Re: OpenSSL engine and async support

2017-04-10 Thread Grant Zhang
> On Apr 10, 2017, at 07:42, Emeric Brun wrote: > >> * openssl version (1.1.0b-e?) > compiled 1.1.0e >> >> > Could you provide patches rebased on current dev master branch? I am kinda busy with other project but will try to provide rebased patches this week. Thanks,

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Pavlos Parissis
On 07/04/2017 11:17 μμ, Olivier Houchard wrote: > On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: >> On 06/04/2017 04:57 , Olivier Houchard wrote: >>> On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos Parissis wrote: On 06/04/2017 04:25 , Olivier Houchard wrote: >

Admin socket server state and MAINT flag issues

2017-04-10 Thread Dennis Jacobfeuerborn
Hi, i'm currently playing with the values that the admin socket return when the "show servers state" command is issued and I noticed to things: 1. When using and abstract namespace socket as address on a server line then the srv_addr "field" will be empty which technically isn't a problem but the

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Pavlos Parissis
On 10/04/2017 08:09 μμ, Olivier Houchard wrote: > > Hi, > > On top of those patches, here a 3 more patches. > The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET > environment variable. If set, it will use that as an argument to -x, when > reloading the process. I see you

Re: server templates

2017-04-10 Thread Aleksandar Lazic
Am 10-04-2017 20:19, schrieb Willy Tarreau: On Mon, Apr 10, 2017 at 05:00:14PM +0200, Baptiste wrote: On Mon, Apr 10, 2017 at 2:30 PM, Willy Tarreau wrote: > On Mon, Apr 10, 2017 at 10:02:29AM +0200, Frederic Lecaille wrote: > > With server templates, haproxy could preallocate

Re: ACL with dynamic pattern

2017-04-10 Thread Aleksandar Lazic
Am 10-04-2017 10:55, schrieb Alexander Lebedev: Hello! I want to implement CSRF check with haproxy. I want to check cookie value matched the header value and deny request if they're didn't equal. Something like this: alc token_valid req.cook(token) %[req.hdr(token)] http-request deny unless

Re: server templates

2017-04-10 Thread Willy Tarreau
On Mon, Apr 10, 2017 at 08:29:05PM +0200, Aleksandar Lazic wrote: > In case I have understood you all right I will be able to add and remove > servers without reloading/restarting haproxy just with some cli commands, > right. > That would be very great ;-) Yep that's it. > Will be this also

Re: Certificate order

2017-04-10 Thread Sander Hoentjen
This is a corrected patch against 1.7.5. On 04/10/2017 05:00 PM, Sander Hoentjen wrote: > No scratch that, this is wrong. > > On 04/10/2017 04:57 PM, Sander Hoentjen wrote: >> The attached patch against haproxy 1.7.5 honours crt order also for >> wildcards. >> >> On 04/07/2017 03:42 PM, Sander

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
Hi, On top of those patches, here a 3 more patches. The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET environment variable. If set, it will use that as an argument to -x, when reloading the process. The second one sends listening unix sockets, as well as IPv4/v6 sockets.

Re: server templates

2017-04-10 Thread Willy Tarreau
On Mon, Apr 10, 2017 at 05:00:14PM +0200, Baptiste wrote: > On Mon, Apr 10, 2017 at 2:30 PM, Willy Tarreau wrote: > > > On Mon, Apr 10, 2017 at 10:02:29AM +0200, Frederic Lecaille wrote: > > > With server templates, haproxy could preallocate 'server' objects which > > > would derive

Re: low load client payload intermittently dropped with a "cD" error (v1.7.3)

2017-04-10 Thread Bryan Talbot
> On Apr 8, 2017, at Apr 8, 2:24 PM, Lincoln Stern > wrote: > > I'm not sure how to interpret this, but it appears that haproxy is dropping > client payload intermittently (1/100). I have included tcpdumps and logs to > show what is happening. > > Am I doing something

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
On Mon, Apr 10, 2017 at 10:49:21PM +0200, Pavlos Parissis wrote: > On 07/04/2017 11:17 , Olivier Houchard wrote: > > On Fri, Apr 07, 2017 at 09:58:57PM +0200, Pavlos Parissis wrote: > >> On 06/04/2017 04:57 , Olivier Houchard wrote: > >>> On Thu, Apr 06, 2017 at 04:56:47PM +0200, Pavlos

simgle ?

2017-04-10 Thread Jim Freeman
https://github.com/haproxy/haproxy/search?q=simgle single ? simple ?

Re: [RFC][PATCHES] seamless reload

2017-04-10 Thread Olivier Houchard
On Mon, Apr 10, 2017 at 11:08:56PM +0200, Pavlos Parissis wrote: > On 10/04/2017 08:09 , Olivier Houchard wrote: > > > > Hi, > > > > On top of those patches, here a 3 more patches. > > The first one makes the systemd wrapper check for a HAPROXY_STATS_SOCKET > > environment variable. If set,

Re: server templates

2017-04-10 Thread Frederic Lecaille
On 04/08/2017 01:27 AM, Aleksandar Lazic wrote: Hi Frederic Hi Aleksandar, Am 07-04-2017 15:00, schrieb Frederic Lecaille: Hello Haproxy ML, Here are patches attached to this mail to add "server templates" feature to haproxy. Please can you explain a little bit more the use case, thanks.

