wolfSSL has also chosen to use the same API for QUIC:
> The wolfSSL QUIC API is aligned with the corresponding APIs in other *SSL
> libraries, making integration with QUIC protocol stacks easier and protecting
> investments. This is a
On Thu, 9 Jun 2022 at 08:42, wrote:
> I need to enable TLS V1.0 because of some legacy clients which have just been
> "discovered" and won't be updated.
Configure "ssl-default-bind-ciphers" as per:
If you don't allow
> > Let's say we have the following setup.
> > ```
> > maxconn 2
> > nbthread 4
> > ```
> > My understanding is that HAProxy will accept 2 concurrent connection,
> > right? Even when I increase the nbthread will HAProxy *NOT* accept more then
> > 2 concurrent
On Sat, 26 Mar 2022 at 10:22, Willy Tarreau wrote:
> A change discussed around previous announce was made in the H2 mux: the
> "timeout http-keep-alive" and "timeout http-request" are now respected
> and work as documented, so that it will finally be possible to force such
Reverts 75df9d7a7 ("DOC: explain HTTP2 timeout behavior") since H2
connections now respect "timeout http-keep-alive".
If commit 15a4733d5d ("BUG/MEDIUM: mux-h2: make use of http-request
and keep-alive timeouts") is backported, this DOC change needs to
be backported along with it.
take a look at how we are using tests with vtc/vtest in
Maybe this tool can be useful for your use-case.
On Mon, 21 Feb 2022 at 14:25, Tom Browder wrote:
> I'm getting ready to try 2.5 HAProxy on my system
> and see http comression is recommended.
I'm not sure we are actively encouraging to enable HTTP compression.
Where did you see this recommendation?
> From those sources I thought
On Sat, 19 Feb 2022 at 18:38, Carlos Renato wrote:
> In stats server2 is DOWN. accept the VM's network card.
Provide detailed logs please.
On Sat, 19 Feb 2022 at 17:46, Moutasem Al Khnaifes
> but for some reason HAProxy thinks that Plex is down
John already explained this perfectly.
> the status page is inaccessible
Your configuration is:
> listen stats
> bind localhost:1936
> stats uri
On Sat, 19 Feb 2022 at 16:15, Carlos Renato wrote:
> Hi Lukas,
> Thanks for the reply and willingness to help.
> I did a test and it didn't work. I dropped the server2 interface and only
> server1 was UP.
> Traffic continues to exit through the main bakend. My wish is that the
I suggest you put your backup server in a dedicated backend and select
it in the frontend. I guess the same could be done with use-server in
a single backend, but I feel like this is cleaner:
As per issue #1552 the mailer code currently breaks on ESMTP multiline
responses. Let's negotiate SMTP instead.
Should be backported to 2.0.
src/mailers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mailers.c b/src/mailers.c
index 3d01d7532..34eaa5bb6 100644
I'd suggest you give WSL/WSL2 a try.
On Thu, 10 Feb 2022 at 11:25, Gowri Shankar wrote:
> Im trying to install haproxy for loadbalancing for my servers,but im not able
> install from my windows system.Is there ha proxy available for windows,
> please give and help us with
On Mon, 17 Jan 2022 at 19:37, wrote:
> Configuration uses 'no option http-use-htx' in defaults because of case
> Statistics path haproxy?stats is behind simple username/password and
> both credentials are specified in config.
> When accessing haproxy?stats, 2.0.25 works
On Mon, 13 Dec 2021 at 19:51, Valters Jansons wrote:
> Is this thread really "on-topic" for HAProxy?
> Attempts to mitigate Log4Shell at HAProxy level to me feel similar
> to.. looking at a leaking roof of a house and thinking "I should put
> an umbrella above it, so the leak isn't hit by
On Mon, 13 Dec 2021 at 14:43, Aleksandar Lazic wrote:
> Well I go the other way around.
