Re: HAProxy reloads lets old and outdated processes

2016-10-24 Thread Simon Dick 
On 24 October 2016 at 13:46, Pierre Cheynier  wrote:

> Hi,
>
> Sorry, wrong order in the answers.
>
> > Yes it has something to do with it because it's the systemd-wrapper which
> > delivers the signal to the old processes in this mode, while in the
> normal
> > mode the processes get the signal directly from the new process. Another
> > important point is that exactly *all* users having problem with zombie
> > processes are systemd users, with no exception. And this problem has
> never
> > existed over the first 15 years where systems were using a sane init
> > instead and still do not exist on non-systemd OSes.
>
> Unfortunately, I remember we had the same issue (but less frequently) on
> CentOS6 which is init-based.
> I tried to reproduce, but didn't succeed... So let's ignore that for now,
> it was maybe related to something else.
>
>
I had similar problems in my last job when I was reloading haproxy pretty
frequently using standard init.d scripts from the consul-template program.
I even updated it to the latest 1.6 at the time without noticeable
improvements.

Re: Availability of HAProxy on Windows Server

2015-03-27 Thread Simon Dick 
I'm afraid Windows isn't a supported platform, please see
http://www.haproxy.org/#plat

On 26 March 2015 at 21:38, Abhijit Damle abhijit.da...@beca.com wrote:
 Hi,



 Do you have any version of HAProxy supported on Windows Server
 editions (server 2008, server 2012 etc). if so from where can I download it?



 Thanks and regards,

 Abhijit Damle
 Senior Software Engineer
 Beca
 www.beca.com




 ---

 NOTICE: This email, if it relates to a specific contract, is sent on behalf
 of the Beca company which entered into the contract. Please contact the
 sender if you are unsure of the contracting Beca company or visit our web
 page http://www.beca.com for further information on the Beca Group. If this
 email relates to a specific contract, by responding you agree that,
 regardless of its terms, this email and the response by you will be a valid
 communication for the purposes of that contract, and may bind the parties
 accordingly.
 This e-mail together with any attachments is confidential, may be subject to
 legal privilege and may contain proprietary information, including
 information protected by copyright. If you are not the intended recipient,
 please do not copy, use or disclose this e-mail; please notify us
 immediately by return e-mail and then delete this e-mail.

 ---

Re: Public Key for free Open souce install

2015-02-28 Thread Simon Dick 
On 28 February 2015 at 18:28,  vad...@yahoo.com wrote:
 Hi,
 Where can I get a Key for free Open source installation, please let me have
 a link to it.
 (Of course, replace the tag YOURKEYHERE by the key that has been delivered
 to you.)

 HAProxy Technologies HAPEE public key import

 Packages provided by HAProxy Technologies are signed. In order to be able to
 install them, you first must import the public key:

 rpm --import
 http://www.haproxy.com/download/hapee/key/YOURKEYHERE-common/RPM-GPG-KEY-HAProxy

At a rough guess I'd say that you get that key once you pay for the
commercial HAPEE licence, if you want free open source then you use
the haproxy from http://www.haproxy.org/ insted.

Re: 1.5 dev22 issue on freebsd10-stable

2014-04-16 Thread Simon Dick 
On 16 April 2014 13:41, Ghislain gad...@aqueos.com wrote:
 Le 16/04/2014 08:39, Willy Tarreau a écrit :

 On a personal note, I'd say that I consider the support for strace and
 tcpdump as absolute prerequisite when it comes to any platform going into
 production, to the point of even reconsidering the platform if it misses
 them. Willy


 well FreeBSD  has dtrace and truss for that so there is possibility for the
 same followup :)

ktrace is quite useful too...

Re: Spam

2014-04-15 Thread Simon Dick 
I couldn't care less about the spam that comes through, the bit that
annoys me is the mailing list emails when gmail doesn't accept spam
and the software complains messages are bouncing :)

On 15 April 2014 00:23, Steven Le Roux ste...@le-roux.info wrote:
 Ok let's do the math.

 search(in:spam in:lists-haproxy before:2014/04/15 after:2014/04/01)
 = 50 spam for the last 2 weeks.

 This is not what I call astounding.

 I didn't even noticed their was spam :) I had to look them for.

 You can set up your MTA/MUA and you won't see anything or use
 gmail/ymail/whatevermail

 On Mon, Apr 14, 2014 at 7:21 PM, Malcolm Turnbull
 malc...@loadbalancer.org wrote:
 I love these little political spats :-).
 Just wanted to see how long we could make the thread.

 +1 for Willy.

 Initially I must admit I thought the non-subscribe was odd...
 But after years of happy use I finally get the reasoning, its not the
 list that is the problem but the spammers - deal with spam in the
 usual fashion (at the client end).
 In my case Google does it for me 3,500 spams in the last 30 days 
 apparently

 Ps. HAProxy is and always will be the best open source load balancing
 proxy solution - Thanks very much.












 On 14 April 2014 18:07, Juan  Jimenez jjime...@electric-cloud.com wrote:

 On 4/14/14, 12:00 PM, Willy Tarreau w...@1wt.eu wrote:

On Mon, Apr 14, 2014 at 04:39:21PM +0100, Kobus Bensch wrote:
 I'd like to say something as a user of the software and and avid
 follower of each conversation via this list. The few spam messages that
 do come through IS NO ISSUE. Unless it is so bad it is wearing your
 delete key out. Seriously, there are other things to complain about.

Thank you for confirming my beliefs Kobus :-)

Willy

 That¹s anecdotal evidence. LOL!





 --
 Regards,

 Malcolm Turnbull.

 Loadbalancer.org Ltd.
 Phone: +44 (0)870 443 8779
 http://www.loadbalancer.org/




 --
 Steven Le Roux
 Jabber-ID : ste...@jabber.fr
 0x39494CCB ste...@le-roux.info
 2FF7 226B 552E 4709 03F0  6281 72D7 A010 3949 4CCB

Question about logging HTTP Auth username

2013-03-13 Thread Simon Dick 
Is it possible in the haproxy logs to log the HTTP username if it's sent
across in an HTTP request?

I know I could log the whole header but that doesn't strile me as being a
good idea... :)

Re: haproxy and SSL

2013-02-26 Thread Simon Dick 
This article may be useful:
http://blog.exceliance.fr/2013/01/21/mitigating-the-ssl-beast-attack-using-the-aloha-load-balancer-haproxy/


On 26 February 2013 08:39, Christophe Rahier christo...@qualifio.comwrote:

 Hi,

 Actually, I configured haproxy to decrypt traffic SSL between haproxy and
 http servers. Of course, it works fine ;-)

 If I test our config with https://www.ssllabs.com/ssltest, I've this
 error:

 BEAST attack


 Vulnerable   INSECURE (more info
 
 https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-
 beast-attack-on-tls)


 How would it be possible to correct this issue?

 I could correct this problem directly on the web servers with this
 program: https://www.nartac.com/Products/IISCrypto/Default.aspx

 Thanks for your help.

 Regards,

 Christophe