I am trying to use haproxy 1.4.8 to replace an apache URL rewriting
engine that crumbles under load. I have to duplicate the following part
of it:
ipaddr=%{REMOTE_ADDR}
The IP address is not part of the original URL, but it must be included
in the rewritten one. Looking at the
The Apache instances run under Windows, and the application is a
homegrown windows executable CGI. It's my opinion that the OS choice is
the entire problem, but it's not something we can change without a
complete rewrite of major systems.
I'm a sysadmin, not a developer! I will talk to the
balance leastconn
server server8080 10.10.14.127:8080 check
server server8081 10.10.14.127:8081 check
On 12/14/2010 12:34 PM, Shawn Heisey wrote:
I spoke too soon. This just made it pass through unchanged, and the
URL rewriting on the backend took care of it.
It seems
I buried this email deep in another thread, bringing it back to the top
with a new message.
I have a bunch of rewrites that I need to do to incoming requests. I
tried initially putting them all in the frontend, but that didn't work.
What finally worked was creating multiple backends, each
On 12/15/2010 5:00 PM, Cyril Bonté wrote:
Hi Shawn,
Le mardi 14 décembre 2010 20:34:49, Shawn Heisey a écrit :
I spoke too soon. This just made it pass through unchanged, and the URL
rewriting on the backend took care of it.
It seems that this config line:
reqirep ^([^\ ]*)\ /string1
On 12/15/2010 7:50 PM, Cyril Bonté wrote:
This configuration should work (fixed the acl and merged all the
reqirep in the frontend) :
The things that match /foo* can't use the tomcat backend, they have to
use the apache backend. Everything that doesn't match an ACL uses the
tomcat
On 12/15/2010 9:20 PM, Shawn Heisey wrote:
On 12/15/2010 7:50 PM, Cyril Bonté wrote:
This configuration
should work (fixed the acl and merged all the reqirep in the
frontend) :
The things that match /foo* can't use the tomcat backend, they have to
use the apache backend. Everything
On 12/15/2010 11:30 PM, Cyril Bonté wrote:
Yes, this is how this configuration works.
Example :
Incoming request is : GET /fooc/bar HTTP/1.1
= APPLYING reqirep ^([^\ ]*)\ /fooc/(.*) \1\ /cgi-bin/cgi-
gw.exe?action=captfooid=\2
The request becomes : GET /cgi-bin/cgi-gw.exe?action=captfooid=bar
I've been looking through the documentation and looking for information
online, but can't find anything. Currently I have this in a backend:
reqirep ^([^\ ]*)\ /omc/(.*)\ (.*) \1\
/foo/bar.do?prefix=/appnbpage=/baz.doaction=acctnoid=\2\ \3
What I would like to do now is do something very
I've been looking around for the answer to this question, but so far
I've turned up nothing.
Can I have haproxy (currently 1.5-dev3) spit out a custom log message,
preferably at a custom level, when certain text is found in a request?
I need to do this because the text I'm looking for will
On 9/25/2012 3:58 PM, Willy Tarreau wrote:
On Tue, Sep 25, 2012 at 11:26:53PM +0200, Baptiste wrote:
1.5-dev branch may be broken because it is the development branch
version. For example, dev12 is broken on SSL if no SNI is sent (there
may be other bugs).
I would add that a number of people
I have a setup doing a lot of URL rewriting. I set up an ACL to match
each string that I want to rewrite. When each one matches, it sends the
request to a backend specific to that rewrite. All of the backends
(over a dozen of them) have the same set of servers, each defined with
'check' in
I am running haproxy as a front end for Solr and Mule, currently on
1.5dev7. There are some occasional weird moments where haproxy marks
the primary solr server as offline and sends requests to the next
server. At this time I have no reason to think Solr is actually having
a problem, so I
On 1/2/2013 11:15 PM, Baptiste wrote:
dev17 fixes bugs from dev16 with no know regression or bugs for now...
Concerning your error, you consider one check failing to concider your
server as unoperational...
