RFC: DOC: clarify tune.ssl.keylog behavior

ear that those two listed fetches do not require tune.ssl.keylog. I would like to add a clarifying statement after the CLIENT_RANDOM example like "These fetches do not require tune.ssl.keylog." -- Daniel Epperson Sr. Systems Engineer https://www.haproxy.com/

Re: RFC new doc section for size format

I have attached the patch. On 5/17/2023 6:02 AM, Christopher Faulet wrote: Le 5/15/23 à 21:48, Daniel Epperson a écrit : Hello, I filed #2153 to add a section to the manual, now I'm looking for comments to implement the fix via a patch. This is what I have so far. If it is acceptable, please

RFC new doc section for size format

Hello, I filed #2153 to add a section to the manual, now I'm looking for comments to implement the fix via a patch. This is what I have so far. If it is acceptable, please merge, or let me know what to correct. Author: Daniel Epperson Date:   Mon May 15 12:45:27 2023 -0700     DOC: add size

Re: Opinions desired on HTTP/2 config simplification

ven realize it's a tunable option). I know I have seen in the past several issues arise for some after enabling HTTP/2 in regards to slow upload speeds and not realizing that they may need to also increase ` tune.h2.initial-window-size`. Thanks, -- Daniel

Re: [PATCH] DOC: config: fix "Address formats" chapter syntax

On Wed, Jan 18, 2023, at 1:55 AM, Willy Tarreau wrote: > On Wed, Jan 18, 2023 at 01:00:57AM -0500, Daniel Corbett wrote: > > Hi, > > > > The section on "Address formats" doesn't provide the dot (.) after the > > chapter numbers, which breaks parsing within the

[PATCH] DOC: config: fix "Address formats" chapter syntax

Hi, The section on "Address formats" doesn't provide the dot (.) after the chapter numbers, which breaks parsing within the HTML converter. This commit adds the dot (.) after each chapter within Section 11. This should be backported to versions 2.4 and above. Thanks, -- Daniel 0001-

Re: [PATCH] BUILD: unbreak the build with newer libressl

of the regression tests? (privately or not) I'll ask a friendly libressl developers about it :) Cheers, Daniel On Wed, 8 Dec 2021 09:11:01 +0500, Илья Шипицин wrote: > Daniel, can you try regtests ? > reg-tests/ssl/ssl_client_samples.vtc is failing for me on the latest > LibreSSL > >

[PATCH] BUILD: unbreak the build with newer libressl

Hi, Here's the file inline generated with `git format-patch -1`. Is it ok? I'm not subscribed to the mailing list, please keep me in Cc:. Thanks, Daniel From bc44099cb32a95d3a8895a6232b5b0ce5c9cb5c0 Mon Sep 17 00:00:00 2001 From: Daniel Jakots Date: Sun, 5 Dec 2021 17:30:57 -0500 Subject

proposed enhancement to mysql-check - accept account locked/password expired errors

It seems users are still disturbed at creating passwordless users in mysql for mysql-check. https://discourse.haproxy.org/t/haproxy-mysql-check-user-removal/6685 I certainly understand not wanting to implement the truly ugly implementation that is the protocol to support multiple password

[PATCH] DOC: use CREATE USER for mysql-check

CREATE USER has been the standard way of creating users since MySQL-5.0 (2005). The current syntax of INSERT INTO mysql.user won't actually work on MariaDB-10.4+. Because haproxy doesn't use any resources the MySQL executable comment syntax provides resource contraints to make it more palatable

RE: adding Coverity badge to some visible place

dge there ? > Funny, I had a similar thought earlier today about having a README.md. I would like to help improve it from a visual perspective. +1 from me and very interested! Thanks, -- Daniel

[PATCH] DOC: config: Fix configuration example for mqtt

Hello, This patch fixes the example for mqtt_is_valid(), which was missing curly braces within the ACL. Thanks, -- Daniel 0001-DOC-config-Fix-configuration-example-for-mqtt.patch Description: Binary data

[PATCH] CLEANUP: cli/activity: Remove double spacing in set profiling

mic-cookie-key backend set map [|#] set maxconn frontend This patch removes all of the double spaces within the command and unifies them to single spacing, which is what is observed within the rest of the commands. Thanks, -- Daniel 0001-CLEANUP-cli-activity-Rem

RE: [PATCH] DOC: Fix a few grammar/spelling issues and casing of HAProxy

Hey Willy, > -Original Message- > From: Willy Tarreau > Sent: Sunday, May 9, 2021 12:07 AM > To: Daniel Corbett > Cc: haproxy@formilux.org > Subject: Re: [PATCH] DOC: Fix a few grammar/spelling issues and casing of > HAProxy > > Hi Daniel, > ...

