the amount of copy-pasting.
This is awesome and such an elegant solution, I've always been annoyed
needing to copy the default log lines just to add %ID at the end :-)
Best regards
Tim Düsterhus
appear as EOL once regenerated.
You forgot to update the background color on the home page to red :-)
PR for Docker is here:
https://github.com/docker-library/haproxy/pull/201
Best regards
Tim Düsterhus
/docker-library/haproxy/tree/master/1.8
Best regards
Tim Düsterhus
of
the organization or not.
But as Ilya already confirmed, any "plaintext" secrets that appear in
the logs are redacted. Of course this does not protect against base64
encoded tokens appearing in the logs, e.g. when using HTTP "Basic"
authentication.
Best regards
Tim Düsterhus
For the GITHUB_TOKEN we're using now, the limit is at 1000r/h:
https://docs.github.com/en/rest/overview/resources-in-the-rest-api?apiVersion=2022-11-28#requests-from-github-actions
Best regards
Tim Düsterhus
timing, I was on my Christmas vacation :-)
I've just read through this entire thread: The solution William found is
the correct one and the one I would've suggested, had I seen this earlier.
Best regards
Tim Düsterhus
' or just attaching the patch as a regular attachment.
Both should be equally simple for Willy to apply.
Best regards
Tim Düsterhus
Willy,
On 12/9/22 16:28, Christopher Faulet wrote:
HAProxy 1.8.31 was released on 2022/12/09. It added 83 new commits
after version 1.8.30.
It appears releases.json didn't update automatically for 1.8:
https://www.haproxy.org/download/1.8/src/releases.json
Best regards
Tim Düsterhus
ions are available and
add them to matrix.py" and this should be fine, all SSL versions will
then be updated every 6 months and can also be updated on demand for
important releases. It's similar to how I simply rerun the Coccinelle
patches from time to time to fix whatever crept in since the last release.
Best regards
Tim Düsterhus
Willy,
On 12/1/22 17:29, Willy Tarreau wrote:
I knew you would be the first one reporting some misses despite my
great care for not triggering your radar ;-)
Yeah, and I would've been very sad if I had nothing to report, I'm not
yet ready to retire :-p
Best regards
Tim Düsterhus
lso I just noticed that the EOL column is inconsistently formatted, if
all LTS versions should be bold (which it looks like) then 2.6 needs to
be bold.
Best regards
Tim Düsterhus
or "no option
http-keepalive") did for 1.1.
I know the HTTP/2 spec provides GOAWAY Frames for this
and haproxy already sends those on shutdown [1].
Is there a way to manually trigger these?
I believe this feature request of mine matches what you are searching for:
https://github.com
David,
On 11/7/22 09:00, David CARLIER wrote:
Thanks here a corrected version.
It looks like you accidentally attached the same patch as before.
Best regards
Tim Düsterhus
/mux_h1.c#L2172
Best regards
Tim Düsterhus
I've sent a PR:
https://github.com/docker-library/docs/pull/2219
Best regards
Tim Düsterhus
from the upstream.
I consider the behavior of the version number generation to be the
correct one. Your working copy should always be updated from the
official upstream.
Best regards
Tim Düsterhus
Thanks. I've filed a feature request at:
https://github.com/haproxy/haproxy/issues/1874
Best regards
Tim Düsterhus
, then the existing mechanisms should already do the
right thing.
Best regards
Tim Düsterhus
load on our backends or resolvers.
Best regards
Tim Düsterhus
need to connect to a backend (server)
again. Thus it should not be necessary to waste CPU on DNS lookups and
health checks for a stopping worker.
Am I missing something here?
Best regards
Tim Düsterhus
/ fixing the message yourself. Seeing that you took the
effort of writing this long reply, I probably should've just ignored the
patch entirely, because it ultimately wasted time for everyone involved.
Best regards
Tim Düsterhus
Willy,
On 8/29/22 09:23, PR Bot wrote:
Author: cui fliter
Number of patches: 1
This is an automated relay of the Github pull request:
fix some typos
Patch title(s):
fix some typos
Link:
https://github.com/haproxy/haproxy/pull/1843
Edit locally:
wget
), but
the TOC was not updated accordingly. Please check the attached patch to fix
this.
This appears to be introduced in
e68e7e8426dc0297a757327e342dd5a212a5f2d9 and was likely backported.
Best regards
Tim Düsterhus
Willy,
On 9/8/22 19:04, Илья Шипицин wrote:
as we install freebsd binary packages, we need to bump image from time to
time
to match prebuilt packages.
