Hello:
Are any of you running an architecture like
http://blog.haproxy.com/2012/10/12/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/
but with SSL termination in the mix ? Would be interested to hear how you have
done it please.
Thanks, Phil
Hello all:
we are rolling out a new system and are testing the SSL performance with some
strange results. This is all being performed on a cloud hypervisor instance
with the following:
HA-Proxy version 1.5.11 2015/01/31
8GM RAM / 8 CPUs
when we run 'ab' with nbproc set to '1' we see the
Jun, 2015, at 14:26, Baptiste bed...@gmail.com wrote:
Phil,
without -k, HAProxy spends its time to compute TLS keys.
Can you run 'openssl speed rsa2048' and report here the number?
My guess is that it shouldn't be too far from 400 :)
Baptiste
On Thu, Jun 18, 2015 at 3:20 PM, Phil Daws
Hello Lukas:
Path is as follows:
Internet - HAProxy [Frontend:443 - Backend:80] - 6 x NGINX
Yeah, unfortunately due to the application behind NGINX our benchmarking has to
be without keep-alives :(
Thanks, Phil
- On 18 Jun, 2015, at 13:38, Lukas Tribus luky...@hotmail.com wrote:
Hi
!
Furthermore if all VMs are hosted on the same hypervisor.
You won't be able to get any accurate conclusion from your test,
because the injector VM is impacting the HAProxy VM, which migh be
mutually impacted the server VMs...
Baptiste
On Thu, Jun 18, 2015 at 2:41 PM, Phil Daws ux
Hello Willy,
- On 17 May, 2015, at 14:16, Willy Tarreau w...@1wt.eu wrote:
Hello Phil,
On Tue, May 12, 2015 at 07:54:35AM +0100, Phil Daws wrote:
(...)
the issue is that if I go to the web site via HTTPS, which does not pass
through a CDN, then the correct client IP is being passed
Any thoughts please ?
- Original Message -
From: Phil Daws ux...@splatnix.net
To: haproxy@formilux.org
Sent: Tuesday, 12 May, 2015 07:54:35
Subject: send-proxy and x-forward-for
Hello:
am testing NGINX behind HAP 1.5.11 and having trouble to understand how
send-proxy should be used
Hello:
am testing NGINX behind HAP 1.5.11 and having trouble to understand how
send-proxy should be used with a combination of x-forward-for. What I so far
in my haproxy.cfg is as follows:
frontend frontend-web-http
mode http
bind 192.168.8.70:80
default_backend
Hello all!
Long time no post but have lost some of my old notes and hitting an issue with
SSL. In my haproxy.conf I have:
frontend frontend-zimbra-zwc-http
mode http
bind 10.1.8.73:80
redirect scheme https if !{ ssl_fc }
frontend frontend-zimbra-zwc-https
bind
Hello,
have searched but did not find an answer on whether its possible to pass the
connecting IP address (src) as a variable on a redirect ? This would be used
on an ACL for certain access to URLs eg:
acl SEC_Admin url_dir -i /secure
acl ViaNOC src XXX.XXX.XXX.XX
redirect
Hello,
I have a configuration where I am proxying front-end connections to a back-end
service:
frontend security-frontend
bind 192.168.1.10:3307
maxconn 2000
default_backend security-backend
backend security-backend
mode tcp
balance roundrobin
option httpchk
server sec1
Hello all,
I have built a small environment which has two web servers sat behind HAProxy
(1.5) plus three MariaDB servers clustered using Galera. I am finding that
some web applications Admin panels eg. Wordpress/Joomla do not work if the
MySQL session is being constantly re-directed to
Hello,
am working on setting up HAProxy and would like it to LB connections to our
Zimbra server. So far I have the following:
frontend zimbra-mta-frontend
bind 172.30.8.22:25
mode tcp
no option http-server-close
timeout client 1m
log global
option tcplog
default_backend
Resolved; did specify the correct options. Once set the following all okay:
server zmta1 zm1.mydomain.com:1025 check check-send-proxy send-proxy
- Original Message -
From: Phil Daws ux...@splatnix.net
To: haproxy@formilux.org
Sent: Thursday, 11 April, 2013 1:51:59 PM
Subject: Send
Hello,
have just started to explore HAProxy and am finding it amazing! As a long time
Zimbra user I wanted to see how one could balance the front-end web client so
had a play around. What I have at present is the following configuration:
frontend zimbra-zwc-frontend-https
bind
Thank you Jerome. Am looking at KeepAlived, UCARP and VRRP though not sure
which way to go at the moment from a pro/cons perspective. Thanks.
- Original Message -
From: Jérôme Benoit jerome.ben...@grenouille.com
To: haproxy@formilux.org
Cc: Phil Daws ux...@splatnix.net
Sent: Tuesday, 9
16 matches
Mail list logo