Hi HAProxy,
In my setup there is an OCSP Responder storing all the client certificates
revocation status, is there any way I can have the configuration so that the
HAProxy can talk with the OCSP Responder via OCSP to check the client's
certificate before the validation?
Thanks a lot.
P.S. I
Nginx has this feature: connection pool
http://nginx.com/blog/load-balancing-with-nginx-plus-part2/
谢谢
金杰 (Jie Jin)
On Fri, Jun 20, 2014 at 6:38 PM, Lukas Tribus luky...@hotmail.com wrote:
Hi,
Is it possible to use HTTP keep-alive between haproxy and
backend even if client does not use
Hi,
I noticed a strange behavior on the haproxy.org servers, which unfortunately is
being triggered trying to download the source from a chef-client.
When downloading the tar.gz, the chef client sends :80 as part of the host
header (which is legal from my understanding of the rfc).
This header
Addendum:
This only happens on ipv4, ipv6 on 2001:7a8:363c:2::2 is fine:
bkw@Aeronaut:~$ curl -6 -I -H Host: haproxy.org:80
http://haproxy.org/download/1.5/src/haproxy-1.5.0.tar.gz
HTTP/1.1 200 OK
Date: Mon, 23 Jun 2014 12:38:00 GMT
Last-Modified: Thu, 19 Jun 2014 19:06:22 GMT
Accept-Ranges:
Hi,
On Fri, Jun 20, 2014 at 12:38:48PM +0200, Lukas Tribus wrote:
Hi,
Is it possible to use HTTP keep-alive between haproxy and
backend even if client does not use it?
Client closes connection, but haproxy still maintains open
connection to backend (based on some timeout) and re-use
Hello!
One more thing which can be very useful in some setups: if backend server
returns HTTP 5xx status code, it would be nice to have an ability to retry the
same request on another server before reporting error to client (when you know
for sure the same request can be sent multiple times
Hi guys,
today we got our 3rd regression caused by the client-side timeout changes
introduced in 1.5-dev25. And this one is a major one, causing FD leaks
and CPU spins when servers do not advertise a content-length and the
client does not respond to the FIN. And the worst of it, is I have no
Hi Dmitry,
On Mon, Jun 23, 2014 at 06:16:28PM +0400, Dmitry Sivachenko wrote:
Hello!
One more thing which can be very useful in some setups: if backend server
returns HTTP 5xx status code, it would be nice to have an ability to retry
the same request on another server before reporting error
Hi Bernhard,
Bernhard Weißhuhn wrote:
When downloading the tar.gz, the chef client sends :80 as part of the host
header (which is legal from my understanding of the rfc).
This header reliably results in a 404, whereas leaving out the port number
results in a successful download:
This
hi,
i am just in the process of reviewing/correcting/hardening my ssl setup.
haproxy uses ssl-termination on the frontend. this works very well.
i also use ssl on the backand - due to the setup of our application and apache
config - this also works very well.
when i run a ssl check with
❦ 23 juin 2014 18:14 +0200, Markus Rietzler w...@mrietzler.de :
to switch off tls compression (because of beast/crime attack) with tls
v1.0 and compression. can i deactivate it in haproxy too?
haproxy disables SSL compression and there is no flag to enable
it. However, disabling SSL
Hi,
On 23.06.2014 18:32, Vincent Bernat wrote:
❦ 23 juin 2014 18:14 +0200, Markus Rietzler w...@mrietzler.de :
to switch off tls compression (because of beast/crime attack) with tls
v1.0 and compression. can i deactivate it in haproxy too?
You should not add add a new thread to a existing
Just FYI -- proxy protocol v1 and v2 decoding has recently landed in netty
(https://github.com/netty/netty/commit/d7b2affe321edeaa51c1fa7bb3df9a5badb4728a)
Despite the original commit message v2 is actually supported (it was finished /
tested after the haproxy-1.5-dev25 release). TLV's are
On 23.06.2014, at 16:50, Holger Just w...@meine-er.de wrote:
[2] https://gist.github.com/meineerde/83e044c709b94358a616
Perfect, that worked like charm, Thank you!
