Re: haproxy 1.6.0 crashes

Hi Christopher, sorry for the delay, I spent the whole day in meetings :-/ On Fri, Oct 16, 2015 at 11:42:38AM +0200, Christopher Faulet wrote: > Le 16/10/2015 10:38, Willy Tarreau a écrit : > >Thus this sparks a new question : when the cache is disabled, are we sure > >to always free the ssl_ctx

Re: Resolvable host names in backend server throw invalid address error

Hi, On Fri, Oct 16, 2015 at 12:26:20AM -0400, Mark Betz wrote: > Hi, I have a hopefully quick question about setting up backends for > resolvable internal service addresses. > > We are putting together a cluster on Google Container Engine (kubernetes) > and have haproxy deployed in a container

Re[2]: Multiple Monitor-net

Thank you! Worked perfectly! [Bryan] -- Original Message -- From: "Willy Tarreau" To: "Bryan Rodriguez" Cc: haproxy@formilux.org Sent: 10/16/2015 10:28:13 AM Subject: Re: Multiple Monitor-net On Fri, Oct 16, 2015 at 05:18:24PM +, Bryan

Re: Lua complete example ?

Hello, On Fri, Oct 16, 2015 at 06:38:16PM +0200, One Seeker wrote: > Hello, > > I would like to manipulate some data from a TCP backend (modify data before > it is forwarded to client), and this is not supported (it is for HTTP with > rewrites, but not in TCP mode). > > With v1.6, Lua scripting

Re: haproxy + ipsec -> general socket error

On Fri, Oct 16, 2015 at 02:08:37PM +0200, wbmtfrdlxm wrote: > when using ipsec on the backend side, this error pops up in the haproxy log > from time to time: > > Layer4 connection problem, info: "General socket error (No buffer space > available) This error normally means that there is no

Dynamically change server maxconn possible?

I am thinking the answer is no but figured I would ask just to make sure...basically can I change individual server maxconn numbers on-the-fly while haproxy is running or do I need to do a full restart to have them take effect? TIA...

Re: [blog] What's new in HAProxy 1.6

On Fri, Oct 16, 2015 at 04:07:01PM +0200, Pavlos Parissis wrote: > 1.6.0 comes with excellent documentation as well. Just look at the > amount of information anyone can find in: > http://www.haproxy.org/download/1.6/doc/management.txt > http://cbonte.github.io/haproxy-dconv/intro-1.6.html Thank

Re: Multiple Monitor-net

On Fri, Oct 16, 2015 at 05:18:24PM +, Bryan Rodriguez wrote: > AWS health check monitoring comes from the following networks. Logging > is going crazy. I read that only the last monitor-net is read. Is > there a way to filter from the logs all the following requests? > >monitor-net

Re: Resolvable host names in backend server throw invalid address error

Hi, Willy. Thanks for the reply. The version of haproxy installed into the container is: $ /usr/sbin/haproxy --version HA-Proxy version 1.5.14 2015/07/02 Also, for completeness: $ uname -a Linux haproxy 3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Re: Resolvable host names in backend server throw invalid address error

Hi, Willy. You're quite right that I misread your instructions. Have not had a lot of time to put into this today. Apologies. Here is the information I gathered. Hope this helps. It's interesting to me that nslookup returns a record but host -a does not, however I don't know enough about how

Alerte Info - Info RFI/Guinée: cérémonie officielle samedi au...

Visualisez cet email dans votre navigateur : http://rfi.nlfrancemm.com/HM?b=8NkeCqXPviyjnHWALUR7bQWNCaa1yRJUI-R-xn5Z16bAvn1BrMe6k8juI4IRm9GC=lvjHTxOLBwnOqLtb3g2ZxQ --- 16/10/2015 Info RFI/Guine: crmonie officielle samedi au palais du peuple dannonce des rsultats provisoires du 1er tour de

Re: Resolvable host names in backend server throw invalid address error

On Fri, Oct 16, 2015 at 04:40:20PM -0400, Mark Betz wrote: > Hi, Willy. Thanks for the reply. The version of haproxy installed into the > container is: > > $ /usr/sbin/haproxy --version > HA-Proxy version 1.5.14 2015/07/02 I precisely asked for "haproxy -vv" because it says a lot more and what

Re: Lua complete example ?

Thank you Willy, that's an honest answer. You grasped my "practical" concern (I always thought "Examples" section in man pages should be moved up high :) I've been to blog.haproxy.com, and no full-fat Lua meals there as of yet. I understand this is a new hot thing with HAProxy, so we'll have to

Build failure of 1.6 and openssl 0.9.8

Hi Christopher, Marcus (in CC) reported that 1.6 doesn't build anymore on SuSE 11 (which uses openssl 0.9.8). After some digging, we found that it is caused by the absence of EVP_PKEY_get_default_digest_nid() which was introduced in 1.0.0 and which was introduced by this patch : commit

Re: Resolvable host names in backend server throw invalid address error

On Fri, Oct 16, 2015 at 05:11:08PM -0400, Mark Betz wrote: > Hi, Willy. You're quite right that I misread your instructions. Have not > had a lot of time to put into this today. Apologies. Here is the > information I gathered. Hope this helps. It's interesting to me that > nslookup returns a

Re: Dynamically change server maxconn possible?