> The application must know what data are allowed, verify the input and if the
> input is not valid discard it.´
You clearly did not understand my point so let me try to phrase it differently:
On Mon, 13 Dec 2021 at 13:25, Aleksandar Lazic wrote:
> 1. Why is a input from out site of the application passed unchecked to the
> logging library!
Because you can't predict the future.
When you know that your backend is SQL, you escape what's necessary to
avoid SQL injection (or use
In commit 6f7497616 ("MEDIUM: connection: rename fc_conn_err and
bc_conn_err to fc_err and bc_err"), fc_conn_err became fc_err, so
update this example.
Should be backported to 2.5.
doc/configuration.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
On Wed, 8 Dec 2021 at 17:50, Tim Düsterhus wrote:
> On 12/8/21 11:33 AM, Lukas Tribus wrote:
> > We are using comma-delimited list for init-addr for example, let's
> > document that this is space-delimited to avoid the guessing game.
On Tue, 23 Nov 2021 at 17:18, Willy Tarreau wrote:
> HAProxy 2.5.0 was released on 2021/11/23. It added 9 new commits after
> version 2.5-dev15, fixing minor last-minute details (bind warnings
> that turned to errors, and an incorrect free in the backend SSL cache).
We are using comma-delimited list for init-addr for example, let's
document that this is space-delimited to avoid the guessing game.
doc/configuration.txt | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
Use the instructions in INSTALL to build openssl statically. Building
and installing a custom shared build of openssl on a OS is something
that I'd suggest you avoid, because it will become complicated.
On Wed, 3 Nov 2021 at 12:55, Ben Hart wrote:
> Thanks again Lukas!
> So the server directive's use of a cert or CA file is only to
> verify the identity of the server in question.
No, "crt" (a certificate including private key) and "ca-file" (the
public certificate of a CA) are two
On Wed, 3 Nov 2021 at 03:54, Ben Hart wrote:
> I wonder, can I ask if the server directives are correct insofar as
> making a secured connection to the backend server entries?
> I'm told that HAP might be connecting by IP in which case the
> SSL cert would be useless
On Tue, 2 Nov 2021 at 21:24, Ben Hart wrote:
> In the config (pasted here
> My questions surround the syntax of the config file..
Most likely those clients don't send SNI. Capture the SSL handshake
On Thu, 28 Oct 2021 at 21:20, Shawn Heisey wrote:
> On 10/28/21 10:02 AM, Lukas Tribus wrote:
> > You seem to be trying very hard to find a problem where there is none.
> > Definitely do NOT overwrite CPU flags in production. This is to *test*
> > AE
On Thu, 28 Oct 2021 at 15:49, Shawn Heisey wrote:
> On 10/28/21 7:34 AM, Shawn Heisey wrote:
> > Does haproxy's use of openssl turn on the same option that the
> > commandline does with the -evp argument? If it does, then I think
> > everything is probably OK.
> Running "grep -r EVP ." in
On Thu, 28 Oct 2021 at 08:31, Lukas Tribus wrote:
> On Thursday, 28 October 2021, Shawn Heisey wrote:
>> On 10/27/2021 2:54 PM, Lukas Tribus wrote:
>>> I'd be surprised if the OpenSSL API calls we are using doesn't support
On Thursday, 28 October 2021, Shawn Heisey wrote:
> On 10/27/2021 2:54 PM, Lukas Tribus wrote:
>> I'd be surprised if the OpenSSL API calls we are using doesn't support
> Honestly that would surprise me too. But I have no idea how to
On Wed, 27 Oct 2021 at 22:17, Shawn Heisey wrote:
> I am building haproxy from source.
> For some load balancers that I used to manage, I also built openssl from
> source, statically linked, and compiled haproxy against that, because
> the openssl included with the OS (CentOS 6 if I
PCRE (1) is end of life and unmaintained now (see below). Not a huge
problem, because PCRE2 has been supported since haproxy 1.8.
However going forward (haproxy 2.5+) should we:
- warn when compiling with PCRE?
