be applied starting from 2.9. Patch attached.
>
> --
> William Lallemand
>
Hi William,
I used to use this message for 13 years while manually checking confs :)
I think it may impact admins / devs who run these manual checks, but not
too hard as we all look for "ERROR" or "WARNING" by default.
I think it's "ok" to change this. I will just miss it :D
Baptiste
Hi,
I am trying to figure out how to use multiple http-check in my backend. I can’t
figure out the proper syntax. Any help is appreciated.
backend avax-mainnet
option httpchk
stick-table type ip size 1m expire 1h
stick on src
balance leastconn
http-check send meth POST uri /ext/info hdr Content-
og/syslog file.
You may want to configure syslogd to send HAProxy log messages in a
dedicated folder.
Baptiste
Hi Henning,
Please remove this "option http-server-close" from your configuration,
entirely :)
Baptiste
t; Sebastien
>
>
Hi Sebastien!
Thx a lot for your contribution!
I just updated the wiki page:
https://github.com/haproxy/wiki/wiki/SPOE:-Stream-Processing-Offloading-Engine
Baptiste
or 401 and 500
>
> I am capturing traffic from both NIC 1 and NIC 2 but I cannot relay find
> out what is going on and how to see what is the problem.
>
>
>
> Hope somebody have an idear how to fix this.
>
>
>
> Regards
>
> Henning
>
Hi Henning,
You can start HAProxyin debug mode and check what happens and also share
generated log lines, they may contain useful information such as
termination status code for the session.
Baptiste
WOW, amazing release!
so many new toys to play with and some basement for future improvements!
Thank you all.
Baptiste
it into HAProxy
(you can use the GO client library
https://github.com/haproxytech/client-native)
- implement your consistent hash in Lua apply it to a use-server directive
in your backend (this might impact performance)
Baptiste
Hi,
>From the first link, I understand you're trying to do the following:
user MUA ==> HAProxy ==> fleet of power MTA ==> Internet ==>
destination MTA
Is this correct?
Baptiste
On Thu, May 6, 2021 at 5:13 AM Brizz Bane wrote:
> I am wanting to set up HAProx
/fiximate.fixtrading.org/en/FIX.5.0SP2_EP264/tag49.html
>
> [2] https://fiximate.fixtrading.org/en/FIX.5.0SP2_EP264/tag56.html
>
>
>
>
>
>
>
> Thanks,
>
> -- Daniel
>
>
>
Hi,
Thank you Daniel for reporting / fixing this.
The patch looks correct and may be applied.
Baptiste
is is also related to github issue 971.
Backport status is 2.2 and above.
Baptiste
From 78ddb9c32a1bb09e05ac592f8f8862491465aa69 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Wed, 25 Nov 2020 08:17:59 +0100
Subject: [PATCH] BUG/MINOR: dns: SRV records ignores duplicated AR records
This bug happ
On Fri, Nov 27, 2020 at 4:57 AM Baptiste wrote:
> Hi,
>
> This patch should fix github issue 971. I was not able to reproduce the
> bug myself, but the behavior of HAProxy in Hynek's environment makes me
> think this is a good candidate.
>
> In short, when a server re
2.3.
From b3c9ba9a7bf207c7f648a9885decc2631308850c Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Wed, 25 Nov 2020 08:17:59 +0100
Subject: [PATCH] BUG/MINOR: dns: SRV records ignores duplicated AR records
This bug happens when a service has multiple records on the same host
and the server pr
Hi,
Cool release and another +1 for the backport of the "del-header -m".
Baptiste
r from its
MAINT status after a scaled down and scaled up operation sequence.
This can lead to all server going in MAINT in a backend.
Both should be backported to 2.2.
Baptiste
From 04e6e0941f1e84ca3d41dfac00cd253c010a9422 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Tue, 4 Aug 202
On Tue, Jul 28, 2020 at 2:59 PM Jerome Magnin wrote:
> Hi,
>
> On Sun, Jul 26, 2020 at 10:41:18PM +0200, Willy Tarreau wrote:
> > Thanks Jérôme,
> >
> > CCing Baptiste for approval (in case we've missed anything, I'm clueless
> > about DNS).
