On Fri, May 12, 2017 at 02:00:24PM -0700, redundantl y wrote:
> Is it possible to configure a secondary load balancing method, something to
> fall back on if the first method isn't met?
>
> For example, if I balance on the url_param email:
>
> balance url_param email
>
> Can it instead
> On May 10, 2017, at 04:51, Emeric Brun wrote:
>
>> It looks like the main process stalls at DH_free(local_dh_1024) (part of
>> __ssl_sock_deinit). Not sure why but I will debug and report back.
>>
>> Thanks,
>
> I experienced the same issue (stalled on a futex) if i run
Hi Igor,
On Sat, May 13, 2017 at 12:58:19AM +0800, Igor Pav wrote:
> Hi list,
>
> Is now there's a converter for hostname to IPv4 available in haproxy?
Funny that you asked the same question one year ago, but you didn't get
a response, you are patient :-)
Server addresses can be dynamically
On 05/12/2017 09:37 AM, Willy Tarreau wrote:
On Fri, May 12, 2017 at 08:58:56AM +0200, Lukas Tribus wrote:
Hi,
Am 11.05.2017 um 21:13 schrieb Jim Pingle:
On 05/11/2017 01:58 PM, Frederic Lecaille wrote:
I have reproduced (at home) the stats socket issue within a FreeBSD 9.3 VM.
Replacing
Hi Antonio Trujillo Carmona.
Antonio Trujillo Carmona have written on Fri, 12 May 2017 10:23:59
+0200:
> El 11/05/17 a las 15:06, Aleksandar Lazic escribió:
> > .../
> > How about to activate the 'option tcp-check' as mentioned in the
> > Warning?
> > In the config below is it's commented, any
On 05/12/2017 09:52 AM, Willy Tarreau wrote:
On Fri, May 12, 2017 at 09:48:56AM +0200, Frederic Lecaille wrote:
On 05/12/2017 09:37 AM, Willy Tarreau wrote:
On Fri, May 12, 2017 at 08:58:56AM +0200, Lukas Tribus wrote:
Hi,
Am 11.05.2017 um 21:13 schrieb Jim Pingle:
On 05/11/2017 01:58 PM,
On Thu, May 11, 2017 at 04:23:14PM -0700, James Brown wrote:
> Is there any good way to reload a map, short of either (a) reloading
> haproxy every time the map changes, or (b) feeding the entire map into the
> control socket as a series of `set map` statements?
>
> I've got a map generated by an
On Fri, May 12, 2017 at 08:58:56AM +0200, Lukas Tribus wrote:
> Hi,
>
>
> Am 11.05.2017 um 21:13 schrieb Jim Pingle:
> > On 05/11/2017 01:58 PM, Frederic Lecaille wrote:
> >> I have reproduced (at home) the stats socket issue within a FreeBSD 9.3 VM.
> >>
> >> Replacing your call to close() by
On Tue, May 09, 2017 at 09:43:22PM -0700, redundantl y wrote:
> For example, I have tried with the latest versions of Firefox, Safari, and
> Chrome. With 30 elements on the page being loaded from the server they're
> all being loaded within 70ms of each other, the first 5 or so happening on
> the
El 11/05/17 a las 15:06, Aleksandar Lazic escribió:
> .../
> How about to activate the 'option tcp-check' as mentioned in the
> Warning?
> In the config below is it's commented, any reason why?
>
> It's also active in the doc which you maybe know.
>
>
Hi,
Am 11.05.2017 um 21:13 schrieb Jim Pingle:
> On 05/11/2017 01:58 PM, Frederic Lecaille wrote:
>> I have reproduced (at home) the stats socket issue within a FreeBSD 9.3 VM.
