Re: acme proxy for internal use

On Sat, Dec 1, 2018 at 9:18 PM Joel Linn wrote: > > Hi, > > I want to use letsencrypt for services in my intranet. > The acme protocol demands that a challenge response is published under > http://certname.domain.tld/.well-known/acme-challenge/xyz > All subdomains under domain.tld get forwarded

Re: HAProxy and Exchange 2016 MAPI/RPC over HTTP

On Thu, Aug 3, 2017 at 9:01 AM, Philipp Zeitschel wrote: > Hi, > > > > i have haproxy 1.7.8 @Ubuntu 16.04 up and running. > > Outlook Webaccess and the Administration Panel are working fine but I can’t > get Outlook to work, it repeatly asks for credentials (it is working

Re: QUERY REGARDING HAPROXY

On Thu, Jul 28, 2016 at 12:28 PM, Abhijit Roy wrote: > > > Dear sir, > >Can you please help us to tell how to configure ha proxy with auto > matic syncronization of data as we have 2 intranet servers one is > main & another is backup so we want to configure

SSL and SNI keeping it all in HAProxy

I'm trying to get my head around how to get multiple HTTPS sites on one public IP with HAProxy After reading http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/ I've got a rough idea of how to do the SNI ACLs To keep all of the HTTPS

Re: There is kind of a spam issue on this ML no?

On Sun, Mar 13, 2016 at 11:40 AM, Dieter Späth wrote: > > Not every one has controll over the spam filter for his/her mail account. > HI Dieter I don't use my main mail domain for mailing lists, I use a gmail account, which has passable spam filtering This is NOT an

Re: 1.6.3 stats

On Fri, Jan 22, 2016 at 8:53 PM, Cyril Bonté <cyril.bo...@free.fr> wrote: > Hi, > > Le 22/01/2016 21:41, shouldbe q931 a écrit : >> >> Hi, >> >> Because I want get Lua working (for letsencypt) I wanted to move from >> 1.5 to 1.6 (built 1.6.3 from git)

1.6.3 stats

Hi, Because I want get Lua working (for letsencypt) I wanted to move from 1.5 to 1.6 (built 1.6.3 from git) In 1.5 I had a very simple stats config listen stats :7000 stats enable stats uri / stats auth user:pass stats admin if TRUE This failed under

Re: git clone hangs

On Mon, Feb 10, 2014 at 10:01 AM, Lukas Tribus luky...@hotmail.com wrote: Hi, It doesn't hang, it just needs a long time (hours, probably) if you clone from scratch. Doing a git pull just now, the bandwidth utilisation _peaked_ at 20kb/s (on a 40Mb connection ~26ms away) reminds me of being

Re: can't clone git project

On Fri, Oct 18, 2013 at 2:16 PM, Aaron Boxer boxe...@gmail.com wrote: git clone just hangs. Thanks, Aaron You might try the formilux mirror, which is mentioned in the README and has been referenced a few times on this list :-) http://master.formilux.org/git/people/willy/haproxy.git/ Cheers

Re: advise on updating backends for 0-downtime

On Wed, Jul 3, 2013 at 10:11 PM, S Ahmed sahmed1...@gmail.com wrote: Hi, Say I have 3 backend servers running my website. I want to update the servers, but do it in a way where I don't have any downtime. So say I have 3 new backend servers that I start and have the updated code on it, how

Re: ssl sni and client certificate verification

On Tue, Jul 2, 2013 at 9:39 AM, Hudec Peter phu...@cnc.sk wrote: Thanks Lukas, I will try 1.5 version. But for Debian this version is in experimental now ;( I will look if some already done for Wheezy. It's really easy to build from source

further tweaking SSL score on the SSL LABS test

Hi All, I had an itch, the itch was that I could get a better score on the SSL LABS test with IIS 7.5 than I could with HAProxy terminating SSL With ciphers RC4:HIGH:!aNULL:!MD5 I would get Certificate 100 Protocol Support 90 Key Exchange 80 Cipher Strength 90 With IIS I could get Certificate

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

On Fri, May 31, 2013 at 9:41 AM, Lukas Tribus luky...@hotmail.com wrote: Hi Arne, I ran sudo haproxy -d -f /etc/haproxy/haproxy.cfg haproxy-d.log 21 to capture the log output, I can't see anything obvious... In fact, I don't see anything wrong with these logs ... Looking at the bisected

