understood haproxy that it can handle session failover. Im wrong with this?
tia
stefan
Hello,
We also have the same issue.
A lot of SSL handshake failure records in log file.
We also have a lot of SSL handshake failure records in log file
Here some details on configs:
- haproxy -vv:
HA-Proxy version 1.5-dev23-8317b28 2014/04/23
Copyright 2000-2014 Willy Tarreau w...@1wt.eu
Build options :
TARGET = linux2628
CPU = native
CC = gcc
CFLAGS = -m64
for last 6 months.
With Regards, Stefan
Hello,
I'm stuck with one issue. Can you help me, please.
I have a service that gets about 1K connections/second
and 15K requests/sec in top.
And my service should response maximum in 120 ms.
The client, that sends me these requests within keep-alive connection.
But i have a lot of 400 and
Hello,
After upgrading to dev23 version, WebSocket stopped working:
Error during WebSocket handshake: Unexpected response code: 301
With Regards, Stefan
) errors per sec. My boss always looking there )))
Of course i can tell know: thanks to Google, but
is it possible to reduce this number in stats?
With Regards, Stefan
Ok.
And the last question about 4xx errors;
At this moment i also have a lot of errors:
0/0/0/-1/317 400 187 - - CH-- 30142/19850/93/4/0 0/0 POST
In docs it describes as:
The client aborted while waiting for the server to start responding.
It might be the server taking too long to
Hello Willy,
As i wrote before, i had an issue with WebSocket in dev23 version:
Error during WebSocket handshake: Unexpected response code: 301
I still have it in dev24 version.
Rolled back to dev22 version.
With regards, Stefan
More details:
This acl stopped working:
acl is_web_socket hdr(Upgrade) -i WebSocket
As a workaround, i can use path detection
(my all websocket path starts with /ws/)
acl is_web_socket path_beg /ws/
With Regards, Stefan
Thanks
With Regards, Stefan
either, since I just see
the http requests there.
Any ideas on where to start looking for the issue?
Thank you in advance.
Regards,
Stefan
_
Invite your mail contacts to join your friends list
Willy,
I noticed that we had the dontlognull option already set, but we obviously
still get these messages.
Regards,
Stefan
Date: Mon, 5 Oct 2009 09:41:57 +0200
From: w...@1wt.eu
To: phu...@hotmail.com
CC: haproxy@formilux.org
Subject: Re: Error responses in statistics
On Mon
Hi,
we are currently using Tomcat 6.0.24 (8 servers) behind a haproxy. We are
serving both a webapp and static content through this and are seeing issues
when more and more static content needing to be served.
Therefore we are trying to front Tomcat with Apache. Here is where I run into
without any negative effects.
It's like Tomcat is releasing the connections more efficiently/quickly or
something.
/Stefan
Date: Mon, 8 Mar 2010 10:12:46 +0100
From: w...@1wt.eu
To: phu...@hotmail.com
CC: haproxy@formilux.org
Subject: Re: Problems serving HTTP content (lingering
keep alive.
There are no attacks happening (knock on wood).
/Stefan
From: phu...@hotmail.com
To: haproxy@formilux.org
Subject: RE: Problems serving HTTP content (lingering connections?)
Date: Mon, 8 Mar 2010 10:26:31 +0100
Thanks for your reply.
I have extensive internal monitoring
(which is approx.
the current load).
Weird indeed.
dmesg is not available by the way, runnign on Windows XP x64.
/Stefan
From: david.birds...@gmail.com
Date: Mon, 8 Mar 2010 02:33:23 -0800
Subject: Re: Problems serving HTTP content (lingering connections?)
To: phu...@hotmail.com
CC
.
Cheers,
Stefan
From: phu...@hotmail.com
To: haproxy@formilux.org
Subject: RE: Problems serving HTTP content (lingering connections?)
Date: Mon, 8 Mar 2010 11:45:03 +0100
It's hard to get a decent reading from the status page, since it keeps turning
off the socket all the time (reaching
and the logging buffer set
to 1kb.
Which other defines would I need to change ?
The hardware that is running haproxy is a proliant dl380 g5 : 2
cpus Intel Xeon E5440 @ 2.83GHz 4 cores each, 16GB ram, ubuntu 10.04 x64.
Regards,
Stefan
Hi,
First of all thank you very much for your fast response !
On 11/08/10 22:45, Willy Tarreau wrote:
Hi Stefan,
On Wed, Aug 11, 2010 at 11:31:35AM +0100, Stefan Cocora wrote:
Hello all,
I'm faced with a couple of things that I want to change in haproxy
1.4.8.
First I'll
frontend public
bind *:80
default_backend nodes
backend nodes
option httpchk GET /rest/testAvailability
balance roundrobin
server js1 10.0.1.18:81 check inter 4000
server js6 10.0.1.19:81 check inter 4000
regards,
Stefan Reger
?