> >
&
Hi Jerome,
Thanks a lot for the debugging and the fix.
This is all good and can be applied.
Baptiste
On Tue, Jul 28, 2020 at 2:09 PM Jerome Magnin wrote:
> Hi,
>
> this is a patch for issue #775.
>
> --
> Jérôme
>
pect in our application in terms of sessions/packets/request?
> Thanks!
> G-
>
Hi Gaetan,
As Alexandar said, we would need your anonymized configuration and your
haproxy version.
Baptiste
lid means that we keep this response for said period if the server
becomes unresponsive or returns NX.
HAProxy carry on performing queries at timeout.resolve period to ensure a
faster convergence in case the response is updated.
Baptiste
ation.html#4.2-http-request%20do-resolve
You can extract whatever information and do a DNS resolution and use the
resulting IP as a destination.
Baptiste
4-244.node.dc1.consul.
>>
>> The server's weight reported by haproxy is 1 where I expected to see 10.
>> Just to clarify, is this expected or there is a mixup between priority and
>> weight?
>>
>> Thanks,
>> Igor
>>
>>
> Giving thi
have some timers provided by
apache for this session?
how many connections are established between apache and haproxy?
Baptiste
The function smp_fetch_capture_req_ver called when using the fetch
capture.req.ver don't return the right protocol version when H2 is in
use. It returns only "HTTP/1.1".
This patch fixes this behavior and now the expected string is returned,
whatever protocol is used.
gt; value, how did it get into the state file at all?
>
I can confirm this is not supposed to happen!
And I could reproduce this behavior since HAProxy 1.8.
Not sure if its a bug or a feature request, but i do think it should be
> changed :). Can it be added to some todo list? Thanks.
>
This is a bug from my point of view.
I'll check this.
Could you please open a github issue and tag me in there?
Baptiste
and no Authorization
header can be found, then HAProxy fails back to a round robin mode.
Now, if you need persistence, I think you can enable "balance leastconn"
and then use a stick table to route known Authorization header to the
right server.
More information here:
https://www.haproxy.com/fr/blog/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/
Baptiste
Hi here
These patches introduce a few function to the ist API and also a converter
to validate a FIX message and to extract data from a FIX payload.
Thx at Christopher for his help during this dev.
Baptiste
From 4e9de7128c7065dc01b423dcce13b18487f1f353 Mon Sep 17 00:00:00 2001
From: Baptiste
Hi there,
A couple of patches here to cleanup and fix some bugs introduced
by 13a9232ebc63fdf357ffcf4fa7a1a5e77a1eac2b.
Baptiste
From 801e4f1d7ad1f9858f4b646fc4badebab3b46715 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Wed, 19 Feb 2020 00:53:26 +0100
Subject: [PATCH 1/2] CLEANUP
r 64.6.64.6
>
> options timeout:1 attempts:2
>
> I'd like to achieve situation where other nameservers would be used only
> when local caching server fails. Don't want to manually configure only
> local one in resolvers section (no failover) and would very much prefer
> not to duplicate name server config in resolv.conf and HAproxy config.
>
> --
> Veiko
>
>
>
Hi Veiko
You are correct, all servers are queried at the same time and we pick up
the fastest non-error response. Other responses will be simply ignored.
So if your local cache answers faster than google DNS servers, then you're
already covered.
Baptiste
1 a.b.c.h:80 check
Note that you can update the MAP through te runtime API.
Hopefully this helps.
Baptiste
anyways ;-) ), and my knowledge of the HAProxy
> codebase is weak right now.
>
Hi Luke,
Have a look at src/dns.c, function dns_check_dns_response.
It must be done at 2 places. Just search for "weight" and do it right after.
On latest commit, these are lines 590 and 660.