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

On Fri, May 31, 2013 at 11:14 AM, Lukas Tribus luky...@hotmail.com wrote: Arne, Emmanuel, I can successfully reproduce the issue with an old wget build on win32. It seems to me the SSL_TLSEXT_ERR_ALERT_WARNING is upsetting certain clients. Arne, could you try the following patch on top of

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

On Fri, May 31, 2013 at 1:12 PM, Lukas Tribus luky...@hotmail.com wrote: Hi Arne, just git pull, the fix was committed 10 minutes ago (dev18-53). Lukas 18-53 works :-) Many thanks Arne

upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

I run SSL Explorer to provide a secure(ish) method of accessing internal resources. I have HAProxy in front of SSL Explorer doing SSL termination (and limiting the ciper choice to ameliorate BEAST etc). I upgraded from 1.5dev18-30 to 1.5dev18-50 and the SSL Explorer agent now fails to connect

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

On Thu, May 30, 2013 at 1:28 PM, Lukas Tribus luky...@hotmail.com wrote: Hi Arne! I'd be very happy to step through individual 1.5dev18 releases after 30 untill I find the one that breaks SSL Explorer, but I have a slight problem in that I haven't got a clue on how to check out each

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

18-38 is fine, 18-39 it is broken. 18-39 would be the commit http://git.1wt.eu/web?p=haproxy.git;a=commit;h=7c41a1b59b005a75914121a604ede449374b8de7 I've removed the other parts of the config, but the relevant sections are of the haproxy.cfg look like local@haproxy-2:~$ cat

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

On Thu, May 30, 2013 at 2:53 PM, shouldbe q931 shouldbeq...@gmail.com wrote: 18-38 is fine, 18-39 it is broken. 18-39 would be the commit http://git.1wt.eu/web?p=haproxy.git;a=commit;h=7c41a1b59b005a75914121a604ede449374b8de7 working version haproxy -vv HA-Proxy version 1.5-dev18-38

Re: upgraded from 1.5dev18-30 to 1.5dev18-50 and it broke my SSL VPN :-(

On Thu, May 30, 2013 at 3:11 PM, Lukas Tribus luky...@hotmail.com wrote: Hi Arne, can you start haproxy with the debug options enabled (-d) and catch the output while a request fails? Thanks, Lukas I ran sudo haproxy -d -f /etc/haproxy/haproxy.cfg haproxy-d.log 21 to capture the log

Re: mod_realip for haproxy

On Mon, Mar 11, 2013 at 9:15 PM, Maxime Ducharme mducha...@woozworld.com wrote: 2013/3/11 Thomas Heil h...@terminal-consulting.de Hi, On 11.03.2013 20:56, Maxime Ducharme wrote: Hello Is there any option like mod_realip in nginx but for haproxy ? this could be done with -- option

Re: FW: HA PROXY _ Product

On Fri, Mar 8, 2013 at 7:19 AM, Shabbir shab...@amdtechserve.com wrote: Team HA PROXY, Kindly share the product Support price of HA PROXY. Requesting for an early reply.. Thanks Best Regards Shabbir 9980552272 A.M.D TECHNOLOGY SERVICES #3/1, S6, S.R COMPLEX

Re: need to set up haproxy as a load balancer

On Tue, Mar 5, 2013 at 7:32 PM, Dhaval Jaiswal dhaval.jais...@via.comwrote: Hi List, I am newbee to set up the HAProxy. I wanted to set up the HAProxy between the httpd apache web server tomcat apps server as a load balancer. Currently we are using sticky session for the load balancing.

