Hello, list.
Seems DNS function implemented for a long time, I wonder
if it is possible to convert hostname to IP now? So we can have like:
acl US conv_to_ip(host),map_ip(/etc/haproxy/geolocation.txt) -m str -i US
Thanks.
Bests,
-Igor
1
On Tue, Feb 7, 2017 at 9:12 PM, Emmanuel Hocdet <m...@gandi.net> wrote:
> I Igor,
> I build haproxy with boringssl static library to avoid any conflict with
> openssl shared lib.
> It also need to be link with libdecrepit (boringssl).
>
>> Le 30 janv. 2017 à 14:28
Tested and it works! Could we expect a rtt reduce?
On Mon, Jan 9, 2017 at 8:07 AM, Nenad Merdanovic wrote:
> Hello,
>
> On 1/5/2017 4:47 PM, Emeric Brun wrote:
>> On 01/05/2017 04:22 AM, Nenad Merdanovic wrote:
>>> I have a working patch for this, but it's very ugly
sorry for unclear question, it's quite simple, build haproxy from git
with boringssl (DBUILD_SHARED_LIBS=1), just config a simple SSL
frontend.
On Mon, Jan 30, 2017 at 5:42 PM, Willy Tarreau <w...@1wt.eu> wrote:
> On Mon, Jan 30, 2017 at 04:07:33PM +0800, Igor Pav wrote:
>> any
any idea with error?
undefined symbol: BIO_read_filename
On Mon, Jan 16, 2017 at 7:42 PM, Willy Tarreau wrote:
> On Fri, Jan 13, 2017 at 06:11:55PM +0100, Emmanuel Hocdet wrote:
>> for 1.8dev
>
> now applied, thanks.
>
> Willy
>
eb 7, 2017 at 11:17 PM, Emmanuel Hocdet <m...@gandi.net> wrote:
> you need:
> ADDLIB="-lpthread -ldecrepit"
>
> Le 7 févr. 2017 à 16:09, Igor Pav <i...@fastsp.net> a écrit :
>
> Hi, Emmanuel. build with static lib, but no luck, can you provide some
That's great!
Will HAProxy adopt TLS 1.3 soon?
On Tue, Dec 13, 2016 at 7:39 AM, Willy Tarreau wrote:
> Hi,
>
> HAProxy 1.7.1 was released on 2016/12/13. It added 28 new commits
> after version 1.7.0.
>
> It addresses a few issues related to how buffers are allocated under
> low
Cool, even TLS 1.3 0 RTT feature requires no changes?
On Fri, Dec 16, 2016 at 3:03 AM, Lukas Tribus <lu...@gmx.net> wrote:
> Hi Igor,
>
>
> Am 14.12.2016 um 20:47 schrieb Igor Pav:
>>
>> Hi Lukas, in fact, openssl already gets early TLS 1.3 adoption in dev,
>>
Hi Lukas, in fact, openssl already gets early TLS 1.3 adoption in dev,
will release in 1.1.1, and BoringSSL supports TLSv1.3 already.
On Thu, Dec 15, 2016 at 1:48 AM, Lukas Tribus <lu...@gmx.net> wrote:
> Hi Igor,
>
>
> Am 14.12.2016 um 14:37 schrieb Igor Pav:
tried compile 1.7.1 with boringssl, but seems not work, error like below:
In file included from src/ssl_sock.c:87:0:
include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_CERTID’
static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const
OCSP_SINGLERESP *single)
^
Sounds good for SSL backend, is this possible?
On Sun, Oct 25, 2015 at 12:22 PM, Gil Bahat wrote:
> Hi,
>
> I was wondering if HAProxy can do TLS-PSK. this cipher setting is
> advantageous in several scenarios, in particular with low-end clients or
> with stunnel backends.
Stunnel supports it, https://www.stunnel.org/auth.html, quite simple.
On Sun, Jan 1, 2017 at 4:34 PM, Willy Tarreau <w...@1wt.eu> wrote:
> On Sun, Jan 01, 2017 at 01:16:37AM +0800, Igor Pav wrote:
>> Sounds good for SSL backend, is this possible?
>
> Indeed that sounds int
> Manu
>
>> Le 26 mars 2017 à 17:54, Igor Pav <i...@fastsp.net> a écrit :
>>
>> Hi, Emmanuel. Any plan to add tls 1.3 zero rtt support for both server
>> and client side?
>>
>> On Sat, Mar 25, 2017 at 2:13 AM, Emmanuel Hocdet <m...@gandi.net>
Hi, Emmanuel. Any plan to add tls 1.3 zero rtt support for both server
and client side?
On Sat, Mar 25, 2017 at 2:13 AM, Emmanuel Hocdet wrote:
>
> Hi Emeric,
> patches serie updated. The new one is 0004.
> It should match what you are requesting and what I observed in the
Thanks, Willy. I found DNS infrastructure improved a lot this year, so
I ask it again, hope it is not so stupid :-)
On Sat, May 13, 2017 at 7:19 AM, Willy Tarreau <w...@1wt.eu> wrote:
> Hi Igor,
>
> On Sat, May 13, 2017 at 12:58:19AM +0800, Igor Pav wrote:
>> Hi list,
Hi list,
Is now there's a converter for hostname to IPv4 available in haproxy?
Regards,
Igor
Hi, since haproxy now has DNS, is now possible to make `option
http_proxy` to do DNS and HTTPS, in some cases, we need to let part of
requests go local network directly.
Thanks in advance.