- remove PCRE support?
- both, but start with a warning in 2.5?
On Wed, 8 Sept 2021 at 21:28, Jonathan Greig wrote:
> Hello! My name is Jonathan Greig and I'm a reporter for ZDNet. I'm
> writing a story about CVE-2021-40346 and I was wondering if
> Ha Proxy had any comment about the vulnerability.
Just making sure you are aware that this
On Fri, 20 Aug 2021 at 13:08, Илья Шипицин wrote:
> double slashes behaviour is changed in BUG/MEDIUM:
> h2: match absolute-path not path-absolute for :path · haproxy/haproxy@46b7dff
Actually, I think the patch you are referring to would *fix* this
particular issue, as it was
On Thursday, 19 August 2021, James Brown wrote:
> Are there CVE numbers coming for these vulnerabilities?
CVE-2021-39240: -> 2) Domain parts in ":scheme" and ":path"
CVE-2021-39241: -> 1) Spaces in the ":method" field
CVE-2021-39242: -> 3) Mismatch between ":authority" and "Host"
On Tue, 20 Jul 2021 at 08:13, Peter Jin wrote:
> 2. There is a stack buffer overflow found in one of the files. Not
> disclosing it here because this email will end up on the public mailing
> list. If there is a "security" email address I could disclose it to,
> what is it?
On Thu, 15 Jul 2021 at 11:27, Илья Шипицин wrote:
> I really wonder what they will suggest.
> I'm not a spam source, since we do not have "opt in" policy, anybody can send
> mail. so they do.
> please address the issue properly, either change list policy or be calm with
> my experiments.
On Tue, 13 Jul 2021 at 14:10, Stefan Fuhrmann
> Hello all,
> First, we can not change to newer version so fast within the project.
> We are having on old installation of haproxy (1.7.9) and we have the
> need to configure tcp- mss- value on backend site.
On Wed, 23 Jun 2021 at 22:25, Willy Tarreau wrote:
> Hi Tim, Max,
> On Wed, Jun 23, 2021 at 09:38:12PM +0200, Tim Duesterhus wrote:
> > Hi Willy, Lukas, List!
> > GitHub finally launched their next evolution of issue templates, called
> > issue
> > forms, as a public beta:
On Sun, 20 Jun 2021 at 14:03, Shawn Heisey wrote:
> On 6/20/2021 1:52 AM, Lukas Tribus wrote:
> > Can you try disabling threading, by putting nbthread 1 in your config?
> That didn't help. From testssl.sh:
> SSL Session ID support ye
On Sun, 20 Jun 2021 at 08:39, Shawn Heisey wrote:
> This is what SSL Labs now says for the thing that started this thread:
> Session resumption (caching)No (IDs assigned but not accepted)
> Session resumption (tickets)Yes
> I'd like to get the caching item fixed, but I
On Wed, 16 Jun 2021 at 17:03, Илья Шипицин wrote:
> ssl sessions are for tls1.0 (disabled in your config)
> tls1.2 uses tls tickets for resumption
That is not true, you can disable TLS tickets and still get resumption
on TLSv1.2. Disabling TLSv1.0 does not mean disabling Session ID
On Tue, 8 Jun 2021 at 17:36, Godfrin, Philippe E
> Postrgres sends this message across the wire:
> Jun 2 21:14:40 ip-172-31-77-193 haproxy: #0110x00: 00 00 00 4c 00
> 03 00 00 75 73 65 72 00 74 73 64 |...Luser.tsd|
> Jun 2 21:14:40
On Mon, 7 Jun 2021 at 14:51, Godfrin, Philippe E
> I can’t seem to find instructions on how to use this builtin ACL. Can someone
> point me in the right direction, please?
There is nothing specific about it, you use just like every other ACL.
On Wed, 26 May 2021 at 13:29, reshma r wrote:
> Hello all,
> Periodically I need to write some configuration data to a file.