ACL with dynamic pattern

2017-04-10 Thread Alexander Lebedev
Hello! I want to implement CSRF check with haproxy. I want to check cookie value matched the header value and deny request if they're didn't equal. Something like this: alc token_valid req.cook(token) %[req.hdr(token)] http-request deny unless token_valid But I can't find the way to perform

Re: server templates

2017-04-10 Thread Willy Tarreau
On Mon, Apr 10, 2017 at 10:02:29AM +0200, Frederic Lecaille wrote: > With server templates, haproxy could preallocate 'server' objects which > would derive from 'default-server' (with same settings as default server > settings), but with remaining parameters which are unknown at parsing time >

IPv6 resolvers seems not works

2017-04-10 Thread Павел Знаменский
Hello, I'm trying to add IPv6 address as a nameserver to able resolve addresses in IPv6-only environment: resolvers google_dns_10m nameserver google_dns1 2001:4860:4860:::53 nameserver google_dns2 2001:4860:4860::8844:53 hold valid 10m resolve_retries 2 But I getting error:

Re: [PATCH]: BUG/MINOR

2017-04-10 Thread Willy Tarreau
On Fri, Apr 07, 2017 at 07:52:42PM +0100, David CARLIER wrote: > Hi all, > > I was trying to compile the 1.8 branch under DragonflyBSD and went into a > build failure, thus > this patch proposal. Ah OK thanks David now I see the problem, it was also reported by Steven (in CC). I'm merging it.

Re: [PATCH] DOC: stick-table is available in frontend sections

2017-04-10 Thread Willy Tarreau
On Thu, Apr 06, 2017 at 04:31:39PM +0100, Adam Spiers wrote: > Fix the proxy keywords matrix to reflect that it's permitted to use > stick-table in frontend sections. Applied, thanks Adam! Willy

Re: [PATCH] BUILD: fix for non-transparent builds

2017-04-10 Thread Willy Tarreau
Hi Steven, On Thu, Apr 06, 2017 at 04:02:36PM -0700, Steven Davidovitz wrote: > Broke in dba9707713eb49a39b218f331c252fb09494c566. Strange, what OS/build options are you using ? Also, the commit above doesn't seem to exist so it's not easy to find the extent of the issue. Willy

Re: [PATCH] minor cleanup to the dynamic cookie code

2017-04-10 Thread Willy Tarreau
On Tue, Apr 04, 2017 at 10:33:00PM +0200, Olivier Houchard wrote: > Willy, I think it is mostly safe and you can apply it. Applied, thanks Olivier! Willy

typo nits @doc

2017-04-10 Thread Jim Freeman
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html s/formated/formatted/g

Re: OpenSSL engine and async support

2017-04-10 Thread Emeric Brun
Hi Grant, On 04/01/2017 02:01 AM, Grant Zhang wrote: > Hi Emeric, > > Sorry for my delayed reply. > > > On 03/28/2017 01:47 AM, Emeric Brun wrote: >> >>> This is an atom C2518 and it seems that --disable-prf has cut the >>> performance >>> in half. We should receive a 8920 soon. >>> >

Re: Certificate order

2017-04-10 Thread Sander Hoentjen
The attached patch against haproxy 1.7.5 honours crt order also for wildcards. On 04/07/2017 03:42 PM, Sander Hoentjen wrote: > Hi Sander, > > On 04/06/2017 02:06 PM, Sander Klein wrote: >> Hi Sander, >> >> On 2017-04-06 10:45, Sander Hoentjen wrote: >>> Hi guys, >>> >>> We have a setup where we

Re: IPv6 resolvers seems not works

2017-04-10 Thread Frederic Lecaille
On 04/10/2017 01:42 PM, Павел Знаменский wrote: Hello, Hello, I'm trying to add IPv6 address as a nameserver to able resolve addresses in IPv6-only environment: resolvers google_dns_10m nameserver google_dns1 2001:4860:4860:::53 nameserver google_dns2 2001:4860:4860::8844:53

Re: server templates

2017-04-10 Thread Baptiste
On Mon, Apr 10, 2017 at 2:30 PM, Willy Tarreau wrote: > On Mon, Apr 10, 2017 at 10:02:29AM +0200, Frederic Lecaille wrote: > > With server templates, haproxy could preallocate 'server' objects which > > would derive from 'default-server' (with same settings as default server > >

Re: Certificate order

2017-04-10 Thread Sander Hoentjen
No scratch that, this is wrong. On 04/10/2017 04:57 PM, Sander Hoentjen wrote: > The attached patch against haproxy 1.7.5 honours crt order also for > wildcards. > > On 04/07/2017 03:42 PM, Sander Hoentjen wrote: >> Hi Sander, >> >> On 04/06/2017 02:06 PM, Sander Klein wrote: >>> Hi Sander, >>>