The patch LGTM and should unbreak CI. Please take it.
Best regards
Tim Düsterhus
Tim Düsterhus
not affiliated with HAProxy
Technologies-the-company and thus I won't be able to help you any further.
Best regards
Tim Düsterhus
st regards
Tim Düsterhus
readable if the line isn't that long.
Best regards
Tim Düsterhus
nce himself when applying the patch if he doesn't like that
sentence.
Best regards
Tim Düsterhus
p haproxy
$ cat /etc/haproxy/haproxy.cfg |grep tcp-
> $
Best regards
Tim Düsterhus
various 'List-*' headers in the signature which it
should not do.
As this list does not modify the subject or body, any existing
signatures should remain valid (with the caveat of added list-* headers).
Best regards
Tim Düsterhus
/haproxy/commit/4652e975be3db3a69221e68a103dae4e5891313b
and
https://github.com/docker-library/official-images/commit/6e4e18abb18742dda9fe3bbea9366557f640ae1d
Best regards
Tim Düsterhus
Hi
On 7/2/22 08:03, Илья Шипицин wrote:
let us run asan for gcc as well.
This patch appears reasonable to me.
Best regards
Tim Düsterhus
. what you have attempted),
but likely the `strcmp` converter does what you need.
Best regards
Tim Düsterhus
asynchronous TLS
I/O operations if asynchronous capable SSL engines are used. The current
--
2.25.1
Best regards
Tim Düsterhus
urlp above (which is part of the 2/2 patch).
Best regards
Tim Düsterhus
with the URI normalization feature, as
the encoding of a parameter name is not a 1:1 relationship.
Best regards
Tim Düsterhus
u
Cheers!
Many thanks to everyone involved in the new greatest release!
As usual, HAProxy-2.7-dev0 was just created.
Enough of being partypooper Tim. Enjoy your release party!
Best regards
Tim Düsterhus
Best regards
Tim Düsterhus
aproxy/commit/5f4ddb54b05ae0355b1f64c22263a6bc381410df
I keep track of that and send patches as appropriate.
Best regards
Tim Düsterhus
e selection is
available in the dropdown of the close button.
As of now this feature does little more than using a slightly different
icon + color for the closed issue, but I think it would be useful
selecting the correct variant going forward, in case GitHub extends this
feature in the f
tives" in so far, as `-cc` currently
does not yet use deinit_and_exit, but only exit. So there's a huge
number of live allocations we can already clean.
Currently a deinit only happens for:
- haproxy -vv
- haproxy -c (if the check is successful, i.e. exit 0).
- SIGUSR1
Best regards
Tim Düsterhus
, but Willy might
have some.
Reviewed-by: Tim Duesterhus
Best regards
Tim Düsterhus
to take better care.
As Willy already said: Don't worry about your first attempt not being
perfect. Your patch is definitely already looking great (especially
since you followed the advice in CONTRIBUTING regarding the commit
message and not using pull requests):
Best regards
Tim Düsterhus
factoring it to use the 'ist' API).
Best regards
Tim Düsterhus
dataplane-api, ingress
controller and such things already offer a valid response, I don't know
for sure if they can be considered as drop-in replacement nor if they
support everything, and this will have to be studied as well before
starting to scare users!
Best regards
Tim Düsterhus
V DNS records or more?
Best regards
Tim Düsterhus
presented a solution for real-time monitoring of a stick table on
HAProxyConf 2021:
https://github.com/WoltLab/node-haproxy-peers
https://www.haproxy.com/user-spotlight-series/using-haproxy-peers-for-real-time-quota-tracking/
Best regards
Tim Düsterhus
h" is preferred over using "url", because clients may send a full URL as
is normally done with proxies. The only real use is to match "*" which does
not match in "path", and for which there is already a predefined ACL.
Best regards
Tim Düsterhus
to be fixed.
Perfect, I agree here. QUICTLS caching is useful and VTest caching is
obsolete with the single-job restart.
Best regards
Tim Düsterhus
Willy,
On 3/11/22 22:46, Tim Duesterhus wrote:
Introduced in:
0657b9338 MINOR: stream: add "last_rule_file" and "last_rule_line" samples
I believe you missed this one.
Best regards
Tim Düsterhus
Willy,
On 3/8/22 20:43, Tim Düsterhus wrote:
Yes my point was about VTest. However you made me think about a very good
reason for caching haproxy builds as well :-) Very commonly, some VTest
randomly fails. Timing etc are involved. And at the moment, it's impossible
to restart the tests
find
accesses of '.ptr' for an ist is going to turn up all kinds of unrelated
stuff.
