Combine http and https backend

2013-07-10 Thread Mark Ruys
server app08_master 10.0.0.7:443 check port 80 inter 5000 Thank you, Mark Ruys

X-Forwarded-For or proxy protocol

2013-07-21 Thread Mark Ruys
We're building a HA-cluster which will run a lot of different sites of which many offer https. Tools we plan to use are Keepalived, stunnel, HAProxy, Apache and PHP. All VPSses run Ubuntu 12.04. Some of our PHP applications need to check the client IP address. Simplified setup: client --

Re: X-Forwarded-For or proxy protocol

2013-07-22 Thread Mark Ruys
Hi Cyril, Lucas, Op 21 jul. 2013, om 23:25 heeft Cyril Bonté cyril.bo...@free.fr het volgende geschreven: Hi Mark, Le 21/07/2013 22:38, Mark Ruys a écrit : We're building a HA-cluster which will run a lot of different sites of which many offer https. Tools we plan to use are Keepalived

Re: X-Forwarded-For or proxy protocol

2013-07-27 Thread Mark Ruys
Op 23 jul. 2013, om 11:36 heeft Willy Tarreau w...@1wt.eu het volgende geschreven: Hi guys, On Mon, Jul 22, 2013 at 03:42:11PM +0200, Lukas Tribus wrote: Hi Mark, Yes, I should have listed this as alternative 3. Altough we're willing to adopt HAProxy 1.5 in production for it's

UP 2/3 status

2013-09-27 Thread Mark Ruys
Hi, I'm using a Nagios plugin to monitor the HAProxy status. Now and then, HAProxy reports UP 2/3 as a backend status in the statistics. I wonder, what does 2/3 mean? Mark Ruys --- dr M.P.J. Ruys (PhD) ::Peercode Oudenhof 4c, 4191NW Geldermalsen, The Netherlands Web site

Re: UP 2/3 status

2013-09-28 Thread Mark Ruys
was yes). So should I be bothered with UP 2/3 or is it save just to ignore it. Mark -Robin On Sat, Sep 28, 2013 at 03:37:43AM +0200, Mark Ruys wrote: Hi, I'm using a Nagios plugin to monitor the HAProxy status. Now and then, HAProxy reports UP 2/3 as a backend status in the statistics. I

Re: Emulating Active/passing application clustering with HAProxy

2014-02-16 Thread Mark Ruys
Op 16 feb. 2014, om 00:16 heeft Cyril Bonté cyril.bo...@free.fr het volgende geschreven: Le 16/02/2014 00:00, Mark Ruys a écrit : Hi Cyril, Awesome, that's exactly what I need. Thanks for sharing it, I'll definitely implement it this way! OK, please feel free to provide some feedbacks

Expired revocation list

2014-03-12 Thread Mark Ruys
Hi, I got client certificate checks working using something like: bind 8.8.8.8:443 mss 1422 ssl crt server.pem ca-file root.crt crl-file root.crl verify required The gotcha is that this does not work when the revocation list isn't renewed: $ openssl crl -in root-crl.pem -noout -text|head