> However I came across documentation that warned against writing to a file at
> Can someone give me advice on how I can achieve this safely?
The first thing I'd try is to disable multithreading (by putting
nbthread 1 in the global section of the configuration), so if that
On Tue, 30 Mar 2021 at 17:56, Willy Tarreau wrote:
> out of curiosity I wanted to check when the overflow happened:
> $ date --date=@$$(date +%s) * 1000) & -0x800) / 1000))
> Mon Mar 29 23:59:46 CEST 2021
> So it only affects processes started since today. I'm
On Tue, 23 Mar 2021 at 09:32, Willy Tarreau wrote:
> These two patches address it for me, and I could verify that they apply
> on top of 2.2.11 and work there as well. This time I tested with two
> counters at different periods 500 and 2000ms.
Both Sander and Thomas now
this is a known issue in any release train other than 2.3 ...
However neither 2.3.7 (does not contain the offending commits), nor
2.3.8 (contains all the fixes) should be affected by this.
Are you absolutely positive that you are
On Mon, 29 Mar 2021 at 20:54, Илья Шипицин wrote:
>> > Dear list,
>> > on browser load (html + js + css) I observe 80% of cpu spent on gzip.
>> > also, I observe that zlib is probably one of the slowest implementation
>> > my personal benchmark correlate with
On Mon, 29 Mar 2021 at 15:25, Aleksandar Lazic wrote:
> I need to create some log statistics with awffull stats and I assume this
> means that only one line is written for 3 requests, is this assumption right?
> Mar 28 14:04:07 lb1 haproxy: message repeated
On Mon, 29 Mar 2021 at 15:34, Илья Шипицин wrote:
> Dear list,
> on browser load (html + js + css) I observe 80% of cpu spent on gzip.
> also, I observe that zlib is probably one of the slowest implementation
> my personal benchmark correlate with https://github.com/inikep/lzbench
Double post on discourse, please refrain from this practice in the future!
On Sat, 27 Mar 2021 at 11:52, Aleksandar Lazic wrote:
> I have a lot of such entries in my logs.
> Mar 27 11:48:20 lb1 haproxy: ::::23167
> [27/Mar/2021:11:48:20.523] https-in~ https-in/ -1/-1/-1/-1/0 0 0 - -
> PR-- 1041/1011/0/0/0 0/0 ""
> Mar 27 11:48:20
-- Forwarded message -
Date: Thu, 25 Mar 2021 at 15:03
Subject: OpenSSL Security Advisory
To: , OpenSSL User Support ML
, OpenSSL Announce ML
-BEGIN PGP SIGNED MESSAGE-
OpenSSL Security Advisory [25 March 2021]
just a heads-up, this was also reported for 1.8:
On Tue, 23 Mar 2021 at 09:32, Willy Tarreau wrote:
> These two patches address it for me, and I could verify that they apply
> on top of 2.2.11 and work
On Sat, 20 Mar 2021 at 10:09, Willy Tarreau wrote:
> > 1.6 was EOL last year, I don't understand why there is a last release.
> There were some demands late last year and early this year to issue a
> last one with pending fixes to "flush the pipe" but it was terribly
On Sun, 7 Mar 2021 at 00:53, Bertrand Jacquin wrote:
> I am not proposing haproxy build-system to use -Werror here, I'm only
> proposing to use -Werror when probing for options supported by the
> compiler, as effectively clang return a code if 0 even if an option is
On Sat, 6 Mar 2021 at 21:25, Bertrand Jacquin wrote:
> gcc returns non zero code if an option is not supported (tested
> from 6.5 to 10.2).
> $ gcc -Wfoobar -E -xc - -o /dev/null < /dev/null > /dev/null 2>&1 ; echo $?