>>
>> Replacing your call to close() by fd_delete() which removes the fd from
>> the fd set used by kevent *and close
On Fri, May 12, 2017 at 09:48:56AM +0200, Frederic Lecaille wrote:
> On 05/12/2017 09:37 AM, Willy Tarreau wrote:
> > On Fri, May 12, 2017 at 08:58:56AM +0200, Lukas Tribus wrote:
> > > Hi,
> > >
> > >
> > > Am 11.05.2017 um 21:13 schrieb Jim Pingle:
> > > > On 05/11/2017 01:58 PM, Frederic
Thanks, Willy. I found DNS infrastructure improved a lot this year, so
I ask it again, hope it is not so stupid :-)
On Sat, May 13, 2017 at 7:19 AM, Willy Tarreau wrote:
> Hi Igor,
>
> On Sat, May 13, 2017 at 12:58:19AM +0800, Igor Pav wrote:
>> Hi list,
>>
>> Is now there's a
Hi,
This patch depend of " [Patches] TLS methods configuration reworked ».
Actually it will only work with BoringSSL because haproxy use a special
ssl_sock_switchctx_cbk
with a BoringSSL callback to select certificat before any handshake negotiation.
This feature (and others depend of this
On Fri, May 12, 2017 at 10:20:56AM +0200, Frederic Lecaille wrote:
> Here is a more well-formed patch.
> Feel free to amend the commit message if not enough clear ;)
It was clear enough, thanks. I added the mention of the faulty commit,
that helps tracking backports and credited Jim and Lukas for
On Fri, May 12, 2017 at 04:41:48PM +0200, Thierry Fournier wrote:
> Hi,
>
> A patch fixing a medium bugfix in attachment.
> The backport in 1.6 and 1.7 is easy: it doesn't generate conflicts.
>
>In the case of a Lua sample-fetch or converter doesn't return any
>value, an acces outside
Hi Holger,
On Sat, May 06, 2017 at 02:08:29AM +0200, Holger Just wrote:
> This patch against current master adds a new b64dec converter. It takes
> a base64 encoded string and returns its decoded binary representation.
>
> This converter can be used to e.g. extract the username of a basic auth
>
Hi Pavlos, Olivier,
On Mon, May 08, 2017 at 02:34:05PM +0200, Olivier Houchard wrote:
> Hi Pavlos,
>
> On Sun, May 07, 2017 at 12:05:28AM +0200, Pavlos Parissis wrote:
> [...]
> > Ignore ignore what I wrote, I am an idiot I am an idiot as I forgot the most
> > important bit of the test, to
On Thu, May 04, 2017 at 03:45:40PM +, Lukas Tribus wrote:
> Currently we unconditionally set SSL_OP_CIPHER_SERVER_PREFERENCE [1],
> which may not always be a good thing.
(...)
Now merged, thank you Lukas!
Willy
Hi Franks,
On Wed, May 10, 2017 at 10:29:08AM +, Franks Andy (IT Technical
Architecture Manager) wrote:
> Hi all,
> Is there a way to clear a stick table entry (using socat obviously) by
> referring to the individual 'reference' id given at the beginning of the
> entry, e.g.
Hi Robin,
On Wed, May 10, 2017 at 09:15:44PM +, Robin H. Johnson wrote:
> Hi,
>
> I'm wondering about the status of bandwidth limiting that was originally
> planned for 1.6.
>
> In the archives I see discussions in 2012 & 2013; Willy's responses:
> 2012-04-17 planned for 1.6:
>
Hi guys,
On Tue, May 09, 2017 at 11:21:36AM +0200, Emeric Brun wrote:
> It seems to do what we want, so we can merge it.
So the good news is that this patch set now got merged :-)
Thanks for your time and efforts back-and-forth on this one!
Willy
Hi,
A patch fixing a medium bugfix in attachment.
The backport in 1.6 and 1.7 is easy: it doesn't generate conflicts.
In the case of a Lua sample-fetch or converter doesn't return any
value, an acces outside the Lua stack can be performed. This patch
check the stack size before
Hi,
On Tue, May 09, 2017 at 07:04:01PM +0200, Daniel Schneller wrote:
> Hi!
>
> > On 9. May. 2017, at 00:30, Lukas Tribus wrote:
> >
> > [...]
> > I'm opposed to heavy feature-bloating for provisioning use-cases, that
> > can quite easily fixed where the fix belongs - the
Hi Willy,
Willy Tarreau wrote:
> The thing is that we normally don't backport any feature anymore to
> stable branches due to the terrible experience in 1.4 where too much
> riskless stuff was backported, then fixed, then removed etc... making
> each subsequent version a pain for certain users.
