Re: HA proxy - Need infromation

On Tue, Apr 14, 2015 at 12:55 AM, Thibault Labrut thibault.lab...@enioka.com wrote: Hello, I currently installing HAProxy with keepalived to one of my clients. To facilitate the administration of this tool, I would like to know if you can advise me of administration web gui for HA proxy.

Re: SSL backends stopped working

On 23/04/2015 6:01 PM, i...@linux-web-development.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi! I'm having trouble with one of our HAProxy-Servers that uses a backend with TLS. When starting HAProxy the backend will report all servers as down: Server

Re: Backend status changes continuously

On 21/04/2015 6:00 PM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi all, While running the command: : ab -n 10 -c 1000 192.168.122.110:80/256 , the haproxy stats page shows the 4 different backend servers changing status between Active up, going down, Active or backup

Re: Backend status changes continuously

On Wed, Apr 22, 2015 at 3:34 PM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi Baptists, Sorry I didn't provide more details earlier. -- 1. root@HAPROXY:~# haproxy -vv

Re: Stick tables and counters persistence

On Fri, Apr 17, 2015 at 2:26 PM, Dennis Jacobfeuerborn denni...@conversis.de wrote: On 17.04.2015 02:12, Igor Cicimov wrote: Hi all, Just a quick one, are the stick tables and counters persisted on haproxy 1.5.11 reload/restart? With nbproc=1 yes as long as you use a peers section

Stick tables and counters persistence

Hi all, Just a quick one, are the stick tables and counters persisted on haproxy 1.5.11 reload/restart? Thanks, Igor

Re: switching backends based on boolean value

On Fri, Apr 17, 2015 at 3:26 AM, Dennis Jacobfeuerborn denni...@conversis.de wrote: Hi, I'm trying to find the best way to toggle maintenance mode for a site. I have a regular and a maintenance backend defined an I'm using something like: frontend: acl is_maintenance always_false

Re: proxy haproxy has no server available!

On Tue, Apr 7, 2015 at 3:24 PM, Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com wrote: Sorry, forgot to mention, this is haproxy version 1.5.11 On Tue, Apr 7, 2015 at 10:52 AM, Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com wrote: Hi all, I am moving

Fwd: proxy haproxy has no server available!

Forgot to cc the list. -- Forwarded message -- From: Igor Cicimov ig...@encompasscorporation.com Date: Tue, Apr 7, 2015 at 4:25 PM Subject: Re: proxy haproxy has no server available! To: Krishna Kumar Unnikrishnan (Engineering) krishna...@flipkart.com On Tue, Apr 7, 2015 at 3

Re: Compression does not seem to work in my setup

IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. How can I fix this? Thanks for any help, Regards, - KK -- Igor Cicimov | DevOps p

Re: HAProxy responding with NOSRV SC

(host) -i example.com use_backend name1 if host_soap acl secure dst_port eq 44 backend name1 mode http option httpchk HEAD /test.jsp HTTP/1.0 appsession JSESSIONID len 32 timeout 1800s server name X.X.X.X:80 -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig

Re: HAProxy for Statis IP redundancy

On 16/08/2015 11:21 PM, Mitchell Gurspan mitch...@visualjobmatch.com wrote: Hi – Would you be able to tell me if HAProxy can be used to solve the following problem? I host an iis 7.5) windows site on a comcast business static IP (in office). the internet goes down sometimes and I’d like

Re: HTTPS to HTTP reverse proxy

On Tue, Aug 11, 2015 at 12:10 PM, Roman Gelfand rgelfa...@gmail.com wrote: I am publishing horde webmail application. The horde itself is served internally via http protocol on apache. Please, see the configuration, below. The issue seems to be with css and image files as formatting is out

Re: haproxy can't bind to mysql port

--recv-keys F186197B -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com http://encompasscorporation.com/ w*.* encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: haproxy can't bind to mysql port

By run I meant you have to start it as root user which you are doing anyway. Can you run: # nc -l -p 80 as root just to confirm you can bind to port 80? On 25/07/2015 2:10 PM, Igor Cicimov ig...@encompasscorporation.com wrote: You need to run haproxy as root to bind to ports lower than 1024

