haproxy-ss
PORTVERSION= 20171017
CATEGORIES= net www
MASTER_SITES= http://www.haproxy.org/download/1.7/src/snapshot/
And then ran:
make clean build install NO_CHECKSUM=yes
Which did 'seem' to download the 'intended?' file..
Thanks,
PiBa-NL / Pieter
Hi Willy,
Op 9-11-2017 om 5:45 schreef Willy Tarreau:
Hi Pieter,
On Thu, Nov 09, 2017 at 02:28:46AM +0100, PiBa-NL wrote:
Actually haproxy has been running for a few weeks with 100% and i didnt
notice.. it does keep working it seems..
Anyhow thought i would try and capture the next event if
The LetsEncrypt backend that is part of the configuration never got a
single request according to stats..
Is it a known issue?
Are tcpdump/truss output desired ..? (where should i send em?)
Is there any other output that can try to gather next time?
Regards,
PiBa-NL
HA-Proxy version 1.7.9 2017
0.5:9876 <http://192.168.0.5:9876> maxconn 2000
With this configuration can i undergo my setup with 8000 connection
load distribution or do i have to undergo some changes here
Thanks,
Kushal
Add a 'maxconn 8000' in 'global' section?
Regards,
PiBa-NL
ration.html#8
Maybe you have activated
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-optio
n%20log-health-checks
in your config.
It would be nice to know which haproxy version you use.
haproxy -vv
--
Best Regards
Aleks
https://www.me2digital.com/
--
Best Regards
Aleks
Regards,
PiBa-NL
nceador-SSL
There is no acl for the backend above? so probably the default_backend
below will never be reached.
Could it be the above backend returns the 404 your seeing?
default_backend CitrixSF-SSL
Regards,
PiBa-NL
caciones*
Servicio Andaluz de Salud. Consejería de Salud de la Junta de Andalucía
_antonio.trujillo.sspa@juntadeandalucia.es_
Tel. +34 670947670 747670)
Also i dont get how a healthcheck settings would be relevant to get
session affinity?
Regards,
PiBa-NL
the admin socket.
Assuming you do know in advance that you will want to use ocsp..
Regards
PiBa-NL
Hi Willy, Christopher,
Do you perhaps have a small update about the "[PATCH] MAJOR: ssl: add
'tcp-fallback' bind option for SSL listeners" ?
I've not seen any new information about it for a while, will it come
with 1.7devX ? Or should there first be a solid http/2 implementation
before expecti
ic request.
I'm not saying this is the exact scenario you see, but it might explain it..
Regards,
PiBa-NL
option sounds like you want it :)
Regards,
PiBa-NL
Hi Nenad, Baptiste,
@Nenad, thanks for your investigation.
@Baptiste, would it be possible to preserve the drain state? So the
manual change on stats page isn't undone by reloading.
Op 15-6-2016 om 3:02 schreef Nenad Merdanovic:
Hello Pieter,
On 6/14/2016 6:37 PM, PiBa-NL wrote:
Hi
Hi list,
While trying out how to use load-server-state-from-file i noticed that
'drain' state set through the stats page is not restored after loading
the state back.
I'm using haproxy 1.6.4 / 1.7-dev2 . I realize these are not the latest
(1.6.5 has dns resolver issues), but am wondering is
e the response was not present. If not,
am I doing something wrong?
Cheers,
Thijs
Afaik, it is possible to simply create a empty .ocsp file for all
certificates you want to use it with.
Then as you already do set the actual ocsp response over the unix socket.
Regards,
PiBa-NL
ward some basic traffic would be something to do before looking
into details like a client ip imho ..
Anyway if that works there are 3 options for making a backend aware of
the original a client ip:), each with their own (dis-)advantage.
https://gist.github.com/PiBa-NL/d826e0d6b35bbe4a5fc3
Regards,
PiBa-NL
Op 20-4-2016 om 22:38 schreef Shawn Heisey:
It will be accessible from the Internet, but as long as nobody ever
knows what the URL path is, that should be OK.
You could put the stats in a separate backend and use a acl to verify
proper source subnet/ip is requesting it.
