Hi,
Are there any plans to allow HAProxy to take the traffic that it can now
SSL offload, perform header analysis, and then use an SSL encrypted
connection to the backend server?
I have a situation where I need to be able to use ACLs against SSL
encrypted traffic, but then continue passing
://cbonte.github.io/haproxy-dconv/configuration-1.5.html#check-ssl optino to
force SSL health checks.
--
Op 30-4-2013 14:47, Chris Sarginson schreef:
Hi,
Are there any plans to allow HAProxy to take the traffic that it can
now SSL offload, perform header analysis, and then use
You would probably need to look at something like this:
http://technet.microsoft.com/en-us/library/cc753897(v=ws.10).aspx
Storing sessions from IIS in an SQL db will allow them to be accessible
from any of your servers.
Chris
On 26/03/2013 09:16, Christophe Rahier wrote:
Hi,
I try to be
to Server 2 (backup with no cookies), logs
in. Server 1 comes back up, haproxy detects the cookie from the
original request, directs the client back to Server 1 which doesn't have
access to session data on Server 2.
On Tue, Mar 26, 2013 at 10:43 AM, Chris Sarginson ch...@sargy.co.uk wrote
Amazon have probably removed the DNS after it's been offline for over a
certain period of time.
Chris
On 06/03/2013 13:06, Matthieu Boret wrote:
Hi,
I have a strange and random problem with Haproxy. Sometimes, I have an
error when I'm trying to reload the configuration file.
Reloading
Search for nbproc in http://haproxy.1wt.eu/download/1.4/doc/configuration.txt,
which explains how HaProxy handles multiple CPUs in a box.
Chris
On 01/02/2013 15:54, Peter Mellquist wrote:
Hi!
My understanding is that HAProxy is a single process event model which
utilizes a single CPU even if
On 24/01/2013 11:06, James Bensley wrote:
Hi All,
I have Pound Proxy and HAProxy on the same box; HTTPS requests come
into Pound, Pound then passes them using plan text HTTP to HAProxy
listening on 127.0.0.1, HAProxy then balances the connections across
the back end servers. Plain text HTTP
On 24/01/2013 11:27, James Bensley wrote:
Woops! Sorry guys,
Cheers,
James
global
log 127.0.0.1 local0
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy/haproxy.sock mode 0600 level admin
defaults
log global
mode
On 09/01/2013 18:05, DeMarco, Alex
wrote:
I have a situation where a backend server
defined in HAProxy may be a vip on our F5. The F5 vip is
setup for source persistence. Right now all the requests to
Where you have
acl_issomedomain hdr_beg(host) -i www.somedomain.com
Change it to
acl_issomedomain hdr_beg(host) -i somedomain.com www.somedomain.com
Space delimited fields are permitted, and apparently quite efficient :)
Chris
On 29/05/2012 17:53, Lofland, Bryan W. wrote:
I have an
If you are decrypting your traffic and want to know if it was SSL
encrypted traffic or not, why not use stunnel (or the frontend in
haproxy) to insert a header of X-Forwarded-Proto: https and check for
the existence of that header within your login page. Be sure to strip
it out on any traffic
Could this be related to the number of concurrent connections being run?
maxconn 1024 under global seems quite low, and if your servers are
holding connections open due to responding slowly could this be the cause?
Chris
On 13/01/2012 03:37, John Lauro wrote:
If the refused connection
Can you pull it from another app such as AWstats? It's just a standard log
format?
Chris
Sent from my iPhone
On 4 Jul 2011, at 13:34, Damien Hardy damienhardy@gmail.com wrote:
Hi there,
Does anyone have ever done the regex to parse the haproxy apachelog.
(we want to inject logs in
Hi Malcolm,
Not seen a reply to this, so here's my two penneth worth - currently,
you need to specify each domain you are redirecting to, yes - there's no
support in Haproxy for taking the host header you have supplied and
using it to figure out where you should be redirected to.
I believe this
Hi Willy,
I've been following this with some interest (I'm due to roll out 1.4.9
on a number of loadbalancers soon), and just wondered if these patches
are recommended for application even if you do build with libpcre (as I
also do), or whether it should be safe to deploy 1.4.9 as is?
Cheers
Is the IP on eth0 in the same network range as the IP you are attempting
to add using heartbeat, or is the IP address potentially active elsewhere?
