Hi,
I have some linux boxes with very old kernels. Unfortunately, I cannot
upgrade them due to the fact that they work very stable. for
example,their uptime is already some
years, which is not true speaking about modern kernels.
But there is one problem: HAPproxy hangs when I turn on SSL options.
This is my mistake. The option "strict-sni" works right.
On Fri, Feb 26, 2016 at 03:39:24PM +0300, Alexey Vlasov wrote:
> Hi,
>
> Thank you for your answer!
>
> Yes, it seems that this option is what I actually need. But
> unfortunatelly it doesn't work every
-52 62 2c 55 09 5e 6f 3f
.g.A+(.rRb,U.^o?
0080 - f3 26 36 ea c8 c0 6c ce-89 97 70 71 5e 8e b6 65
.&6...l...pq^..e
0090 - d1 42 a5 9d 9c 89 f0 3f-af 1d a6 48 ca 7d 4f 73
.B.?...H.}Os
00a0 - 89 a1 d8 c3 10 fe ee 46-3b 7b 3c 4c 59 83 25 08
...F;{ Hi,
> Op 24-2-2016 om 12:1
Hi,
I have a task: I have to make a HTTPS protocol support using the SNI
extension for websites on my virtual hosting.
My simplest working configuration looks like this:
==
frontend http-in
bind111.111.111.111:80
errorfile 408 /dev/nu
before haproxy, he sends requests in
not encoded.
> tcpdump -A is not exploitable because it replaces unprintable chars
> with dots. Better use tcpdump -X instead. Also you can safely use
> -s0 instead of -s2000. 0 will dump the exact packet size.
Willy, i sent you an apart mail with the file with tcpdump.
--
BRGDS. Alexey Vlasov.
s like the only alternative is to add "option
> accept-invalid-http-request" in your frontend configuration.
I tried to add "option accept-invalid-htttp-request" to the section
default, but haproxy still gives badrequest.
--
BRGDS. Alexey Vlasov.
says that the error is at position 23, which looks to
> be a P, but I guess this is due to the copy/paste.
> A tcpdump may help understanding what type of character is at this position.
>
> That said, sounds weird that it works with HAProxy 1.4 and does not
> anymore with 1.5-dev12.
Yes, it's 400 error. But the tuning unfortunately doesn't help.
--
BRGDS. Alexey Vlasov.
On Fri, Sep 21, 2012 at 06:50:30PM +0200, Thomas Heil wrote:
> Hi,
>
> If this is error 400. Maybe your Get Request become too long.
> Would you mind try increasing your buffsize but
aux4.p2
00887 Connection: Keep-Alive
00911
On Fri, Sep 21, 2012 at 04:00:00PM +0200, Baptiste wrote:
> Hi,
>
> could you run a "show error" on haproxy stats socket?
> It will tell you exactly where the error is located.
>
> cheers
>
> On Fri, Sep 21, 2012 at 2:50
=
There's no such 400 error in version 1.4.
--
BRGDS. Alexey Vlasov.
The first file, this is a session between apache_fe and haproxy, and to
mind it's ok with it. And the second dump has really something strange
to show, look, may be it can tell something to you.
> BTW, what version are you running ?
1.4.8
--
BRGDS. Alexey Vlasov.
apache_fe-haproxy-1sess.pcap
Description: application/cap
haproxy-apache_pool1-2sess.pcap
Description: application/cap
the log you can see that the request has been processed
normally (normal size of a response, 425885 bytes - apache_pool1 log)
for 10 seconds , but haproxy somehow returned to the client 502-th error.
"show errors" doesn't show anything.
Does anyone know what else can be added into the options of haproxy
logging? Or maybe somebody just knows how this can be fixed.
Thank you in advance.
--
BRGDS. Alexey Vlasov.
/1575.html
> >
> > Here I give the example of how it looks:
> It's more complex than just black-or-white. First, there's a solution so
> that you never have any error at all, but let me first explain what is
> happening and why it's behaving that way.
> ...
Thank you for such a comprehensive answer.
--
BRGDS. Alexey Vlasov.
My challenge is to make ha proxy not to return to the user an error
502 at once, but to make it try to repeat the inquiry times
through N time intervals, and if it all failed only then let haproxy
return to the user the 502 error. Can I somehow do it or is there
any other suitable decision?
-
15 matches
Mail list logo