>
On Fri, May 12, 2017 at 05:39:28PM +0200, Holger Just wrote:
> >> Once verified, I think this converter can be safely added to the
> >> supported stable versions of HAProxy.
> >
> > Yes I think it can make sense to backport it at least to 1.7, it can
> > help sometimes.
>
> That would be much
Willy,
thanks for your elaborate reply! See my remarks below.
> possible impacts nor complexity (but I don't want to have the complete MS
> Office suite merged in, just Word, Excel and PowerPoint :-)).
:-D
> - renewed certs can and will sometimes provide extra alt names, so
>they are not
Hi Willy,
thanks for applying the patch!
Willy Tarreau wrote:
> Thanks for the warning, much appreciated. It made me re-read it after
> applying it. But your code is fine, no problem detected! So you're
> becoming a C programmer ;-)
Yeah, we will see about that :)
>> Once verified, I think
Le 12/05/2017 à 15:54, Willy Tarreau a écrit :
> Hi Benoît,
>
> On Thu, May 04, 2017 at 08:50:33AM +0200, Benoît GARNIER wrote:
> (...)
>> If you do the following operation : time_t => localtime() => struct tm
>> => timegm() => time_t, your result will be shift by the timezone time
>> offset (but
> On May 11, 2017, at May 11, 7:51 AM, Jose Alarcon
> wrote:
>
> Hello,
>
> excuseme my english is very bad, i need know how change configuration haproxy
> pasive/active manually not using keepalived.
>
There is no standard way because that is not a feature of
On Fri, May 12, 2017 at 12:51 AM, Willy Tarreau wrote:
> On Tue, May 09, 2017 at 09:43:22PM -0700, redundantl y wrote:
> > For example, I have tried with the latest versions of Firefox, Safari,
> and
> > Chrome. With 30 elements on the page being loaded from the server
> they're
>
On Fri, May 12, 2017 at 10:20:02AM -0700, redundantl y wrote:
> As I've said before, the issue here is these objects aren't hosted on the
> same server that they're being called from.
>
> "A separately hosted application will generate HTML with several (20-30)
> elements that will be loaded
Hi list,
Is now there's a converter for hostname to IPv4 available in haproxy?
Regards,
Igor
On Fri, May 12, 2017 at 06:42:20PM +0200, Daniel Schneller wrote:
> > That said, given that we can already look up a cert based on a name,
> > maybe in fact we could load all of them and just try to find a more
> > recent one if the first one reported by the SNI is outdated. I don't
> > know if
On Fri, May 12, 2017 at 10:46 AM, Willy Tarreau wrote:
> On Fri, May 12, 2017 at 10:20:02AM -0700, redundantl y wrote:
> > As I've said before, the issue here is these objects aren't hosted on the
> > same server that they're being called from.
> >
> > "A separately hosted
On Thu, May 11, 2017 at 01:04:50PM +0300, Dmitry Sivachenko wrote:
> Hello,
>
> this is a patch to nuke obsoleted USE_GETSOCKNAME build option.
Applied, thanks Dmitry. BTW, your attached patch was strangely missing a
header so I rewrote the commit message since this one was not too hard to
Hi Benoît,
On Thu, May 04, 2017 at 08:50:33AM +0200, Benoît GARNIER wrote:
(...)
> If you do the following operation : time_t => localtime() => struct tm
> => timegm() => time_t, your result will be shift by the timezone time
> offset (but without any DST applied).
>
> Technically, if you live
On Tue, May 09, 2017 at 12:12:42AM +0200, Lukas Tribus wrote:
> Haproxy can verify the certificate of backend TLS servers since day 1.
>
> The only thing missing is client SNI based backend certificate
> verification, which yes - since we can pass client SNI to the TLS server
> - we need to
Is it possible to configure a secondary load balancing method, something to
fall back on if the first method isn't met?
For example, if I balance on the url_param email:
balance url_param email
Can it instead balance on another url_param:
balance url_param id
Or have it balance based
39 matches
Mail list logo