Re: HAProxy clustering

aving the log spam, network > > traffic, and load from healthchecks that aree essentially useless > > (IMO, of course) > > > > > > > > > > On Fri, Dec 16, 2016 at 2:50 PM, Neil - HAProxy List > > wrote: > > > Stephan, > > > >

Re: HAProxy clustering

Stephan, I'm curious... Why would you want the inactive loadbal not to check the services? If you really really did want that you do something horrid like tell keepalive to block with iptables access to the backends when it does not own the service ip but why? you healthchecks should be fairly

Re: rspadd X-Frame-Options:\ ALLOW-FROM

Hello the warning explains it. you are attempting to change a response based on a request header. responses dont have access to request headers. there are ways round that this has come up on the list before so archives will have an answer or two Neil On 15 Oct 2016 16:28, "Amol" wrote: > Hi

Re: Inform backend about https for http2 connections

Hello if you can have the app not specify the scheme for the css etc. just use //site.com/path or /path if it is on the same site On 6 Aug 2016 04:33, "Igor Cicimov" wrote: > On 6 Aug 2016 1:31 am, "Matthias Fechner" wrote: > > > > Dear all, > > > > > > I use haproxy in tcp mode to have http

Re: Only using map file when an entry exists

ode 301 if { > hdr(host),map(/etc/haproxy/redirect_host.map) -m found } > > Regards, > Nenad > > On 03/11/2016 11:32 PM, Neil - HAProxy List wrote: > > Hello > > > > I've left a little time and no one has said anything more so time for me > > to act and

Re: Only using map file when an entry exists

utprised to find myself the first to want this > > Cheers > > Neil > On 3 Mar 2016 18:08, "Neil - HAProxy List" < > maillist-hapr...@iamafreeman.com> wrote: > >> Thanks Conrad, >> >> That sort of thing looks better that what I had, and I'

Re: Only using map file when an entry exists

I'm amazed by the number of typos in one message. ;) On 3 Mar 2016 18:08, "Neil - HAProxy List" wrote: > Thanks Conrad, > > That sort of thing looks better that what I had, and I'll give it a go. > > I still think this is a bit long winded syntax for somet

Re: Only using map file when an entry exists

Thanks Conrad, That sort of thing looks better that what I had, and I'll give it a go. I still think this is a bit long winded syntax for something that probably quite a common things to want to do? A map_contains type boolean function still seems like a good to have? Thanks Neil On 3 March 2

Only using map file when an entry exists

Hello HA-Proxy version 1.5.15 2015/11/01 I've got a service with some redirects for old virtual hosts to new locations on main website that I want to store in a map file /etc/haproxy/redirect_host.map with lines like www.oldname.com http://www.shiny.net/collections/oldname My issue is I don't wa

conntrack recommendations

Hello I'm after a 'definitivish' reference for setting up conntrack I've been hit by having too small table on some new VMs as ubuntu, by default, sizes the table by memory size. Before that I was completely ignorant of the role of conntrack Having forced the size got rid off that but leaves me

Re: Access control for stats page

>> ... >> >> backend hastats >> mode http >> stats uri /hastats >> stats realm Service\ Loadbalancer >> stats show-desc url.domain: >> Service Loadbalancerrunning on >> hostname config version >> stats show-legen

Re: Access control for stats page

stats show-legends stats auth admin:password stats admin if TRUE On 21 April 2015 at 21:04, Neil - HAProxy List < maillist-hapr...@iamafreeman.com> wrote: > Hello > > Yep there is > > Have a frontend > > Send say /hastats to a hastats backend > > have

Re: Access control for stats page

Hello Yep there is Have a frontend Send say /hastats to a hastats backend have the backend have its stats URL be /hastats too Set the acls in the frontend I'll post a config example in a bit. Neil On 21 Apr 2015 20:09, "CJ Ess" wrote: > Is there a way to setup an ACL for the haproxy stats

Re: ldap-check with Active Directory

quot;REQUEST_METHOD = GET" ) these and many others could be shipped with haproxy. this seems to make sense to me as they are small contained logical items Neil On 30 March 2015 at 23:02, Baptiste wrote: > > you should believe it :) > > On Mon, Mar 30, 2015 at 11:34 PM, Neil - HAProxy