Baptiste
i++;
> + break;
> + }
> +
> dn[offset] = (i - offset);
> offset = i+1;
> continue;
> --
> 2.7.4
>
>
Patch approved!
Baptiste
oup, and so on (unless first
group recovers, of course). Then, priority could be used to set up the
groups, cause HAProxy would assign al server with same priority in the same
group.
What we can do for now, is consider "active" a priority 0 and backup, any
value greater than 0.
Baptiste
, please don't apply the patch yet, I want to test it much more
before.
Baptiste
On Tue, Feb 18, 2020 at 2:03 PM Baptiste wrote:
> Hi guys,
>
> Thx Tim for investigating.
> I'll check the PCAP and see why such behavior happens.
>
> Baptiste
>
>
> On Tue, Feb 18,
Hi guys,
Thx Tim for investigating.
I'll check the PCAP and see why such behavior happens.
Baptiste
On Tue, Feb 18, 2020 at 12:09 AM Tim Düsterhus wrote:
> Pieter,
>
> Am 09.02.20 um 15:35 schrieb PiBa-NL:
> > Before commit '2.2-dev0-13a9232, released 2020/01/22 (u
On Tue, Jan 28, 2020 at 12:19 AM Miroslav Zagorac
wrote:
> On 01/28/2020 12:02 AM, Baptiste wrote:
> > On Sun, Jan 26, 2020 at 7:53 PM William Dauchy
> wrote:
> >
> >> hostname were limited to 62 char, which is not RFC1035 compliant;
> >> - the parsing loop s
lliam
>>
>
On a side note, I am working on building tests for the DNS in HAProxy using
socat + script as a DNS server in vtest.
I am at a point where dig can query my socat+script, then I'll try HAProxy,
then I'll do the vtest integration.
Baptiste
) && (d[i] != '.')) {
> + if (!(*string))
> + break;
> +
> + if (*string != '.' && i >= DNS_MAX_LABEL_SIZE) {
> if (err)
> *err = DNS_LABEL_TOO_LONG;
> return 0;
> }
>
> - if (*d == '\0')
> - goto out;
> -
> - c = ++d;
> + string++;
> }
> - out:
> return 1;
> }
>
> --
> 2.24.1
>
>
This patch is "approved".
Willy, you can apply.
Baptiste
On Mon, Jan 27, 2020 at 7:50 PM Nelson Branco
wrote:
> Do anyone know if “check-sni” should have effect as well on “tcp-check
> connect ssl” at version “HAProxy version 1.8.8-1ubuntu0.9, released
> 2019/12/02”?
>
Hi,
What do you mean by "effect" ?
Baptiste
gloups, I did fix all those points before sending the final version and I
forgot to clean up the comments.
Will send a patch to clean them up.
Baptiste
available and relevant. If none found, previous behavior will
apply (on a per server basis).
This is behavior defined in RFC 2782 for DNS SRV records.
Baptiste
From a18ab5880ee04b75234eb65ca8a8be4a425d5ba6 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Fri, 7 Jun 2019 09:40:55 +0200
Subject
big deal, this rule will be
ignored.
Baptiste
From c8192107c7055e36a6b6ab9b262b448a52346776 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Thu, 16 Jan 2020 14:34:22 +0100
Subject: [PATCH] MINOR: http_act: don't check capture id in backend
A wrong behavi
its output wherever we want is great too for
production purpose.
Can we also use an env variable? So we can easily switch from stdout to
ring buffer without updating the config file?
Baptiste
processing outside of the HAProxy process)?
You can answer me privately if you don't want such info to be public.
Baptiste
On Thu, Nov 28, 2019 at 2:17 PM Julien Pivotto
wrote:
> On 28 Nov 11:02, Baptiste wrote:
> > On Thu, Nov 28, 2019 at 10:56 AM Julien Pivotto
> > wrote:
> >
> > > On 28 Nov 10:38, Baptiste wrote:
> > > > 'hold valid' still prevents HAProxy fro
On Thu, Nov 28, 2019 at 10:56 AM Julien Pivotto
wrote:
> On 28 Nov 10:38, Baptiste wrote:
> > 'hold valid' still prevents HAProxy from changing the status of the
> server
> > in current Valid status to an other status for that period of time.
