Am 2019-06-25 19:44, schrieb Lukas Tribus:
Hello Rainer,
[...]
I suggest your try a HEAD request for the haproxy health check instead:
option httpchk HEAD /swagger/ui/index HTTP/1.1\r\nHost:\
app-api.dom.intern\r\nUser-agent:\ LB-Check-API\r\nConnection:\ close
There is no need for the actu
Hello Rainer,
On Tue, 25 Jun 2019 at 19:08, wrote:
> > So, are health checks working and does haproxy consider your backend
> > servers up or not?
>
>
>
> Oh, sorry.
>
> I tried a lot of things over the last days
>
> Currently, with the last config I posted (and keepalived disabled), I
> get
Am 2019-06-25 18:26, schrieb Lukas Tribus:
Hell Rainer,
On Tue, 25 Jun 2019 at 18:01, wrote:
Ah, OK.
Thanks.
However, I still get L7TOUT on the healthchecks.
I don't follow.
Are health checks working or not? You started this thread saying:
Healthchecks are OK.
But running a curl gives
Hell Rainer,
On Tue, 25 Jun 2019 at 18:01, wrote:
> Ah, OK.
> Thanks.
>
>
> However, I still get L7TOUT on the healthchecks.
I don't follow.
Are health checks working or not? You started this thread saying:
> Healthchecks are OK.
>
> But running a curl gives 503
So, are health checks working
Am 2019-06-25 16:54, schrieb Lukas Tribus:
Hello Rainer,
On Tue, 25 Jun 2019 at 16:18, wrote:
The requests from the healthchecks *do* arrive at the right vhosts on
the backend, there's a code 200 in the logs.
So, I wonder what exactly is timing out for haproxy.
The server on the other end doe
Hello Rainer,
On Tue, 25 Jun 2019 at 16:18, wrote:
> The requests from the healthchecks *do* arrive at the right vhosts on
> the backend, there's a code 200 in the logs.
> So, I wonder what exactly is timing out for haproxy.
> The server on the other end does not accept non-SNI connections, ther
Am 2019-06-25 14:44, schrieb Lukas Tribus:
Hello Rainer,
On Tue, 25 Jun 2019 at 12:53, wrote:
Hi,
I tried to read up on this but there are many examples and not all of
them seem "correct".
It's simple: do not content-switch based on SNI. Use the host header
instead. That's it.
OK,
I sw
Hello Rainer,
On Tue, 25 Jun 2019 at 12:53, wrote:
> Hi,
>
> I tried to read up on this but there are many examples and not all of
> them seem "correct".
It's simple: do not content-switch based on SNI. Use the host header
instead. That's it.
>use_backend app_api if { ssl_fc_
Am 2019-06-20 15:38, schrieb Lukas Tribus:
Hello,
On Thu, 20 Jun 2019 at 14:49, wrote:
I now used
ssl_fc_sni_reg -i host3.intern
I hope, this is also OK.
It's not.
You are already doing the right thing in the frontend, by content
switching based on the host header and not based on the SN
Hello,
On Thu, 20 Jun 2019 at 14:49, wrote:
> I now used
>
> ssl_fc_sni_reg -i host3.intern
>
> I hope, this is also OK.
It's not.
You are already doing the right thing in the frontend, by content
switching based on the host header and not based on the SNI, so
please, don't rely on frontend SN
Am 2019-06-20 13:18, schrieb Lukas Tribus:
Hello,
you only enabled SNI for health checks (check-sni). You need to enable
SNI for the actual traffic with the sni keyword.
sni str(intern3.local)
or
sni hdr(host)
lukas
Ah, ok.
Thanks a lot!
I now used
ssl_fc_sni_reg -i host3.intern
I hope
Hello,
you only enabled SNI for health checks (check-sni). You need to enable SNI
for the actual traffic with the sni keyword.
sni str(intern3.local)
or
sni hdr(host)
lukas
Hi,
likely, I'm the one doing something wrong, but I can't figure it out.
I have the following configuration:
frontend the_frontend
mode http
bind *:80
bind *:443 ssl crt /etc/haproxy/ssl/star.intern.pem
maxconn 2000
use_backend host1 if { hdr_dom(host) -i host1.intern }
use_back
If you give me logs with SNI and the user-agents I'll make a very nice
report.
Contact me off list if you're interested.
For myself, I'm quite interested in this subject.
-JohnF
On Thu, Jun 27, 2013 at 10:10 AM, Baptiste wrote:
> also log the User-Agent ;)
>
> and make us a nice report.
>
>
also log the User-Agent ;)
and make us a nice report.
Baptiste
On Thu, Jun 27, 2013 at 4:03 PM, Thomas Heil
wrote:
> Hi,
>
> On 27.06.2013 15:51, Baptiste wrote:
>> Hi,
>>
>> You can log the SNI: log-format %[ssl_fc_sni]
> I 'll try that.
> tanks a lot.
>> Baptiste
>>
> thomas
>> On Thu, Jun 2
Hi,
On 27.06.2013 15:51, Baptiste wrote:
> Hi,
>
> You can log the SNI: log-format %[ssl_fc_sni]
I 'll try that.
tanks a lot.
> Baptiste
>
thomas
> On Thu, Jun 27, 2013 at 2:41 PM, Thomas Heil
> wrote:
>> Hi,
>>
>> I would like to evaluate SNI. Is there a possibility to log errors from
>> clients
Hi,
You can log the SNI: log-format %[ssl_fc_sni]
Baptiste
On Thu, Jun 27, 2013 at 2:41 PM, Thomas Heil
wrote:
> Hi,
>
> I would like to evaluate SNI. Is there a possibility to log errors from
> clients, so we could get a feeling
> how many clients cannot cope with SNI?
>
>
> thanks,
> thomas
Hi,
I would like to evaluate SNI. Is there a possibility to log errors from
clients, so we could get a feeling
how many clients cannot cope with SNI?
thanks,
thomas
18 matches
Mail list logo