RE: [PATCH] DOC: Fix a few grammar/spelling issues and casing of HAProxy

Sorry, I forgot to add the area the patch touches to the commit title. New patch attached to add that. Thanks, -- Daniel 0001-DOC-config-Fix-a-few-grammar-spelling-issues-and-cas.patch Description: Binary data

[PATCH] DOC: Fix a few grammar/spelling issues and casing of HAProxy

mentioned. Thanks, -- Daniel 0001-DOC-Fix-a-few-grammar-spelling-issues-and-casing-of-.patch Description: Binary data

[PATCH] BUG/MINOR: sample: Rename SenderComID/TargetComID to SenderCompID/TargetCompID

]. This patch updates all references, which includes the converters themselves, the regression test, and the documentation. [1] https://fiximate.fixtrading.org/en/FIX.5.0SP2_EP264/tag49.html [2] https://fiximate.fixtrading.org/en/FIX.5.0SP2_EP264/tag56.html Thanks, -- Daniel 0001-BUG

[PATCH] DOC: Add dns as an available domain to show stat

may think this field accepts dynamic options when it actually requires a specific keyword. Thanks, -- Daniel >From 2107724812463093fbcee23d669dd86d3949aa28 Mon Sep 17 00:00:00 2001 From: Daniel Corbett Date: Sun, 1 Nov 2020 10:54:17 -0500 Subject: [PATCH] DOC: Add dns as an available doma

Re: [PATCH] CONTRIB: release-estimator: Add release estimating tool

Hey Willy, On 10/24/20 6:29 AM, Willy Tarreau wrote: On Thu, Oct 22, 2020 at 03:55:14PM -0400, Daniel Corbett wrote: Attached is a patch that adds the release estimating tool (stable-bot) to the contrib directory. Ah, great, thank you Daniel! I've merged it now. If we find that it starts

[PATCH] CONTRIB: release-estimator: Add release estimating tool

to run weekly as it has been but it will allow others to contribute to it and also run it locally. Thanks, -- Daniel >From b3ad15e87b70ed741b8cafc2830491c9d1b7e01a Mon Sep 17 00:00:00 2001 From: Daniel Corbett Date: Thu, 22 Oct 2020 11:19:55 -0400 Subject: [PATCH] CONTRIB: release-estima

Re: stable-bot: Bugfixes waiting for a release 2.2 (18), 2.1 (13), 2.0 (8), 1.8 (6)

Hello Tim, On 8/19/20 5:09 AM, Tim Düsterhus wrote: Daniel, The indentation is messed up here. Is this caused by the removal of 1.9? Yea, quite likely. I also have another proposal for readability of this list: Can the versions be ordered in descending order and possibly aligned within

Re: [PATCH] DOC: typo fixes for configuration.txt

Hello, On 7/7/20 7:19 AM, Илья Шипицин wrote: Daniel, can you please tell what spellchecker do you use ? (codespell does not see those typos) I used aspell. Thanks, -- Daniel

[PATCH] DOC: typo fixes for configuration.txt

Hello, Here's a quick round of typo corrections for configuration.txt Thanks, -- Daniel 0001-DOC-configuration-various-typo-fixes.patch Description: Binary data

Re: [PATCH] BUG/MEDIUM: sink: fix crash when null sink is used in __do_send_log

Hello, On 6/19/20 3:22 PM, Willy Tarreau wrote: Hi Daniel, ... Thanks for the fix and the detailed report, that's very useful! However the problem is somewhere else, and I suspect is slightly harder to solve. It's normally not possible to have a null sink on a log server if its type

Re: [PATCH] BUG/MEDIUM: sink: fix crash when null sink is used in __do_send_log

Hello, On 6/18/20 12:35 AM, Daniel Corbett wrote: Hello, When using a ring log in combination with proto fcgi, it was possible to cause a crash by sending a request for a non-existent fastcgi file to php-fpm, causing it to produce the error "Primary script unknown". When php-fp