> > Imagine you
turned for
more than 5 minutes (as stated in your config), then it will change.
Baptiste
terval between 2
DNS resolutions was not applied when the response was valid.
(f50e1ac4442be41ed8b9b7372310d1d068b85b33)
So to recover from previous behavior, just increase this value, which is by
default 1s.
Baptiste
I am personally all confused by this report :)
Furthermore, as mentioned the test on eb was already done.
If the fix is to remove the useless test on res, then William's patch is
right.
(Thx for handling it William)
Baptiste
Hi there,
Since a short term reliable solution can't be found, we can apply this
patch as a workaround.
Baptiste
>
t;
Hi,
You should just open traffic to ports configured on the VIP in HAProxy.
Baptiste
On Mon, Nov 18, 2019 at 2:37 PM Daniel Corbett wrote:
> Hello,
>
>
> On 11/18/19 7:05 AM, Willy Tarreau wrote:
> > On Mon, Nov 18, 2019 at 12:06:08PM +0100, Baptiste wrote:
> >> When we first designed this feature, we did it with this in mind "if
> admins
&g
ight
accordingly".
I understand the need, but the response is way too short. It's a global
question of precedence in HAProxy from my point of view.
I am scared that if we start to adjust things this way, we'll end up with
1000s of flags overlapping each others and adding complexity on top of
complexity.
The real question is "what prevents an admin from updating a DNS record?"
Or why they don't failover to A/ records only?
Baptiste
>
> What do others think ? Igor maybe you have a particular opinion on
> this one ? Baptiste, anything from the dynamic use cases you're aware
> of ?
>
>
Hi Willy,
I did some backlog and yes the use case around "external LB to multiple
kubernetes clusters" is &q
n when the nameserver is not very reliable...
Baptiste
From d278cff87aa9037f1d05216ea14e2bc8bab5cd2a Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Thu, 7 Nov 2019 11:02:18 +0100
Subject: [PATCH] BUG: dns: timeout resolve not applied for valid resolutions
Documentation states that the interval
Hi Willy,
Please find the patch updated. I also cleared a '{' '}' that I added on a
if condition. This would make the code "cleaner" but should not be part of
this patch at all.
The new patch is in attachment.
Sorry again for the mess.
Baptiste
On Wed, Nov 6, 2
Hi Willy, Jarno,
Sorry, I did forgot those 2 printf that were here for debugging purpose
only.
I can resend the patch tonight.
Baptiste
On Wed, Nov 6, 2019 at 7:43 AM Willy Tarreau wrote:
> Hi Baptiste,
>
> thanks for the fix, but before taking it, are you really sure it's
>
Hi there,
David Birdsong reported a bug last week about http do-resolve action not
using the DNS cache.
The patch in attachment fixes this issue.
There is no github issue associated to this bug.
Backport status is up to 2.0.
Baptiste
From 74e1328ef08de6740c30b5b5989d1413bb904742 Mon Sep 17 00:00
On Wed, Oct 30, 2019 at 4:48 PM David Birdsong
wrote:
>
> On Wed, Oct 30, 2019 at 11:39 AM Baptiste wrote:
>
>> Thanks!
>>>
>>> It had that feel to it...seemed like a cache lock timeout and/or somehow
>>> tied to the request interval.
>>>
>
-resolve action:
http-request do-resolve(txn.myip,main_resolver_do-resolve,ipv4)
hdr(Host),lower
And you should be good until I fix it and it's backported.
Baptiste
avid,
I confirm I can reproduce the issue and from my first quick look, it is
related to DNS code in HAProxy.