Greetings
--
Stefan Majer
persistence based on a cookie
haproxy added. talks to stunnel via unix-socket.
stunnel: terminates http encrypts traffic with ssl and forwards to
backend servers.
Do i need support for proxy-protocol anywhere ?
Greetings
Stefan
On Tue, Jul 17, 2012 at 7:00 AM, Baptiste bed...@gmail.com wrote:
Guys
.
This setup works like a charm.
kudos to Will et.al. !
Greetings
Stefan
On Wed, Apr 24, 2013 at 8:15 PM, Dave Ariens dari...@blackberry.com wrote:
Hi subs,
** **
I've looked around online and on the official site's add-ons and other
solutions areas but can't find mention
the
specified timeout.
If there is a chance i will give it a try in our production.
Greetings
Stefan
On Tue, Jan 28, 2014 at 11:28 PM, Willy Tarreau w...@1wt.eu wrote:
On Tue, Jan 28, 2014 at 10:16:39PM +, Wei Kong wrote:
Thanks. Looks like it is websocket connections for us too. So
the
specified timeout.
If there is a chance i will give it a try in our production.
Greetings
Stefan
On Tue, Jan 28, 2014 at 11:28 PM, Willy Tarreau w...@1wt.eu wrote:
On Tue, Jan 28, 2014 at 10:16:39PM +, Wei Kong wrote:
Thanks. Looks like it is websocket connections for us too. So
Hello list,
We are running a three-node HA-proxy setup infront of our AWS cluster. We are
currently using it to black-list http headers with reg-exps, however, we would
also like to use it for white-listing http-headers. That would require negated
reg-exps. We have tried using negated Perl
On 2014-06-28 08:40, Stefan Möhl wrote:
Hello list,
We are running a three-node HA-proxy setup infront of our AWS cluster.
We are currently using it to black-list http headers with reg-exps,
however, we would also like to use it for white-listing http-headers.
That would require negated
option forwardfor
option httpclose
default_backend webfarm
Thank you.
-Original Message-
From: Pavlos Parissis [mailto:pavlos.paris...@gmail.com]
Sent: Wednesday, December 2, 2015 10:58 AM
To: haproxy@formilux.org
Subject: Re: Multiproc balance
On 30/11/2015 06:03 μμ, Stefan
60%.
What decides this "balancing" between the haproxy processes? Can it be the VM
setup? I've never run a multiproc setup with haProxy on a physical machine, so
I don't have any reference to such a setup.
Thank you.
Regards,
Stefan
1) Yes, session rate is connections per second. Sessions are active (open)
connections in the moment you display the stats page.
2) My numbers are more or less equal usually, but it could perhaps be that
you have a lot of HTTP requests that haProxy rejects (e.g. empty or invalid)
and
to less than 1%
(Windows XP etc).
So basically there's no reason to run those any longer.
Cheers.
-Original Message-
From: Chad Lavoie [mailto:clav...@haproxy.com]
Sent: Tuesday, March 8, 2016 9:45 PM
To: haproxy@formilux.org
Cc: Jeff Palmer <j...@palmerit.net>; Stefan Joh
Hi,
is it possible somehow to extract statistics on cipher used (total SSLv3, total
RC4 etc.) without necessarily turning on connection logging and extract the
data from there?
Thank you.
Regards,
Stefan
rently I use httpclose, which obviously closes both sides.
Also, has anybody had any issues with http-server-close in high traffic
environments? Like lingering connections, connections not closed properly etc.
Thank you.
Regards,
Stefan
Many thanks!
Cheers.
-Original Message-
From: Baptiste [mailto:bed...@gmail.com]
Sent: den 22 april 2016 14:49
To: Stefan Johansson <stefan.johans...@adtoma.com>
Cc: haproxy@formilux.org
Subject: Re: Regarding client side keep-alive
> Basically, I want the client<>haPr
with is the following:
timeout connect 5000
timeout http-request 5000
timeout http-keep-alive 1
timeout client 3
timeout server 3
What's your opinion?
Thank you.
Regards,
Stefan
idea what I am doing wrong?
Thanks in advance!
Stefan
smime.p7s
Description: S/MIME cryptographic signature
alm unless the "realm xxx"
would actually be included in the configuration. Is that a bug? I didn't find
any documentation or bug report about it.
Stefan
--
Stefan Seidel
DIrector Network Systems
Kalaam Media Ltd.
A company limited by guarantee and registered in England and Wal
"KeepAlive Off” configured)
$ ab -v 1 -c 10 -n 1000 http://10.27.100.45/test/index.html | grep -e Requests
-e Complete -e Failed
Complete requests: 1000
Failed requests:0
Requests per second:7948.87 [#/sec] (mean)
Thanks!
Stefan
> On 16 Aug 2017, at 17:53, Stefan Sti
Hi,
please do not bother ay further about this. I had an iptables rate limit of 25
SYN requests per second configured.
Sorry for wasting your time.