Add some user+password f
Op 20-4-2016 om 20:45 schreef Shawn Heisey:
The problem is that if I try to go tohttp://spark.REDACTED.com:8080/
... this is redirected tohttps://spark.REDACTED.com:8080/ ... and I get
this in the log:
Are you using HSTS on that domain name?
Can you check the networking tab of firebug/chrome wh
Op 18-4-2016 om 22:47 schreef CJ Ess:
This is using HAProxy 1.5.12 - I've noticed an issue where HAProxy is
sometimes rejecting requests with a 400 code when the URL string
contains extended characters. Nginx is fronting HAProxy and has passed
them through as as valid requests and just eyeballi
be more appropriate. If you prefer, i can do
the change.
The patch from Christopher looks to provide a nice additional feature.
Allowing offloading and sni passthrough on a single ip:port.
And with my limited testing it looks to work properly.
What do guys think about his latest patch?
Regards,
PiBa-NL
Op 2-4-2016 om 22:32 schreef CJ Ess:
So in my config file I have:
maxconn 65535
fullconn 64511
However, "show info" still has a maxconn 2000 limit and that caused a
blow up because I exceeded the limit =(
So my questions are 1) is there a way to raise maxconn without
restarting haproxy wit
Op 2-4-2016 om 22:32 schreef CJ Ess:
So in my config file I have:
maxconn 65535
Where do you have that maxconn setting? In frontend , global, or both.?
fullconn 64511
However, "show info" still has a maxconn 2000 limit and that caused a
blow up because I exceeded the limit =(
So my questio
?
"tcpdump -en -i " might show if reply packets from the webserver
are properly delivered back to the haproxy machine.
Thanks,
Marcello
Regards,
PiBa-NL
can replace my previous one. Of
course, all remarks are welcome. I'll try to do more tests. I quickly
checked it on OpenSSL 0.9.8zg and 1.0.2f.
Thanks for your time to re-implement the patch as this is more flexible
than your original, and cleaner than my addition.
I'm adding Emeric in the mail as he is the SSL maintainer for haproxy,
maybe he can tell if the patch is good to merge or if using the BIO like
this could become a problem somewhere.?
Regards,
PiBa-NL
the solution there,
but that isnt available in current openssl releases.
I hope you guys have the time and ability to check for problems
introduced by my 'hackery'.. Or just throw it in the bin and
re-implement it using a better understanding of how the flow is supposed
to go.
Any fee
Have you checked if strict-sni perhaps matches your desired effect?
http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#strict-sni
Regards
PiBa-NL
.2.3.4:443> ssl crt
/etc/haproxy/my_ha.pem
reqadd X-Forwarded-Proto:\ https
balance roundrobin
server webserver 192.168.201.124:80
<http://192.168.201.124:80> check
Regards,
PiBa-NL
you have 'stats enable' in the defaults, effectively you have
a stats page on every frontend that exists in the configuration. Which
would probably be reachable under http://yourdomain.tld/haproxy?stats ,
possibly even having those admin permissions.
My two cents.. Which i did not verify..
Regards,
PiBa-NL
Hi,
I think your looking for this?: option socket-stats
Regards,
PiBa-NL
Op 12-1-2016 om 19:35 schreef Michael Rennecke:
Hello,
is it possible to show seperate stats every bind line in a frontend? I
use haproxy 1.6.3.
global
maxconn 4000
tune.ssl.default-dh-param 4096
st server once I
resubscribe, but I'm traveling so I've been lazy and put off that part.
I'll try to finish it soon
Thanks,
Hank
---
Op 10-1-2016 om 13:30 schreef Aleksandar Lazic:
Hi
Am 03-01-2016 21:41, schrieb PiBa-NL:
Ive send a mail to webguy at marc , last year that wo
Ive send a mail to webguy at marc , last year that worked.
Op 3-1-2016 om 18:00 schreef Aleksandar Lazic:
Hi.
It looks like that marc have no more mails since 2015-12-01
http://marc.info/?l=haproxy
http://marc.info/?l=haproxy&r=1&b=201512&w=2
BR Aleks
10.0.80.1:8443 default_server ssl proxy_protocol;
Just a thought..
Regards,
PiBa-NL
Op 6-12-2015 om 12:25 schreef Lukas Erlacher:
Hi,
On 12/04/2015 04:27 PM, Jonathan Leroy - Inikup wrote:
2015-12-04 13:23 GMT+01:00 Lukas Erlacher :
Please show the nginx config.