Best regards
Tim Düsterhus
need some handholding to get me started.
Best regards
Tim Düsterhus
regards
Tim Düsterhus
William,
On 3/8/22 21:30, Tim Düsterhus wrote:
- The action is also easily reusable by other projects. For testing my
Adding to that: It's also easily reusable by the other workflows. We
currently have the separate musl.yml workflow that does this:
https://github.com/haproxy/haproxy/blob
. For testing my
haproxy-auth-request repository I could remove the VTest installation
logic from action-install-haproxy and simply use the existing action.
This might also come in handy to test
https://github.com/haproxytech/haproxy-lua-oauth and other official
extensions.
Best regards
Tim
oth you as
the developers and me as one of the CI experts happy :-) My concerns
were primarily with regard the number of additional steps in William's
proposal, not the caching of VTest per se.
Best regards
Tim Düsterhus
regards
Tim Düsterhus
Willy,
On 3/8/22 16:24, Willy Tarreau wrote:
Hi Tim,
On Tue, Mar 08, 2022 at 04:17:00PM +0100, Tim Düsterhus wrote:
William
On 3/8/22 16:06, William Lallemand wrote:
Also, I'm wondering if we could also cache the build of HAProxy, you
could think that weird, but in fact it will help
.
That on the other hand makes sense to me. It just changes the order of
the steps and thus brings a benefit without adding complexity.
Best regards
Tim Düsterhus
in a maintenance nightmare.
Best regards
Tim Düsterhus
Marno,
On 3/8/22 14:38, Marno Krahmer wrote:
Is it enough to send the patch to this mailing list?
Yes, and the patch looks good to me. Just one thing: Please reference
the issue ID in the commit message like this:
This fixes GitHub issue #1461.
Adding Willy to Cc.
Best regards
Tim
Ciprian,
On 3/8/22 12:57, Ciprian Craciun wrote:
I've forgotten the screenshot... :)
see: https://github.com/haproxy/haproxy/issues/1461
Best regards
Tim Düsterhus
Hi all
On 3/6/22 18:10, Dhruv Jain wrote:
I would request you to share a work around if possible until it is fixed.
As a heads up: There's an issue in the tracker now. So before replying
you might want to check there first:
https://github.com/haproxy/haproxy/issues/1598
Best regards
Tim
t;.
Ideally, the connection should be established and an entry should be
created with the key as the client_identifier in the stick table.
I'm not seeing an `accept-proxy` anywhere in the configuration, so
HAProxy is not actually interpreting (and stripping) the PROXY protocol
header.
Best regards
Tim Düsterhus
rary/official-images/pulls?q=+is%3Apr+label%3Alibrary%2Fhaproxy+
Best regards
Tim Düsterhus
-*' normalizers of http-request normalize-uri:
http-request normalize-uri percent-to-uppercase strict
will reject requests with invalid percent-encoding (and at the same time
also uppercase the A-F characters in percent encoding).
Best regards
Tim Düsterhus
Willy,
On 2/23/22 11:43, Илья Шипицин wrote:
Willy, can you please apply patch from Tim (below) ?
No, please don't. This patch is hugely unsafe. Someone will need to
create a proper patch that wasn't hacked together in 2 minutes.
Best regards
Tim Düsterhus
, but the fix was backported so it probably does.
In any case I recommend upgrading your HAProxy and then reporting back.
Best regards
Tim Düsterhus
V=1
uri_normalizer.c gets to 100% function and 85.4% line coverage. The
non-covered lines are the error handling (incidentally the call to
'my_unreachable()' also is marked as uncovered - which is expected).
Best regards
Tim Düsterhus
Willy,
On 1/7/22 5:11 PM, Willy Tarreau wrote:
Oh, and as discussed a few days ago, since nobody objected, I'll mark 1.7
end-of-life. There's not even a relevant fix for it in queue, let's let it
RIP.
FYI: This did not happen yet.
Best regards
TIm Düsterhus
uot; within my commit
message with 4 spaces for clarity.
Best regards
Tim Düsterhus
Work like a return so it exit from the frontend?
http-request tarpit is documented that it:
> This stops the evaluation of the rules
So no further rules will be processed once 'tarpit' is executed.
Best regards
Tim Düsterhus
-forwarded-proto
is sufficient.
Best regards
Tim Düsterhus
the EOL in Q2 2024. We did the same for 1.8 which was marked as critical
fixes only at the end of 2020 (i.e. 2 years before Q4 2022).
