Re: Regression in 2.1 with Host header sent by backends

2019-11-27 Thread Christopher Faulet
Le 27/11/2019 à 04:03, Willy Tarreau a écrit : On Wed, Nov 27, 2019 at 12:31:48AM +0100, Lukas Tribus wrote: That said, I'm not sure this was really the intention of the change in question (commit 531b83e03 "MINOR: h1: Reject requests if the authority does not match the header host").

Re: Regression in 2.1 with Host header sent by backends

2019-11-27 Thread Christopher Faulet
Le 27/11/2019 à 11:59, Christopher Faulet a écrit : Le 27/11/2019 à 04:03, Willy Tarreau a écrit : On Wed, Nov 27, 2019 at 12:31:48AM +0100, Lukas Tribus wrote: That said, I'm not sure this was really the intention of the change in question (commit 531b83e03 "MINOR: h1: Reject requests if the

Re: [PATCH v2] BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only

2019-11-27 Thread Christopher Faulet
Le 26/11/2019 à 12:56, William Dauchy a écrit : we were decoding all substring and then parsing; this could lead to consider & and = in decoding result as delimiters where it should not. this patch reverses the order by first parsing and then decoding each key and value separately. we also stop

substring matching stops on a Null byte (\0) in a binary fetch

2019-11-27 Thread cyberheads GmbH
Dear list! We use HAProxy in TCP Mode for non-HTTP protocols. The request of one particular protocol looks like this: - length of message (binary value, 4 bytes long) - binary part (40-200 bytes) - XML part Goal: We want to use a particular backend when the XML part of the request

Re: [PATCH v2] BUG/MINOR: contrib/prometheus-exporter: decode parameter and value only

2019-11-27 Thread William Dauchy
On Wed, Nov 27, 2019 at 02:30:31PM +0100, Christopher Faulet wrote: > It was merged. I amended your patch to fix 2 issues. The fixes were minor, > so I preferred to not bother you with that. First, when the scope value is > tested, we must first be sure it is defined to not dereference a null >

[PATCH] DOC: Fix ordered list in summary

2019-11-27 Thread Julien Pivotto
Signed-off-by: Julien Pivotto --- doc/configuration.txt | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 7e5ecd881..787f77988 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -64,6 +64,12 @@

RE: HAProxy 2.0.10 and 2.1.0 RPM's

2019-11-27 Thread J. Casalino
[1] is a project I've contributed to because I needed to compile RPMs for Amazon Linux and the RHEL/CentOS versions didn't quite work correctly. I liked it because it made the process super simple and took care of most of the dependencies. It also includes support for RHEL8 and Amazon Linux 2

Re: DNS resolution every second - v2.0.10

2019-11-27 Thread Willy Tarreau
Hi Marco, On Wed, Nov 27, 2019 at 08:38:03AM +0100, Marco Corte wrote: > Hello! > > I see a strange behaviour of the DNS resolution on version 2.0.9 and 2.0.10, > but I do not know since when this happens. > > On Ubuntu 18.04, I set up haproxy to use the local DNS service provided by > systemd.

Re: Seeking Guidance: 2.1.0 Config Error

2019-11-27 Thread Tim Düsterhus
Hemant, Sorry, I forgot to adjust the capturing groups. There is an off-by-one in my examples. Am 27.11.19 um 22:39 schrieb Tim Düsterhus: > http-request replace-uri ^/CoscendP/*([^\ ]*)\ (.*)$ \1\ /\2\ \3 This should read: http-request replace-uri ^/CoscendP/*([^\ ]*)\ (.*)$ /\1\ \2 >

Re: Seeking Guidance: 2.1.0 Config Error

2019-11-27 Thread Tim Düsterhus
Hemant, Am 27.11.19 um 21:37 schrieb Coscend@HAProxy: > 2.0.9 config line that worked: > > reqirep ^([^\ ]*)\ /CoscendP/*([^\ ]*)\ (.*)$ \1\ /\2\ \3 > > rspirep ^(Location:)\ (https?://([^/]*))/(.*)$Location:\ > /CoscendP/\3 > > Corresponding 2.1.0 config line that gives

Re: server maxconn and proto h2

2019-11-27 Thread Willy Tarreau
Hi Tim, On Wed, Nov 27, 2019 at 08:21:19PM +0100, Tim Düsterhus wrote: > Dear List > > for one project I put an HAProxy HTTPS frontend in front of two backends > currently containing a single server each. > > The nginx backend sits in front of a PHP application with a small number > of workers.

Re: Seeking Guidance: 2.1.0 Config Error

2019-11-27 Thread Aleksandar Lazic
Hi. Nov 27, 2019 9:38:35 PM Coscend@HAProxy : > > Dear HAProxy Community, > > > > We are upgrading from 2.0.9 to 2.1.0. Accordingly, we have to replace: > > · reqirep with http-request and > > · resprep with http-response. > > > > We are getting the following two errors. > > Error 1:

[PATCH] DOC: Clarify behavior of server maxconn in HTTP mode

2019-11-27 Thread Tim Duesterhus
Willy, Am 27.11.19 um 22:20 schrieb Willy Tarreau: >> a) Is it 50 in-flight requests over a possibly smaller number of HTTP/2 >> connections? (requests <= 50) > > Yes that's it. Since we've started to support server-side keep-alive > in 1.5, the maxconn setting really sets the limit to the

server maxconn and proto h2

2019-11-27 Thread Tim Düsterhus
Dear List for one project I put an HAProxy HTTPS frontend in front of two backends currently containing a single server each. The nginx backend sits in front of a PHP application with a small number of workers. Because HAProxy handles queuing better than nginx I limited the nginx server to

Seeking Guidance: 2.1.0 Config Error

2019-11-27 Thread Coscend@HAProxy
Dear HAProxy Community, We are upgrading from 2.0.9 to 2.1.0. Accordingly, we have to replace: .reqirep with http-request and .resprep with http-response. We are getting the following two errors. Error 1: 'http-request replace-header' expects exactly 3 arguments.

