Hi Dmitry,
On Mon, May 26, 2014 at 06:28:33PM +0400, Dmitry Sivachenko wrote:
On 26 ??? 2014 ?., at 18:21, Willy Tarreau w...@1wt.eu wrote:
I think it definitely makes some sense. Probably not in its exact form but
as something to work on. In fact, I think we should only apply the 1s retry
On 28 мая 2014 г., at 11:13, Willy Tarreau w...@1wt.eu wrote:
Hi Dmitry,
So worked a bit on this subject. It's far from being obvious. The problem
is that at the moment where we decide of the 1s delay before a retry, we
don't know if we'll end up on the same server or not.
Thus I'm
On 28 мая 2014 г., at 12:49, Willy Tarreau w...@1wt.eu wrote:
On Wed, May 28, 2014 at 12:35:17PM +0400, Dmitry Sivachenko wrote:
- otherwise, we redispatch starting on the first retry as you suggest. But
then we have two possibilities for the delay before reconnecting. If the
server farm
On Wed, May 28, 2014 at 12:54:47PM +0400, Dmitry Sivachenko wrote:
After all, we could fail to connect not only because of server restart, but
also because a switch or a router dropped a packet.
No, because a dropped packet is already handled by the TCP stack. Here the
haproxy retry is
On 28 мая 2014 г., at 13:06, Willy Tarreau w...@1wt.eu wrote:
OK but then you make an interesting point with your very low timeout connect.
What about using the min of timeout connect and 1s then ? Thus you can simply
use your lower timeout connect as this new timeout. Would that be OK for
On Wed, May 28, 2014 at 01:11:47PM +0400, Dmitry Sivachenko wrote:
On 28 ?? 2014 ??., at 13:06, Willy Tarreau w...@1wt.eu wrote:
OK but then you make an interesting point with your very low timeout
connect.
What about using the min of timeout connect and 1s then ? Thus you can
Invitation: International Training Colloquium
Theme: Strenghtening Capacity in Sustainable Development
Dates and Locations:
June 9 - 13, 2014 | New York City, NY - United States
June 16 - 20, 2014 | Lome, Republic of Togo
Organizer: Ecofuture Fund for Sustainable Development.
Dear
On 28 мая 2014 г., at 11:13, Willy Tarreau w...@1wt.eu wrote:
- otherwise, we redispatch starting on the first retry as you suggest. But
then we have two possibilities for the delay before reconnecting. If the
server farm has more than 1 server and the balance algorithm is not a hash
On Wed, May 28, 2014 at 01:24:28PM +0400, Dmitry Sivachenko wrote:
On 28 ?? 2014 ??., at 11:13, Willy Tarreau w...@1wt.eu wrote:
- otherwise, we redispatch starting on the first retry as you suggest. But
then we have two possibilities for the delay before reconnecting. If the
Hi all,
I created a lot of ACL's to select to which server a request needs to go.
The issue I'm facing now is that I want to redirect my own request (based
on IP) to 1 specific server.
Optimally this would be:
acl goto_server1 hdr_beg(host) -i abc.
acl
On Wed, May 28, 2014 at 2:03 PM, Steven Van Ingelgem
ste...@vaningelgem.be wrote:
Hi all,
I created a lot of ACL's to select to which server a request needs to go.
The issue I'm facing now is that I want to redirect my own request (based on
IP) to 1 specific server.
Optimally this would
How many entries can I add in 1 acl? Because I splitted 1 of the acls up in
14 lines, with each line about 40 items.
I think I did it so a human could still read the configuration file, but
does that matter for HAProxy?
Thanks
On 28 May 2014 14:11, Baptiste bed...@gmail.com wrote:
On Wed,
I have an haproxy server set up with a compiled 1.5-dev25 version of
HaProxy. I am needing SSL and since SSL isn't available in 1.4, I compiled
1.5. I have everything working, but I noticed something peculiar and
wasn't sure if this was expected behavior or not. Below is my SSL
haproxy.cfg file
On Wed, May 28, 2014 at 2:15 PM, Steven Van Ingelgem
ste...@vaningelgem.be wrote:
How many entries can I add in 1 acl? Because I splitted 1 of the acls up in
14 lines, with each line about 40 items.
I think I did it so a human could still read the configuration file, but
does that matter for
Hi,
I have two questions... I am having a lot of problems with 500 errors from
haproxy and I am wondering if these could be two culprits:
Is there an equivalent method for disabling Nagle Algorithm in TCP mode?
I've looked everywhere and it seems that TCP NO DELAY is not a flag within
haproxy.
On Wed, May 28, 2014 at 3:00 PM, Souda Burger soudabur...@gmail.com wrote:
I have an haproxy server set up with a compiled 1.5-dev25 version of
HaProxy. I am needing SSL and since SSL isn't available in 1.4, I compiled
1.5. I have everything working, but I noticed something peculiar and
On Wed, May 28, 2014 at 3:31 PM, Jon Bogaty j...@magnetic.com wrote:
Hi,
I have two questions... I am having a lot of problems with 500 errors from
haproxy and I am wondering if these could be two culprits:
Is there an equivalent method for disabling Nagle Algorithm in TCP mode?