Hi Luke,
Here's the Nginx c
There is no cache to delete..
Can you check there is only 1 active haproxy process running?
Depending on how you restart haproxy it could be that old existing
connections are still served by the old process that should shutdown
once all connections are closed. The old stopping process should n
Hi Tom,
Try this: check-ssl (
http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.6.html#check-ssl
)
It will cause healthchecks to use ssl.
You will likely also add either a ca-cert or verify none.
Regards,
PiBa-NL
Op 25-11-2015 om 11:34 schreef Tom Duckering:
Hi,
We’re in a
e to make such a thing possible.?.
I agree a note about the spam policy would be nice to have near where
the subscription address is written. It might reduce the 'stop spam'
discussions..
Regards,
PiBa-NL
Op 23-11-2015 om 16:06 schreef Kobus Bensch:
Again, I get no SPAM on this list.
ot; command to do? Can we find a
replacement tool doing the same task?
I think you misunderstood, the 'show sess all' is a command that should
be send over the haproxy unix socket.
Like this:
echo "show sess all" | socat stdio /tmp/haproxy.socket > allsessions.txt
So if anything, the program to install would be 'socat'.
Regards,
PiBa-NL
Hi Simon,
Ok, ill try and see if i can add a config setting for it. And move the
whitespace changes to a separate patch.
Will take me some time..
Thanks for your feedback,
PiBa-NL
Op 21-11-2015 om 0:30 schreef Simon Horman:
On Fri, Nov 20, 2015 at 11:58:19PM +0100, PiBa-NL wrote:
Hi Willy
some retransmits? (In my test it sends 4 SYN packets if it cannot
connect at all.)
Or should it be approached in a different way? Perhaps as a
configuration option on the mailers section?
Thanks,
PiBa-NL
>From eaf95bea0af6aa3b553a6e038997b5d339b507da Mon Sep 17 00:00:00 2001
From: Pieter B
Technically its possible bind the stats socked on a tcp port iirc, do
make sure to either bind it on 127.0.0.1 or firewall it properly.
I have no clue if those admin tools can use tcp connection to perform
their administration tasks..
Op 18-11-2015 om 17:03 schreef Pavlos Parissis:
On 18/11/2
Hi Willy,
Op 16-11-2015 om 7:20 schreef Willy Tarreau:
Hi Pieter,
On Mon, Nov 16, 2015 at 12:13:50AM +0100, PiBa-NL wrote:
-but check->conn->flags & 0xFF is a bit of s guess from observing the
flags when it could connect but the server did not respond
properly.. is there a other
Hi Willy,
Op 15-11-2015 om 8:48 schreef Willy Tarreau:
Pieter,
I'm just seeing this part in your description while merging
the patch :
On Sun, Nov 08, 2015 at 07:19:21PM +0100, PiBa-NL wrote:
HOWEVER.
-i have not checked for memoryleaks, sockets not being closed properly
(i dont know h
welcome.
HAProxy config:
frontend tcp-echo
bind 127.0.2.1:1610
timeout client 10000
mode tcp
tcp-request content lua.tcp-echo
Testing this with ab frequently hangs and times out even at tiny loads
(10 requests with concurrency 3).
On Wednesday, 11 November 2015, 10:19, PiBa-
b.t.w. if sole purpose of the frontend is to echo the ip back to the client.
You should probably also check the 'use-service' applet syntax, i dont
know if that could be faster for your purpose.
Then another thing to check would be if you want to use the tcp or http
service mode. A TCP service c
Forgot to include list, sorry. And then the attachment dropped of..
Resending.
Op 8-11-2015 om 17:33 schreef PiBa-NL:
Hi Ben, Willy, Simon,
Ben, thanks for the review.
Hoping 'release pressure' has cleared for Willy i'm resending the
patch now, with with your comments incorpo
Forgot to include list, sorry.
Op 8-11-2015 om 17:33 schreef PiBa-NL:
Hi Ben, Willy, Simon,
Ben, thanks for the review.
Hoping 'release pressure' has cleared for Willy i'm resending the
patch now, with with your comments incorporated.
CC, to Simon as maintainer of mailers
Hi List, Willy,
Attached some small example fixes, spelling correction.
