RE: [PATCH] AIX 7.2 support

IBM is still selling AIX?! (Which stands for: it Ain't unIX ;-) ) -Original Message- From: Chris Sent: Monday, February 3, 2020 6:10 AM To: haproxy@formilux.org Subject: [PATCH] AIX 7.2 support Hello everybody, I spent some time making haproxy compile and run successfully on AIX 7.2 us

Loading multiple TLS certificates

certificate, the intermediates, and the key, or should I create a single PEM file containing all 6 certificates, 6 keys, and 1 intermediate file? Norman Branitsky Senior Cloud Architect MicroPact Toronto 416.916.1752 (61752)

HAProxy in front of Docker Enterprise problem

ently this doesn't work - the client gets the SSL certificate provided by the HAProxy server instead of the certificate provided by the Manager node. This causes the Manager node to barf. Do I have to make HAProxy listen on 8443 and just do a tcp frontend/backend for the Manager nodes? Norman Branitsky

Re: Setting a unique header per server in a backend

Don't forget the "X-" header prefix is deprecated: https://tools.ietf.org/html/rfc6648 Norman Branitsky On Dec 16, 2018, at 03:50, Willy Tarreau mailto:w...@1wt.eu>> wrote: Hi Sachin, On Sat, Dec 15, 2018 at 10:32:21PM +0530, Sachin Shetty wrote: Hi, We have a tricky

RE: Redirect Syntax

This is what I do. Either use a combined "listen" or a separate "frontend" and "backend". frontend main bind 0.0.0.0:80 option forwardfor except 127.0.0.0/8 option httplog http-request redirect scheme https code 301 if !{ ssl_fc } frontend main_ssl # Bind SSL port wit

Random with Two Choices Load Balancing Algorithm

NGINX just announced the following load balancing method as default for their Ingress Controller for Kubernetes. Will this appear on the HAProxy roadmap? Support for the New Random with Two Choices Load‑Balancing Algorithm In NGINX Plus R16

RE: SSL certs

Alberto wrote: For example, if you've bought your wildcard cert from comodo, it would go like this: cat STAR_your_domain.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt STAR_your_domain.key > STAR_your_domain.pem I don’t believe you should inc

RE: URL rewrite

ginal Message- From: Norman Branitsky Sent: Monday, August 27, 2018 6:53 PM To: 'Tim Düsterhus' ; haproxy Subject: RE: URL rewrite Your examples are all correct. -Original Message- From: Tim Düsterhus Sent: Monday, August 27, 2018 6:22 PM To: Norman Branitsky ; haproxy S

RE: URL rewrite

Your examples are all correct. -Original Message- From: Tim Düsterhus Sent: Monday, August 27, 2018 6:22 PM To: Norman Branitsky ; haproxy Subject: Re: URL rewrite Norman, Am 27.08.2018 um 23:45 schrieb Norman Branitsky: > I need to rewrite my URLs according to the following patt

URL rewrite

I need to rewrite my URLs according to the following pattern: cloud.example.com/?query becomes: .cloud.example.com/main?query HAProxy will terminate SSL - I have a wildcard certificate for *.cloud.example.com. As the target servers are running Docker Enterprise, I do not need DNS entries for eve

RE: Docker Swarm configuration

Actually items 2 and 3 below are what I want: If hostname "ucp.mydomain.com" then "reencrypt" i.e. https -> https else normal SSL termination - "edge" i.e. https -> http. -Original Message- From: Aleksandar Lazic Sent: Thursday, August 23, 2018 4:

RE: Docker Swarm configuration

, 2018 3:25 PM To: haproxy@formilux.org; Norman Branitsky ; haproxy Subject: Re: Docker Swarm configuration Hi. How about to use the following setup. frontend tcp mode tcp bind 443 use_backend default backend default mode http bind 444 ... You can take a look into the openshift

Docker Swarm configuration

My plan was to by default terminate SSL and send http traffic to the worker servers on port 88 while traffic with a "ucp.mydomain.com" header would be passed thru as https to the UCP management servers on port 8443. Docker Enterprise Manager nodes insist on seeing incoming commands as https and r

RE: Missing SRV cookie

m: Cyril Bonté Sent: Monday, July 23, 2018 3:31 PM To: Norman Branitsky Cc: haproxy Subject: Re: Missing SRV cookie Hi Norman, Le 23/07/2018 à 18:36, Norman Branitsky a écrit : > My client's environment had 3 HAProxy servers. > > Due to a routing issue, my client's users c

Missing SRV cookie

My client's environment had 3 HAProxy servers. Due to a routing issue, my client's users could only see the old HAProxy 1.5 server when connecting from their data center. They could not see the 2 new HAProxy 1.7 servers. The routing issue was resolved last week and they could now see the 2 new HA

RE: JWT payloads break b64dec convertor

https://en.wikipedia.org/wiki/The_C_Programming_Language -Original Message- From: Aleksandar Lazic Sent: Monday, May 28, 2018 12:34 PM To: Jonathan Matthews Cc: Willy Tarreau ; haproxy Subject: Re: JWT payloads break b64dec convertor On 28/05/2018 15:10, Jonathan Matthews wrote: >On M

