On 08/05/2011 06:51 AM, Julien Vehent wrote:
On Fri, 05 Aug 2011 01:08:22 +0300, Piavlo wrote:
Hi Jens,
I'm using names which resolve to internal EC2 addresses in haproxy
configs - the /etc/hosts of all instances are auto updated then new
instance is added/removed.
But the problem manifests th
Hello,
I patched the debian stunnel4 package for squeeze
# aptitude install devscripts build-essential fakeroot
# apt-get build-dep stunnel4
# apt-get source stunnel4
# wget
http://haproxy.1wt.eu/download/patches/stunnel-4.29-xforwarded-for.diff
# cd stunnel4-4.29/
# patch -p1 -i ../stunnel-4.29-
**
Hi,
are you using httpclose in haproxy in the frontend for the ssl portion of
haproxy ? Willy has talk about other ways to solve this yesterday but just
to do a test you could put option httpclose in this frontend.
"most of the time there is only 192.168.134.222 the IP of haproxy)" It's the
(this ML need a reply-to header :)
For the conclusion :
-- Forwarded message --
From: Damien Hardy
Date: 2011/8/5
Subject: Re: erratic X-Forwarded-For patch for stunnel
To: Guillaume Bourque
Good point for you.
I was running with option http-server-close as global configurati
On Fri, 05 Aug 2011 11:17:16 +0300, Piavlo wrote:
On 08/05/2011 06:51 AM, Julien Vehent wrote:
On Fri, 05 Aug 2011 01:08:22 +0300, Piavlo wrote:
Hi Jens,
I'm using names which resolve to internal EC2 addresses in haproxy
configs - the /etc/hosts of all instances are auto updated then new
inst
On Fri, Aug 05, 2011 at 11:17:16AM +0300, Piavlo wrote:
> But why do a reload of haproxy in other situations (much more common in
> my use case and loose statistics and possibly some connections) if there
> could be a config option that tells haproxy to re-resolve name to ip -
> then backend he
On Fri, Aug 05, 2011 at 03:21:31PM +0200, Damien Hardy wrote:
> (this ML need a reply-to header :)
No, because reply-to makes it harder to reply to individual people,
and incites responders to reply only to the list, which is the best
way to lose track of threads, as most of us are not constantly
Hi all,
Since 1.4.15 was released 2 months ago, very few minor bugs were detected.
They were so minor that it was worth waiting for other ones to be found,
but after some time, there wasn't any point making users wait any more,
so I released 1.4.16.
A few minor improvements were also made based o
Hello,
So I'm trying to setup a userlist in haproxy.cfg using the following
instructions:
http://code.google.com/p/haproxy-docs/wiki/Userlists
however no matter where in the .cfg file I put the userlist directive in it
keeps giving me errors:
unknown keyword 'userlist' in 'frontend' section
unknow
correction,
Version is HA-Proxy version 1.3.15.2
On Fri, Aug 5, 2011 at 1:09 PM, Tom Sztur wrote:
> Hello,
> So I'm trying to setup a userlist in haproxy.cfg using the following
> instructions:
> http://code.google.com/p/haproxy-docs/wiki/Userlists
>
> however no matter where in the .cfg file I
On Fri, Aug 5, 2011 at 1:10 PM, Tom Sztur wrote:
> correction,
> Version is HA-Proxy version 1.3.15.2
Userlist is not an option in 1.3.
See your version's documentation:
http://haproxy.1wt.eu/download/1.3/doc/configuration.txt
On 08/05/2011 06:53 PM, Willy Tarreau wrote:
On Fri, Aug 05, 2011 at 11:17:16AM +0300, Piavlo wrote:
But why do a reload of haproxy in other situations (much more common in
my use case and loose statistics and possibly some connections) if there
could be a config option that tells haproxy to re
On Fri, Aug 05, 2011 at 11:11:50PM +0300, Piavlo wrote:
> >It's not a matter of config option. You're supposed to run haproxy
> >inside a chroot. It will then not have access to the resolver.
> There are simple ways to make the resolver work inside chroot without
> making the chroot less secure.
I think the problem here is that the EC2 way of doing automatic server
replacement is directly opposite normal and sane patterns of doing server
changes in other environments. So someone on EC2 only is thinking this is a
process to hook into and use and others, like Willie, are thinking wtf? why
On Fri, 5 Aug 2011 22:42:08 +0200, Willy Tarreau wrote:
On Fri, Aug 05, 2011 at 11:11:50PM +0300, Piavlo wrote:
>It's not a matter of config option. You're supposed to run haproxy
>inside a chroot. It will then not have access to the resolver.
There are simple ways to make the resolver work ins
I am going around again about cookie-less sessions and just want to double
check that nothing works for them :)
In 1.5 there is the stick on url param option, but afaict this and everything
else won't work in a situation where you have two things:
1 - clients that don't support cookies.
2 - se
Sorry, I meant working with balance url_param hashing
On 8/5/11 2:13 PM, Hank A. Paulson wrote:
I am going around again about cookie-less sessions and just want to double
check that nothing works for them :)
In 1.5 there is the stick on url param option, but afaict this and everything
else won'
> Why don't you edit the haproxy conf directly and reload it ? If you have the
> new IP and are going to update the /etc/hosts, what is stopping you from
> doing a sed on the backend's ip in haproxy.cfg ?
>
>
> Or, you could just run in a VPC and stop doing weird stuff with your
> networking ;)
>
>
Hi Julien,
On Fri, Aug 05, 2011 at 05:07:36PM -0400, Julien Vehent wrote:
> Willy: EC2 gives a different kind of flexibility but requires to think
> differently. So, yeah, they do crazy stuffs like randomizing the LAN IPs
> allocations. But people have been complaining about that so much that
>
Hi Baptiste,
On Fri, Aug 05, 2011 at 11:53:40PM +0200, Baptiste wrote:
> Or using some kind of haproxy conf template with some keyword you
> replace using sed with IPs you would get from the hosts file?
> with inotify, you can get updated each time hosts file change, then
> you generate a new hapr
Hi Hank
Actually stick on URL param should work with client which does not
support cookies.
is the first reply a 30[12] ?
How is they user aware of the jsid or how is he supposed to send his
jsid to the server?
Do you have a X-Forwarded-For on your proxy or can you setup one?
cheers
On Fri, Aug 5, 2011 at 11:58 PM, Willy Tarreau wrote:
> Hi Baptiste,
>
> On Fri, Aug 05, 2011 at 11:53:40PM +0200, Baptiste wrote:
>> Or using some kind of haproxy conf template with some keyword you
>> replace using sed with IPs you would get from the hosts file?
>> with inotify, you can get upda
Well certainly aws has it's limitations which force you to design a
very different infrastructure than you would in normal datacenter
environment.
IMHO this is the great thing about those limitations as you are forced
to start thinking differently and end up using a set of well known and
estab
On Sat, Aug 06, 2011 at 02:42:45AM +0300, Piavlo wrote:
> Well certainly aws has it's limitations which force you to design a
> very different infrastructure than you would in normal datacenter
> environment.
> IMHO this is the great thing about those limitations as you are forced
> to start th
On 8/5/11 3:01 PM, Baptiste wrote:
Hi Hank
Actually stick on URL param should work with client which does not
support cookies.
is the first reply a 30[12] ?
So you are saying that stick on URL param reads the outgoing 302 and saves the
URL param from that in the stick table on 1.5? f so, grea
25 matches
Mail list logo