Hope its ok like this :).
Regards,
PiBa-NL
From fdecc44b9bf94bfaceb9d0335ea3a185e575cd86 Mon Sep 17 00:00:00 2001
From: Pieter Baauw
Date: Sun, 8 Nov 2015 16:38:08 +0100
Subject: [PATCH] DOC: lua-api/index.rst small
r
as i could tell. Anyway less warnings is better.
include/common/mini-clist.h:114:9: warning: 'LIST_PREV' macro redefined
#define LIST_PREV(lh, pt, el) (LIST_ELEM((lh)->p, pt, el))
Second patch i confirm fixes the core dump.
Thanks as always!
Regards,
PiBa-NL
Thierry
On Mon, 2
Op 2-11-2015 om 10:03 schreef Thierry FOURNIER:
On Sat, 31 Oct 2015 21:22:14 +0100
PiBa-NL wrote:
Hi Thierry, haproxy-list,
Hi Pieter,
Hi Thierry,
I've created another possibly interesting lua script, and it works :)
(mostly). (on my test machine..)
When i visit the 192.168.0.120
Hi Thierry, haproxy-list,
I've created another possibly interesting lua script, and it works :)
(mostly). (on my test machine..)
When i visit the 192.168.0.120:9003 website i always see the 'Hello
World' page. So in that regard this is usable, it is left to the browser
to send the request ag
for the more native English
speaking/writing people.
I haven't tried to check it myself, but didn't see it in either of the
documents how often is a function from core.register_task called? Or
should it contain a loop+sleep ? Perhaps a small example could be added?
Regards
PiBa-N
Hi Thierry, haproxy-list,
Op 19-10-2015 om 11:24 schreef thierry.fourn...@arpalert.org:
On Mon, 19 Oct 2015 01:31:42 +0200
PiBa-NL wrote:
Hi Thierry,
Op 18-10-2015 om 21:37 schreef thierry.fourn...@arpalert.org:
On Sun, 18 Oct 2015 00:07:13 +0200
PiBa-NL wrote:
Hi haproxy list,
For
Hi Thierry,
Op 18-10-2015 om 21:37 schreef thierry.fourn...@arpalert.org:
On Sun, 18 Oct 2015 00:07:13 +0200
PiBa-NL wrote:
Hi haproxy list,
For testing purposes i am trying to 'modify' a response of a webserver
but only having limited success. Is this supposed to work?
As a mo
the lua script to call res:get() multiple
times but that didnt seem to work..
Also to properly modify a page i would need to know all changes before
sending the headers with changed content-length back to the client..
Can someone confirm this is or isn't (reliably) possible? Or how this
can b
ed again sooner sorry..
(I actually did test latest snapshot at the moment when i first reported
the issue..)
Anyway i burned some more hours on both your and my side than was
probably needed.
One more issue gone :)
Thanks for the support!
PiBa-NL
Hi Willy,
Op 12-10-2015 om 23:06 schreef Willy Tarreau:
Hi Pieter,
On Mon, Oct 12, 2015 at 10:29:05PM +0200, PiBa-NL wrote:
Been running some more tests with the information that req->buf->i
should be >= 0.
What i find is that after 1 request i already see rqh=-103 , it seems
Hi Willy,
Op 12-10-2015 om 7:28 schreef Willy Tarreau:
Hi Pieter,
On Mon, Oct 12, 2015 at 01:22:48AM +0200, PiBa-NL wrote:
#1 0x00417388 in buffer_slow_realign (buf=0x7d3c90) at
src/buffer.c:166
block1 = -3306
block2 = 0
I'm puzzled by this above, no
Hi All,
Op 7-10-2015 om 0:31 schreef PiBa-NL:
Hi Thierry,
Op 6-10-2015 om 9:47 schreef Thierry FOURNIER:
On Mon, 5 Oct 2015 21:04:08 +0200
PiBa-NL wrote:
Hi Thierry,
Hi Pieter,
With or without "option http-server-close" does not seem to make any
difference.
Sure, it is only
Hi Thierry,
Op 6-10-2015 om 9:47 schreef Thierry FOURNIER:
On Mon, 5 Oct 2015 21:04:08 +0200
PiBa-NL wrote:
Hi Thierry,
Hi Pieter,
With or without "option http-server-close" does not seem to make any
difference.