Re: Problems with 1.5-dev17 and bind to interface

On Tue, Feb 12, 2013 at 12:38 PM, Cornelius Riemenschneider c...@itscope.dewrote: ** Ah okay, I expected bind :*12340 interface eth1 to listen to traffic coming to the interface, not to bind to al ips which are bound to the interface at the moment of starting haproxy. If that's really the

Re: haproxy 1.4.10 and apache 2.2 re-routing issues

On Mon, Feb 11, 2013 at 4:25 PM, Amol mandm_z...@yahoo.com wrote: Hi, so i have about 6 app servers running apache and 1 load balancer running haproxy 1.4.10 the issue i see lately is that even if one of the app server is having issues such as running out of memory or disk space etc..the

Re: Problems with 1.5-dev17 and bind to interface

On Mon, Feb 11, 2013 at 1:45 PM, Cornelius Riemenschneider c...@itscope.de wrote: ** Hello, We try to use haproxy for internal load balancing in a high availability setup together with keepalived and a virtual ip on the internal NIC. We don't want to expose our internal services to the

Re: Problems with 1.5-dev17 and bind to interface

On Mon, Feb 11, 2013 at 5:20 PM, Cornelius Riemenschneider c...@itscope.dewrote: ** Thanks for your answers, that kernel setting did help me. But nevertheless, bind interface seems to be buggy, isn't it? Thanks, For a basic keepalived.conf from here

Re: haproxy 1.4.10 and apache 2.2 re-routing issues

On Mon, Feb 11, 2013 at 6:00 PM, Amol mandm_z...@yahoo.com wrote: ok i got the point since the check.txt was an empty file and wasn't actually doing any specific task on the server, it kept responding with may be an http 200 message so instead if i have a file like check.php which has ?php

Re: Comparison to nginx

On Fri, Feb 1, 2013 at 11:22 AM, William Lewis m...@wlewis.co.uk wrote: Hi Steve, Its not a question of replacing nginx with haproxy. The existing solution was dns round robin directly to application servers, that then proxy on to a different node if they didn't hold the required state

Re: Comparison to nginx

How about going the other way and fully commenting the config, sending it to them and asking them how they would implement all of the things that you are using in HAProxy in nginx. If they pass it back to you as that's your job, then you can reasonably ask them that as you have a working solution

Re: CSS not displayed

On Wed, Jan 23, 2013 at 11:43 AM, Olivier Desport olivier.desp...@ac-versailles.fr wrote: Le 22/01/2013 17:06, Tait Clarridge a écrit : Olivier Desport mailto:olivier.desp...@ac-versailles.frolivier.desp...@ac-versailles.fr 22 January, 2013 10:59 AM The site I want to display is

Re: CSS not displayed

Hi Olivier, Just to recap, you have a webserver in subnet A, you have a HAProxy instance in subnet B When you connect to the webserver directly, CSS works When you connect to the webserver via HAProxy, CSS fails You have now added a HAProxy instance in subnet A When you connect via the HAProxy

Re: HA proxy

Since this is on gmail and there is a free viewer, I had a look at the word document, the reason that 1.2 is mentioned, is because it's a copy of this http://www.webhostingtalk.com/showthread.php?t=627783 From 2007... It might be just me, but I don't understand how somebody could find the

Re: HA proxy

On Wed, Jan 23, 2013 at 4:00 AM, Paulson AJ paulson...@hcl.com wrote: Hi Rant, We are using ver 1.4.22 My name is NOT Rant set your mail client to plain text describe your environment describe the steps to reproduce your problem

Re: SSL termination/SNI routing

On Sun, Jan 20, 2013 at 7:55 AM, Willy Tarreau w...@1wt.eu wrote: Hi, On Sat, Jan 19, 2013 at 07:01:52PM +, shouldbe q931 wrote: It seems to have been overlooked but *** I need to have HTTPS from HAproxy to the Exchange servers, this requirement cannot be removed.*** The flow

Re: SSL termination/SNI routing

On Sun, Jan 20, 2013 at 12:34 PM, Willy Tarreau w...@1wt.eu wrote: On Sun, Jan 20, 2013 at 12:19:02PM +, shouldbe q931 wrote: As I've tried to do with the weights and the backup directive, this is a cascade of failovers (primary and backup in main DC, then primary and backup in DR DC

Re: SSL termination/SNI routing

It seems to have been overlooked but *** I need to have HTTPS from HAproxy to the Exchange servers, this requirement cannot be removed.*** The flow would be Internet 443 - NAT - HAproxy 443 - CAS 443 I split up the changes into changing to frontend/backend and did two backends so I can bring

Re: SSL termination/SNI routing

Thank you both for your replies :-) The _glaringly_ obvious solution of using two IP addresses I had completely missed, a complete can't see the wood for the trees... My current config (stripped down) is listen Exchange2010 bind 1.2.3.4:80 bind 1.2.3.4:443 bind