> clang always return 0 if an option in not recognized
On Thu, 11 Feb 2021 at 05:31, Victor Sudakov wrote:
> Lukas Tribus wrote:
> > On Wed, 10 Feb 2021 at 16:55, Victor Sudakov wrote:
> > >
> > > I can even phrase my question in simpler terms. What happens if the sum
> > > total of all servers' m
On Wed, 10 Feb 2021 at 16:55, Victor Sudakov wrote:
> I can even phrase my question in simpler terms. What happens if the sum
> total of all servers' maxconns in a backend is less than the maxconn
> value in the frontend pointing to the said backend?
Queueing for "timeout queue"
On Mon, 8 Feb 2021 at 18:14, Максим Куприянов
> I faced a problem dealing with l4 (tcp mode) haproxy-based proxy over
> Graphite's component receiving metrics from clients and clients who are
> connecting just to send one or two Graphite-metrics and disconnecting right
you are looking for hard-stop-after:
On Thu, 4 Feb 2021 at 11:40, Froehlich, Dominik
> I am currently experimenting with the HAproxy soft reload functionality
On Wed, 3 Feb 2021 at 18:47, Илья Шипицин wrote:
>> while I do not mind to have such optimization, but when 'a.example.com"
>> responds with http2 GOAWAY, that affects also "b.example.com" and "
>> c.example.com". Chrome is not clever enough to open new connections instead
>> of abandoned one.
On Wed, 3 Feb 2021 at 17:44, Илья Шипицин wrote:
> TLS1.2 uses tls tickets, when TLS1.0 uses ssl sessions.
I believe this is incorrect, TLSv1.2 works just fine with Session ID's
(RFC5246) and TLS 1.0 works fine with TLS tickets (RFC5077). I'm not
aware of any restrictions between
we are gonna need the outputs of "haproxy -vv" from both situations,
as well as at the very least *all* the ssl configuration parameters in
haproxy that you are using.
However, I do not believe it is likely that we can find the root
cause, without access to those handshakes, since
On Thu, 21 Jan 2021 at 09:45, Tim Düsterhus wrote:
> Hi List,
> Am 21.01.21 um 08:59 schrieb jimmy:
> > I found the fact that HAProxy 2.3 higher supports HTTP/3 (QUIC) through
> > [this
> > link](https://www.haproxy.com/blog/announcing-haproxy-2-3/#connection-improvements).
On Friday, 4 December 2020, Yossi Nachum wrote:
> If I will change the map file via admin socket
> Will it shutdown old/current sessions?
Better, you don't need to shutdown anything, because HTTP authentication
works on a HTTP transaction level, so each request is authenticated, even
On Thu, 3 Dec 2020 at 16:17, Yossi Nachum wrote:
> I'm using haproxy 1.8
> This is my global and frontend configuration which include user auth:
> acl network_allowed src,map_ip_int(/etc/haproxy/allowed_ips.lst,0) -m int
> eq 1
> acl users_allowed
On Thu, 3 Dec 2020 at 15:32, Yossi Nachum wrote:
> I have haproxy configuration that based on a file with username and password.
> When I disable a user his new sessions are blocked with 407 but his
> old/current sessions are still processed
Please share your
-- Forwarded message -
From: Paul Nelson
Date: Tue, 1 Dec 2020 at 11:15
Subject: Forthcoming OpenSSL Release
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1i.
This release will be made available on Tuesday 8th December
On Wed, 18 Nov 2020 at 15:06, Froehlich, Dominik
> Hi everyone,
> Some of our customers are using mTLS to authenticate clients. There have been
> complaints that some certificates don’t work
> but we don’t know why. To shed some light on the matter, I’ve tried
On Tue, 17 Nov 2020 at 13:35, Tim Düsterhus, WoltLab GmbH
> Am 09.11.20 um 12:36 schrieb Tim Düsterhus, WoltLab GmbH:
> > is it possible to reliably disable client keep-alive on demand based on
> > the result of an ACL?
> > I was successful for HTTP/1 requests by
On Mon, 16 Nov 2020 at 22:48, Илья Шипицин wrote:
> we run CI only for master branch.