Re: haproxy can't bind to mysql port

You need to run haproxy as root to bind to ports lower than 1024 On 25/07/2015 1:36 PM, Tim Dunphy bluethu...@gmail.com wrote: Hi Yuan, Nice. Do you use selinux in prod. regards, ; Yuan Yep! Actually I use it every chance I get. Prod/stage/dev and my own hobby environments. And right

Re: acl regex

eg/?lang=$ > # off acl fr_topurlp_reg(lang\=$,?) -m > found > # off acl fr_topurlp_reg(lang\=$,?) -m > found > > but with no luck > > thanks > > --- > Guillaume

Re: acl regex

On 12/11/2015 5:30 PM, "Guillaume Bourque" < guillaume.bour...@logisoftech.com> wrote: > > Hello Bryan > > I’m running haproxy 1.5.4 and I can’t find any example on how to user req.uri if you could give a examples on how to match a specific query to redirect to another > > From

Re: HAProxy and backend on the same box

On 13/11/2015 1:04 AM, "jaleel" wrote: > > Hello, > > I am trying to setup the following for deployment > > I have 2 servers. > server1: eth0:10.200.2.211 (255.255.252.0) > eth1: 192.168.10.10 (255.255.255.0) > server2: eth0: 10.200.2.242 (255.255.252.0) >

Re: Selecting back end from host header

On Sun, Nov 15, 2015 at 1:21 AM, SL wrote: > Hi, > > We have quite a large number of backends, and are selecting which back end > to use based on the host specified in the request. (Note these are not > loadbalanced, we have to target them individually). > > Currently we are

Re: Need some help configuring backend health checks

On 30/10/2015 4:48 PM, "Daren Sefcik" wrote: > > So I think those links were the right idea and I have been trying different configurations but am not quite there and am hoping somebody can offer a bit more guidance. > > So when I telnet to the icap server I type in the

Re: questions for haproxy 1.5

On 31/10/2015 2:03 AM, "Igor Cicimov" <ig...@encompasscorporation.com> wrote: > > > On 30/10/2015 11:18 PM, "Labedan, Alain" <alain.labe...@cgi.com> wrote: > > > > Hi, > > > > > > > > I have HAPROXY in front of servers b

Re: questions for haproxy 1.5

On 30/10/2015 11:18 PM, "Labedan, Alain" wrote: > > Hi, > > > > I have HAPROXY in front of servers backend which are load balanced. > > > > - For terminated SSL haproxy, I want HAproxy give the good certificate to the client associated with the good domain . > >

Re: tcp-check with persistent session cookie ?

On 07/11/2015 8:01 AM, "Sébastien ROHAUT" wrote: > > Hi, > > We encountered a big problem this afternoon, which crashed for a while one of our websites, a java (tomcat+lift) application. We are using Haproxy 1.5. > > For our backend, we're doing something like

Re: Need some help configuring backend health checks

On 31/10/2015 3:14 AM, "Daren Sefcik" <dsef...@hightechhigh.org> wrote: > > > > On Thu, Oct 29, 2015 at 11:15 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: >> >> >> On 30/10/2015 4:48 PM, "Daren Sefcik" <dsef...@hightec

Re: About maxconn and minconn

On Thu, Oct 8, 2015 at 11:51 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Thu, Oct 8, 2015 at 12:18 AM, Dmitry Sivachenko <trtrmi...@gmail.com> > wrote: > >> Hello, >> >> I am using haproxy-1.5.14 and sometimes I see the followin

Re: About maxconn and minconn

On Thu, Oct 8, 2015 at 12:18 AM, Dmitry Sivachenko wrote: > Hello, > > I am using haproxy-1.5.14 and sometimes I see the following errors in the > log: > > Oct 7 08:33:03 srv1 haproxy[77565]: unix:1 [07/Oct/2015:08:33:02.428] > MT-front MT_RU_EN-back/ 0/1000/-1/-1/1000 503