On Fri, Oct 16, 2015 at 12:07:17PM -0700, Daren Sefcik wrote: > I am thinking the answer is no but figured I would ask just to make > sure...basically can I change individual server maxconn numbers on-the-fly > while haproxy is running or do I need to do a full restart to have them > take effect?

Re: Resolvable host names in backend server throw invalid address error

I'm going to take this up with Google on the kubernetes user group and see what they have to say about the difference in behavior. I will report back with what I learn. Regards, On Fri, Oct 16, 2015 at 5:16 PM, Willy Tarreau wrote: > On Fri, Oct 16, 2015 at 05:11:08PM -0400, Mark

Re: [ANNOUNCE] haproxy-1.6.0 now released!

Greate. A lot of new features and optimizations! -- Best Regards, Godbach

Re: haproxy 1.6.0 crashes

Le 15/10/2015 16:55, Willy Tarreau a écrit : Hi Christopher, On Thu, Oct 15, 2015 at 03:22:52PM +0200, Christopher Faulet wrote: Le 15/10/2015 14:45, Seri, Kim a écrit : Christopher Faulet writes: I confirm the bug. Here is a very quick patch. Could you confirm that it works

避开外贸B2B价格战和探价询盘。

目标客户开发系统，24小时可以找遍您行业内的上万目标客户资源。具有搜索速度快，搜索质量高，信息准确率高，投入成本低特点。让你一天搜索联系100个客户改为一天联系几千个高质量的终端客户，把更多的时间用在跟进优质客户上。避开B2B的价格战，展会的成本高，主动出击迅速找到真正对你们产品感兴趣的客户。挖掘出你们对手还没有挖掘到的客户，选择搜索出海量的客户信息来，你们就抢先一步联系客户啦。 QQ：3162770448 (在线演示，帮您找到您全球客户） 电话：18688475238 深圳地区可提供上门演示邮箱：3162770...@qq.com   联系人：蔡生  

Looking for help about "req.body" logging

Hello, Sorry for the repost, but it's really not clear to me how to use this feature: "Processing of HTTP request body" in http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/, can it be used to log the body of a request? I am trying to use it like this in both my HTTP and HTTPS

Re: haproxy 1.6.0 crashes

Hi Christopher, On Fri, Oct 16, 2015 at 10:03:06AM +0200, Christopher Faulet wrote: > First the LRU tree is only initialized when the SSL certs generation is > configured on a bind line. So, in the most of cases, it is NULL (it is > not the same thing than empty). > When the SSL certs

Re: Unexpected error messages

Is your problem fixed? We may emit a warning for such configuration. Baptiste Le 15 oct. 2015 07:34, "Krishna Kumar (Engineering)" < krishna...@flipkart.com> a écrit : > Hi Baptiste, > > Thank you for the advise and solution, I didn't realize retries had to be > >1. > > Regards, > - Krishna

Re: Unexpected error messages

Hi Baptiste, Thanks for your follow up! Sorry, I was unable to test that since it was seen only on the production server. However, I tested the same on a test box, with retries=1 and redispatch, and see that redispatch does happen even with retries=1 when the backend is down (health check is

Re: Re: haproxy 1.6.0 crashes

Hi Willy, Christopher, > Ideally we'd have the info in the ssl_ctx itself, but I remember that Emeric > told me a while ago that we couldn't store anything in an ssl_ctx. Thus I > can understand that we can't easily "tag" the ssl_ctx as being statically > or dynamically allocated, which is why I

Re: Looking for help about "req.body" logging

Le 16 oct. 2015 10:46, "Alberto Zaccagni" < alberto.zacca...@lazywithclass.com> a écrit : > > Hello, > > Sorry for the repost, but it's really not clear to me how to use this feature: "Processing of HTTP request body" in http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/, can it be used

Re: Looking for help about "req.body" logging

Yes, I did turn it on. Or so I think, please have a look at my configuration file: https://gist.github.com/lazywithclass/d255bb4d2086b07be178 Thank you Alberto On Fri, 16 Oct 2015 at 10:12 Baptiste wrote: > > Le 16 oct. 2015 10:46, "Alberto Zaccagni" < >

Re: haproxy 1.6.0 crashes

Le 16/10/2015 10:38, Willy Tarreau a écrit : Thus this sparks a new question : when the cache is disabled, are we sure to always free the ssl_ctx on all error paths after it's generated ? Or are we certain that we always pass through ssl_sock_close() ? That's a good question. By greping on

Re: haproxy + ipsec -> general socket error

what linux distribution are you using? light traffic is simulating 100 users browsing a website, simple http requests. we have 2 backend nodes and after a while, both of them become unavailable. after lowering or stopping traffic, everything goes back to normal. without ipsec, no problem at

haproxy + ipsec -> general socket error

when using ipsec on the backend side, this error pops up in the haproxy log from time to time: Layer4 connection problem, info: "General socket error (No buffer space available) we have tried both strongswan and libreswan, error is still the same. there is nothing strange in the ipsec logs,