Try increasing this number to 2, to avoid false positive.
Is it possible you reach a
I am having some problems with SSL negotiation taking a really long
time. There were 20 seconds between client hello and server hello on
one session noticed with a packet capture, 28 seconds on another.
Currently that connection is being handled by a load balancer based on
the LVS-NAT solution -
I do not think this is a problem with haproxy (running 1.5.4), but I'm
hoping haproxy can help me debug it.
When I get SSL handshake failure, can haproxy be configured to log debug
messages about WHY it failed? We don't have any visibility into the
client -- it's at a customer site in Japan, I'm
On 9/9/2014 11:45 PM, Willy Tarreau wrote:
It is possible that the more recent openssl lib above defined a few extra
fields that are not supported by the older one used at runtime, resulting
in undefined behaviour. If you cannot upgrade the production version, I
suggest that instead you
having two different versions, we cannot rule out a problem there.
I did manage to do that. My captures (of my test requests) don't show an
improvement in wireshark's ability to decrypt.
I suspect that the actual handshake problem with the customer is on their
end. The certificate we were using
On 9/10/2014 11:43 PM, Willy Tarreau wrote:
It is also possible that they have stored locally a copy of your old cert
or maybe they have your CA's certs and you changed to a new CA to sign this
new cert.
It's the same CA and intermediate cert. We suspect that they have
configured it to only
I've been tasked with making our websites more responsive, particularly
with TLS. I was given this video to watch:
https://www.youtube.com/watch?v=0EB7zh_7UE4
This video specifically mentions haproxy, and I can see conversations
including Ilya on my mailing list history, which is really
On 11/13/2014 9:36 AM, Lukas Tribus wrote:
I started out with haproxy 1.5.8 from source on CentOS 5. It quickly
became apparent that this system would not accommodate any of the cool
technologies that Ilya talked about.
I don't follow, can you elaborate? I didn't watch the video, but Ilya's
I have a co-worker that is concerned with the idea of moving SSL
termination to haproxy, rather than using LVS to NAT the SSL to back end
servers directly. It would be handled by one machine, with
corosync/pacemaker providing responsive failover to a redundant host.
Below is the CPU info from
On 11/14/2014 11:09 AM, Shawn Heisey wrote:
I have a co-worker that is concerned with the idea of moving SSL
termination to haproxy, rather than using LVS to NAT the SSL to back end
servers directly. It would be handled by one machine, with
corosync/pacemaker providing responsive failover
If we get mod_spdy installed on Apache, what's required to make that
available through haproxy? The documentation I've found is somewhat
confusing.
From what I've been able to piece together, it sounds like we would need
to have a virtualhost on Apache that provides SPDY on a different port
from
On 2/5/2015 5:54 AM, Klavs Klavsen wrote:
Adding nbproc 4, improved performance of https from 511 req/s to 1296
req/s..
not quite an exponential scaling..
We tested with 8 cores and got 1328 req/s.. so it seems we're hitting
something else already after 2,5 core..
vmstat 1 - also
On 2/6/2015 5:48 AM, Dennis Jacobfeuerborn wrote:
Has somebody ever posted a working example configuration for haproxy
that applies the improvements mentioned in the video?
I tried to implement these recommendations but didn't seem to get
results I was expecting. How exactly does one reliably
I'm trying to ensure that multiple connections from the same browser end
up on the same back end server, and having lots of trouble. All my work
with haproxy up to now has been with connections that don't need
persistence - everything relevant happens in one http request.
This is probably PEBCAK
Let's say that I have a server named 'friday' in my backend, and it has
cookie friday on the server line. Let's also say that the web server
sets the JSESSIONID with that server name in it, like this:
JSESSIONID=6ED8B9D4544820B2C073579E17BF3A67.friday
If I use cookie JSESSIONID in the backend
When haproxy is run in TPROXY mode, does it lose any functionality, or can
I do all the same things as I can when it's acting in normal proxy mode?
