Le 27/12/2016 à 00:35, Patrick Hemmer a écrit :
On 2016/12/23 09:28, Arnall wrote:
Hi everyone,
i'm using a nbproc > 1 configuration for ssl offloading :
listen web_tls
mode http
bind *:443 ssl crt whatever.pem process 2
bind *:443 ssl crt whatever.pem process 3
../..
Hi,
thanks for your answer, didn't know the src_is_local feature as it's a
1.7 feature, we're still in 1.6.
the dst_port seems ok to me, will use it !
Happy new year !
Le 27/12/2016 à 08:29, Elias Abacioglu a écrit :
Sorry just realized,
src_is_local won't work when using proxy protocol.
Hi Patrick,
On Mon, Dec 26, 2016 at 11:35:51PM +, Patrick Hemmer wrote:
> On 2016/12/23 09:28, Arnall wrote:
> > I though that send-proxy-v2-ssl could help but i have no idea how ...
> > src and src_port are OK with the proxy protocol but ssl_fc in
> > web_plain keeps answering false ( 0 )
Sorry just realized,
src_is_local won't work when using proxy protocol.
Proxy protocol will preserve initial source information.
You can probably use dst_port like this instead:
acl secure dst_port 443
if is secure
On Mon, Dec 26, 2016 at 11:09 PM, Elias Abacioglu <
On 2016/12/23 09:28, Arnall wrote:
> Hi everyone,
>
> i'm using a nbproc > 1 configuration for ssl offloading :
>
> listen web_tls
> mode http
> bind *:443 ssl crt whatever.pem process 2
> bind *:443 ssl crt whatever.pem process 3
>
> ../..
> server web_plain u...@plain.sock
Perhaps you could use src_is_local.
Something like this
frontend web_plain
acl is_local src_is_local
http-response add-header X-External-Protocol https if is_local
/Elias
On Fri, Dec 23, 2016 at 3:28 PM, Arnall wrote:
> Hi everyone,
>
> i'm using a nbproc > 1
wow!
Thanks, again
Gerd
Weitergeleitete Nachricht
Von: Pavlos Parissis <pavlos.paris...@gmail.com>
An: Andrew Hayworth <andrew.haywo...@getbraintree.com>, Gerd Mueller
Kopie: haproxy@formilux.org <haproxy@formilux.org>
Betreff: Re: ssl offloading
Datum: Sun
On 01/04/2016 04:20 μμ, Andrew Hayworth wrote:
> Hi there -
>
> Have you considered HAProxy in multiprocess mode? You could have a
> frontend spread across multiple threads that terminates SSL. We're
> experimenting with such a design here.
>
It has been mentioned before that you can increase
d. Thanks for the input.
>
> Gerd
>
> Weitergeleitete Nachricht
> Von: Vincent Bernat <ber...@luffy.cx>
> An: Conrad Hoffmann <con...@soundcloud.com>
> Kopie: Gerd Mueller <gerd.muel...@mikatiming.de>, haproxy@formilux.org
> <haproxy@formilux.
Ok sounds good. Thanks for the input.
Gerd
Weitergeleitete Nachricht
Von: Vincent Bernat <ber...@luffy.cx>
An: Conrad Hoffmann <con...@soundcloud.com>
Kopie: Gerd Mueller <gerd.muel...@mikatiming.de>, haproxy@formilux.org
<haproxy@formilux.org>
Betreff:
❦ 1 avril 2016 11:11 +0200, Conrad Hoffmann :
> I can't really back this up with reliable numbers, but a company I once
> worked for experimented with such hardware. The outcome was, and I would
> still always recommend this today, to rather throw more regular hardware
erd%20mueller%20%3cgerd.muel...@mikatiming.de%3e>>,
> haproxy@formilux.org
> <haproxy@formilux.org<mailto:%22hapr...@formilux.org%22%20%3chapr...@formilux.org%3e>>
> Betreff: Re: ssl offloading
> Datum: Fri, 1 Apr 2016 01:54:29 +
>
>
> stunnel's what w
stunnel's what we used before Haproxy had it built in, which worked fine,
but SSL offloading in Haproxy's been excellent in our experience, so my
guess would be that you could make it work with some config tuning.
On Thu, Mar 31, 2016, 12:45 PM Lukas Tribus wrote:
> > Hi
> Hi list,
>
> what are your ideas about offloading of ssl? ssl inside haproxy is nice
> but is very expensive.
Why would you think that?
Lukas
Hi Chriss,
That seams possible already.?.
If you have the configuration for SSL offloading configured already all
you need to add is the ssl option to your backend servers.
--
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2
--
*ssl
Haproxy 1.5-Dev can do this already
Sent from my iPhone
On Apr 30, 2013, at 8:47 AM, Chris Sarginson ch...@sargy.co.uk wrote:
Hi,
Are there any plans to allow HAProxy to take the traffic that it can now SSL
offload, perform header analysis, and then use an SSL encrypted connection to
That's AWESOME! Can't believe I didn't think of that, thanks a lot
guys :)
Chris
On 30/04/2013 13:53, PiBa-NL wrote:
Hi Chriss,
That seams possible already.?.
If you have the configuration for SSL offloading configured already
all you need to add is the ssl option to your backend
Could you please remove this pretent keepalive option from your
configuration and give it a try?
HAProxy may close the connection because of it.
And yes, a tcpdump between haproxy and the CAS server may help as well.
cheers
On Fri, Feb 1, 2013 at 7:11 AM, Roland r...@bayreuth.tk wrote:
Hi
Hi,
401 is absolutely normal in NTLM.
There are 2 or 3 request/response before the user is really
authenticated when using NTLM.
When HAProxy load-balances NTLM based services, the only log line
you'll see will be 401 errors.
Even if the connection works properly.
This is due to the tunnel mode,
Hi Baptiste,
thanks a lot!
If I connect the same computer with the same account and unchanged
settings (except the URL of webaccess) directly to the CAS it works
without any problems. Connection is established immediately.
I also verified with Microsoft Remote Connectivity Analyzer. It
20 matches
Mail list logo