> do all those people want to run latest unstable haproxy on oldish RHEL 6 ?
No, but since we *only test* master, this is the only way we get
*some* coverage for the changes we are
On Sun, 15 Nov 2020 at 17:14, Илья Шипицин wrote:
> we still run cirrus-ci builds.
> CentOS 6 is EOL.
> should we drop it?
I think CentOs6 gives us good feedback about older operating systems
that we may not necessarily want to break.
The question for me is not so much
On Fri, 13 Nov 2020 at 21:21, Willy Tarreau wrote:
> > > I'd suggest you run haproxy with noreuseport  temporarily, and
> > > check if your kernel refuses to bind() to those IP's - it likely will.
> > > This indicates an unsupported configuration (by your kernel, not by
> > >
On Fri, 13 Nov 2020 at 10:08, Bartosz
> Are we really the only ones with this issue? Has no one else seen this
> change in behaviour? Or otherwise have any idea where it's coming from?
> Or at least confirm whether they do or don't see the same behaviour.
I don't think
On Fri, 6 Nov 2020 at 10:59, Willy Tarreau wrote:
> > > hate the noise that some people regularly make about "UDP support"
> > I am *way* more concerned about what to tell people when they report
> > redundant production systems meltdowns because of the traps that we
> > knew
On Wed, 4 Nov 2020 at 15:36, Willy Tarreau wrote:
> I think it's a reasonable tradeoff because those who insist on this are
> also those who want to use so-called "modern" tools (placing "modern"
> and DNS in the same sentence always leaves me a strange feeling that
> something 37
On Mon, 2 Nov 2020 at 15:41, Emeric Brun wrote:
> Hi All,
> We are currently studying to develop a DNS messages load balancer (into
> haproxy core)
I find this a little surprising given that there already is a great
DNS load-balancer out there (dnsdist) from the folks at
On Tue, 20 Oct 2020 at 05:36, Dave Hall wrote:
> HAProxy Active/Standby pair using keepalived and a virtual IP.
> Load balance SSH connections to a group of user access systems (long-running
> Layer 4 connections).
> Using Fail2Ban to protect against password attacks, so using
On Wed, 14 Oct 2020 at 15:29, Willy Tarreau wrote:
> For "nbproc", given that I had no response in the previous question and
> I anticipate some surprises if I play games with it, I'll probably apply
> William's suggestion, consisting in starting to emit a warning about it,
> and asking
On Thu, 24 Sep 2020 at 11:40, Łukasz Tasz wrote:
> Hi all,
> haproxy is gr8 - simply.
> Till today I was using roundobin algorithm, but after studying documentation
> it popped up that source might be better.
> I'm using haproxy in tcp mode, version 1.8, load from one client
On Tue, 15 Sep 2020 at 09:05, Brad Smith wrote:
> >> NetBSD 8.0 adds support for accept4() and closefrom(). Enable
> >> getaddrinfo().
> > We just had to disable threading on OpenBSD 6.7 for the build to succeed:
> > https://github.com/haproxy/haproxy/issues/725
> > Did you actually test
On Sun, 13 Sep 2020 at 09:08, Brad Smith wrote:
> The following diff updates the feature flags for Solaris / FreeBSD / NetBSD /
> Bump the baseline Solaris to 9 which intruduced closefrom().
> FreeBSD 10 is already EOL for support but its the new baseline.
On Tue, 8 Sep 2020 at 12:39, Teo Klestrup Röijezon
> Hey Willy, sorry about the delay.. managed to get sick right after that stuff.
> > I don't understand what you mean here in that it does not make sense to
> > you. Actually it's not even about overriding verifyhost, it's more that
as per the suggestions from Cyril and Willy on the mailing list:
and with direct contributions from Tim, this changes large parts
of the bug issue template.
The Feature template is also updated as well as a new template for
Code Reports is introduced.