Eclipse 403 access denied

After upgrading to the latest version of Eclipse and installing our custom Eclipse Plugin, my developers are now being blocked by HAProxy. Here's a sample of the problem: May 11 15:03:37 localhost haproxy[13089]: 66.192.142.9:43041 [11/May/2018:15:03:37.932] main_ssl~ ssl_backend-etkdev/i-0912nn

RHEL distribution still uses HAProxy 1.5

We opened a ticket with RHEL Support to ask when they would upgrade to at least HAProxy 1.7. This was their reply: Most recent comment: On 2018-05-01 10:22:28, Patil, Ravindra commented: "Hello The reason 1.7 (as well and 1.6 and 1.8) are not in RHEL is due to backward compatibility. We can't s

Docker EE Plugins

In this document: https://blog.docker.com/2018/03/enhanced-layer-7-routing-swarm-docker-enterprise-edition-beta/?mkt_tok=eyJpIjoiTnprNE5XTTBORFk0Tm1ReCIsInQiOiJ2bTgxWGdpczRcL0Q3Z1wvNmZVdTBrWDhMbFZzUjhSMVExeUpLZUxcL3p5dVkwanJVUTlTejRIRHIwODQzZUZ0Z1RGeFFCaklhK3VPbXBTaTQ5Q2JpUTBSSDZYWktBWU53eUhiNkpQa1

RE: Poll: haproxy 1.4 support ?

Unfortunately, Red Hat continues to distribute 1.5 in RHEL 7. How do we get them to upgrade to 1.7 ? From: Falco Schmutz / premaccess [mailto:fschm...@premaccess.com] Sent: January-02-18 10:27 AM To: Jonathan Matthews Cc: haproxy Subject: Re: Poll: haproxy 1.4 support ? Yes Jonathan is right, d

RE: HAProxy as a frontend for Docker Swarm deployment

I believe Docker Swarm has a similar API. Is the code for you listener public? From: Soluti Quintiliano [mailto:quintili...@soluti.com.br] Sent: November-06-17 2:08 PM To: Norman Branitsky Cc: haproxy@formilux.org Subject: Re: HAProxy as a frontend for Docker Swarm deployment I don't kno

HAProxy as a frontend for Docker Swarm deployment

d on Docker Service label." Having read the docs, it appears to be reasonable for internal exposure only. With respect to dynamic configuration based on Docker Service label, how does this compare vis a vis HAProxy? Norman Norman Branitsky Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.06

RE: HTTP DELETE command failing

This particular DELETE was designed to return a 204 – no payload expected. So the test which insisted on payload was incorrect. Problem solved. Thanks. From: Igor Cicimov [mailto:ig...@encompasscorporation.com] Sent: November-02-17 8:56 PM To: Norman Branitsky Cc: Moemen MHEDHBI ; haproxy

RE: HTTP DELETE command failing

: haproxy@formilux.org Subject: Re: HTTP DELETE command failing HAProxy is replying 403, which means that the DELETE request was explicitly denied by your conf. In order for us to help you, we need to have a look to your conf ++ On 02/11/2017 17:17, Norman Branitsky wrote: In HAProxy version 1.7.5, I see

HTTP DELETE command failing

88 - - PR-- 4/4/0/0/0 0/0 "DELETE /etk-training-ora1/private/api/users/62469 HTTP/1.1" In the GET and POST commands, path_beg matches /etk-training-ora1. It appears that in the DELETE command path_beg returns nothing or something else. Suggestions, please? Norman Norman Branitsky Cloud A

RE: HAProxy 1.7.8 compile problem with new OpenSSL

red” option for the “./config” command. I see you use the following 2 make options: USE_PCRE_JIT=1 USE_REGPARM=1 I didn’t notice them in the docs. Are they recommended? From: Denis Astahov [mailto:de...@trinimbus.com] Sent: August-24-17 11:26 AM To: Norman Branitsky Cc: haproxy@formilux.org Subject:

RE: HAProxy 1.7.8 compile problem with new OpenSSL

de/openssl SSL_LIB=/usr/local/ssl/lib Thank you all and sundry. -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: July-28-17 6:18 AM To: Norman Branitsky Cc: haproxy@formilux.org Subject: Re: HAProxy 1.7.8 compile problem with new OpenSSL On Wed, Jul 26, 2017 at 06:40:

RE: HAProxy 1.7.8 compile problem with new OpenSSL

=/usr install Then I tried ./config --prefix=/usr make make test make INSTALL_PREFIX=/ install -Original Message- From: Gibson, Brian (IMS) [mailto:gibs...@imsweb.com] Sent: July-26-17 5:47 PM To: haproxy@formilux.org; Norman Branitsky Subject: RE: HAProxy 1.7.8 compile problem with