Chris
B T wrote:
I am also looking for a consultant to help me to configure this if
anyone can help that would be great. I am willing to pay. I
Ah, sorry my mistake, it's in the EPEL Testing repositories, which are
generally stable in my experience, but you may not want to risk it
Chris
Angelo Höngens wrote:
On 25-10-2010 11:00, Chris Sarginson wrote:
You could also use the HAProxy RPMs available on EPEL
(http://fedoraproject.org
On 3 Jul 2010, at 14:51, John T Skarbek wrote:
Good Morning,
I'm testing out a solution to use nginx for ssl decryption to pass off
requests to haproxy. During the thought process of everything, and later
during testing, I noticed that all I'd need to do in the clients web browser
is
? If so, is there any way to override this?
Cheers
Chris
Chris Sarginson wrote:
Hi all,
I'm currently trying to loadbalance connections to the Sphinx search
daemon on 2 servers, however haproxy is not detecting the ports as being
accessible despite the fact that they are responding.
I'm using
For the list:
Chris Sarginson wrote:
Sorry - Should have specified that this is only a snippet from my
config, which is why there is no frontend listed:
My Full config is as follows:
##
global
log 127.0.0.1 local0 info
log 127.0.0.1 local1 notice
and one for http :
Just specify in a good order :
1/ defaults section for http
2/ http frontend/backend
3/ defaults section for tcp
4/ tcp frontend/backend
For better distribution, use roundrobin algorithm for http backend
Hervé.
On 05/19/2010 12:43 PM, Chris Sarginson wrote:
Sorry - Should have
Laurie Young wrote:
Hi everyone
Hi Laurie
This should all be doable
It it possible to provide a list (2 is enough, more would be better) of
backup servers, which behave in the following way
* All requests go to the main server
* This is done by specifying all additional servers as backup
Michiel van Es wrote:
I read this archive from 2008:
http://www.formilux.org/archives/haproxy/0801/0507.html
But the problem is that I can not recompile the kernel :(
Isn't there any other way like the x-forward-for header to make this work?
As this runs on layer 4 headers can not be
Forwarded to the list for posterity:
---BeginMessage---
Hi Joe,
I'm pretty sure that if you are using LVS then you will have an iptables
redirect rule set up, that directs traffic back through the
loadbalancer, not directly back to the client - how can the client know
that the TCP session
Cyril Bonté wrote:
It depends on the configuration.
From your configuration, the behaviour is correct because of the sorry
cookie :
as soon as a response provides this cookie, all the next requests providing the
same value will be directed to this server.
If you want the requests return to
Cyril Bonté wrote:
From your configuration, the behaviour is correct because of the sorry
cookie :
as soon as a response provides this cookie, all the next requests providing the
same value will be directed to this server.
If you want the requests return to the servers as soon as they're up
Hi,
Earlier today we took all our primary webservers offline to perform some
maintenance on our webservers. There is one backup server configured in
haproxy which simply hosts a single index page, and rewrites all URLS to
display this.
Following bringing the servers back online, traffic
Willy,
Thank you so much for that - I should have known you have already taken
care of that eventuality!
This is genuinely some brilliant software you've written :)
Chris
On Fri, 2010-01-15 at 21:26 +0100, Willy Tarreau wrote:
On Fri, Jan 15, 2010 at 10:52:45AM +, Chris Sarginson wrote
Hi guys,
Is there a limit on the amount of infomation you can put as part of an
acl? I want to do the following:
acl ip_ssl_block_72 hdr_reg(X-Real-IP) 10.10.10.10
but keep just expanding the list of IPs in there (they are pulled from a
backend database we have and inserted in).
Sorry to reply to my own email - but as an extension of this would it be
feasible to have a hdr_src option for use in in the same manner as using
the src option that supports matching if an IP is in a range (only with
hdr_src the IP would be contained in a header).
Chris
Chris Sarginson
We use the following header rewrite rule:
reqirep ^([^\ ]*)\ /stats/(.*) \1\ /cgi-bin/\2
This means the browser window says
http://www.domain.com/stats/stats.cgi, but the backend server receives a
request for www.domain.com/cgi-bin/stats.cgi
Would this not work as follows:
reqirep ^([^\
Unfortunately there are quite a few subdomains, and we don't know them
all as this is for a client, who will just be looking to add dns
records and vhosts on the fly. What sort of work is required to add in
this kind of functionality?
I've seen your previous warnings about 1.3.19 :)
Cheers
Sent from my iPhone
On 6 Oct 2009, at 18:25, Michael Marano mmar...@futureus.com wrote:
We’ve completed a move to Rackspace Cloud and are now using HAproxy
as our load balancer. Haproxy is a Phenomenal piece of software.
The primary issue I’ve noticed from haproxy is that my backends are
33 matches
Mail list logo