[PATCH] BUG/MEDIUM: sink: fix crash when null sink is used in __do_send_log

_tasks_from_list (list=0x5587003893f0 , max=67) at src/task.c:345 #9  0x5586fff5ecfb in process_runnable_tasks () at src/task.c:446 #10 0x5586ffefa415 in run_poll_loop () at src/haproxy.c:2884 #11 0x5586ffefa956 in run_thread_poll_loop (data=0x0) at src/haproxy.c:3056 #12 0x5586ff

[PATCH] BUG/MINOR: stats: Fix color of draining servers on stats page

when they are draining. Should be backported as far as 1.7. Thanks, -- Daniel >From ab59ade862665e8235d889d398e63d1b67aff243 Mon Sep 17 00:00:00 2001 From: Daniel Corbett Date: Sat, 28 Mar 2020 12:35:50 -0400 Subject: [PATCH] BUG/MINOR: stats: Fix color of draining servers on stats page This pa

Re: stable-bot: Bugfixes waiting for a release 2.1 (7), 2.0 (5)

Hey Tim & Willy, On 2/25/20 10:45 PM, Willy Tarreau wrote: On Wed, Feb 26, 2020 at 01:23:24AM +0100, Tim Düsterhus wrote: Daniel, I already told you in IRC, but as I now have an email to reply to: This new email format is much better than the old one. FWIW I agree, it's more synth

Re: stable-bot: WARNING: 54 bug fixes in queue for next release - 2.1

that can hopefully make the bot more useful. Thanks again, -- Daniel

Re: stable-bot for 2.1

Hey William, On 12/9/19 1:34 AM, William Lallemand wrote: On Sun, Dec 08, 2019 at 07:37:46PM -0500, Daniel Corbett wrote: Hey Julien, On 12/8/19 2:49 PM, Julien Pivotto wrote: Hi, I have the impression that stable-bot has not been configured for the 2.1 branch yet. Regards, Thanks

Re: stable-bot for 2.1

Hey Julien, On 12/8/19 2:49 PM, Julien Pivotto wrote: Hi, I have the impression that stable-bot has not been configured for the 2.1 branch yet. Regards, Thanks for the reminder!  I've gone ahead and added it. Thanks, -- Daniel

Re: [PATCH] [MEDIUM] dns: Add resolve-opts "ignore-weight"

oxy/haproxy/issues/48 Thanks for taking the time to review and provide your input guys! Thanks, -- Daniel

[PATCH] [MEDIUM] dns: Add resolve-opts "ignore-weight"

icated within an SRV record will be ignored.  This is for both initial resolution and ongoing resolution. I wanted to include  VTC test with this, however, I could not think of an appropriate way to do it as I suspect we may need a "fake dns server" similar to what was made for

Re: Haproxy only tracking at maximum 3 keys for api-key based tracking

e you sure the entries are not expiring?  It seems your expiration time is set to 5 seconds. Thanks, -- Daniel

Re: [PATCH] BUG/MEDIUM: dns: Correctly use weight specified in SRV record

Hello, On 10/17/19 1:47 AM, Baptiste wrote: Hi Daniel, Thanks for the patch, but I don't think it's accurate. What this part of the code aims to do is to "map" a DNS weight into an HAProxy weight. There is a ratio of 256 between both: DNS being in range "0-65535" and

Re: [PATCH] BUG/MEDIUM: dns: Correctly use weight specified in SRV record

Hello, On 10/16/19 11:32 PM, Daniel Corbett wrote: This patch should be backported to 1.8 and 1.9 Sorry, I forgot to indicate that this should be backported to 2.0 also. Thanks, -- Daniel

[PATCH] BUG/MEDIUM: dns: Correctly use weight specified in SRV record

ended up forcing "1" in all situations.  This was due to an improper equation: ( x / 256 ) + 1 This patch should be backported to 1.8 and 1.9 Thanks, -- Daniel >From b9c2d037b0b3cf06a7908bcaa4949a29245574ca Mon Sep 17 00:00:00 2001 From: Daniel Corbett Date: Wed, 16 Oct 2019 23

Re: load-server-state-from-file "automatic" transfer?