Hi, Alec, Willy
Sorry to ask a not so related question here, I have a Linux gateway to
redirect user's TCP traffic by using iptables like `iptables -t nat -A
PREROUTING -p tcp dst -j REDIRECT --to-ports 1000`, port 1000 is
redsocks transparent tcp-to-socks proxy,
since we have Alec's patch here,
Redirect to socks server would be very good for us, we use haproxy to
load balance internal user traffic, happy to use one single rock
stable haproxy solution.
On Mon, Jun 3, 2019 at 8:47 AM Aleksandar Lazic wrote:
>
> Hi.
>
> cipriancraciun, nutinshell and I discussed in the issue above some
Hello, dev
The commit of ea8dd949e4ab7ddd94afdbf0e96087c883192217 seems to break
the allow-0rtt in server line, a connection will take very very long
to complete. Remove allow-0rtt it turns normal.
conf like:
listen test
mode tcp
bind 0.0.0.0:88
default_backend tls
backend tls
mode tcp
Hi Olivier,
Still suffering from 2.0-dev7-b6563f-41 :(
On Sat, Jun 15, 2019 at 5:37 PM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Sat, Jun 15, 2019 at 03:00:23AM +0800, Igor Pav wrote:
> > Hello, dev
> >
> > The commit of ea8dd949e4ab7ddd94afdbf0e96087c88319221
Hi Olivier,
965e84e now fixed this, thanks! P.S I test it by using browser and squid proxy.
On Sun, Jun 16, 2019 at 3:03 AM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Sat, Jun 15, 2019 at 07:19:24PM +0800, Igor Pav wrote:
> > Hi Olivier,
> >
> > Still suf
Hello,
I do a quick playing around with H2 proxy with Chome, Chrome has
built-in HTTPS proxy support.
If I conf like:
listen FE
mode http
bind 0.0.0.0:1443 ssl crt cert.pem alpn h2,http/1.1
server squid-fwd-proxy 127.0.0.1:3128
then I set Chrome to use this proxy, it works fine with the
``
On Thu, Jun 20, 2019 at 3:39 AM Lukas Tribus wrote:
>
> Hello,
>
> On Wed, 19 Jun 2019 at 19:35, Igor Pav wrote:
> >
> > Hello,
> >
> > I do a quick playing around with H2 proxy with Chome, Chrome has
> > built-in HTTPS proxy support.
> > If I con
Tried, still same result.
On Thu, Jun 20, 2019 at 11:14 PM Lukas Tribus wrote:
>
> On Thu, 20 Jun 2019 at 09:24, Igor Pav wrote:
> >
> > Hi Lukas,
> >
> > Found when using h2, the request URI to squid is / without
> > http://example.com/, so squid return
Hi Olivier,
The `retry-on 0rtt-rejected` will only work in tcp mode, is that
possible to let it work in http mode too?
On Mon, May 6, 2019 at 4:37 AM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Mon, May 06, 2019 at 12:26:33AM +0800, Igor Pav wrote:
> > Hi, Olivier, thanks for
wrote:
>
> Hi Igor,
>
> On Sun, Jun 23, 2019 at 08:42:46PM +0800, Igor Pav wrote:
> > Hi Olivier,
> >
> > The `retry-on 0rtt-rejected` will only work in tcp mode, is that
> > possible to let it work in http mode too?
> >
>
> It should work with
Hello, can we use TLS zero RTT in server-side now? Just want to reduce
more latency when using SSL talk to the backend servers(also running
haproxy).
Thanks in advance. Regards
Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no
success, you are right :)
On Thu, May 2, 2019 at 8:45 PM Olivier Houchard wrote:
>
> Hi Igor,
>
> On Thu, May 02, 2019 at 08:39:58PM +0800, Igor Pav wrote:
> > Hello, can we use TLS zero RTT in server-side now? J
Olivier Houchard wrote:
>
> Hi Igor,
>
> On Fri, May 03, 2019 at 05:21:50PM +0800, Igor Pav wrote:
> > Just tested with openssl 1.1.1b and haproxy 1.9.7, it appears no
> > success, you are right :)
> >
>
> Indeed :)
> I just pushed commit 010941f8760
Hi William, Tried but still the same ;(
On Fri, Jul 3, 2020 at 2:35 AM William Dauchy wrote:
>
> Hi Igor,
>
> On Thu, Jul 2, 2020 at 9:57 AM Igor Pav wrote:
> > By using dev11, the CPU consumption drops a lot, but when connections
> > reach ~1000, the CPU would still
0:31PM +0800, Igor Pav wrote:
> > Hi, are those log lines both in syslog? I didn't see it there. I'm
> > using this simple setup for a forward HTTP proxy, sooner and later,
> > CPU goes crazy.
>
> Sorry for this late reply. The "bogus stream" message William was
Hello, list
We got a very high CPU constantly while using 2.2dev. Any suggestion? Thanks.
Config like:
global
log 127.0.0.1 local0
maxconn 4096
daemon
ssl-server-verify none
defaults
log global
modehttp
option httplog
timeout check 3000
timeout connect
Hi, are those log lines both in syslog? I didn't see it there. I'm
using this simple setup for a forward HTTP proxy, sooner and later,
CPU goes crazy.
On Fri, Jun 12, 2020 at 12:24 AM William Dauchy wrote:
>
> Hello Igor,
>
> On Thu, Jun 11, 2020 at 5:25 PM Igor Pav wrote:
>
34 matches
Mail list logo