RE: tcpdump and Haproxy SSL Offloading

Hi, thanks very much, I went a little deeper about Cipher Suite. Now I changed the ciphers list supported by our haproxy LBs and increased the security level (always trying to keep ciphers that support old clients that still use our services - like XP/IE8). I tried successfully Decrypting a

Re: HTTP Keep Alive : Limit number of sessions in a connection

Nginx for instance allows you to limit the number of keep-alive requests that a client can send on an existing connection - afterwhich the client connection is closed. http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests Apache has something similar

Re: Graceful restart of Haproxy with SystemD

Le mercredi 08 juin 2016 à 21:21 +0200, Vincent Bernat a écrit : > Just add ExecReload=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c > -q > before the existing ExecReload. Indeed: [root@arch64-f5ff6f8ea5472b3f ~]# rm /tmp/* rm: cannot remove '/tmp/*': No such file or directory

Re: Graceful restart of Haproxy with SystemD

❦ 8 juin 2016 12:42 CEST, Andrew Kroenert  : > Im having issues with haproxy’s systemd service under puppet control. > > Ive implemented the systemd service from haproxy contrib folder, which > has the ExecStartPre command to check the config. > > This works for

Re: HTTP Keep Alive : Limit number of sessions in a connection

Hi, Am 08.06.2016 um 20:51 schrieb CJ Ess: I'm terminating connections with nginx, then I have a pool of upstream connections from nginx to haproxy where I allow unlimited keep-alive requests between nginx and haproxy per connection. The only times the connections close is when haproxy sends

Re: HTTP Keep Alive : Limit number of sessions in a connection

On Wed, Jun 08, 2016 at 02:51:06PM -0400, CJ Ess wrote: > Nginx for instance allows you to limit the number of keep-alive requests > that a client can send on an existing connection - afterwhich the client > connection is closed. >

Re: HTTP Keep Alive : Limit number of sessions in a connection

I personally don't have a need to limit requests the haproxy side at the moment, I'm just thought I'd try to help Manas make his case. Hes basically saying that he wants the option to close the client connection after the nth request and that seems pretty reasonable to me. Maybe it would help him

Re: HTTP Keep Alive : Limit number of sessions in a connection

I can only speak for 1.5.x but when haproxy issues an error (not to be confused with passing through an error from the upstream, but haproxy itself issuing the error due to acl rules or whatever) it just sends the error file (or the built-in error text) as a blob and closes the connection. In my

possible minor memory leak in ssl_get_dh_1024

seems like set_tmp_dh() performs its own allocation. So, it should be OK to dh_free immediately after calling the setter. Not sure the intention was to reuse the allocated local_dh_1024, but that's not being done either. index 5200069..7c17c9a 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@

Re: possible minor memory leak in ssl_get_dh_1024

Roberto Guimaraes writes: > > seems like set_tmp_dh() performs its own allocation. So, it should be > OK to dh_free immediately after calling the setter. > Not sure the intention was to reuse the allocated local_dh_1024, > but that's not being done either. > > index

Re: HTTP Keep Alive : Limit number of sessions in a connection

On Wed, Jun 08, 2016 at 04:17:58PM -0400, CJ Ess wrote: > I personally don't have a need to limit requests the haproxy side at the > moment, I'm just thought I'd try to help Manas make his case. Hes basically > saying that he wants the option to close the client connection after the > nth request

Re: HTTP Keep Alive : Limit number of sessions in a connection

Thank you everyone for pitching in. I will take another stab at explaining my case/context. So I have a component which issues a lot of requests over a keep-alive connection to HAProxy. In the middle there is a TCP Load Balancer (hardware) which only intercepts new tcp connection requests. Once

Re: Lua converter not working in 1.6.5 with Lua 5.3.2

On Wed, Jun 01, 2016 at 02:28:02PM +0200, Thierry FOURNIER wrote: > I forgot the patches in attachment ;) Just merged right now. Thanks Thierry! Willy

Graceful restart of Haproxy with SystemD

Hey All Im having issues with haproxy’s systemd service under puppet control. Ive implemented the systemd service from haproxy contrib folder, which has the ExecStartPre command to check the config. This works for Starts, but not restarts, and while afaik reload does not reload if the config

Re: HTTP Keep Alive : Limit number of sessions in a connection

On Wed, Jun 8, 2016 at 8:45 PM, Willy Tarreau wrote: > On Wed, Jun 08, 2016 at 05:07:29PM -0700, Manas Gupta wrote: >> Thank you everyone for pitching in. >> >> I will take another stab at explaining my case/context. >> >> So I have a component which issues a lot of requests over a

Re: HTTP Keep Alive : Limit number of sessions in a connection

On Wed, Jun 08, 2016 at 05:07:29PM -0700, Manas Gupta wrote: > Thank you everyone for pitching in. > > I will take another stab at explaining my case/context. > > So I have a component which issues a lot of requests over a keep-alive > connection to HAProxy. In the middle there is a TCP Load