Re: ldap-check with Active Directory

Hello Thanks so much. That worked well, I now get *L7OK/0 in 0ms* not sure I believe the 0ms but maybe I should Thanks again, Neil On 30 March 2015 at 22:14, Baptiste wrote: > On Mon, Mar 30, 2015 at 10:33 PM, Neil - HAProxy List > wrote: > > Hello > > > > I'm

ldap-check with Active Directory

Hello I'm trying to use ldap-check with active directory and the response active directory gives is not one ldap-check is happy to accept when I give a 389 directory backend ldap server all is well, when I use AD I get 'Not LDAPv3 protocol' I've done a little poking about and found that

Re: no-sslv3 in default

Hello I'd go further. Sslv3 us an obsolete protocol does anyone disagree with that? For a start make no-sslv3 the default and have a enable-obsolete-sslv3 option. Or better make enabling it a compile time option. Or maybe just get rid of it altogether? The examples on the web and on this mailing

Re: Adding Serial Number to POST Requests

Hi Using peers should prevent the reset when restarting? Neil On 16 Jul 2014 21:47, "Baptiste" wrote: > On Wed, Jul 16, 2014 at 7:04 PM, Jonathan Matthews > wrote: > > On 16 Jul 2014 16:56, "Zuoning Yin" wrote: > >> > >> We later also got the help from Willy. He provided us a configuration >

Re: Binaries for HAProxy.

And lets not do too much to dampen any pressure to get haproxy 1.5 into rhel7 and ubuntu1404 Neil On 16 Jul 2014 16:12, "Ghislain" wrote: > > >> Just put http://nd-build-01.linux-appliance.net/repos/centos/ >> haproxy/haproy-centos-6x.repo under /etc/yum.repos.d/ >> and issue yum install haproxy

Re: Using a WhiteList in HAProxy 1.5

Hi If you only have one range and it does not change often then a acl file should be avoided. http-request deny unless src 123.123.123.123/123 If you have more than one range a acl should be used Only if you have many or they change often would a file suit. Is clearer imho Neil On 16 Jul 2014

Re: 1.5 latest segfault trying to negate acl

Hi Thank you, I can confirm this fixes the issue for me Thanks, Neil On 9 April 2014 12:35, Willy Tarreau wrote: > Hi guys, > > sorry it took that long to take a look at it. > > I've just pushed the patch, it's available here : > > > http://git.1wt.eu/web?p=haproxy.git;a=commitdiff_plain;h=6

1.5 latest segfault trying to negate acl

Hello my logs have a uncomforting line *kernel: [7302179.685736] haproxy[1766]: segfault at 7c ip 7f6629410a9f sp 7fffdaf98868 error 4 in libc-2.15.so [7f66292ae000+1b5000]* We caused this trying to use this config which tries to track the source of a connection unle

Re: Haproxy 1.4 url redirection issue

Hello Amol Here is an example of the sort of thing I use The 3 important things for are ServerName https://servicename.domain.com:443 SetEnv HTTPS on UseCanonicalName On ServerName https://servicename.domain.com:443 ## Vhost docroot DocumentRoot /var/www/ ## Directories, there

Re: HAProxy Next?

Hi I'd like the option of a web based api to replace the functionality of the web admin pages with a service which can be used remotely to monitor and control multiple haproxy and provide any fancy authentication and auditing outside of the haproxy service using whichever tech seems appropriate.

Re: Haproxy rate limit per matching request

Hello Chris and I followed this example but found that it limits by url but for all users. that might be what you want in a slashdotting but its not what we want for individual users falling asleep with nose on f5(reload) key we looked at base32+src rather than url but that excludes the url param

url32+src - like base32+src but whole url including parameters

Hello I have a need to limit traffic to each url from each source address. much like base32+src but the whole url including parameters (this came from looking at the recent 'Haproxy rate limit per matching request' thread) attached is patch that seems to do the job, its a copy and paste job of th

Re: AW: AW: Loadbalancing with ssl on www only

Off topic:Presuming its not long dince you ordered. I would expect any decent expensive certificate issuer to allow you to get a new certificate with the additional name of the non wildcard same name without charge they will most likely want the original revoked before refunding. Unless they don't