I've looked
Hi Baptiste,
I'm sorry, I should clarify, I meant 504. It's really quite prevalent, at
least 4/10 at times, sometimes 8/10...
I'm using:
HA-Proxy version 1.4.24 2013/06/17
This is more or less the way the entirety of the configuration is:
global
user nobody
group nobody
daemon
Baptiste,
Thanks for the heads up. Just to make sure I understand, you're saying
that my balanced application server, in this case a tomcat pair, needs to
account for the header modification and it does not appear that it is
currently doing that? If so, thanks for your help, I can take that to
On Wed, May 28, 2014 at 3:57 PM, Souda Burger soudabur...@gmail.com wrote:
Baptiste,
Thanks for the heads up. Just to make sure I understand, you're saying that
my balanced application server, in this case a tomcat pair, needs to
account for the header modification and it does not appear
Baptiste,
Thanks for your help again. How would you recommend rewriting with HAProxy
to do that on the fly? If you've got something that should work that's
already written, that's easier than me trying to piece things together from
different sources.
On Wed, May 28, 2014 at 9:00 AM, Baptiste
On Wed, May 28, 2014 at 3:56 PM, Jon Bogaty j...@magnetic.com wrote:
Hi Baptiste,
I'm sorry, I should clarify, I meant 504. It's really quite prevalent, at
least 4/10 at times, sometimes 8/10...
I'm using:
HA-Proxy version 1.4.24 2013/06/17
This is more or less the way the entirety of the
On Wed, May 28, 2014 at 4:02 PM, Souda Burger soudabur...@gmail.com wrote:
Baptiste,
Thanks for your help again. How would you recommend rewriting with HAProxy
to do that on the fly? If you've got something that should work that's
already written, that's easier than me trying to piece
Hi John,
On Tue, May 27, 2014 at 08:08:27PM +, JDzialo John wrote:
Hi Willy,
Here is a capture of all traffic btwn the two servers using the host option.
Thank you.
Basically traffic goes from haproxy to a web farm in a round robin fashion.
These individual web servers are accessing a
Sounds good, thanks!
On Wed, May 28, 2014 at 9:05 AM, Baptiste bed...@gmail.com wrote:
On Wed, May 28, 2014 at 4:02 PM, Souda Burger soudabur...@gmail.com
wrote:
Baptiste,
Thanks for your help again. How would you recommend rewriting with
HAProxy
to do that on the fly? If you've
Brilliant Baptiste, thank you. I've setup proper logging and a longer
timeout:
global
user nobody
group nobody
daemon
nbproc 4
maxconn 204800
log /dev/log local0 info
log /dev/log local0 notice
tune.bufsize 16384 # 16k
tune.rcvbuf.server 141312 #
On Wed, May 28, 2014 at 4:47 PM, Jon Bogaty j...@magnetic.com wrote:
Brilliant Baptiste, thank you. I've setup proper logging and a longer
timeout:
global
user nobody
group nobody
daemon
nbproc 4
maxconn 204800
log /dev/log local0 info
log /dev/log local0
Thanks for all your help Baptiste, I'll keep poking. :)
On Wed, May 28, 2014 at 11:02 AM, Baptiste bed...@gmail.com wrote:
On Wed, May 28, 2014 at 4:47 PM, Jon Bogaty j...@magnetic.com wrote:
Brilliant Baptiste, thank you. I've setup proper logging and a longer
timeout:
global
Hi all,
So with the completed agent-check updates and the last batch of merged
fixes, I think we're ready. I'm emitting dev26 so that everyone can test
and report any unexpected annoyance and regressions before we issue -final,
and in an attempt to avoid 1.5.1 the same day as 1.5.0.
The changes
Hey,
I had asked earlier about fixing problems with 504 errors by increasing
timeouts, which helped a great deal. The problem is CPU usage is up to as
high as 100% very frequently, which is worrying me. Is it possible that
something else needs to scaled down with the increase to the queue and
2014-05-28 18:56 GMT+02:00 Jon Bogaty j...@magnetic.com:
Hey,
I had asked earlier about fixing problems with 504 errors by increasing
timeouts, which helped a great deal. The problem is CPU usage is up to as
high as 100% very frequently, which is worrying me. Is it possible that
something
Hi,
Hey,
I had asked earlier about fixing problems with 504 errors by increasing
timeouts, which helped a great deal. The problem is CPU usage is up to
as high as 100% very frequently, which is worrying me.
Haproxy (userspace) or system (kernel)? Does haproxy stop responding to
Yeah I was taking a look through the stats after the question Olivier asked
and it doesn't seem like haproxy is actually going anywhere near enough
sessions to produce 100% cpu... It's in userspace running as nobody and
does still seem to respond, it's just odd.