I'd like to have my servers see the real source ip but still have the
ability to make decisions based on HTTP headers and manipulate those
headers.
On 1/20/2015 6:12 AM, Thomas Heil wrote:
On 20.01.2015 03:26, Shawn Heisey wrote:
When haproxy is run in TPROXY mode, does it lose any functionality, or can
I do all the same things as I can when it's acting in normal proxy mode?
I'd like to have my servers see the real source ip but still have
On 1/15/2015 1:30 PM, Shawn Heisey wrote:
Let's say that I have a server named 'friday' in my backend, and it has
cookie friday on the server line. Let's also say that the web server
sets the JSESSIONID with that server name in it, like this:
JSESSIONID=6ED8B9D4544820B2C073579E17BF3A67
On 1/21/2015 2:52 AM, Baptiste wrote:
Everything is explained here:
http://blog.haproxy.com/2013/09/16/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/
If you can't do it, maybe you should ask the HAProxy experts to help you:
What should be my goal when buying hardware for haproxy if I am planning
to secure everything with TLS/SSL terminated by haproxy? Due to
customer requirements, many of the back-end connections will also be
encrypted.
Other than getting the latest processor architecture I can find at the
highest
On 2/9/2015 2:16 PM, Baptiste wrote:
A single CPU core (choose the fastest one with AESNI enabled) can
easily handle you current traffic and meet also the requirements of
your capacity planning.
From a memory point of view, 16G sounds more than enough for your
traffic expectation.
To get
On 2/9/2015 1:08 PM, Baptiste wrote:
could you define what you mean by heavy ?
What type of web application do you host?
How many req / conn per second do you expect?
When doing SSL, the CPU is not enough, the memory also matters.
I would plan on 16 or 32GB of RAM for the machine, more if
On 3/25/2015 10:16 AM, Brandon wrote:
Hi, I am trying to deploy HAProxy in HTTP mode in front of a Windows
Server 2012 R2 ADFS 3.0 farm. In ADFS 3.0 backend servers require that
clients support SNI.
In my testing it does not appear that HAProxy is sending the ServerName
extension in the
I have an existing load balancer installation that I have been slowly
migrating from IPVS to haproxy. It's CentOS 6, so many components are
out of date, such as TLS support.
Once that migration is done, I would like to entirely replace the
hardware and load an ideal software environment for
I have a number of backend configs that handle requests to dev and
staging webservers. These backend configs only have one server. If
that server goes down briefly because the server process is restarted,
which happens frequently precisely because they are for dev/staging, I
get a console
On 4/30/2015 1:03 PM, Pavlos Parissis wrote:
On 30/04/2015 08:31 μμ, Shawn Heisey wrote:
I definitely DO want this kind of console notification if one of the
production backends has no server available, but I don't want the
interruption for staging or dev. If a config option to reduce
On 4/30/2015 4:08 PM, Cyril Bonté wrote:
No, you didn't provide err as the minlevel argument.
It should be something like :
log 127.0.0.1 local0 notice err
Also, ensure you don't have a log global somewhere in those backends
or in the previously declared defaults section.
I now have a
On 4/30/2015 2:11 PM, Cyril Bonté wrote:
Simply adjust your the log levels in your haproxy configuration for
those backends, by setting the minimum syslog level to error for
example, this will prevent still log the events but won't send them as
emerg/alert/crit (which I assume one of them is
On 5/1/2015 12:30 PM, Cyril Bonté wrote:
Message from syslogd@ at Fri May 1 11:29:51 2015 ...
localhost.localdomain haproxy[23754]: backend be-services-dev-8443 has
no server available!
Any other ideas?
Please provide your configuration, I'm quite sure it's a
misconfiguration in it.
I'm
I've built a shell script that will gather OCSP responses with the
'openssl' binary for a list of certificates. This will be very helpful
for me when I get a production haproxy running that does OCSP stapling.