Stefan
> On 16 Aug 2017, at 20:35, Stefan Sticht <ste...@sticht.net> wrote:
>
> Hi,
>
> sorry I missed to tell details: h
server web2-ip1 192.168.2.12:80 check source 192.168.2.115
non-stick inter 30s maxconn 102400
server web2-ip2 192.168.2.22:80 check source 192.168.2.116
non-stick inter 30s maxconn 102400
[...]
Thanks!
Stefan
still to come ;)
Regards,
Stefan
-Original Message-
From: Willy Tarreau
Sent: Sunday, 12 April 2020 18:19
To: Hativ
Cc: Tim Düsterhus ; haproxy@formilux.org
Subject: Re: TLV problem after updating to 2.1.14
Hello Hativ,
On Sun, Apr 12, 2020 at 09:49:02AM +0200, Hativ wrote:
> Hello Wi
Hi,
My name is Stefan and I represent TheVPNShop.com who specialise in VPN
comparison and reviews. We are hoping to change the way people shop and buy
VPNs in a market that is currently only suited to the review sites who get
paid to list VPNs in a certain order.
Anyway, we are writing
Add optional slowstart parameter to dataplaneapi-specification and build new
models from it. There two followup patches pending, one on client-native and
one on dataplaneapi, waiting for those to be merged.
--
Kind regards,
Stefan Scheglmann
SWH Dev
Phone + 49 30 88615 3358
Fax
Adds slowstart parameter to dataplaneapi-specification. These patches add
slowstart to dataplaneapi-specification.
Sry for duplicate, this replaces previous mail with one mail per patch and
patch included.
>From a02f7bef4ae6624eeaa916294e896c7af73b451a Mon Sep 17 00:00:00 2001
From: Ste
Builds new models with added slowstart server parameter.
>From 7638bf05e36f3ae890e4d023acbfeb60bee4b802 Mon Sep 17 00:00:00 2001
From: Stefan Scheglmann
Date: Thu, 30 Apr 2020 13:05:49 +0200
Subject: [PATCH] MINOR: server: adds slowstart parameter
Newly generated models, adding supp
unsubscribe
--
Kind regards,
Stefan Scheglmann
PAAS Developer
E-mail scheglm...@strato.de
Website www.strato.com
STRATO AG | Pascalstraße 10 | 10587 Berlin | Germany
The mandatory information can be found here
https://www.strato-hosting.co.uk/imprint/
the best possibility could be "option httpclose"?
Of course, this does not solve everything when a ~100k botnet is attacking, but
it could ease the initial load / mitigate the pipelining vector a bit, as the
attack clients have longer RTT.
Or maybe I am missing something?
Best regar
Hello all,
First, we can not change to newer version so fast within the project.
We are having on old installation of haproxy (1.7.9) and we have the
need to configure tcp- mss- value on backend site.
Is that possible to change the mss- value on backend site? How?
Tia
Stefan
alive" also mention
pipelining.
So I guess I did just misunderstand the documentation and it would be nice to
just clarify it in the docs that haproxy does not support HTTP/1.1 pipelining.
Best regards,
Stefan Behte
-Ursprüngliche Nachricht-
Von: Christopher Faulet
Gesendet:
Hello Lukas,
okay, thanks!!
Stefan
Am 13.07.21 um 20:49 schrieb Lukas Tribus:
Hello Stefan,
On Tue, 13 Jul 2021 at 14:10, Stefan Fuhrmann
wrote:
Hello all,
First, we can not change to newer version so fast within the project.
We are having on old installation of haproxy (1.7.9
Hello Marc,
when I understand you correct then you have forwarding enabled to that
ports on pf.
I had a similar issue on pfsense. The solution was to disable the
forwarding to that port.
Maybe it helps you...
greats
Stefan
when I understand you correct then you have forwarding
Am
Hello Marc,
one another:
source ipv4@ usesrc clientip
hope that helps.
Stefan
Am 17.02.23 um 12:47 schrieb Marc West:
Hi,
After my other thread about performance issues on OpenBSD we decided to
switch OSes on our HAProxy boxes to FreeBSD 13.1. In the test
environment everything
Hello,
how ist it with:
https://github.com/hap-wi/roxy-wi
Im using also pfsense firewall, which has also a gui
greets
Stefan
Am 27.04.23 um 04:32 schrieb Jeremy Hansen:
Just curious if there’s any useful web interfaces for managing HAProxy
configs?
Thanks
-jeremy
way to make sure the configuration works as expected?
Can we somehow monitor the number of requests that get tarpitted or
connectionis that get dropped, or is this info not collected/exposed by
haproxy at all?
BTW - using haproxy 1.8.4 alpine image
Cheers
Stefan
-length: 0
Location: https://example.com/.well-known/acme-challenge/
What am I doing wrong? Is the acl-position in a haproxy-config not important?
Thx, Stefan
Hit Tim,
> The ACLs order is not relevant, I recommend to group them all together
Thx a lot, it is now working with your advice!
Best regards,
Stefan
57 matches
Mail list logo