Still, I think it's really the servers who are to blame for misbehaving. I just
rechecked the following RFCs:
-
Hi,
On Mon, Jun 23, 2014 at 10:32:53AM -0700, tyju tiui wrote:
Just FYI -- proxy protocol v1 and v2 decoding has recently landed in netty
(https://github.com/netty/netty/commit/d7b2affe321edeaa51c1fa7bb3df9a5badb4728a)
Great!
Despite the original commit message v2 is actually supported (it
Hi,
On Mon, Jun 23, 2014 at 02:08:57PM +0200, Bernhard Weißhuhn wrote:
Hi,
I noticed a strange behavior on the haproxy.org servers, which unfortunately
is being triggered trying to download the source from a chef-client.
When downloading the tar.gz, the chef client sends :80 as part of
On Mon, Jun 23, 2014 at 07:32:53PM +0200, Bernhard Weißhuhn wrote:
On 23.06.2014, at 16:50, Holger Just w...@meine-er.de wrote:
[2] https://gist.github.com/meineerde/83e044c709b94358a616
Perfect, that worked like charm, Thank you!
Still, I think it's really the servers who are to blame
Confirmed, it works now.
Two fixes for one problem within hours - you guys are amazing!
cheers,
bkw
On 23.06.2014, at 19:56, Willy Tarreau w...@1wt.eu wrote:
Hi,
On Mon, Jun 23, 2014 at 02:08:57PM +0200, Bernhard Weißhuhn wrote:
Hi,
I noticed a strange behavior on the haproxy.org
Your email client cannot read this email.
To view it online, please go here:
http://news.offre-pme.com/display.php?M=218901C=025d11f3dd50428cef8f43458ef4ec0bS=63L=26N=32
To stop receiving these
emails:http://news.offre-pme.com/unsubscribe.php?M=218901C=025d11f3dd50428cef8f43458ef4ec0bL=26N=63
*From: *Willy Tarreau w...@1wt.eu
*Sent: * 2014-06-23 10:23:44 EDT
*To: *haproxy@formilux.org
*CC: *Patrick Hemmer hapr...@stormcloud9.net, Rachel Chavez
rachel.chave...@gmail.com
*Subject: *3rd regression : enough is enough!
I think invoke an external command on alert would be better, just like
what external-check do .
2014-06-24 8:15 GMT+08:00 Simon Horman ho...@verge.net.au:
Hi Willy,
Malcolm has asked me to open a discussion with you regarding adding
email alerts to haproxy and that is the purpose of this
On Wed, Jun 18, 2014 at 5:51 PM, Baptiste bed...@gmail.com wrote:
On Wed, Jun 18, 2014 at 8:09 AM, Andrew Kroenert and...@thek.ro wrote:
Hey Guys,
Im trying to tarpit based on Unique IP and specific URL. I started with
the
following:
listen web
...
# Track IP over 60sec,
I have an acl rule to see if path begins with /ww as in
domain.tdl/ww/en...
acl has_ww_uri path_beg -i /ww
If it is just the domain.tdl, I want to rewrite it to /ww
I also have static content I do not want to rename, so I added this rule
acl url_static path_end .gif .png .jpg .css .js .pdf .m4v
Si ce message ne s'affiche pas correctement consultez-le en ligne
Jusqu'à -22% sur les chaussures LAMBDA
Le Tee Écolo
- 100% Biodégradable
- 100% Naturel
- Non toxique
- Super Résistant
5 paquets de 10 tees achetés
= 5 PAQUETS OFFERTS
PRIX SPÉCIAL :
22.00€
Hi Simon,
On Tue, Jun 24, 2014 at 09:15:13AM +0900, Simon Horman wrote:
Hi Willy,
Malcolm has asked me to open a discussion with you regarding adding
email alerts to haproxy and that is the purpose of this email.
In essence the motivation is to provide a lightweight email alert
feature
Hi Patrick,
On Mon, Jun 23, 2014 at 09:30:11PM -0400, Patrick Hemmer wrote:
This is unfortunate. I'm guessing a lot of the issue was in ensuring the
client timeout was observed. Would it at least be possible to change the
response, so that even if the server timeout is what kills the request,
26 matches
Mail list logo