Re: [blog] What's new in HAProxy 1.6

On 14/10/2015 9:41 PM, "Baptiste" wrote: > > Hey, > > I summarized what's new in HAProxy 1.6 with some configuration > examples in a blog post to help quick adoption of new features: > http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/ > > Baptiste > Awesome, thank

Re: About maxconn and minconn

On Thu, Oct 8, 2015 at 7:15 PM, Dmitry Sivachenko wrote: > > > On 7 окт. 2015 г., at 16:18, Dmitry Sivachenko > wrote: > > > > Hello, > > > > I am using haproxy-1.5.14 and sometimes I see the following errors in > the log: > > > > Oct 7 08:33:03 srv1

Re: HTTP Response Rewriting to Replace Internal IP with FQDN

la". > > > server Product1.VM0 cookie c check > > > > Thank you. > > -- > > Sincerely, > > Susheel Jalali > > Coscend Communications Solutions > > Elite Premio Complex Suite 200, Pune 411045 Maharashtra India > susheel.jal...@coscend.com > > We

Re: Converting from sticking on src-ip to custom auth header

The stick-table type would be string and not ip in that case though On 01/10/2015 5:07 AM, "Jason J. W. Williams" wrote: > > We've been seeing CenturyLink and a few other residential providers NATing their IPv4 traffic, making client persistency on source IP result in

Re: Converting from sticking on src-ip to custom auth header

e the stick > table (I assume they need type ip) or another implied table? > > -J > > On Wed, Sep 30, 2015 at 3:41 PM, Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> The stick-table type would be string and not ip in that case though >> >

Re: Converting from sticking on src-ip to custom auth header

to the stick-table declaration. > > Sent via iPhone > > On Sep 30, 2015, at 18:23, Igor Cicimov <ig...@encompasscorporation.com> > wrote: > > Well in case of header you would have something like this I guess: > > tcp-request content track-sc1 hdr(x-app-authorizati

Re: Frontend ACL rewrites URL incorrectly to backend

t WP. I am happy to > send you relevant parts of those files if you think you understand the > problem and want to look at them. > > thanks, > Daren > > > On Mon, Oct 5, 2015 at 2:58 PM, Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> &

Re: Questions Aboute the PEM Phrase.

On 03/12/2015 6:54 AM, "Jesus Moran" wrote: > > Hello. > > Excelent work whit this tool. > > Today i was integrating haproxy 1.5 whit SSL and was easy and fast, but i wave a litte issue. > > When i create the .key file i add it a phrase. > > > i cerate the certificate

Re: SSLv2Hello is disabled

On 02/12/2015 12:41 AM, "Cohen Galit" wrote: > > Hello, > > > > When HAProxy 1.5.9 is trying to sample our servers with this configuration: tcp-check connect port 50443 ssl > > > > Our servers returns an error: > > > > 2015-11-29 09:48:18,155 [StartPoint-IMAP-SSL-Worker(14)]

RE: SSLv2Hello is disabled

On 02/12/2015 10:19 AM, "Lukas Tribus" wrote: > > > On 02/12/2015 12:41 AM, "Cohen Galit" > > > wrote: > > > > > > Hello, > > > > > > > > > > > > When HAProxy 1.5.9 is trying to sample our servers with this > > configuration:

Re: lua authentication

Hi Grant, On Fri, Dec 4, 2015 at 7:46 AM, Grant Haywood wrote: > Hello, > > I was wondering if there is a basic example of using lua to do > authentication? > > I am specificaly interested in constructing 'ldap' and 'jwt' versions of > the 'userlist' block > > thx in

Re: Official haproxy blog uses a stickiness table of size 1 (just 1, no suffix). Is this OK?