RE: HAProxy 1.7.8 compile problem with new OpenSSL

`SSL_CTX_set_alpn_select_cb' collect2: error: ld returned 1 exit status make: *** [haproxy] Error 1 The original ssl was installed in /usr/lib64 - should I force the new one to install in the same directories overwriting the old? From: Gibson, Brian (IMS) [mailto:gibs...@imsweb.com] Sent:

HAProxy 1.7.8 compile problem with new OpenSSL

sl_sock.c:2879: undefined reference to `SSL_CTX_set_alpn_select_cb' collect2: error: ld returned 1 exit status make: *** [haproxy] Error 1 Norman Norman Branitsky Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.0670 (t) 1-888-232-0224 x61752 www.micropact.com<http://www.micropact.com/> Think it > Track it > Done

RE: AWS ELB as a backend

You dropped “server1” from the server line. So it’s reading the server address as the server-name and “check” as the server-address: server server-name server-address [check] [resolvers resolver-name] From: DHAVAL JAISWAL [mailto:dhava...@gmail.com] Sent: July-24-17 12:56 PM To: Aleksandar Lazic

RE: HAProxy failover - DNS change cached by IE for a long time

Comments inline. From: Igor Cicimov [mailto:ig...@encompasscorporation.com] Sent: July-08-17 11:20 PM To: Norman Branitsky Cc: HAProxy Subject: RE: HAProxy failover - DNS change cached by IE for a long time Of course it can work see https://icicimov.github.io/blog/high-availability/Keepalived

RE: HAProxy failover - DNS change cached by IE for a long time

...@encompasscorporation.com] Sent: July-08-17 9:14 AM To: Norman Branitsky Cc: HAProxy Subject: RE: HAProxy failover - DNS change cached by IE for a long time On 8 Jul 2017 2:58 am, "Norman Branitsky" mailto:norman.branit...@micropact.com>> wrote: I changed the TTL on my application’s

RE: HAProxy failover - DNS change cached by IE for a long time

tab continues to display the dnserror page - probably for 20 minutes. From: Norman Branitsky [mailto:norman.branit...@micropact.com] Sent: June-27-17 10:44 AM To: haproxy@formilux.org Subject: HAProxy failover - DNS change cached by IE for a long time This sender failed our fraud detection check

Replacing reqadd with http-request set-path

ttp-request redirect /datamart/wiLogin.do if path_root Are my "translations" correct? Norman Norman Branitsky Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.0670 (t) 1-888-232-0224 x61752 www.micropact.com<http://www.micropact.com/> Think it > Track it > Done

HAProxy failover - DNS change cached by IE for a long time

the same data entry page. What can I do to kick IE in the head and cause it to refresh its DNS cache? It doesn't seem to respect the TTL value. Norman Norman Branitsky Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.0670 (t) 1-888-232-0224 x61752 www.micropact.com<http://www.micropact.com/> Think it > Track it > Done

Missing security headers

tent-Type-Options: nosniff' rspadd 'Expect-CT: max-age=0; report-uri=https://xxx.report-uri.io/r/default/ct/reportOnly' rspadd 'Expect-Staple: report-uri=https://xxx.report-uri.io/r/default/staple/reportOnly' BUT they are not appearing when I use Firefox to view the Headers

RE: HAProxy 1.7.5 cookie JSESSIONID prefix not working

...@1wt.eu] Sent: June-02-17 10:52 AM To: Lukas Tribus Cc: Norman Branitsky ; Cyril Bonté ; haproxy@formilux.org Subject: Re: HAProxy 1.7.5 cookie JSESSIONID prefix not working Hi Lukas, On Wed, May 31, 2017 at 12:59:41AM +0200, Lukas Tribus wrote: > Hello Norman, > > > Am 31.05.2

RE: HAProxy 1.7.5 cookie JSESSIONID prefix not working

7 5:56 PM To: Norman Branitsky Cc: Lukas Tribus ; haproxy@formilux.org Subject: Re: HAProxy 1.7.5 cookie JSESSIONID prefix not working Hi Norman, Le 30/05/2017 à 23:39, Norman Branitsky a écrit : > I modified the server line thus: > > server id-dv-dcavr-01 10.90.10.53:900

RE: HAProxy 1.7.5 cookie JSESSIONID prefix not working

@gmx.net] Sent: May-30-17 5:00 PM To: Norman Branitsky ; haproxy@formilux.org Subject: Re: HAProxy 1.7.5 cookie JSESSIONID prefix not working Hello Norman, Am 30.05.2017 um 18:06 schrieb Norman Branitsky: > > The server's identifier is not added to the cookie. > Did you

HAProxy 1.7.5 cookie JSESSIONID prefix not working

; Secure; HttpOnly The server's identifier is not added to the cookie. Needless to say, my load balancing doesn't work. Norman Norman Branitsky Cloud Architect MicroPact (o) 416.916.1752 (c) 416.843.0670 (t) 1-888-232-0224 x61752 www.micropact.com<http://www.micropact.com/> Think it > Track it > Done