Basically, there is a cache of the valid responses and from what I
observed, your do-resolve session is registered to the resolution and
instead of pulling info from the cache, it's waiting until the next request
is sent and gets updated with the next response.
Let me fix this.
Baptiste
My 2 cents: "let's wait for Windows to adopt the Linux kernel"..
.
It's on purpose and by design to allow the admin themselves to decide when
they want to trigger a new request and to avoid some DNS relay would
rewrite TTLs to very long value (my ISP enforce anything lower than 20
minutes to 20 minutes).
We could add on the roadmap to support TTL, as an option, but I need first
to understand the use case.
Baptiste
focus is mainly on
> that
> new challenges.
>
> Jm2c.
>
> > Thanks,
> > Willy
>
> Best Regards
> Aleks
>
>
Hi,
I tend to agree on setting 1.5 as EOL.
About 1.6 and 1.7, they could be EOLed in the next 2 years too, as Aleks
stated, it will "enforce" people to use the latest shiny releases :)
Baptiste
gle small directive in an HAProxy config file.
Baptiste
On Tue, Oct 29, 2019 at 4:34 AM Willy Tarreau wrote:
> On Tue, Oct 29, 2019 at 12:40:52AM +0100, Aleksandar Lazic wrote:
> > > Or maybe something like:
> > > http-request deny deny_status 500 if { path_beg /health } {
>
n the ML, or on github or to
my mail directly.
Baptiste
On Mon, Oct 21, 2019 at 8:51 PM Luke Seelenbinder <
luke.seelenbin...@stadiamaps.com> wrote:
> Thank you for this bug fix…we're more than a little excited!
>
> When I initially found it, I was under the assumption it was
My comment is wrong.
A server weight can have a value of 256.
Please update the comment :)
Baptiste
On Mon, Oct 21, 2019 at 4:35 PM Christopher Faulet
wrote:
> Le 21/10/2019 à 16:20, Baptiste a écrit :
> > Thx to 2 people who spotted a bug in my patch, (missing parenthesis).
> &
Thx to 2 people who spotted a bug in my patch, (missing parenthesis).
here is the updated version.
On Mon, Oct 21, 2019 at 3:59 PM Baptiste wrote:
> hi there,
>
> Following up some recent discussion about SRV record's weight and server
> weight in HAProxy, we spotted a bug in
hi there,
Following up some recent discussion about SRV record's weight and server
weight in HAProxy, we spotted a bug in the current code: when weight in SRV
record is set to 0, then server weight in HAProxy was 1...
Thanks to Willy for proposing the solution applied into that patch.
Bap
On Thu, Oct 17, 2019 at 2:32 PM Daniel Corbett wrote:
> Hello,
> On 10/17/19 1:47 AM, Baptiste wrote:
>
>
>
> Hi Daniel,
>
> Thanks for the patch, but I don't think it's accurate.
> What this part of the code aims to do is to "map" a DNS weight into
range "0-255".
What your code does, is that it ignores any DNS weight above 256 and force
them to 1...
The only "bug" I can see here now is that a server's weight can never be 0.
But nobody reported this as an issue yet.
I'll check what question is asked into #48 and answer it.
As a conclusion, please don't apply this patch.
Baptiste
with
its tasks.
This patch now check if the associated resolution is still in RUNNING state
and tell the scheduler to wake it up later if this is the case.
Baptiste
From 53461e0e39cbba85adca545c33497e944f0ee426 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Tue, 1 Oct 2019 15:32:40 +0200
Su
Hi Romain,
Can you tell us (or me individually) why you can't use HAProxy with
Kubernetes because of this?
I am interested by the use case.
Baptiste
On Tue, Oct 1, 2019 at 2:10 PM Morotti, Romain D <
romain.d.moro...@jpmorgan.com> wrote:
> What is the status on this?
>
&
On Mon, Aug 12, 2019 at 10:19 PM Willy Tarreau wrote:
> Hi Baptiste,
>
> On Mon, Aug 12, 2019 at 09:35:56PM +0200, Baptiste wrote:
> > The use case is to avoid too many requests hitting an application server
> > for "preflight requests".