Sure, it is only an answer to the Cyril keep alive problem. I
s method embbed a limitation: if some servers are declared in the
backend, the "option http-server-close" forbid the keepalive between
haproxy and the serveur.
Can you test with this option ?
Thierry
On Thu, 1 Oct 2015 23:00:45 +0200
Cyril Bonté wrote:
Hi,
Le 01/10/2015 20:52, P
1/
Op 1-10-2015 om 23:49 schreef PiBa-NL:
Hi,
small update on the repro..
Op 1-10-2015 om 23:00 schreef Cyril Bonté:
Hi,
Le 01/10/2015 20:52, PiBa-NL a écrit :
Hi List,
With the config below while running 'siege' i get a core dump within a
few hundreds of requests.. Viewing the st
Hi,
small update on the repro..
Op 1-10-2015 om 23:00 schreef Cyril Bonté:
Hi,
Le 01/10/2015 20:52, PiBa-NL a écrit :
Hi List,
With the config below while running 'siege' i get a core dump within a
few hundreds of requests.. Viewing the stats page from a chrome browser
while siege
Hi List,
A small DOC fix attached for the lua applet example.
Regards,
PiBa-NL
From 4ecbd5254b1b3f7b44d0746bc14fc22b6b9650f9 Mon Sep 17 00:00:00 2001
From: Pieter Baauw
Date: Thu, 1 Oct 2015 22:47:12 +0200
Subject: [PATCH] DOC: fix lua use-service example
---
doc/lua-api/index.rst | 12
Hi List,
With the config below while running 'siege' i get a core dump within a
few hundreds of requests.. Viewing the stats page from a chrome browser
while siege is running seems to crash it sooner..
Is below enough to find the cause? Anything else i should try?
Using the haproxy snapshot
i see the source is still unchanged at this part.
Thanks,
PiBa-NL
characters with,
but had to shift around the text a little..
Thanks,
PiBa-NL
From 71ad5dec78a169ab21292682c34c6d3a864265c7 Mon Sep 17 00:00:00 2001
From: Pieter Baauw
Date: Thu, 17 Sep 2015 21:30:46 +0200
Subject: [PATCH] DOC: add references to rise/fall for the fastinter
explanation
urce/src/os/unix/ngx_setaffinity.c though
not sure thats needed..
Also i'm not sure you will like the IFDEF __FREEBSD__ thats used.?. I
couldnt find any other way to properly determine the correct function to
use though.
Hope its ok as is, and you can merge it?
Thanks in advance,
,
PiBa-NL
From 71ad5dec78a169ab21292682c34c6d3a864265c7 Mon Sep 17 00:00:00 2001
From: Pieter Baauw
Date: Thu, 17 Sep 2015 21:30:46 +0200
Subject: [PATCH] DOC: add references to rise/fall for the fastinter
explanation
---
doc/configuration.txt | 21 +++--
1 file changed, 11
'external-command path' is not set.\n",
+Alert("Proxy '%s': '%s' does not have a leading '/' and
'external-check path' is not set.\n",
Regards,
PiBa-NL
Hi Jayapal,
Op 15-9-2015 om 11:07 schreef Jayapal Reddy:
Hi All,
ssh proxy is send to both machines, it is honouring the session cookie.
Below is my harpy config snippet*, complete logs can be found here.
https://www.digitalocean.com/community/questions/haproxy-appcookie-is-not-working
I have
epository, so should come
through with the binary repositories building from there. That will
solve my 'problem' for the moment.
Thanks for your reply.
PiBa-NL
sing proxy
protocol to keep client-ip information, and namespaces or unixsockets
for the connection between the two.
Again, i have not tested it, but this seems like it could be a way to
configure it with current options..
Regards,
PiBa-NL
ought Baptiste was going to do that.
Just let me know, thanks.
Thanks,
PiBa-NL
Probably nothing.
p.s.
Dont forget to add the patch "get_addr_len(&curnameserver->addr)" Remi
created ;) its not yet in todays list of dns patches. But maybe im just
a bit to eager now :) .
Keep up the good work!
Thanks.