On Mon, Jan 4, 2016 at 10:57 PM, Mike MacCana wrote: > I'm investigating active/passive HAProxy setups and came across the > following from the official HAProxy blog. At http://blog.haproxy > .com/2014/01/17/emulating-activepassing-application-clustering-with- > haproxy/

Re: Owncloud through Haproxy makes upload not possible

On 20/11/2015 7:23 AM, "Piotr Kubaj" wrote: > > On 11/19/2015 17:01, Janusz Dziemidowicz wrote: > > 2015-11-19 15:45 GMT+01:00 Piotr Kubaj : > >> Now, about RSA vs ECDSA. I simply don't trust ECDSA. There are quite a > >> lot of questions about constants used

RE: tcpdump and Haproxy SSL Offloading

> > > but I do not understand well the mapping with those recognized by test (FS = I think are Forward Secrecy) an these configured and how to find if they support or not PFS. Your help will be appreciated, so I can change haproxy configuration to quickly disable/enable cipher so I ca

Re: tcpdump and Haproxy SSL Offloading

On Fri, Jun 3, 2016 at 3:14 AM, mlist wrote: > Often I need to take tcpdump to analyze haproxy communication to clients > and to backend servers. > > As we use haproxy as SSL termination point (haproxy SSL ofloading), at low > levels (so tcpdump level) > > we see

Re: ACL & frontend : random behavior / haproxy 1.5.18-1ppp1

ainamoi.fr > Host:\ fra29-2-fra.md.bbb.loca > server labas 192.168.21.5:80 > > backend ipv4-fr > balance roundrobin > option httpchk GET / > server fr-icietla 192.168.22.4:8080 weight 1 check inter 5000 rise 2 > fall 5 > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* www.encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: tcpdump and Haproxy SSL Offloading

Hi Lukas, On Sat, Jun 4, 2016 at 3:03 AM, Lukas Tribus wrote: > Hello, > > > you can dump the symmetric keys from the browser and import them in > wireshark to decrypt PFS protected TLS sessions [1] Yes in case you want to troubleshoot something generic this is a good approach

Re: Use regex for backend selection

if to-serverN > > > by something more generic like > > use_backend bck-\1 if hdr_reg(host) -i (.*).domain.tld > > > but I can’t find a way to make it work. > > Am I on the right path ? > > Thanks, > Mildis > -- Igor Cicimov | DevOps

Re: Set State to DRAIN vs set weight 0

On Sat, Jan 16, 2016 at 7:36 AM, Alex wrote: > Hello, > > I was testing haproxy version 1.6.3 and I am a bit confused regarding > draining a server. > > According to the documentation: > set server / state [ ready | drain | maint ] > [...] Setting the mode to "drain" only

Stick-table peers expiration time

Hi all, I have the following entry in a stick-table: 0x87bf54: key=09643F891F0C6F7BE467E619952E327E use=0 exp=1938168 server_id=1 and on the peer after doing a restart: 0x806934: key=09643F891F0C6F7BE467E619952E327E use=0 exp=4795722 server_id=1 can see the same entry with different

Re: http-response redirect

On 01/02/2016 8:32 AM, "Willy Tarreau" <w...@1wt.eu> wrote: > > Hi Igor, > > On Sun, Jan 31, 2016 at 07:39:02PM +1100, Igor Cicimov wrote: > > Any chance for this to get back-ported into 1.5? > > Not at all. We don't backport features anymore into stable rel

Re: http-response redirect

On Sun, Jan 31, 2016 at 5:33 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi, > > I have a: > > http-response redirect code 302 location https://blabla if { status > 404 } > > statement in my haproxy 1.5.15 config but on reload I get: > > *

Re: http-response redirect

rd is > listed in 1.5. Let me check... > > OK I found it, it was accidently added in 1.5-dev19 when http-response > was introduced : e365c0b ("MEDIUM: http: add a new "http-response" > ruleset") > > This one needs to be removed from

Mailers SMTP authentication

Hi, Wonder if the mailers can support smtp authentication? Thanks, Igor

http-response redirect

Hi, I have a: http-response redirect code 302 location https://blabla if { status 404 } statement in my haproxy 1.5.15 config but on reload I get: * Reloading haproxy haproxy [ALERT] 030/061559 (3) : parsing [/etc/haproxy/haproxy.cfg:142]: 'http-response' *expects* 'allow', 'deny',