>
> But does this
On Mon, Aug 12, 2019 at 8:14 AM Willy Tarreau wrote:
> Guys,
>
> On Wed, Aug 07, 2019 at 02:07:09PM +0200, Baptiste wrote:
> > Hi Vincent,
> >
> > HAProxy does not follow the max-age in the Cache-Control anyway.
>
> I know it's a bit late but I'm hav
On Wed, Aug 7, 2019 at 3:18 PM William Lallemand
wrote:
> On Wed, Aug 07, 2019 at 12:38:05PM +0200, Baptiste wrote:
> > Hi there,
> >
> > Please find in attachement a couple of patches to allow caching responses
> > to OPTIONS requests, used in CORS pattern.
>
You see, the time the object will be cached by HAProxy is defined in your
cache storage bucket.
Baptiste
On Wed, Aug 7, 2019 at 1:47 PM GALLISSOT VINCENT
wrote:
> Hi there,
>
>
> May I add that, in the CORS implementation, there is a specific header
> used for the caching du
ally
wrong and then I'll open an issue on github for tracking this one.
Baptiste
From b1ed59901522dc32fa112e77c93c9a723ecc2189 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Wed, 7 Aug 2019 12:24:36 +0200
Subject: [PATCH 2/2] MINOR: http: allow caching of OPTIONS request
Allow H
e.
>
>
>
Hi Daniel,
You're making a good point. Use the file system was the simplest and
fastest way to go when we first designed this feature 4 or 5 years ago.
I do agree that now with master/worker and threaded model being pushed that
using the runtime-api may make sense and would be even more "cloud native".
Maybe @William would have an advice on this one.
Baptiste
Hi Luke,
It is not yet doable with do-resolve.
That said you can easily write an slow agent to do this.
I can help if you need to.
Baptiste
Le ven. 21 juin 2019 à 15:25, Luke Seelenbinder a
écrit :
> Hello all,
>
> Is it possible to use the new `http-request do-resolve` to do re
On Friday, June 14, 2019, Willy Tarreau wrote:
> Hi Baptiste,
>
> On Thu, Jun 13, 2019 at 04:29:43PM +0200, Baptiste wrote:
> > Last mail, this is not backportable. HAProxy 2.0+ only.
>
> The second one is quite a substantial change at this stage where we're
> final
Last mail, this is not backportable. HAProxy 2.0+ only.
On Thu, Jun 13, 2019 at 4:12 PM Baptiste wrote:
> these patches replace to 2 previous ones. I fixed a compilation warning
> about possible used of uninitialized variable in the second patch.
> I also ran the reg-tests suc
these patches replace to 2 previous ones. I fixed a compilation warning
about possible used of uninitialized variable in the second patch.
I also ran the reg-tests successfully.
Cheers
>
From 0c5b17976ec703b12040d813bdd6ac975af7b4d7 Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Thu,
1m35s to load the
same file (no tree involved)...
Baptiste
From f8ed4d51f8aadd61baec4094caec2e1e11a957ab Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Date: Thu, 13 Jun 2019 13:24:29 +0200
Subject: [PATCH 2/2] MEDIUM: server: server-state global file stored in a tree
Server states can be
Hi,
For some reasons, 'tcp-request content' can't execute set-dst and
set-dst-port.
This patch fixes this issue.
Note that this patch will be useful for the do-resolve action.
Baptiste
From c384d381dbbfa0adae04137238b4fd11593bd2bf Mon Sep 17 00:00:00 2001
From: Baptiste Assmann
Hi all, Willy,
Please find attached to this email the 4 patches for the http-request
do-resolve action I submitted a few months ago.
I integrated all feedback from Willy and also now support tcp-request
content do-resolve.