PiBa-NL
Op 8-9-2015 om 14:17 schreef Brendan Kearney:
listen https 192.168.120.2:443
remove the address and port from the listen directive above, as
currently it will bind port 443 twice, once with once without ssl
offloading, leading to unpredictable results..
bind 192.168.120.2:443 ssl crt /etc/hapr
for?
"acl bruteforce_detection sc2_http_req_rate gt 5"
As explained in:
http://blog.haproxy.com/2013/04/26/wordpress-cms-brute-force-protection-with-haproxy/
Regards,
PiBa-NL
Op 7-9-2015 om 23:06 schreef Baptiste:
On Mon, Sep 7, 2015 at 10:12 PM, PiBa-NL wrote:
Hi Remi and Baptiste / haproxy users,
Thanks for the quick fix for socket issues.
Haproxy now starts succesfull and sends some DNS requests successfully.
However the google backend server immediately go&#
ery's, should it not send a dns query
every 10 seconds?
Or maybe i'm misinterpreting the 'hold valid' description?
Perhaps you guy's could take another look?
Thanks in advance, best regards,
PiBa-NL
Same environment as before (p.s. if you want to test it yourself, its
curnameserver->id);
close(fd);
Thanks a lot Remi!
Piba, could you please check it works with Remi's feedback?
If yes, I'll send a patch to Willy with the fix.
Baptiste
The fix works.
At least now dns requests are send and 'some' reply comes back. A new
mail following about that..
PiBa-NL
Hi guys,
Hoping someone can shed some light on what i might be doing wrong?
Or is there something in FreeBSD that might be causing the trouble with
the new resolvers options?
Thanks in advance.
PiBa-NL
haproxy -f /var/haproxy.cfg -d
[ALERT] 248/222758 (22942) : SSLv3 support requested but
Hi Guys,
Patch attached to correct the mailer warning text to show the right
names to the user.
Regards,
PiBa-NL
>From aa2cccdf5e95d2850692ec8189fc9ed20a586575 Mon Sep 17 00:00:00 2001
From: Pieter Baauw
Date: Mon, 17 Aug 2015 00:45:05 +0200
Subject: [PATCH] MINOR cfgparse: Correct
Hi,
Ive found some inconsistencies in the documentation, patch attached.
Could you take a look and merge it? Thanks.
Regards,
PiBa-NL
>From 007f377f637dbafc47cb77f6650e4df55e08b608 Mon Sep 17 00:00:00 2001
From: Pieter Baauw
Date: Sun, 16 Aug 2015 15:26:24 +0200
Subject: [PATCH] DOC: ma
bump?
Doorgestuurd bericht
Onderwerp: request for comment - [PATCH] MEDIUM: mailer: retry sending
a mail up to 3 times
Datum: Sun, 26 Jul 2015 21:08:41 +0200
Van:PiBa-NL
Aan:HAproxy Mailing Lists
Hi guys,
Ive created a small patch that will retry sending a mail
s
there a other better way?
-i used the 'fall' variable to track the number of retries.. should i
have created a separate 'retries' variable?
Thanks for any feedback you can give me.
Best regards,
PiBa-NL
>From c5110d981cf0d2c070e88331eede15b0b16e80df Mon Sep 17 00:00:00 2
Tim Dunphy schreef op 25-7-2015 om 17:00:
You need to run haproxy as root to bind to ports lower than 1024
I tried running haproxy as root/root:
[root@ha1:/etc/haproxy] #egrep "user|group" haproxy.cfg| grep -v option
user root
group root
user and group dont affect what user haprox
I believe you need 1.6-dev3 for that:
http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#5.2-sni
Jim Gronowski schreef op 23-7-2015 om 23:20:
I’m trying to do health checks on a site that is served with SNI – so
going directly to the IP generates a 404 – the backend server is
looki
Hi Willy,
Please check attached patch to solve not being able to send a mail to a
exchange server as discussed in previous mail thread.
http://marc.info/?l=haproxy&m=143708032708431&w=2
Is it correct like this?
Thanks for the great software :).
Regards,
Pieter
>From 50b34a494a9cd405364545912
It looks to me as if the dot is send in the wrong place.
Attached patch would fix that.
https://www.ietf.org/rfc/rfc2821.txt
the character sequence "." ends the mail text.