Re: Stick-table peers expiration time

, Igor On Mon, Feb 1, 2016 at 11:07 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi all, > > I have the following entry in a stick-table: > > 0x87bf54: key=09643F891F0C6F7BE467E619952E327E use=0 exp=1938168 > server_id=1 > > and on the peer after doin

Re: use part of url - as backend name?

ind any examples on the net.. and can't figure it out >>> from the haproxy 1.5 docs.. >>> >>> I was hoping any of you had some hints :) >>> >>> >> >> > > -- > Regards, > Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 > > "Those who do not understand Unix are condemned to reinvent it, poorly." > --Henry Spencer > > > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: Set State to DRAIN vs set weight 0

Hi Baptiste, On Wed, Jan 20, 2016 at 11:08 AM, Baptiste <bed...@gmail.com> wrote: > On Sat, Jan 16, 2016 at 3:37 AM, Igor Cicimov > <ig...@encompasscorporation.com> wrote: > > > > > > On Sat, Jan 16, 2016 at 7:36 AM, Alex <alexandr...@gmail.com> wrote

Re: Stick-table peers expiration time

Hi Willy, On 04/02/2016 3:11 PM, "Willy Tarreau" <w...@1wt.eu> wrote: > > On Wed, Feb 03, 2016 at 11:05:03AM +1100, Igor Cicimov wrote: > > Any comments on this? Shouldn't the expiration time get replicated upon > > restart or just the keys? Obviously the entry i

Re: Asking for help: how to expire haproxy's stick table entry only after the closing of all sessions which used it

On 16/03/2016 12:27 AM, "Hugo Maia" wrote: > > Hi, my name is Hugo. > > I'm currently using Haproxy 1.5, I have a backend with 2 servers. My app servers receive connection from two clients and I want both of them to be attributed to the same server. All connections have a

Re: Help! HAProxy randomly failing health checks!

On Thu, Mar 17, 2016 at 5:29 AM, Zachary Punches wrote: > I’m not, these guys aren’t sitting behind an ELB. They sit behind route53 > routing. If one of the proxy boxes fails 3 checks in 30 seconds (with 4 > checks done a second) then Route53 changes its routing from the

Re: Help! HAProxy randomly failing health checks!

" is an unknown key > error: "net.bridge.bridge-nf-call-iptables" is an unknown key > error: "net.bridge.bridge-nf-call-arptables" is an unknown key > kernel.msgmnb = 65536 > kernel.msgmax = 65536 > kernel.shmmax = 68719476736 > kernel.shmall = 42949672

Re: Help! HAProxy randomly failing health checks!

On Wed, Mar 16, 2016 at 5:54 AM, Zachary Punches wrote: > Hello! > > > > My name is Zack, and I have been in the middle of an on going HAProxy > issue that has me scratching my head. > > > > Here is the setup: > > > > Our setup is hosted by amazon, and our HAProxy (1.6.3)

Re: Help! HAProxy randomly failing health checks!

the way > through the entire process before it lights as green. > > Our health checks in route 53 are setup to ping 1027 as the SSL port > > From: Igor Cicimov <ig...@encompasscorporation.com> > Date: Thursday, March 17, 2016 at 4:18 PM > To: Zachary Punches <zpunc.

Re: Help! HAProxy randomly failing health checks!

On Fri, Mar 18, 2016 at 1:38 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Fri, Mar 18, 2016 at 12:04 PM, Zachary Punches <zpunc...@getcake.com> > wrote: > >> Yeah port 1027 is used for health checks over SSL. >> >> Th

Re: Help! HAProxy randomly failing health checks!

On Thu, Mar 17, 2016 at 12:46 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Thu, Mar 17, 2016 at 11:14 AM, Zachary Punches <zpunc...@getcake.com> > wrote: > >> I wanna say average is like 4-6 connections a second? Super minimal >> &g

Re: Transparent proxy that doesn't destroy your default gateway

On Wed, Apr 6, 2016 at 11:34 PM, Lukas Erlacher wrote: > Addendum: > > On the load balancer, > > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > > will match *all* packets (for example the packets of your SSH connection, > since there is undoubtedly a socket for

Re: Help! HAProxy randomly failing health checks!