Hi! Thanks for taking a look and explaining. Should I create a ticket on GitHub for this? Daniel > On 25. Jul 2019, at 10:44, William Lallemand wrote: > > On Thu, Jul 25, 2019 at 10:23:24AM +0200, Aleksandar Lazic wrote: >> Hi. >> >> Am 25.07.2019 um 10:0

load-server-state-from-file "automatic" transfer?

fashion as file handles or stick-tables (via peers)? Thanks a lot! Daniel -- Daniel Schneller Principal Cloud Engineer GPG key at https://keybase.io/dschneller CenterDevice GmbH Rheinwerkallee 3 53227 Bonn www.centerdevice.com __ Geschäftsführung: Dr

Re: Invalid blank line in master socket output when run in non-admin level

That's great to hear, thanks very much for the fast turnaround! On Mon, Jul 1, 2019 at 6:56 AM William Lallemand wrote: > > On Mon, Jul 01, 2019 at 11:16:21AM +0200, William Lallemand wrote: > > Hi Daniel, > > > > On Sat, Jun 29, 2019 at 03:16:06PM +0200,

Invalid blank line in master socket output when run in non-admin level

raw daemon info stats socket /run/haproxy/worker.sock mode 666 level operator chroot /var/lib/haproxy user haproxy group haproxy Is this indeed a bug, or am I missing something? If it is a bug, would it be appropriate to file an issue on GitHub? Thanks! Daniel

Re: [PATCH] BUG/MEDIUM: contrib/spoa_server: Set FIN flag on agent frames

Hello Willy, Apologies for the delay. Thank you for taking the time to review. > On Jun 2, 2019, at 10:11 PM, Willy Tarreau wrote: > > Hi Daniel, > > On Thu, May 30, 2019 at 12:57:10AM -0400, Daniel Corbett wrote: >> Hello, >> >> >> When communi

[PATCH] BUG/MEDIUM: contrib/spoa_server: Set FIN flag on agent frames

answer on how to solve this issue. -- Daniel 0001-BUG-MEDIUM-contrib-spoa_server-Set-FIN-flag-on-agent.patch Description: Binary data

Re: DNS Resolver Issues

you very much for your help! Cheers, Daniel > On 23. Mar 2019, at 14:53, PiBa-NL wrote: > > Hi Daniel, Baptiste, > > @Daniel, can you remove the 'addr loadbalancer-internal.xxx.yyy' from the > server check? It seems to me that that name is not being resolved by the >

Re: DNS Resolver Issues

rver-template and at least 2 slots, but I would still like to understand it. And maybe it is a bug, after all ;) Kind regards, and thanks for a great piece of software! Daniel > On 21. Mar 2019, at 14:28, Bruno Henc wrote: > > Hello Daniel, > > > You might be missing the hold-

Re: DNS Resolver Issues

Hello! Friendly bump :) I'd be willing to amend the documentation once I understand what's going on :D Cheers, Daniel > On 18. Mar 2019, at 20:28, Daniel Schneller > wrote: > > Hi everyone! > > I assume I am misunderstanding something, but I cannot figure out what it

DNS Resolver Issues

the other hand, it _will_ recognize when I remove the valid server without a reload on the next health check, but _not_ bring them back in and make the proxy UP when it comes back. I assume my understanding of something here is broken, and I would gladly be told about it

Re: [PATCH] BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in server-template

Hello, On 1/9/19 6:06 AM, Willy Tarreau wrote: On Wed, Jan 09, 2019 at 11:54:36AM +0100, Olivier Houchard wrote: Oops, that seems right, and the patch looks fine, Willy can you push it ? Sure. Daniel, may I put your real name or do you want to resubmit the patch ? We usually don't take

Re: HAProxy listed as Ingress controllers

quite excited and while we can't give a timeline at the moment we will be sure to update this list once we're close to release. Thanks, -- Daniel

HAProxy keeps using outdated IPs when backend (ELB) address changes

below. Kind regards, Daniel dig output (actual name is a little longer, I cut off the name for brevity and privacy). - [aws:staging-staging] root:~# dig @169.254.169.253 loadbalancer-internal.private ; <<>> DiG 9.9.5-3ubuntu0.17-Ubuntu <<>> @169.254.169.253 loa

Re: Clarification re Timeouts and Session State in the Logs

Hi! Thanks for that input. I would like to understand what's going before making changes. :) Cheers, Daniel > On 24. Aug 2018, at 00:56, Igor Cicimov > wrote: > > Hi Daniel, > > We had similar issue in 2015, and the answer was: server timeout was too > short. Simple

Clarification re Timeouts and Session State in the Logs

it is difficult to tell "who's to blame" for an inactivity timeout without knowledge about the content or final size of the request -- I just need some clarity on how the read the logs :) Thanks! Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice Gmb