Baptiste
From e96ff49ee05dbdc15dc7582349e6314dcfccb20e Mon Sep 17 00:00
>
> A reload of the HAProxy instance also forces the instances to query all
> records from the resolver.
>
>
Hi Bruno,
Actually, this is true only when you don't use the 'resolvers' section or
for the parameters who doesn't benefit from the resolvers section, here the
'addr' parameter.
Baptiste
r object using
a DNS hostname which does not resolve at start up may trigger an error,
like you discovered with 'addr'.
@Piba, feel free to fill up a feature request on github and Cc me there, so
we can discuss this point.
Baptiste
On Sat, Mar 23, 2019 at 2:53 PM PiBa-NL wrote:
>
example in HAProxy's source code, written in C.
If you want an SPOA in an other language, I would say "stay tuned" :)
Baptiste
On Sun, Mar 3, 2019 at 9:20 AM Jeff wrote:
> I need to add an authorization header for a target server, e.g.
>http-request add-header Authorizatio
ject.
>
>
This seems to go against #1 quality of HAProxy: reliability...
So you have my +1 :)
Baptiste
On Fri, Jan 25, 2019 at 3:28 PM Willy Tarreau wrote:
> On Fri, Jan 25, 2019 at 03:09:52PM +0100, Baptiste wrote:
> > Hi Willy,
> >
> > Thanks for the review!!!
> > I fixed most of the problems, but I have a 3 points I'd like to discuss:
> >
> > >
On Wed, Feb 20, 2019 at 3:14 PM Joao Morais wrote:
>
>
> > Em 20 de fev de 2019, à(s) 03:30, Baptiste escreveu:
> >
> > Hi Joao,
> >
> > I do have a question for you about your ingress controller design and
> the "chained" frontends, summariz
esult to a req.var and removing the header after that.
> Wondering if 1.8 has a better option
>
> ~jm
>
>
Well, set-var should do the trick, or I missed something.
Baptiste
On Tue, Feb 19, 2019 at 9:36 AM Willy Tarreau wrote:
> Hi Baptiste,
>
> On Wed, Feb 06, 2019 at 03:55:37PM +0100, Baptiste wrote:
> > I think one of the most important piece is guide lines on integrating
> > HAProxy with third parties, IE: Observing HAProxy with influxd
he ability to do ssl deciphering and ssl passthrough on
a single bind line is one of them. Is there anything else we could improve?
I wonder if crt-list would be useful in your case:
https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#5.1-crt-list
Baptiste
>
I would use a variable instead of a header:
http-request set-var(req.myvar) req.hdr(host),concat(,path)
Baptiste
amic-scaling-for-microservices-with-runtime-api/#runtime-api
>
> You might need to build a development version of HAProxy to take
> advantage of the latest features.
>
>
Hi Bruno,
Actually, those features are stable!
Baptiste
in both use cases above, from my point of view,
it would make sense to make it return 404 out of the box (without a hack).
Baptiste
Hi,
HAProxy requires a TCP stack below it. DPDK itself is not enough.
Baptiste
>
.haproxy.com/fr/blog/haproxy-and-consul-with-dns-for-service-discovery/
Basically, you should first create a "resolvers" section, in order to allow
HAProxy to perform DNS resolution at runtime too.
resolvers consul
nameserver consul 127.0.0.1:8600
accepted_payload_size 8192
Then, you need to adjust your server-template line, like this:
server-template amqs 10 _activemq._tcp.service.consul resolvers consul
resolve-prefer ipv4 check
In the example above, I am using on purpose the SRV records, because
HAProxy supports it and it will use all information available in the
response to update server's IP, weight and port.
I hope this will help you.
Baptiste
he "most" complicated part would be to be able to
to link the resolver scheduler to a backend. (maybe we could use this trick
to do DNS over TCP too...)
I will follow the thread on the github and may jump in if anybody wants to
implement it :)
Baptiste
On Mon, Feb 4, 2019 at 10:46 PM Aleks
1 - 100 of 1624 matches
Mail list logo