It consists of a script, a config file, and a set of certificates that
probably need
On 4/29/2015 3:00 PM, Shawn Heisey wrote:
How can I be sure that openssl is compiled with support for TLS
acceleration in the CPU? I am compiling haproxy from source. Would you
recommend that I install a separate and newer openssl from source for
explicit use with haproxy, and tweak its
I have a load balancer setup with both haproxy and LVS-NAT. The LVS-NAT
is giving us high availability for FTP.
When I tried migrating everything from CentOS 5, where it all works, to
Ubuntu 14 (for the newer kernel and because I find debian-based systems
far easier to use), everything worked
On 5/8/2015 8:39 AM, Ben Timby wrote:
With some iptables rules you can use FTP active and passive mode via
haproxy.
The key is to assign unique passive port ranges to each backend then
port forward those ranges. You must be able to configure each FTP server
daemon with it's own range.
On 5/9/2015 2:04 AM, Malcolm Turnbull wrote:
LVS with FTP works fine in the current kernels but does need the
correct firewall modules loaded + conntrack enabled.
I was really hoping to avoid that, but the more I've read, the more I've
dreaded that the firewall would be required. Setting it up
On 5/9/2015 11:43 AM, Dennis Jacobfeuerborn wrote:
Most FTP clients these days support SFTP as well and if you use say
proftpd+mod_sftp then handling SFTP on the server side become pretty
much identical to handling FTP (except all that active/passive nonsense
goes away an nobody can simply
I found what I think is a couple of bugs. I'm running 1.5.12.
If mode http or option forwardfor are in the defaults section, I
cannot get a frontend configured with mode tcp to work.
The mode tcp config is not overriding the default choice, it operates
in the http mode specified in defaults.
On 5/15/2015 4:40 PM, Cyril Bonté wrote:
If mode http or option forwardfor are in the defaults section, I
cannot get a frontend configured with mode tcp to work.
The mode tcp config is not overriding the default choice, it operates
in the http mode specified in defaults.
It should not, are
On 4/11/2015 2:49 AM, Willy Tarreau wrote:
As you have posted yourself, this has nothing to do with haproxy, it's a
kernel crash (in the scheduler here). Your system is running a totally
outdated and unmaintained kernel (2.6.35.14) which suffers from many bugs
snip
Now regarding your version
On 5/20/2015 9:59 AM, Alex wrote:
Do I need rpcbind runing on haproxy , ? we are trying to use the haproxy to
load balance across GlusterFS for NFS using mode tcp
but i get connection refused port 111 .
NFS as a protocol is fairly complicated, like passive FTP in some ways.
An initial
On 6/4/2015 9:54 AM, Willy Tarreau wrote:
I simply used openssl dhparam size as suggested, and am trusting
openssl to provide something reasonably safe since this is how every user
builds their own dhparam when they don't want to use the initial one.
I've been trying to read up on this
On 6/2/2015 12:38 PM, Andrew Hayworth wrote:
Are you reloading HAProxy or issuing a 'set ssl ocsp-response' command
via the stats socket after you retrieve the response? That's necessary
after you pull down an updated OCSP response.
For example, here's our script that pulls down the OCSP
On 6/2/2015 11:42 AM, Lukas Tribus wrote:
Share your cronjob script, your configuration, and SSLtest output at least
(you
basically didn't share any OCSP related informations).
Here's the script that retrieves the OCSP responses, with its redacted
config file:
On 6/2/2015 1:29 PM, Andrew Hayworth wrote:
On Tue, Jun 2, 2015 at 2:16 PM, Shawn Heisey hapr...@elyograg.org wrote:
My script may update a dozen ocsp responses all used by a single haproxy
process ... so when I am using the stats socket to set the ocsp
response, how do I tell haproxy which
On 6/24/2015 8:58 PM, Baptiste wrote:
That said, I'll write a new DDOS protection article once HAProxy 1.6
will be released, since it embeds some new features which are
interesting on this topic.
I look forward to it. Thank you for your diligence!