/-1/-1/-1/0 400 187 - - CR-- 314/314/0/0/0 0/0 "" > Mar 17 18:37:45 localhost haproxy[28703]: 109.154.74.227:53964 > [17/Mar/2016:18:37:06.938] shared_incoming shared_incoming/ > -1/-1/-1/-1/0 400 0 - - CR-- 313/313/0/0/0 0/0 "" > Mar 17 18:37:45 localhost haproxy[287

Re: IDEA: initial-state up/down option for servers

On Fri, Mar 18, 2016 at 10:38 AM, Chris Warren wrote: > Hi, > > We use haproxy in an auto-scaling environment. On an auto-scaling event, > the haproxy configuration is rewritten to list all existing servers for > each proxied service. A graceful reload is then performed. > >

Re: Help! HAProxy randomly failing health checks!

ume we would go down all the time > yeah? > > From: Igor Cicimov <ig...@encompasscorporation.com> > Date: Wednesday, March 16, 2016 at 4:50 PM > To: Zachary Punches <zpunc...@getcake.com> > Cc: Baptiste <bed...@gmail.com>, "haproxy@formilux.org" < > hapro

Re: Help! HAProxy randomly failing health checks!

On Thu, Mar 17, 2016 at 10:47 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Thu, Mar 17, 2016 at 5:29 AM, Zachary Punches <zpunc...@getcake.com> > wrote: > >> I’m not, these guys aren’t sitting behind an ELB. They sit behind route53 >> r

Re: Haproxy 1. 5.14 + Tomcat 8 giving random 502 errors

On 01/03/2016 9:57 PM, "Zoltan Lorincz" wrote: > > Hi all, > > i am very new to haproxy. Read trough all the docs but i think something is wrong with my configuration, because if we connect directly to tomcat we don't get any 502 errors. > > The errors from haproxy look like

Re: Regarding http basic authentication in haproxy

On 13 May 2016 4:19 am, "bln prasad" wrote: > > Hi, > I've setup basic http authentication in the frontend. I'm finding that it's asking for authentication for first time only when i access from the browser. Once it succeeds it's alway bypasses authentication even if i

Re: HAPROXY Configuration

On 7 May 2016 1:04 am, "irshad hassan" wrote: > > Hi, > > I have got the support email id for harpoxy through internet. Currently I have some issue related to configuration. I would request you to please guide me. > > Scenario : > > Incoming traffic to HAPROXY is : >

Re: Haproxy config to send traffic to multiple elbs

On 3 May 2016 4:50 am, "Ellison Marks" wrote: > > So, here's a potentially odd setup. We're trying to set haproxy to proxy to two separate auto-scaled groups of aws servers. The easiest way we can think of to do this is to have haproxy send traffic to two elbs, which will

Re: AWS ELB with SSL backend adds proxy protocol inside SSL stream

On 5 May 2016 9:16 pm, "Hector Rivas Gandara" < hector.rivas.gand...@digital.cabinet-office.gov.uk> wrote: > > Hello, > > we are trying to configure this architecture: > > * ELB terminating SSL, using preconfigured certificates. (this is a >requirement because so only restricted people has

Re: TTL-based DNS resolution ?

On 16/04/2016 1:52 am, Ben Tisdall wrote: > > Hi, > > are there are plans to support DNS resolution based on TTL a la NGINX? This > would be helpful for use cases where the upstream is an ELB or similar > system. I've pasted a reply from AWS support based on some

Re: Double Logging

On Mon, Jul 25, 2016 at 2:02 AM, Pavlos Parissis wrote: > On 22/07/2016 11:53 πμ, Willy Tarreau wrote: > > Hi Cyrus, > > > > On Thu, Jul 21, 2016 at 11:22:06PM -0700, Cyrus Katrak wrote: > >> Greetings from Slack Technologies, > >> > >> We are evaluating HAProxy as a