Re: [PATCH] BUG: ssl: Fix conditions to release SSL_CTX when a SSL connection is closed

Le 15/10/2015 16:50, Christopher Faulet a écrit : Hi, Here is a proper patch to fix the recent bug reported on haproxy 1.6.0 when SNI is used. Willy, I didn't wait your reply to speed-up the code review. But if there is any problem with this patch, let me know. Regards, After our discussion

RE: haproxy + ipsec -> general socket error

> when using ipsec on the backend side, this error pops up in the haproxy > log from time to time: > > Layer4 connection problem, info: "General socket error (No buffer space > available) > > > we have tried both strongswan and libreswan, error is still the same. > there is nothing strange

Re: haproxy + ipsec -> general socket error

Hi, On Fri, Oct 16, wbmtfrdlxm wrote: > when using ipsec on the backend side, this error pops up in the haproxy log > from time to time: > > Layer4 connection problem, info: "General socket error (No buffer space > available) We're using ipsec(libreswan) on backend, but I haven't seen any

Re: [blog] What's new in HAProxy 1.6

On 14/10/2015 12:40 μμ, Baptiste wrote: > Hey, > > I summarized what's new in HAProxy 1.6 with some configuration > examples in a blog post to help quick adoption of new features: > http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/ > > Baptiste > 1.6.0 comes with excellent

L’actualité hebdomadaire par RFI - Les 10 Africains les plus riches selon «Forbes»

L’actualité hebdomadaire par RFI - 16/10/2015 Visualisez cet email dans votre navigateur http://rfi.nlfrancemm.com/HM?b=RusZUI3MexiGeicbBFqpha_6oyhc1JIg8bKvht3jM35laTsE9Lne1hIPzM_H_sv_=3MFaAQj1cxFi_oP-8TlvJA Les 10 Africains les plus riches selon «Forbes» Les plus grosses fortunes

Re: Resolvable host names in backend server throw invalid address error

I am not having much luck getting output from tcpdump inside the container. I don't have much experience with the tool so any tips will be appreciated. I'm starting the command in the container start-up script right before haproxy is launched... sudo nohup tcpdump -i any -U -nn -XX -e -v -S -s 0

Re: haproxy + ipsec -> general socket error

Have you 'tunned' your sysctls? Baptiste Le 16 oct. 2015 14:56, "wbmtfrdlxm" a écrit : > what linux distribution are you using? > > light traffic is simulating 100 users browsing a website, simple http > requests. we have 2 backend nodes and after a while, both of them

Re: haproxy + ipsec -> general socket error

just those 2: net.ipv4.tcp_max_syn_backlog = 8192 net.core.somaxconn = 2048 On Fri, 16 Oct 2015 16:13:31 +0200 Baptistebed...@gmail.com wrote Have you 'tunned' your sysctls? Baptiste Le 16 oct. 2015 14:56, "wbmtfrdlxm" wbmtfrd...@zoho.com a écrit : what linux distribution are

Re: Resolvable host names in backend server throw invalid address error

Thanks for the reply Baptiste. Here is the dump of /etc/resolv.conf inside the container: nameserver 10.179.240.10 nameserver 169.254.169.254 nameserver 10.240.0.1 search default.svc.cluster.local svc.cluster.local cluster.local c.icitizen-dev3-stack-1069.internal. 555239384585.google.internal.

Re: Resolvable host names in backend server throw invalid address error

On 10/16/2015 9:40 AM, Mark Betz wrote: > I am not having much luck getting output from tcpdump inside the > container. I don't have much experience with the tool so any tips will > be appreciated. I'm starting the command in the container start-up > script right before haproxy is launched... > >

Re[2]: Multiple Monitor-net

What about TCP requests or not HTTP traffic? It seems TCP traffic is still logged when using: http-request set-log-level silent if { src -f aws-checks.list } [Bryan] -- Original Message -- From: "Willy Tarreau" To: "Bryan Rodriguez" Cc:

Re: Multiple Monitor-net

On Fri, Oct 16, 2015 at 10:52:32PM +, Bryan Rodriguez wrote: > What about TCP requests or not HTTP traffic? It seems TCP traffic is > still logged when using: > > http-request set-log-level silent if { src -f aws-checks.list } Absolutely, and you should get a warning stating that

Biobased Plasticizer

Have a nice day! We learn you are on the market of bioplasticizers, Would you please consider using our biobased plasticiser for your eco-plastics? It is an absolute substitute for traditional plasticizers with properties of food safe, non pollution, high heat stability etc.. Also it can

Lua complete example ?

Hello, I would like to manipulate some data from a TCP backend (modify data before it is forwarded to client), and this is not supported (it is for HTTP with rewrites, but not in TCP mode). With v1.6, Lua scripting brings hope, but the documentation is lacking (doc/lua-api/index.rst is a bit of

Multiple Monitor-net

AWS health check monitoring comes from the following networks. Logging is going crazy. I read that only the last monitor-net is read. Is there a way to filter from the logs all the following requests? monitor-net 54.183.255.128/26 monitor-net 54.228.16.0/26 monitor-net