Concerning your demand, I don't understand
On 6/24/2015 1:23 PM, Willy Tarreau wrote:
Thus my first goal with HTTP/2 in haproxy really is to make it a
solid H2-H1 gateway in order to provide a seamless migration to H2
to everyone, just like haproxy was massively used to provide IPv6
connectivity for the last IPv6 day.
I'll still
On 6/18/2015 4:32 PM, Shawn Heisey wrote:
On 6/17/2015 9:29 PM, Krishna Kumar (Engineering) wrote:
Referring to Baptiste's excellent blog on Use a lb as a first row of
defense
against DDoS @
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
I am
When http/2 support lands in haproxy, will http/2 support also be
required on the back end to take advantage of it?
I'm hoping that I can leverage http/2 without immediate support on the
back end. I would expect that the LAN connection between haproxy and
the back end servers will be fast enough
On 6/17/2015 9:29 PM, Krishna Kumar (Engineering) wrote:
Referring to Baptiste's excellent blog on Use a lb as a first row of
defense
against DDoS @
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
I am not able to find a follow up, if it was
I've done a Qualys Labs SSL test against my setup fronted with haproxy,
using this URL:
https://www.ssllabs.com/ssltest/index.html
I thought I had OCSP stapling correctly configured, but Qualys says it's
not there. I ave a cronjob that uses openssl to retrieve the .ocsp file
for each
On 7/23/2015 3:20 PM, Jim Gronowski wrote:
I’m trying to do health checks on a site that is served with SNI – so
going directly to the IP generates a 404 – the backend server is looking
for the hostname to determine which site to send it to.
Is it correct to put the full URL in the
On 10/14/2015 12:37 PM, Willy Tarreau wrote:
> Good catch, it's indeed "1.6" instead of "1.6dev". Where did you find this
> link ?
In the 1.6 section here:
http://www.haproxy.org/#docs
It's the "Lua reference manual in HTML" link.
Thanks,
Shawn
Before I get started with this, I know and acknowledge that the problem
I'm trying to solve is not in haproxy. I suspect that haproxy cannot do
what I'm going to ask, but I was asked if it could do it, so I am
passing the question along to make sure.
We are having a problem with our Liferay
On 10/16/2015 9:40 AM, Mark Betz wrote:
> I am not having much luck getting output from tcpdump inside the
> container. I don't have much experience with the tool so any tips will
> be appreciated. I'm starting the command in the container start-up
> script right before haproxy is launched...
>
>
Just FYI, in case you don't already know, I have some problems to report
with the documentation links on the website.
The 1.6 HTML documentation links on haproxy.org have "1.7-dev0" at the top:
http://cbonte.github.io/haproxy-dconv/intro-1.6.html
On 10/10/2015 12:31 AM, Willy Tarreau wrote:
> Is the response closed when this happens (eg: server crash) ? If so,
> we could add some sample fetches to detect that the request or response
> channels are closed in case that could help. This is trivial to do, but
> it will only be reliable if the
On 8/27/2015 6:52 PM, Nathan Williams wrote:
There's a sysctl for that, net.ipv4.ip_nonlocal_bind.
Interesting. That's one I had never seen before. I would assume that
the OS does this intelligently so that when the IP address *does*
suddenly appear at a later time, the application works
On 8/27/2015 10:22 PM, Nathan Williams wrote:
We have 2 OpenStack VMs with IPs on the internal network, a keepalived
-managed VIP on the internal network that's added to each VMs allowed
-address-pairs in neutron, and a floating IP from the external network
mapped to the internal VIP
When defining check entries in a backend, is it possible to provide SNI
information to the http client within haproxy so that backend Apache
webservers that support SNI can be used, and have the check request
directed to the correct virtualhost?
I saw something that said SNI checks are not as
On 12/16/2015 11:25 PM, Vincent Bernat wrote:
> From the point of view of Wordpress, you tell it that https is used.
> It doesn't need to know that you are using clear text between HAProxy
> and the backend.