Re: Seeking Guidance: 2.1.0 Config Error

2019-11-27 Thread Tim Düsterhus
Aleks, Am 27.11.19 um 22:36 schrieb Aleksandar Lazic: > This should be replace-uri > http://cbonte.github.io/haproxy-dconv/2.1/configuration.html#4.2-http-request%20replace-uri > > I would try this. > http-request replace-uri /CoscendP/*([^\ ]*)\ (.*)$ /\2\ \3 > > >> http-response

Re: [PATCH] CLEANUP: dns: resolution can never be null

2019-11-27 Thread Илья Шипицин
Willy thinks it should be "eb" instead of "res" https://github.com/haproxy/haproxy/issues/349#issuecomment-548241746 On Thu, Nov 28, 2019, 3:33 AM William Dauchy wrote: > `eb` being tested above, `res` cannot be null, so the condition is > not needed and introduces potential dead code. > >

Re: What is the status of FastCGI in new 2.1 version?

2019-11-27 Thread Aleksandar Lazic
Hi. Nov 28, 2019 6:30:08 AM flamese...@yahoo.co.jp: > Hi > I'm so excited that HAProxy supports FastCGI, I would like to try this in our > development env first. > Just wonder what is the status of it? Full production ready? What's the > performance? Well it's the first release :-) I have

Re: DNS resolution every second - v2.0.10

2019-11-27 Thread Marco Corte
Hi! > If it bothers you (I don't really see why), you can increase the "inter" > value on your servers to check them less often and as such refresh their > address less often. You can configure "hold valid " to configure internal caching (it should be 10 seconds by default though): I post

Re: Product Info

2019-11-27 Thread Aleksandar Lazic
Hi. Nov 28, 2019 2:40:56 AM apcoeproductnotificati...@wellsfargo.com: > Hi team, > > Sorry to bother you again but according to CVE-2019-18277 it says A flaw was > found in HAProxy before 2.0.6. So request you to please confirm whether all > versions which is before 2.0.6 are Vulnerable.

Re: [PATCH] CLEANUP: dns: resolution can never be null

2019-11-27 Thread William Dauchy
On Thu, Nov 28, 2019 at 11:10:34AM +0500, Илья Шипицин wrote: > Willy thinks it should be "eb" instead of "res" yup I saw that comment but I don't get why as it is tested above. -- William

Re: DNS resolution every second - v2.0.10

2019-11-27 Thread Lukas Tribus
Hello, On Wed, Nov 27, 2019 at 10:25 PM Willy Tarreau wrote: > > Hi Marco, > > On Wed, Nov 27, 2019 at 08:38:03AM +0100, Marco Corte wrote: > > Hello! > > > > I see a strange behaviour of the DNS resolution on version 2.0.9 and 2.0.10, > > but I do not know since when this happens. > > > > On

RE: Product Info

2019-11-27 Thread APCoEProductNotifications
Hi team, Sorry to bother you again but according to CVE-2019-18277 it says A flaw was found in HAProxy before 2.0.6. So request you to please confirm whether all versions which is before 2.0.6 are Vulnerable. Regards, Anurag -Original Message- From: APCoE Product Notifications Sent:

Re: [PATCH] DOC: Clarify behavior of server maxconn in HTTP mode

2019-11-27 Thread Willy Tarreau
On Wed, Nov 27, 2019 at 10:35:27PM +0100, Tim Duesterhus wrote: > Find attached a patch that (hopefully) clarifies the behavior in the > documentation. Feel free to rephrase the new paragraph in case I said > something > incorrect. It's correct, now applied. Thank you! Willy

What is the status of FastCGI in new 2.1 version?

2019-11-27 Thread flamesea12
Hi I'm so excited that HAProxy supports FastCGI, I would like to try this in our development env first. Just wonder what is the status of it? Full production ready? What's the performance? Thanks

[PATCH] CLEANUP: dns: resolution can never be null

2019-11-27 Thread William Dauchy
`eb` being tested above, `res` cannot be null, so the condition is not needed and introduces potential dead code. also fix a typo in associated comment This should fix issue #349 Reported-by: Илья Шипицин Signed-off-by: William Dauchy --- src/dns.c | 7 +-- 1 file changed, 1

Re: DNS resolution every second - v2.0.10

2019-11-27 Thread Willy Tarreau
Hi Lukas, On Wed, Nov 27, 2019 at 11:53:03PM +0100, Lukas Tribus wrote: > > If it bothers you (I don't really see why), you can increase the "inter" > > value on your servers to check them less often and as such refresh their > > address less often. > > You can configure "hold valid " to

Re: PATCH: partially fix build if OpenSSL is built with no-deprecated option

2019-11-27 Thread Emmanuel Hocdet
Hi, > Le 27 nov. 2019 à 03:46, Willy Tarreau a écrit : > >> @@ -5046,7 +5046,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, >> struct ssl_bind_conf *ssl_ >> NULL); >> >> if (ecdhe == NULL) { >> +#if defined(SSL_CTX_set_ecdh_auto) >>

Possible link on haproxy.org

2019-11-27 Thread Samantha Pierrie
Hi there, Hope you're well. I recently saw your site and I thought it would be the perfect destination for a link back to my clients website, please let me know if you would be interested in posting a do-follow link, weather that is in an existing article or a brand new article my content team