Re: path_reg not working with "_" syblol in URLs

On Thu, Jul 28, 2016 at 6:55 PM, Juriy Strashnov wrote: > Hi, all! > > HA-Proxy version 1.5.14 2015/07/02 > haproxy-1.5.14-3.el7.x86_64 (centos 7) > > Found strange behaviour of path_reg: > > acl userhost15 hdr_dom(host) -i host1.example.com > acl userpub15_1t

Re: path_reg not working with "_" syblol in URLs

On Fri, Jul 29, 2016 at 11:16 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Thu, Jul 28, 2016 at 6:55 PM, Juriy Strashnov <juriy.fob...@gmail.com> > wrote: > >> Hi, all! >> >> HA-Proxy version 1.5.14 2015/07/02 >> haproxy

Re: Problem with redirecting www. to non-www domains back to HAProxy based on host header

tocol? > 2. Is there any solution to this? As far as I know, rewriting the host > header in a redirect isn't something that is supported by HAProxy (and not > really that nice..) right? > > > Best Regards, > > Maurice van Ree > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* www.encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: HTML documentation : work in progress

On 4 Jul 2016 8:35 am, "Cyril Bonté" wrote: > > Hi all, > > this was a productive week-end and the new documentation is nearly ready. To celebrate this, I've already decided to make it official, despite there is stille some work to do. > > The links provided in my previous

Re: Inform backend about https for http2 connections

On 6 Aug 2016 1:31 am, "Matthias Fechner" wrote: > > Dear all, > > > I use haproxy in tcp mode to have http2 working. > Now I have the problem that the backend has to know if the connection > was encrypted or not (some websites using this information to add the > schema to css

Re: hardware / os recommendations

On 29 Jun 2016 6:56 pm, "Gerd Mueller" wrote: > > Hi list, > > I am about to plan the update of our loadbalancing infrastructure. Before I start I would like to get your comments and recommendations. Right now I would like to install a two node cluster based on CentOS7

Re: Two tiered haproxy setup and managing queues and back pressure

On 15 Feb 2017 7:59 pm, "Juho Mäkinen" wrote: We have a setup which requires us to have two haproxy tiers so that first forwards connections to the second. What I want to know is the theory how (and why) I should tune my maxconn, backlog and timeout settings to handle queues

Re: Rate limit by country

On Tue, Feb 28, 2017 at 2:29 PM, Simon Green wrote: > Hi all, > > I need to rate limit users by country[1], and my Google foo is failing > me. I know that I can use "src_conn_rate gt N"[2], but that rate limits > on a per IP basis. I want to be able to rate limit based on the

Re: add header into http-request redirect

On 27 Feb 2017 9:19 am, "Igor Cicimov" <ig...@encompasscorporation.com> wrote: Hi Lukas, On 27 Feb 2017 5:53 am, "Lukas Tribus" <lu...@gmx.net> wrote: Hi, Am 26.02.2017 um 19:02 schrieb thierry.fourn...@arpalert.org: > Hi, > > If I u

Re: add header into http-request redirect

Hi Lukas, On 27 Feb 2017 5:53 am, "Lukas Tribus" wrote: Hi, Am 26.02.2017 um 19:02 schrieb thierry.fourn...@arpalert.org: > Hi, > > If I understand, the 301 is produced by haproxy. If it is the case, > there are an ugly soluce. > > Haproxy can't add header to a redirect

Re: Backend: Multiple A records

On Tue, Aug 30, 2016 at 6:18 AM, Maciej Katafiasz < mkatafi...@purestorage.com> wrote: > On 27 August 2016 at 14:32, Tim Düsterhus wrote: > > Hello > > > > I want to run HAProxy 1.6.8 with a backend server that may have multiple > > A records corresponding to different

Mailers SMTP authentication

Hello, I think I already asked this question but didn't get any response so will try again with little bit different wording. Is there any plan to support smtp authentication for the mailers? Or maybe a way to tell haproxy to use a local mta like postfix lets say which is already configured with