Best regards
Tim Düsterhus
-related: 1.7 should probably receive its final release and then be
marked as EOL, as Q4 2021 definitely is in the past now :-)
Best regards
Tim Düsterhus
-m bool }
Best regards
Tim Düsterhus
if: ${{ failure() }}
to
if: ${{ failure() && steps.vtest.outcome == 'failure' }}
Best regards
Tim Düsterhus
repository --remove ppa:whatever/ppa
Best regards
Tim Düsterhus
ltra-critical security updates. If
a simple 1-line HAProxy configuration change keeps the dumb automated
scanners away for another 24 hours then this might buy you sufficient
time to deploy the updated application.
Best regards
Tim Düsterhus
Adam,
On 12/9/21 7:09 PM, Adam Mills wrote:
Fleet Manager, Engineer, Exec, Field Operations… <- this is not me.
as a heads up: This email arrived via the HAProxy mailing list. Please
do not reply to Spam while including the list.
Best regards
Tim Düsterhus
for the comma as the delimiter and
then deprecate the use of spaces with a warning?
Best regards
Tim DÜsterhus
-dM -xc -E -
echo "::endgroup::"
Documentation is here:
https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#grouping-log-lines
Best regards
Tim Düsterhus
ecause 2.5 was
released yesterday.
Acked-by: Tim Duesterhus
Best regards
Tim Düsterhus
2022-11-23 as the release
date for 2.5 (s/2022/2021/ to fix).
Best regards
Tim Düsterhus
might fail
independently (e.g. due to some bug in QuicTLS also affecting regular
TCP-TLS).
Best regards
Tim Düsterhus
b9656e48377a9e5359494bce6a413a9915c8f74b then?
This Coccinelle patch is no longer needed / correct now that the
function is gone.
Best regards
Tim Düsterhus
and thought
I'd sent an email so that I don't forget about this myself :-)
Best regards
Tim Düsterhus
here's a reminder before 2.5.
When you do, please also add the missing ']' in front of '< log' in the
help text. I accidentally removed it in
66255f7bbf9dfa18545d96f87d7a0f6fb8684d1c.
Best regards
Tim Düsterhus
Developer WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Willy,
On 10/11/21 5:15 PM, Tim Düsterhus wrote:
please also apply to https://github.com/wtarreau/libslz/.
[...]
Now applied, thanks!
Not seeing anything in the libslz repository yet. Did you forget to push?
:-)
No, I've applied to the haproxy copy only for now, will do slz later
additional functions in
the past when I encountered situations where the current functions were
not ergonomic to use. One example is the istsplit() function which I
added for uri_normalizer.c. It makes tokenization of strings very easy
and safe.
Best regards
Tim Düsterhus
[1] https://www.iana.
ch.
Remi: Shall I file an issue to track the duplicated parsing logic or
will you handle this based on this ML thread?
Best regards
Tim Düsterhus
/ HTTP/1.1"
^
I've attached an updated patch with an extensive explanation :-)
Best regards
Tim Düsterhus
Developer WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Tel.: +49 331 96784338
duester
Willy,
please find another halog series attached.
1. Some small changes to the new -qry/-query flag.
2. A new -hdr flag, resolving my own GitHub issue.
Best regards
Tim Düsterhus
Developer WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Tel.: +49 331 96784338
duester
ontents were good. Please find a version with a cleaned up
commit message attached. I've used Anubhav's phrasing as-is to not
modify more than necessary.
Best regards
Tim Düsterhus
>From f4aad97d7967c5da7e20bb6586fc7af2d2147c15 Mon Sep 17 00:00:00 2001
From: Anubhav
Date: Thu, 14 Oct 202
any attention. I originally
sent it to Remi (and the list) only.
Best regards
Tim Düsterhus
Best regards
Tim Düsterhus
Willy,
On 10/18/21 10:51 AM, Willy Tarreau wrote:
On Mon, Oct 18, 2021 at 09:18:12AM +0200, Tim Düsterhus wrote:
Hu, interesting. Is the GitHub Mirror Sync broken? I'm seeing changes in
https://git.haproxy.org/?p=haproxy.git, but not in GitHub.
So it was in relation with the Painful Access
Willy,
please find the patch attached.
Our use-case for this is a dynamic application that performs routing based on
the query string. Without this option all URLs will just point to the central
entrypoint of this location, making the output completely useless.
Best regards
Tim Düsterhus
1 - 100 of 816 matches
Mail list logo