl anim_gif req.fhdr_cnt(XAMGIF) 1 this correct?

possible header capture corruption when timeout queue

Greetings, I hope the rewrite from C-Lua is going well... I'm looking to trace down a weird scenario that might be a bug. We're running: 1.5.2. Our backend is configured w/ a 500ms timeout queue and we consistent hash on uri for load balancing. For requests logged as termination 'SQ' that

response status code: stats vs log line

We key some alerts off of haproxy stats;csv and I'm trying to wrap my head around a suspiciously low 5xx counter for a given server in a backend that was spewing 503's and 500's in it's own log. How does the 5xx counter for a given server get incremented in the case of a backend connection reset?

Re: Selecting back end from host header

Can maps be used with 'use-server' in listen or backend sections similarly to how it can be used with 'use_backend'? On Sat, Nov 14, 2015 at 1:06 PM Baptiste wrote: > On Sat, Nov 14, 2015 at 3:21 PM, SL wrote: > > Hi, > > > > We have quite a large number of

Re: acl help: path_beg unexpected matching

On Sat, Dec 12, 2015 at 12:57 PM, Cyril Bonté <cyril.bo...@free.fr> wrote: > Hi, > > Le 12/12/2015 21:42, David Birdsong a écrit : > >> This one is pretty simple: >> >> >> ` >> acl a_new_backend hdr_dom(host) -i api.company.com path_beg -i /

Re: acl help: path_beg unexpected matching

On Sat, Dec 12, 2015 at 9:59 PM, Michael Ezzell <mich...@ezzell.net> wrote: > > On Dec 12, 2015 8:39 PM, "David Birdsong" <david.birds...@gmail.com> > wrote: > > > >> You can try something like : > >> acl API_HOST hdr_dom(host)

Re: haproxy reloads, stale listeners, SIGKILL required

On Wed, Feb 3, 2016 at 7:48 PM Willy Tarreau <w...@1wt.eu> wrote: > Hi David, > > On Tue, Feb 02, 2016 at 11:56:25PM +, David Birdsong wrote: > > Has nobody else run into this w/ consul? Given the plethora of tools > around > > consul and haproxy and templ

haproxy reloads, stale listeners, SIGKILL required

I've been running into a problem for a few weeks that I was hoping to see disappear w/ a simple upgrade to 1.6.3. I'm using consul and it's templating to dynamically expand a backend list which then runs an haproxy reload using the init scripts in the contrib dir. I haven't been able to trace

Re: haproxy reloads, stale listeners, SIGKILL required

On Wed, Feb 3, 2016 at 3:05 AM Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 3 février 2016 00:11 GMT, David Birdsong <david.birds...@gmail.com> : > > > I'm not using consul but am using haproxy in a docker container > > and reloading when backend hosts c

Re: haproxy reloads, stale listeners, SIGKILL required

Has nobody else run into this w/ consul? Given the plethora of tools around consul and haproxy and templating, I know others are using reloads to keep backend current, but the old haproxy PIDs stick around listening w/ incorrect backends. On Thu, Jan 28, 2016 at 8:52 PM David Birdsong

Re: haproxy reloads, stale listeners, SIGKILL required

On Thu, Jan 28, 2016 at 6:35 PM, Pavlos Parissis <pavlos.paris...@gmail.com> wrote: > On 28/01/2016 10:35 μμ, David Birdsong wrote: > > I've been running into a problem for a few weeks that I was hoping to > > see disappear w/ a simple upgrade to 1.6.3. > > &g

Re: strange integer comparison 1.6.4

On Fri, Apr 22, 2016 at 11:56 PM Cyril Bonté <cyril.bo...@free.fr> wrote: > Hi David, > > Le 23/04/2016 04:27, David Birdsong a écrit : > > predefined acl's dont work w/ integer comparison either, but calculating > > the value and doing the integer comparison di

Re: use of variables in ACL

Oh, great thanks! On Thu, Apr 14, 2016 at 11:50 PM Willy Tarreau <w...@1wt.eu> wrote: > Hi David, > > On Fri, Apr 15, 2016 at 03:35:11AM +, David Birdsong wrote: > > Is there anyway to use: > > > > http-request set-var() > > > > to set a var

capture response trailer?