Re: Bug when passing variable to mapping function

e concepts (trash chunk? some optimization, I assume?) and C as a language is too limited to make a patch myself. Is this on any of the developers' radar? Thanks a lot :) Daniel On 29 June 2018 at 07:14, Jarno Huuskonen wrote: > Hi, > > On Thu, Jun 28, Jarno Huuskonen wrote: > > I thin

Re: Haproxy client ip

Hi Malcolm I will set up a lab with this information. Thanks Daniel De: Malcolm Turnbull Enviado: segunda-feira, 25 de junho de 2018 14:05 Para: Daniel Augusto Esteves Cc: Jarno Huuskonen; simos.li...@googlemail.com; haproxy@formilux.org Assunto: Re

Re: Haproxy client ip

Hi When configuring source 0.0.0.0 usesrc clientip the backend stops responding. Best Regards Daniel De: Daniel Augusto Esteves Enviado: segunda-feira, 25 de junho de 2018 08:37 Para: Jarno Huuskonen; simos.li...@googlemail.com Cc: haproxy@formilux.org

Bug when passing variable to mapping function

header changes to: ------ X-Distri-Mapped-From-Var: aaistri -- Looks like some off-by-one error? Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH Rheinwerkallee 3 53227 Bonn www.centerdevice.com ___

Re: Reverse String (or get 2nd level domain sample)?

earlier versions IMO). Cheers, Daniel > On 25. Jun 2018, at 12:29, Daniel Schneller > wrote: > > Hi! > > Just double checking to make sure I am not simply blind: Is there a way to > reverse a string using a sample converter? > > Background: I need to extract

Re: Haproxy client ip

Thank you for the tips guys. Obter o Outlook para Android<https://aka.ms/ghei36> From: Jarno Huuskonen Sent: Monday, June 25, 2018 8:24:11 AM To: Daniel Augusto Esteves Cc: haproxy@formilux.org Subject: Re: Haproxy client ip Hi, On Mon, Jun 25,

Reverse String (or get 2nd level domain sample)?

le, I would like to avoid using maps to keep this thing as generic as possible. Thanks a lot! Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH Rheinwerkallee 3 53227 Bonn www.centerdevice.com __ Geschäftsführung: Dr. Patrick Peschlow, D

Haproxy client ip

Hi I am setting up haproxy with keepalived and i need to know if is possible pass client ip for destination log server using haproxy in tcp mode? Thanks Best regards Daniel

Re: how to run vtc files?

ia@localhost haproxy]$ Something like this should work: $ HAPROXY_PROGRAM=$PWD/haproxy varnishtest reg-tests/ssl/h0.vtc #    top  TEST reg-tests/ssl/h0.vtc passed (0.147) Thanks, -- Daniel

[PATCH] REGTEST: stick-tables: Test expiration when used with table_*

Hello, Thanks for adding this integration Fred.  Great job! Attached is a new regression test to check for stick-tables expiration when they are used with table_* converters as noted in commit id: 3e60b11100cbc812b77029ca142b83ac7a314db1 Thanks, -- Daniel >F

Re: [PATCH] BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters

->data.u.sint = stktable_data_cast(ptr, conn_cur); stktable_release(t, ts); return !!ptr; Could you please rework your patch to do this so that I can merge it ? I have attached the latest patch with these changes. Thanks, -- Daniel >From e47065ac6cc7478d21cfa00c5c45a0ae7cd412

Re: Use acl on spoe events

only if some l7 conditions match? This appears to have been fixed in 1.9-dev with this commit: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=333694d7715952a9610a3e6f00807eaf5edd209a;hp=336d3ef0e77192582c98b3c578927a529ceadd9b Thanks, -- Daniel

Re: gRPC protocol

have seen it so can't comment :) Thanks, -- Daniel

Re: SPOE and modsecurity contrib

When those are in place --  I receive the following in logs: The txn.modsec.code is: 403 Please let me know if that solves it for you. Thanks, -- Daniel

Re: warnings during loading load-server-state, expected?

his should be backported to 1.8 Thanks, -- Daniel >From 24f8a74f490435969c04e2bb5387d396b62850c0 Mon Sep 17 00:00:00 2001 From: Daniel Corbett <dcorb...@haproxy.com> Date: Sat, 19 May 2018 19:43:24 -0400 Subject: [PATCH] BUG/MEDIUM: servers state: Add srv_addr default placeholder When creating