Could you guy's take a look?
mlist schreef op 15-7-2015 om 14:23:
At the end of each smtp session, we see a packet with Re
ello_world(txn)
txn.res:send(penguinsimage)
txn:close()
end
Thierry FOURNIER schreef op 19-6-2015 om 14:22:
On Fri, 19 Jun 2015 02:05:50 +0200
PiBa-NL wrote:
Hi guys,
I'm sure i am abusing lua for completely wrong thing here.
But i do not understand why the result isn't at
Hi guys,
I'm sure i am abusing lua for completely wrong thing here.
But i do not understand why the result isn't at least consistent..
Ive got a Pinguïns.jpg of 759kB (Default Windows 7 example image)..
And have the configuration listed below.
When requesting the image from a browser the top of
12:
On Thu, 18 Jun 2015 20:27:07 +0200
PiBa-NL wrote:
Thing to check, what happens to concurrent connection requests?
My guess is with 10 concurrent requests it might take up to 20
seconds(worst case for 10 connections) for some requests instead of the
expected max 2..
Note that we don't us
Thing to check, what happens to concurrent connection requests?
My guess is with 10 concurrent requests it might take up to 20
seconds(worst case for 10 connections) for some requests instead of the
expected max 2..
Thierry FOURNIER schreef op 18-6-2015 om 19:35:
Hi,
You can do this with Lua
n and
fix it.
On Tue, Jun 16, 2015 at 4:39 PM, PiBa-NL <mailto:piba.nl@gmail.com>> wrote:
Which does not prevent the backend from using mode http as the
defaults section sets.
CJ Ess schreef op 16-6-2015 om 22:36:
"mode tcp" is already present in mainfront
Which does not prevent the backend from using mode http as the defaults
section sets.
CJ Ess schreef op 16-6-2015 om 22:36:
"mode tcp" is already present in mainfrontend definition below the
bind statement
On Mon, Jun 15, 2015 at 3:05 PM, PiBa-NL <mailto:piba.nl@gmai
CJ Ess schreef op 15-6-2015 om 20:52:
This one has me stumped - I'm trying to proxy SMTP connections however
I'm getting an HTTP response when I try to connect to port 25 (even
though I've done mode tcp).
This is the smallest subset that reproduced the problem - I can make
this work by doing
Matthew Cox schreef op 15-6-2015 om 20:05:
Hello,
I've been trying to diagnose an odd issue with HAProxy (1.5.x)
statistics and SSL. I'm seeing clients having problems with the SSL
negotiation. When digging with openssl, there seems to be a clear text
http 1.x response which causes the negoti
Nick Couchman schreef op 6-2-2015 om 23:52:
It's hard to figure out exactly how to phrase what I'm trying to do, but I essentially
need a configuration for HAProxy where I can "pin" the load-balancing of one
front-end port to another one, so that both go to the same back-end port. Here's what
Yosef Amir schreef op 1-1-2015 om 13:57:
Hi ,
I have servers that listen for plain IMAP on port 143 and servers that
listen for IMAP SSL on port 443.
I have successfully tested HAProxy for tcp-check proxying to IMAP
servers listen on port 143 .
I don’t know how to configure the option tcp-chec
[PATCH] DOC: httplog does not support 'no'
Modified: doc/configuration.txt
doc/configuration.txt | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index aa6baab..5dc3afa 100644
--- a/doc/configuration.txt
+++ b/doc/configu
Take a look at 'non-stick' and or 'on-marked-up
shutdown-backup-sessions' they might help with your issue.
Another option could be to remove the backup server from your config,
and serve the static page with 'errorfile 503
/etc/haproxy/errorfiles/503sorry.http'.
Dennis Jacobfeuerborn schreef
Hi Dennis,
option tcp-check << that requires more send/expect options to actually perform
L7 checks.
For a simple L4 check remove the line completely or add : tcp-check connect
You might also want to look at option httpchk. Which is more friendly for basic
http checks.
Greets PiBa-NL
a simple layer4 3way.
Zebra schreef op 16-9-2014 3:53:
Hi, PiBa-NL
Thank you for your reply .
But I used tcpdump and find the check only try to make one tcp
three-way handshake and even the packet for tcp ACK will not send.
This is the result :
root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei
201 - 300 of 363 matches
Mail list logo