We're emitting chunked encoded response bodies, but we would like to write a value similar to content-length but as a trailer. Is there a way to capture trailing headers?

mode tcp and http type acls and keepalive

I have a frontend in mode tcp that I use to switch inbound traffic between a syslog backend(raw tcp) and an http backend. I've been using this setup for over a year with little issue, but I think I've been missing a case that is now more prevalent with more traffic. Given the frontend config:

Re: Incorrect counters in stats interface

Queue Cur is a gauge and so not representative of historical values. Queue Max of zero is telling though. In addition to queue timeout, there are other ways haproxy can synthesize an http response on behalf of the backend server. Check for connection errors. On Wed, Sep 7, 2016 at 12:15 PM

Re: mode tcp and http type acls and keepalive

On Wed, Sep 28, 2016 at 2:51 AM Lukas Tribus <lu...@gmx.net> wrote: > Hi David, > > > Am 28.09.2016 um 00:40 schrieb David Birdsong: > > I managed to disable keepalive properly and now I see the problem > > completely resolve itself. > > > > Is there

Re: mode tcp and http type acls and keepalive

I managed to disable keepalive properly and now I see the problem completely resolve itself. Is there some way to use mixed-content frontends w/ a previously opened connection and still detect HTTP (the default HTTP acl)? On Mon, Sep 26, 2016 at 11:10 AM David Birdsong <david.birds...@gmail.

possible to capture custom response header for http logs?

I'm using haproxy to create an identifier using an upstream response header like so: http-response set-header X-R-ID %[res.hdr("X-Used-Params"),djb2(1),hex] I'm having trouble getting haproxy to log this value with the additional capture header that should get routed to my custom http log:

Re: possible to capture custom response header for http logs?

n you try using this config in the following order: > > 1/ declare capture response len 12 id 0 > 2 http-response set-header X-R-ID %[res.hdr("X-Used-Params"),djb2(1),hex] > 3/ http-response capture hdr(X-R-ID) id 0 > > ++ > > that worked! thanks. > On 24/1

Re: CLI proxy for master process

love socklog! i use it combined w/ s6-log https://skarnet.org/software/s6/s6-log.html On Mon, Nov 5, 2018 at 11:55 PM Aleksandar Lazic wrote: > Hi. > > In the meantime you can use Socklog [1] or fluent-bit [2] to listen to > syslog and write to stdout as I use it in my Image. Pay attention

Re: [PATCH] bugfix to make do-resolve to use DNS cache

Thanks! On Tue, Nov 5, 2019, 1:04 AM Baptiste wrote: > Hi there, > > David Birdsong reported a bug last week about http do-resolve action not > using the DNS cache. > The patch in attachment fixes this issue. > There is no github issue associated to this bug. > Backpor

Re: http-request do-resolve Woes

On Wed, Oct 30, 2019, 9:58 AM Baptiste wrote: > > > On Tue, Oct 29, 2019 at 8:18 PM David Birdsong > wrote: > >> I should have put the haproxy version in the mail too: >> >> haproxy 2.0.8 >> >> On Tue, Oct 29, 2019 at 3:07 PM David Birdsong >>

Re: http-request do-resolve Woes

On Wed, Oct 30, 2019 at 11:39 AM Baptiste wrote: > Thanks! >> >> It had that feel to it...seemed like a cache lock timeout and/or somehow >> tied to the request interval. >> >> > I think I know where to fix this behavior in the code. I will work on the > "how to fix it" later tonight. > In the

H2 perf tuning

Hi, I'm trying to figure out whether the following tuneables apply only to bound HTTP sockets ou tune.h2.header-table-size tune.h2.initial-window-size tune.h2.max-concurrent-streams

Re: Deprecating a few keywords for 2.1+

I'm just curious: what replaces monitor-uri? I'm putting up a new proxy tier at my new company and can steer to use the more up-to-date method, but combing the docs and nothing jumps out at me. I'm guessing something in either http-re{quest,response}, but I don't see anything that synthesizes

Re: Deprecating a few keywords for 2.1+

On Mon, Oct 28, 2019 at 12:27 PM Aleksandar Lazic wrote: > Am 27.10.2019 um 20:16 schrieb David Birdsong: > > I'm just curious: what replaces monitor-uri? I'm putting up a new proxy > tier at > > my new company and can steer to use the more up-to-date method, but >

http-request do-resolve Woes

I've narrowed down a behavior that I think might be a bug, but is definitely not ideal. This minimal configuration copies header: X-Host into Host and performs a dynamic DNS query against that field name, stores the output in a txn var, and then uses a backend whic sets the dest ip to that txn

Re: http-request do-resolve Woes

I should have put the haproxy version in the mail too: haproxy 2.0.8 On Tue, Oct 29, 2019 at 3:07 PM David Birdsong wrote: > I've narrowed down a behavior that I think might be a bug, but is > definitely not ideal. > > This minimal configuration copies header: X-Host into Host