Can anyone provide information about how to configure wordpress to do
this? I put
This is the backend config:
backend be-stg-spark-443
description Back end for spark stg ssl
errorfile 503 /etc/haproxy/pages/spark-error.http
no log
log 127.0.0.1 local0 notice err
server palazzo 10.100.2.17:443 ssl track chk-liferay-stg-443/palazzo
The
On 6/22/2016 12:45 AM, Jarno Huuskonen wrote:
> On Tue, Jun 21, Shawn Heisey wrote:
>> When I take down the back end server and make a request, I get the
>> browser's standard unavailable page, I do not see the custom page I
>> defined. Have I done something wrong?
>
&g
On 6/22/2016 7:41 PM, Michael Ezzell wrote:
> On Jun 22, 2016 7:06 PM, "Shawn Heisey" <hapr...@elyograg.org
> <mailto:hapr...@elyograg.org>> wrote:
> >
> > I have verified that there is nothing on the line after the headers. On
> > the recommend
On 6/14/2016 10:31 AM, Thijs Kinkhorst wrote:
> However, the following does not work:
> 1. Start HAproxy without the .ocsp file present.
> 2. Issue "set ssl ocsp-response " to socket.
> 3. HAproxy responds with "OCSP single response: Certificate ID does not
> match any certificate or issuer.",
On 4/2/2016 6:23 AM, Dennis Jacobfeuerborn wrote:
> What about the multiplexing of connections? If you use http 1.x to
> communicate with the servers you effectively nullify that 2.0 feature.
> At least in theory in order to actually get all the benefits from http/2
> you need support for the
I copied a front end to set up a new service on my haproxy install. I
changed the name of the front end, but forgot to change the port number
on the "bind" option.
Haproxy didn't complain about this configuration when I tested for
validity, so I didn't realize I'd made a mistake until the
On 4/12/2016 1:11 PM, Baptiste wrote:
> This is not an error, this type of configuration is valid. You should
> write a script which check this on your own.
I know it's not a config error, and I would not want effective behavior
in any current versions to be changed. The mistake was mine, not
On 4/1/2016 4:25 AM, Baptiste wrote:
> Do you guys, on the ML, really need HTTP/2? If so what's your deadline??
Need? Perhaps not. Want? Very much so. Deadline: ASAP, but don't be
in a hurry. I definitely prefer to have a battle-tested solution that
takes a year than a lousy implementation
On 3/29/2016 4:56 PM, Colin Leavett-Brown wrote:
> I have the following haproxy configuration:
>
> global
> daemon
> maxconn 2048
> tune.ssl.default-dh-param 1024
>
> defaults
> mode http
> timeout connect 5000ms
> timeout client 5ms
>
I'm working on some changes to a frontend, one of which is moving the
port 80 bind into the same frontend as port 443.
Which of the many directives that I'm using will be evaluated in order,
and which of them will take effect first no matter where they are?
Specific questions:
Will the
On 4/13/2016 10:46 AM, Shawn Heisey wrote:
> I'm working on some changes to a frontend, one of which is moving the
> port 80 bind into the same frontend as port 443.
>
> Which of the many directives that I'm using will be evaluated in order,
> and which of them will take effect
On 4/20/2016 12:56 PM, PiBa-NL wrote:
> Op 20-4-2016 om 20:45 schreef Shawn Heisey:
>> The problem is that if I try to go tohttp://spark.REDACTED.com:8080/
>> ... this is redirected tohttps://spark.REDACTED.com:8080/ ... and I get
>> this in the log:
> Are you using
On 5/4/2016 5:30 PM, Chris White wrote:
> I am trying to stop backend health check error messages from being
> logged to the system console.
> But I am still seeing error messages logged when a backend server goes down
> 2016 May 4 23:11:14 devtest0 backend web has no server available!
It's
I have this in my config:
listen stats 0.0.0.0:8080
description The stats listener.
stats uri /
Elsewhere in my config I have something that will redirect http requests
to the hostname spark.REDACTED.com over to https, which is not anything
unusual. The IP address for this
On 4/22/2015 7:17 PM, Tim Hogard wrote:
>
> The makefile is trying to install the systemd wrapper on all platforms even
> if it isn't built.