- changes to Bug.md as per this discussion
- changes to Features.md (just different sequence here)
- added a new label "type: code-report" and a new issue template for
those as well
The changes can be seen here:
On Wed, 12 Aug 2020 at 21:03, Jerome Magnin wrote:
> Hi Frank,
> On Wed, Aug 12, 2020 at 11:50:05AM +0200, Frank Wall wrote:
> > Hi,
> > this *feels* like a silly question and I may have missed something
> > pretty obvious, but... I've tried to use the "source" keyword and
> > it doesn't
On Mon, 20 Jul 2020 at 06:35, Willy Tarreau wrote:
> > (Another case is when I try to follow the issue reports during vacation)
> > I think it could be easier and quicker by only changing the sections order
> > like this :
> > 1. Expected behavior
> > 2. Actual behavior
> > 3. Steps
On Thu, 30 Jul 2020 at 20:49, Valter Jansons wrote:
> On Thu, Jul 30, 2020 at 6:44 PM Harris Kaufmann
> > my company really needs the next 2.1 release but we want to avoid
> > deploying a custom, self compiled version.
> > Is there something I can do to help with the
On Wed, 29 Jul 2020 at 19:19, Илья Шипицин wrote:
> however, ZLIB is enabled by default in many distros and docker images.
> any idea why ZLIB is chosen by default ?
Because zlib is known, packaged and used everywhere and by everyone
while slz is a niche library. It would need a
On Wed, 29 Jul 2020 at 11:16, Froehlich, Dominik
> Hi Lukas,
> Thanks for the reply.
> My query goes along the lines of which Lua version is compatible with HAproxy
> and contains fixes to those CVEs.
> I could not find a specific instruction as to which Lua version can be
On Wed, 29 Jul 2020 at 10:23, Froehlich, Dominik
> Hello everyone,
> Not sure if this is already addressed. Today I got a CVE report of several
> issues with Lua 5.3.5 up to 5.4.
> I believe Lua 5.4 is currently recommended to build with HAproxy 2.x?
> Before I open an
On Mon, 27 Jul 2020 at 13:14, Willy Tarreau wrote:
> > However on a unix domain socket like this we never had this issue in
> > the first place, as connection-reuse cannot be used on it by
> > definition, correct?
> No, it doesn't change anything. We consider the connection, the protocol
On Thu, 23 Jul 2020 at 14:34, Willy Tarreau wrote:
> > defaults
> > http-reuse always
> > backend abuse
> > timeout server 60s
> > balance roundrobin
> > hash-balance-factor 0
> > server s_abuse u...@abuse.sock send-proxy-v2 maxconn 4
> > listen l_abuse
I will comment next week, but I generally agree that we should move the
version output to the end, as I noticed the same issue.
expected/actual behaviour sections are painful in the obvious cases (dont
crash/crash), but oftentimes users just assume their itent is obvious when
it's really not.
req_ssl_sni is not compatible with protocols negotiating TLS
explicitly, like SMTP on port 25 or 587 and IMAP on port 143.
Fix an example referring to 587 (SMTPS port with implicit TLS
is 465) and amend the req_ssl_sni documentation.
This doc fix should be backported to supported versions.
On Sat, 11 Jul 2020 at 13:20, Jonathan Matthews wrote:
> On Sat, 11 Jul 2020 at 12:14, Tofflan wrote:
>> Im trying to setup a setup HAProxy on my Pfsense router, the links under
>> documentation dont work. example:
On Fri, 10 Jul 2020 at 08:08, Christopher Faulet wrote:
> I finally pushed this fix in the 2.0. Note the same bug affected the HTTP
> mode (using http_proxy option). In this case, the connection retries is now
> disabled (on the 2.0 only) because the destination address
On Tue, 7 Jul 2020 at 15:16, Michael Wimmesberger
> I might have found a potentially critical bug in haproxy. It occurs when
> haproxy is retrying to dispatch a request to a server. If haproxy fails
> to dispatch a request to a server that is either up or has no
1 - 100 of 1546 matches
Mail list logo