Re: HaProxy for SFTP load balancing

On 8 Oct 2016 2:16 am, "Willy Tarreau" <w...@1wt.eu> wrote: > > Hi Igor, > > On Fri, Oct 07, 2016 at 08:41:12PM +1100, Igor Cicimov wrote: > > > Listen > > > ... > > > ... > > > Retries 3 > > > Option redispatch >

Re: HaProxy for SFTP load balancing

o it is retrying 3 times > min, I have only two nodes for the haproxy, so one node gets alternatively > failure and the second retry by camel is getting success. but haproxy is > not automatically switching to running node. > > Thanks > Vijay > > > On 08-10-2016 02:49 AM, Ig

Re: Getting weird error on make health check

On Sat, Oct 8, 2016 at 12:46 AM, cloud maverick wrote: > haproxy check is > like > option httpchk HEAD /HTTP/1.1\r\nHOST:. > com/api/checkusername/zabbix > http-check expect rstring true > > Response in status log > > Health check for server

Re: HaProxy for SFTP load balancing

> But for ex: > when the second node is down. it is not passing files to only first node. instead, one time to first node and one time to second node. That means alternatively my second request is getting failures. how to fix this. please help me asap. > > You need option redispatch >

Re: HaProxy for SFTP load balancing

On 07/10/2016 7:52 pm, "Vijay .D.R" wrote: > > Hi Willy, > > I read it in a forum and I do the changes in haproxy.cfg like below and it's not working as expected. > > Listen > ... > ... > Retries 3 > Option redispatch Vijay, did you read Lukas's email? Did you do as he

Re: Backend: Multiple A records

On Mon, Aug 29, 2016 at 3:57 AM, Baptiste wrote: > Hi, > > This should happen soon, for 1.7. > > Baptiste > Fantastic news, exactly what I've been waiting for it will make haproxy and consul a perfect couple :-)

Re: rspadd X-Frame-Options:\ ALLOW-FROM

ant it to allow this one link to open the pages. > > Please let me know if anyone has tackled this before. > > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* www.encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: Getting 502 Gateway Timeout for BOSH over HAPRoxy

On 17 Oct 2016 4:35 pm, "Vijayalakshmi Devi A M" wrote: > > Hi, > > > > Our web application uses XMPP for chat. We are using ejabberd xmpp server . We have configured xmpp BOSH( http://xmpp.org/extensions/xep-0206.html ) via HAProxy. But sometimes haproxy is throwing error

Re: rewrite and redirect with haproxy

On Thu, Nov 24, 2016 at 2:21 PM, Jonathan Opperman wrote: > On Thu, Nov 24, 2016 at 3:59 PM, Jonathan Opperman > wrote: > >> >> On Thu, Nov 24, 2016 at 3:28 PM, Michael Ezzell >> wrote: >> >>> On Nov 23, 2016 20:16, "Jonathan

Re: ECDSA and HAProxy help

On 11 Oct 2016 7:05 pm, "Thierry Fournier" wrote: > > Hi list, > > I'm currently trying to investigate about a little leak of memory in > the certificates loading, and I try to test ECDSA certificates and > cipher. > > I can't done this :( I don't understand anything in

Re: ECDSA and HAProxy help

On 12 Oct 2016 8:45 am, "Igor Cicimov" <ig...@encompasscorporation.com> wrote: > > On 11 Oct 2016 7:05 pm, "Thierry Fournier" <thierry.fourn...@ozon.io> wrote: > > > > Hi list, > > > > I'm currently trying to investigate about a li

Re: rspadd X-Frame-Options:\ ALLOW-FROM

yword 'req.hdr' which is incompatible with 'frontend http-response header rule' > [ OK ] > am i also missing something else? like an acl rule for req.hdr? > > > From: Igor Cicimov <ig...@encompasscorporation.com> > To: Amol <mandm_z

Re: Confused with the health check.

On 29 Nov 2016 10:11 pm, "顏靖軒" wrote: > > Hello lists > > I have a question about the health check. > After setting the health check, I get error messages usually. > The message is "Broken pipe at initial connection step of tcp-check". > What does it mean? The connection

  1   2   3   >