Re: SSL Performance increase?

2015-02-06 Thread Klavs Klavsen
Shawn Heisey wrote on 02/06/2015 07:38 AM: [CUT] The current haproxy version implements almost every performance-enhancing method mentioned in that video, as long as your openssl is new enough. It's on CentOS 6.. is that new enough? We'll start testing different scenarios and see if we find

TCP Fast Open towards to backend servers

2015-02-06 Thread Pavlos Parissis
Hi, I see tfo setting for bind directive but it isn't clear to me if HAProxy will use TCP Fast Open towards the backend server. Shall I assume that if client uses TCP Fast Open HAProxy will do the same for server side? Cheers, Pavlos signature.asc Description: OpenPGP digital signature

Re: nbproc 1 and stats in ADMIN mode?

2015-02-06 Thread Klavs Klavsen
Tait Clarridge wrote on 02/05/2015 09:55 PM: [CUT] Just to check.. if I set nbproc to f.ex. 4 - then I understand I need to define 4xstats.. and when I visit the webinterface.. I'll actually only get stats from one of the 4 processes.. But we have ADMIN enabled for stats - so we can disable

Re: SSL Performance increase?

2015-02-06 Thread Dennis Jacobfeuerborn
On 06.02.2015 18:50, Dennis Jacobfeuerborn wrote: On 06.02.2015 14:13, Lukas Tribus wrote: I tried to implement these recommendations but didn't seem to get results I was expecting. How exactly does one reliably test that the 1-RTT handshake is actually working? Enable TFO and announce

[SPAM] -30% sur la Nouvelle Collection : profitez-en !

2015-02-06 Thread delilipm pour Monoprix Mode
Title: Craquez vite pour cette offre EXCLU WEB et pour les SOLDES PRIX RONDS : 2, 4, 6 ... Consulter la version en ligne Vous recevez ce message car votre adresse est enregistre dans la liste MBP.

Prix coup de cœur pour la Saint Valentin. Laissez-vous tenter

2015-02-06 Thread Bexley
Prix coup de cœur pour la Saint Valentin. Laissez-vous tenter Profitez des soldes pour (vous) faire plaisir. En boutiques ou sur Internet. Pour visualiser ce message sur votre navigateur, consultez notre version en ligne:

Re: haproxy and multiple ports

2015-02-06 Thread PiBa-NL
Nick Couchman schreef op 6-2-2015 om 23:52: It's hard to figure out exactly how to phrase what I'm trying to do, but I essentially need a configuration for HAProxy where I can pin the load-balancing of one front-end port to another one, so that both go to the same back-end port. Here's what

Re: haproxy and multiple ports

2015-02-06 Thread Nick Couchman
C - Original Message - From: PiBa-NL piba.nl@gmail.com To: Nick E Couchman nick.couch...@seakr.com, haproxy@formilux.org Sent: Friday, February 6, 2015 4:06:18 PM Subject: Re: haproxy and multiple ports Nick Couchman schreef op 6-2-2015 om 23:52: It's hard to figure out exactly

haproxy and multiple ports

2015-02-06 Thread Nick Couchman
It's hard to figure out exactly how to phrase what I'm trying to do, but I essentially need a configuration for HAProxy where I can pin the load-balancing of one front-end port to another one, so that both go to the same back-end port. Here's what I'm trying to do...I'm using HAProxy to

Re: HAproxy constant memory leak

2015-02-06 Thread Georges-Etienne Legendre
Hi Willy, Yes, please send me the script. Thanks! -- Georges-Etienne Le 2015-02-06 à 01:55, Willy Tarreau w...@1wt.eu a écrit : Hi Georges-Etienne, On Thu, Feb 05, 2015 at 09:10:25PM -0500, Georges-Etienne Legendre wrote: Hi Willy, I'm not sure how to document this leak. I don't

Re: HAproxy constant memory leak

2015-02-06 Thread Pavlos Parissis
On 06/02/2015 11:19 πμ, Georges-Etienne Legendre wrote: Hi Willy, Yes, please send me the script. Willy, If it isn't against the policies of this ML to send attachments and the script is few kilobytes size, could you please send it to the list? Thanks, Pavlos signature.asc Description:

Re: tcp-response inspect-delay with WAIT_END

2015-02-06 Thread Chris
Could you let us know why exactly you need to delay responses??? This is an API. Unfortunately, the client behavior we are looking to address here cannot be identified by client IP, ID, or anything else in the request. In fact, it cannot be identified until the server has gone through

Re: SSL Performance increase?

2015-02-06 Thread Dennis Jacobfeuerborn
On 06.02.2015 07:38, Shawn Heisey wrote: On 2/5/2015 5:54 AM, Klavs Klavsen wrote: Adding nbproc 4, improved performance of https from 511 req/s to 1296 req/s.. not quite an exponential scaling.. We tested with 8 cores and got 1328 req/s.. so it seems we're hitting something else already

urgent ftp problem.

2015-02-06 Thread Lee Musgrave
Hi, just subscribed to the iist, not had confirmation response yet, so i hope this gets through and i can see responses. i've got haproxy 1.5 installed and working, and it's working well so far. i'm setting up a few servers to handle all our ftp, but in the meantime, i'm using haproxy to proxy

Re: Setting uuid cookies not for sticky sessions

2015-02-06 Thread Baptiste
On Thu, Feb 5, 2015 at 5:24 PM, Alberto alberto-hap4...@ggsys.net wrote: I have multiple back ends using different stacks. All I need is to ensure that every client gets a unique cookie. They don't need to be used for sticky sessions. Pretty much all the examples I find are for hard coding,

Re: tcp-response inspect-delay with WAIT_END

2015-02-06 Thread Baptiste
On Thu, Feb 5, 2015 at 10:22 PM, Chris k...@adobe.com wrote: Hello, We have some complex logic in our application that will at times determine that the response to a specific query should be delayed. Currently this is handled in the application with a short (~100ms) sleep. We would like to

RE: SSL Performance increase?

2015-02-06 Thread Lukas Tribus
I tried to implement these recommendations but didn't seem to get results I was expecting. How exactly does one reliably test that the 1-RTT handshake is actually working? Enable TFO and announce http/1.1 via NPN and ALPN, that should do it. But your client will have to support all those

Re: SSL Performance increase?

2015-02-06 Thread Baptiste
On Fri, Feb 6, 2015 at 9:14 AM, Klavs Klavsen k...@vsen.dk wrote: Shawn Heisey wrote on 02/06/2015 07:38 AM: [CUT] The current haproxy version implements almost every performance-enhancing method mentioned in that video, as long as your openssl is new enough. It's on CentOS 6.. is that

Re: SSL Performance increase?

2015-02-06 Thread Dennis Jacobfeuerborn
On 06.02.2015 14:13, Lukas Tribus wrote: I tried to implement these recommendations but didn't seem to get results I was expecting. How exactly does one reliably test that the 1-RTT handshake is actually working? Enable TFO and announce http/1.1 via NPN and ALPN, that should do it. But

Re: Possible bug with del acl

2015-02-06 Thread Thierry FOURNIER
Hello, Thank you for the repport. It is fixed. The patches will be integrated in the 1.6 and 1.5 branches ASAP. Thierry On Tue, 3 Feb 2015 15:58:08 -0700 KJ Rasmussen kj_...@hotmail.com wrote: Below is my haproxy config file, the contents of both ACL files (Empty and we are only really