[PATCH] BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters

. Added stktable_release() to the end of each sample_conv_table_* function. This should be backported to 1.8. Thanks, -- Daniel >From 28530921746e62bb229880774a311bfebfcf7579 Mon Sep 17 00:00:00 2001 From: Daniel Corbett <dcorb...@haproxy.com> Date: Thu, 17 May 2018 13:17:54 -0400 Subjec

Re: Cannot handle more than 1,000 clients / s

Hi, maybe you need to increase ulimit and max connections in haproxy config. Am 12.05.18, 15:54 schrieb "Jarno Huuskonen" : Hi, On Fri, May 11, Marco Colli wrote: > > > > Do you get better results if you'll use http instead of https ? > >

Article inquiry on Haproxy.Org

. Please update me with a price and will speak to the client ASAP. Also if you operate or have access to any other sites, feel free to send them through also with prices.. Thanks so much. Regards, *Daniel - Account Manager* DigitalContentZone <http://t.sidekickopen04.com/e1t/

Re: http/2 Frontend

Ahh found it: bind :443 ssl crt /path/to/cert.crt alpn h2,http/1.1 Need to test it ;) Cheers Von: Daniel <dan...@linux-nerd.de> Datum: Montag, 4. Dezember 2017 um 11:21 An: HAProxy <haproxy@formilux.org> Betreff: http/2 Frontend Hi There, i know that haproxy

http/2 Frontend

Hi There, i know that haproxy 1.8 is able now to handle http/2 connections in the frontend. My Problem is, I cant find any Documention for 1.8 on the Website. Has someone some Exmaple configs for me just to check how I need to configure it? Cheers Daniel

Re: 4xx statistics made useless through health checks?

tp://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#4.2-monitor-uri > It says it wont log or forward the request.. not sure but maybe stats will > also skip it. Yes, that’s exactly what’s shown in that linked repo. Thanks for chiming in :) > Regards, > PiBa-NL / Pieter > --

Re: 4xx statistics made useless through health checks?

ot for your thoughts, so far :) Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland daniel.schnel...@centerdevice.de | www.centerdevice.

Re: 4xx statistics made useless through health checks?

roxy” health checking that does not spoil the counters? Daniel Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland daniel.schnel...@centerdevice.de

Encrypted Passwords Documentation Patch

noticeable at all to it almost eating a full core, even for a not very busy site. Tested with 1.6, but this applies to all versions, if I am not mistaken. Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11

Re: Error 'NAME_MAX' undeclared in HAProxy 1.8 on Solaris 11.3 (64-bit)

POE] spoe     [COMP] compression     [TRACE] trace Have a nice weekend, Daniel Am 03.11.2017 um 23:08 schrieb Willy Tarreau: Hi Daniel, It wasn't and that was exactly the purpose of -rc1 to collect such precious feedback! For NAME_MAX I think it can easily be redefin

Error ‘NAME_MAX’ undeclared in HAProxy 1.8 on Solaris 11.3 (64-bit)

note: each undeclared identifier is reported only once for each function it appears in gmake: *** [src/haproxy.o] Error 1 Is this a known issue so far? Thanks and regards, Daniel

Re: Force Sticky session on HaProxy

e same JSESSIONID gets to the same backend every time. As the information is in the cookie, there is no state to be lost on the haproxy side. Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen te

Re: Question related to gpc0_rate values in stick-table

easonable starting point to figure out where the issue comes from. Regards, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland dani

Re: Inspect data sent through haproxy and create statistics

tp-request set-var(txn.op) str(Unkwn) ... http-request set-var(txn.op) str(DocDelMul) if METH_POST rq_path_documents rq_content_type_json rq_body_action_delete# Delete Multiple Documents … Hope that helps. Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH

Re: Enable SSL Forward Secrecy

Hi,inspired by this, I added a paragraph with links to the documentation.Small patch attached.Cheers,Daniel 0001-DOC-Refer-to-Mozilla-TLS-info-config-generator.patch Description: Binary data -- Daniel SchnellerPrincipal Cloud Engineer CenterDevice GmbH                  | Hochstraße 11

[PATCH] DOC: Add note about "* " prefix in CSV stats

Just a little documentation patch I wrote, after stumbling across this:https://github.com/dschneller/bosun/commit/6ca776dd6543d123a135b4a84a5e3e66093c3986 0001-DOC-Add-note-about-prefix-in-CSV-stats.patch Description: Binary data Cheers,Daniel -- Daniel SchnellerPrincipal Cloud Engineer

