connections to HaP

2014-09-15 Thread Andrey Zakabluk
Hi. Use HA-Proxy version 1.5.1 2014/06/24 with next GLOBAL settings daemon maxconn 4 stats socket /opt/haproxy/socet/haproxy.sock mode 0600 level admin In while testing I have problems. I see in HATOP what my LB not take new connections after - Connections : [ 2000/4] . Why ? In my

Re: connections to HaP

2014-09-15 Thread Evgeniy Sudyr
Andrey, 1) what OS you are running? 2) what limits do you have for user running haproxy? 2) check what you have in haproxy and system logs (messages/daemon)? On Mon, Sep 15, 2014 at 1:28 PM, Andrey Zakabluk a.zakab...@velcom.by wrote: Hi. Use HA-Proxy version 1.5.1 2014/06/24 with next GLOBAL

Re: connections to HaP

2014-09-15 Thread Malcolm Turnbull
Andrey, Off the top of my head I think you need to set maxconn on each front end (not just global). On 15 September 2014 12:28, Andrey Zakabluk a.zakab...@velcom.by wrote: Hi. Use HA-Proxy version 1.5.1 2014/06/24 with next GLOBAL settings daemon maxconn 4 stats socket

Re: Application Persistence with WebSockets

2014-09-15 Thread Ryan Brock
Willy, I tested these changes in my environment and it all works. So you may move forward with these changes. I really appreciate the help. - Ryan Brock On Thu, Sep 11, 2014 at 12:59 AM, Willy Tarreau w...@1wt.eu wrote: Hi Ryan, On Wed, Sep 10, 2014 at 04:36:24PM -0500, Ryan Brock wrote:

Re: read ACL to block ip's from file to prevent DDoS?

2014-09-15 Thread Marc Cortinas Val
Hello, First of all, congratulations, I think modify ACL in runtime within reload all daemon configuration is a big HIT. For other hand, I applied ipabuser cal with keymap managing it with socat and it works fine, but it is NOT permanent when daemon is restarted. it could be an option

Re: read ACL to block ip's from file to prevent DDoS?

2014-09-15 Thread Baptiste
On Mon, Sep 15, 2014 at 9:08 PM, Marc Cortinas Val marc.corti...@gmail.com wrote: Hello, First of all, congratulations, I think modify ACL in runtime within reload all daemon configuration is a big HIT. For other hand, I applied ipabuser cal with keymap managing it with socat and it

About the ssl check

2014-09-15 Thread Zebra
Hi,all I configure one back-end using tcp mode,and I want to ssh the server(s) behind the back-end just for testing. So I used check-ssl to enable ssl check. backend ssh_servers mode tcp server server2 192.168.10.95:22 check-ssl check inter 5s fall 1 maxconn 32000 But

About the health check

2014-09-15 Thread Zebra
Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check server server2 192.168.10.95:22 check inter 5s fall 1 maxconn 32000 But I find the log output below: Sep 16

About the haproxy proces/thread number

2014-09-15 Thread Zebra
Hi,all I configure one frontend named https_proxy and one backend named httpservers. When I start the haproxy in my machine which has 2 cpus,I find the log below. Sep 16 01:03:34 localhost haproxy[30429]: Proxy https_proxy started. Sep 16 01:03:34 localhost haproxy[30429]: Proxy

Re: About the ssl check

2014-09-15 Thread PiBa-NL
Zebra schreef op 16-9-2014 2:58: Hi,all I configure one back-end using tcp mode,and I want to ssh the server(s) behind the back-end just for testing. So I used check-ssl to enable ssl check. backend ssh_servers mode tcp server server2 192.168.10.95:22 check-ssl check

Re: About the health check

2014-09-15 Thread PiBa-NL
Zebra schreef op 16-9-2014 3:08: Hi,all I configure the backend with one server and want to make the health check for it using tcp.And the configuration as below. backend httpservers option tcp-check This actually makes it perform tests on a higher layer: Perform health checks using

回复: About the health check

2014-09-15 Thread Zebra
Hi, PiBa-NL Thank you for your reply . But I used tcpdump and find the check only try to make one tcp three-way handshake and even the packet for tcp ACK will not send. This is the result : root@ubuntuforhaproxy:/home# tcpdump -lnvvvXei eth0 tcp port 22 and src 192.168.10.95 or

Re: About the ssl check

2014-09-15 Thread Zebra
I got it! Thank you very much! -- Original -- From: PiBa-NLpiba.nl@gmail.com; Date: Tue, Sep 16, 2014 09:28 AM To: Zebramax...@unitedstack.com; haproxyhaproxy@formilux.org; Subject: Re: About the ssl check Zebra schreef op 16-9-2014 2:58: Hi,all