❦ 28 mai 2014 18:11 +0200, Willy Tarreau w...@1wt.eu :
Feedback welcome as usual,
When compiling with -Werror=format-security (which is a common settings
on a Debian-based distribution), we get:
src/dumpstats.c:3059:4: error: format not a string literal and no format
arguments
On Wed, May 28, 2014 at 2:49 AM, Matt . yamakasi@gmail.com wrote:
I'm still struggeling here and also looking at Varnish if it can
accomplish it.
What have you tried and what part of that is not working as you expect?
I think HA proxy is the way as I also use it for normal
The normal redirect is working but convirt it to a rewrite is where I'm stuck.
Should I use an ACL upfront that looks in the map and do an if on that
or is the ACL not needed at all ?
As I was busy too look how Varnish can accomplish this (using a MySQL
Database) I need to check this again, but
On Wed, May 28, 2014 at 08:43:10PM +0200, Vincent Bernat wrote:
❦ 28 mai 2014 18:11 +0200, Willy Tarreau w...@1wt.eu :
Feedback welcome as usual,
When compiling with -Werror=format-security (which is a common settings
on a Debian-based distribution), we get:
src/dumpstats.c:3059:4:
Hi Willy
Thanks, I'll send future traces to you directly. I understand the hatred of
bulky email files!
So I think I found the problem but would love your take on it.
Our web applications and services in our haproxy backend are using keepalive in
their connection headers. I understand in
Hi,
I am trying to extract the sha1 hash of the client certificate and to pass it
to the backend server. My configuration has this line:
http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1]
However, this does not seem to produce a string of the form aabbcc... as the
examples
Hi Vincent,
On Wed, May 28, 2014 at 08:43:10PM +0200, Vincent Bernat wrote:
??? 28 mai 2014 18:11 +0200, Willy Tarreau w...@1wt.eu :
Feedback welcome as usual,
When compiling with -Werror=format-security (which is a common settings
on a Debian-based distribution), we get:
❦ 28 mai 2014 22:59 +0200, Willy Tarreau w...@1wt.eu :
When compiling with -Werror=format-security (which is a common settings
on a Debian-based distribution), we get:
src/dumpstats.c:3059:4: error: format not a string literal and no format
arguments [-Werror=format-security]
On Wed, May 28, 2014 at 11:04:45PM +0200, Vincent Bernat wrote:
??? 28 mai 2014 22:59 +0200, Willy Tarreau w...@1wt.eu :
When compiling with -Werror=format-security (which is a common settings
on a Debian-based distribution), we get:
src/dumpstats.c:3059:4: error: format not a string
Hi John,
On Wed, May 28, 2014 at 07:54:20PM +, JDzialo John wrote:
Hi Willy
Thanks, I'll send future traces to you directly. I understand the hatred of
bulky email files!
So I think I found the problem but would love your take on it.
Our web applications and services in our
On Wed, May 28, 2014 at 11:57 AM, Matt . yamakasi@gmail.com wrote:
The normal redirect is working but convirt it to a rewrite is where I'm
stuck.
Should I use an ACL upfront that looks in the map and do an if on that
or is the ACL not needed at all ?
The example in the reqirep section
Hi Bryan,
Yes I cam up to that part, but about the search in the map, do I need
to do this twice ?
2014-05-28 23:28 GMT+02:00 Bryan Talbot bryan.tal...@playnext.com:
On Wed, May 28, 2014 at 11:57 AM, Matt . yamakasi@gmail.com wrote:
The normal redirect is working but convirt it to a
Hi,
On Wed, May 28, 2014 at 08:47:11PM +, Yumerefendi, Aydan wrote:
Hi,
I am trying to extract the sha1 hash of the client certificate and to pass it
to the backend server. My configuration has this line:
http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1]
❦ 28 mai 2014 23:16 +0200, Willy Tarreau w...@1wt.eu :
src/dumpstats.c:3059:4: error: format not a string literal and no format
arguments [-Werror=format-security]
chunk_appendf(trash, srv_hlt_st[1]); /* DOWN (agent) */
^
srv_hlt_st[1] is DOWN %s/%s, so this is not even a
On Thu, May 29, 2014 at 12:28:41AM +0200, Vincent Bernat wrote:
??? 28 mai 2014 23:16 +0200, Willy Tarreau w...@1wt.eu :
src/dumpstats.c:3059:4: error: format not a string literal and no
format arguments [-Werror=format-security]
chunk_appendf(trash, srv_hlt_st[1]); /* DOWN
❦ 29 mai 2014 01:04 +0200, Willy Tarreau w...@1wt.eu :
const char * hello means hello is a pointer to a const char. You may want
to say const char * const hello. But gcc doesn't seem to handle it
either (but clang does).
Yes it does but it doesn't change its verdict. The test is really
49 matches
Mail list logo