Re: Enable SSL Forward Secrecy

Darn! Looking at the “openssl ciphers” Julian provided earlier, my mind “autocompleted" the missing trailing “E” in ECDH (/me facepalms). Thanks, Cyril, for pointing that out! I was starting to doubt myself here :) Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterD

Re: Enable SSL Forward Secrecy

ve any real traffic in there. Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland daniel.schnel...@centerdevice.de | www.centerdev

Re: Enable SSL Forward Secrecy

are proxies/firewalls? Can you post a minimal haproxy config that reproduces the issue? Please verify you can see the requests coming in by checking haproxy’s log. You should be able to at least see the requests being rejected due to bad handshakes. Daniel -- Daniel Schneller Principal Cl

Re: Enable SSL Forward Secrecy

Ok, so that’s not it. What about the ciphers output? -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland daniel.schnel...@centerdevice.de

Re: Enable SSL Forward Secrecy

Also, please run haproxy -vv to get some idea about what SSL library it actually uses. -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland

Re: Enable SSL Forward Secrecy

-AES128-SHA ECDHE-ECDSA-AES128-SHA SRP-DSS-AES-128-CBC-SHA SRP-RSA-AES-128-CBC-SHA SRP-AES-128-CBC-SHA ECDH-RSA-AES128-SHA ECDH-ECDSA-AES128-SHA AES128-SHA PSK-AES128-CBC-SHA Check the output on your load balancer — maybe the OpenSSL version just too old? Regards, Daniel -- Daniel Schneller

Re: Enable SSL Forward Secrecy

handshakes and go through them — IIRC there is some “FS” vs. “No FS” marker there. Regards, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711

Re: req.cook_cnt() broken?

1.8, 1.7.9, and 1.6.13 just now. Works as expected with all three. :D Any chance of getting this fix backported to the 1.7 and ideally 1.6 branches? It would come in handy on a production system currently running 1.6 that I cannot easily upgrade to 1.7. Cheers, Daniel -- Daniel S

Re: Will HAProxy community supports mailers section?

@netrovert.net <mailto:redm...@netrovert.net> email-alert to rajesh.ko...@netrovert.net <mailto:rajesh.ko...@netrovert.net> Regards, Daniel Am 24.08.17 um 15:20 schrieb Rajesh Kolli: > Hi Daniel, > > Thanks for your quick response... > &g

Re: Will HAProxy community supports mailers section?

email-alert from haprox...@mydomain.com email-alert to myn...@mydomain.com I hope it helps Regards, Daniel Am 24.08.17 um 14:35 schrieb Rajesh Kolli: > Hello, > > I am new to HAProxy, present i am using community version of haproxy, > and i am trying to configure alerting in my c

Re: req.cook_cnt() broken?

Kindly bumping this during the summer vacation time for potentially new recipients :) > On 21. Aug. 2017, at 21:14, Daniel Schneller > <daniel.schnel...@centerdevice.com> wrote: > > Hi! > > According to the documentation > > req.cook_cnt([]) : integ

req.cook_cnt() broken?

So without being very C-savvy, this appears to exit early when there is no parameter of type string passed in. I hope someone can shed some light on this. :) Thanks in advance, Daniel -- Daniel Schneller Principal Cloud Engineer CenterD

Re: fields vs word converter, unexpected "0" result

d in with all the 127.0.0.1’s :) Any idea on the difference between “word” and “field”, though? Daniel

fields vs word converter, unexpected "0" result

in “0” being logged? Ideally, I’d like this to show as “-“, but empty string would be fine, too. But “0” is pretty counter-intuitive. It’s not strictly horrible, but at least it is unexpected and would also collide with cases where the actual 2nd subdomain was called “0”. Is this a bug, or am I d

Subscribe

Re: haproxy does not capture the complete request header host sometimes

ration files — which may or may not be what you expect when doing minor upgrades. Granted, when you currently use an out-of-range value, you probably _want_ this fix, but still might hit you unexpectedly. It should be made very prominent in the release notes. Cheers, Daniel -- Daniel Sch

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

6, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA" /> At first I will try the settings that Lukas suggested. This could take some time as we have to reproduce the problem in our test environment. I will get back to you once I got some results. Thank you very much and regards, Daniel

  1   2   3   >