> This is from the current build haproxy-ss-20150422 as well as haproxy-1.5.11.
> The easy soltuion for non-linux systems is drop it to this:
>
On 7/27/2016 2:03 PM, Shawn Heisey wrote:
> I'm building some new load balancer machines and I need to install into
> systemd on them. I've compiled and installed haproxy 1.5.18, and found
> that a fix for the problem Tim outlined has made it into this version,
> and now even whe
On 1/25/2017 1:29 AM, Igor Cortes wrote:
> Hi, my name is Igor and I have a problem with the logs of HaProxy. I
> am using HaProxy to balance the SSH connections between some servers
> and I need to log only the successful connections.
>
> I am trying using the option dontlognull in the frontend
On 9/28/2016 9:13 AM, robert johnson wrote:
> I tried searching the mailing list with no luck. Any way, here is my
> question:
>
> Why does haproxy require the private key in the PEM file when
> terminating SSL?
>
> Other web servers only require the cert
As Andrew mentioned, all SSL server
On 5/7/2018 11:25 PM, UPPALAPATI, PRAVEEN wrote:
> If I add ssl termination to the config:
>
> listen http_proxy-1000
> bind *:1000 ssl test.pem
> mode http
> option httplog
> http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
>
> I get
On 1/30/2018 7:41 PM, 龙红波 wrote:
> h2load -n100 -c20 -m5 https://$0.172.144.113:1999/128
> starting benchmark...
> spawning thread #0: 20 total client(s). 100 total requests
> TLS Protocol: TLSv1.2
> Cipher: ECDHE-RSA-AES256-GCM-SHA384
>
On 2/13/2018 7:49 AM, Andrew Smalley wrote:
> We have had a request and not sure if there is any way to implement this.
>
> Simply think of two real servers being loadbalanced. one fails all the
> connections are moved to the remaining server overloading it.
>
> What we want is for the traffic
On 2/19/2018 10:08 AM, TomK wrote:
> Wondering if there is a way to setup an HA NFSv4 server using HAPROXY
> and keepalived or if anyone tried that doesn't result in the client
> disconnecting with this error even when using the VIP through a basic
> HAPROXY + keepalived config:
>
>
I'm trying with 1.8.13 to get full logging of requests that would push
the syslog message beyond 1024 characters. I'm not having very good luck.
I have this config in global:
log 127.0.0.1 len 65535 format rfc5424 local0
log 127.0.0.1 len 65535 format rfc5424 local1 notice
In some of
On 8/14/2018 3:06 PM, Cyril Bonté wrote:
>> Is there any config that will successfully log the full request?
>
> Please read the documentation about the length option for the log
> keyword, particularly the part about tune.http.logurilen ;-)
Thank you! That fixed it, I'm now successfully
I have a setup that works like this:
internet->haproxy->apache->tomcat
I have been doing some experiments where the apache server is skipped,
and traffic goes directly from haproxy to tomcat. These experiments
have gone very well. Removing Apache from the mix would simplify things
greatly.
I
On 7/17/2018 2:17 PM, Jonathan Matthews wrote:
> That's *entirely* your local syslog daemon's responsibility -
> configure it appropriately, and it'll do what you want.
I seem to remember there being logging options to have haproxy create
logfiles directly, in addition to syslog. But now when I
I have a script on my system that I use to handle compiling and
installing a new haproxy version. That script has
"EXTRA=haproxy-systemd-wrapper"on the line that does the install.
It looks like that's no longer part of haproxy, and that the systemd
service definition (included in contrib)
On 4/16/2018 9:15 AM, Lukas Tribus wrote:
Hello Shawn,
please keep the mailing-list in the loop.
Sorry about that. Looks like the haproxy list doesn't set a reply-to
header sending replies to the list. Most mailing lists I have dealt
with do this, so just hitting "reply" does the right
1 - 100 of 275 matches
Mail list logo