Hey,
You can also play with /proc/sys/vm/swapiness to avoid / limit swapping...
But as explained, it's a bad idea to let a lot balancer swapping. It's
supposed to introduce a very very low delay and swapping would
increase that delay.
Just ensure you have enough memory to handle the load you
Hi,
Yes, Haproxy can limit rate connection.
Please look for rate-limit sessions and fe_sess_rate in the
configuration.txt documentation [1].
In HAproxy 1.5 [2], there are a few more options, like src_conn_
which are more accurate and might help you better.
Bear in mind that 1.5 is still in
Hi Vincent,
It seems that the CPU speed of your F5 3900 is 2.4GHz with 8G of memory.
For HAproxy, the faster the CPU is, the more reqs per seconds you
could achieve :)
keep us updated with your result, its interesting :)
cheers
On Fri, May 6, 2011 at 7:32 PM, Vincent Bernat ber...@luffy.cx
Hi,
As you said, since your traffic is encrypted, haproxy can't dig into
http protocol, so you must you tcp mode to load balance https.
If you want to take advantage of all the smart stuff in Haproxy about
http, you must decrypt the traffic before it's forwarded to haproxy
(using pound, stunnel,
Hi,
Maybe you should try this:
option httpchk HEAD /app/haproxycheck
http-check expect status 200
cheers
On Wed, Jun 1, 2011 at 10:59 AM, Christian Klinger cklin...@novareto.de wrote:
Hi,
i try to loadbalance some PythonPaste Servers with the help of haproxy.
I have configured this
Hey,
All the stats are stored in memory. You must configure a stat socket
to retrieve them.
As far as I know, enabling stats has no impact on performance.
cheers
On Fri, Jun 3, 2011 at 6:06 PM, Beckler, Amon
amon.beck...@relayhealth.com wrote:
Can anyone enlighten me on where the data for the
Hi gents,
I'm looking for people who use haproxy on an amazon server.
I'm more interested by the number of hit/s you could get.
Thanks for anybody who could help :)
Regards
Hi Malcolm and Julien
Thanks a lot for your answers.
Very appreciated :)
cheers
Hi Manoj,
Sounds like an application issue :)
Could you paste there your configuration file?
And I have also a few questions:
- are your rsync sessions quite long (longer thant 10s) ?
- what average of rsync sessions do you have on the platform ?
- what makes your rsync session stuck ?
- what's
hi,
Your maxconn seems a bit low if you have a lot of clients...
Maybe you should try increasing it or at lease increase the queue timeout.
As hank said, turn on http log, it will provide you very interesting
information about your issue.
cheers
hi,
There is a HTTP method for that: HEAD.
cheers
On Mon, Jul 11, 2011 at 11:21 AM, Damien Hardy
damienhardy@gmail.com wrote:
I have to precise that this is not related to the stats delivered by
haproxy but a static resource used on our pages to get counters based on
access logs provide
Hi,
You don't need a load balancer to load-balancer WCCP.
This protocol has already some builtin healthchecks and has a nice URL
hash algorithm.
cheers
On Tue, Jul 12, 2011 at 5:13 AM, 岳强 yueqiang.da...@gmail.com wrote:
Hello!
I am doing some work about cache(squid), which suppors
Hi,
According to HAProxy logs, your errors seems application related:
SH The server aborted before sending its full HTTP response headers, or
it crashed while processing the request. Since a server aborting at
this moment is very rare, it would be wise to inspect its
On Wed, Jul 13, 2011 at 11:04 PM, Christopher Ravnborg
christopher.ravnb...@gmail.com wrote:
Hi
I'm looking for a solution which can do the following:
Client need to connect to https webserver via haproxy. Encryption all the
way.
Log on webserver needs to contain client ip, this can be done,
Hi Sunit,
It's as simple as installing haproxy package from your linux distribution.
HAProxy configuration is quite easy and if you want to load-balance HTTP
protocol, it will be easy to find some good example on the web.
This load-balancer can be either a physical machine or a VM.
There is no
Hi,
The wp-admin page of wordpress is a 302 redirecting to wp-login.php.
Have you tried to browse the backend directly?
I guess it should not work.
There are some parameters on Wordpress to tell him on which URL it
will be hosted.
By default, it may be /, in your case you should turn this
Hi Carlo,
Before testing the application itself, you must first test the infrastructure ;)
Once you know how much your infrastructure can deliver, then your
bench makes sense.
This is a step by step method, from the lower layer to the higher one.
Before testing your application in a virtualized
Why don't you edit the haproxy conf directly and reload it ? If you have the
new IP and are going to update the /etc/hosts, what is stopping you from
doing a sed on the backend's ip in haproxy.cfg ?
Or, you could just run in a VPC and stop doing weird stuff with your
networking ;)
Julien
Hi Hank
Actually stick on URL param should work with client which does not
support cookies.
is the first reply a 30[12] ?
How is they user aware of the jsid or how is he supposed to send his
jsid to the server?
Do you have a X-Forwarded-For on your proxy or can you setup one?
cheers
On Fri, Aug 5, 2011 at 11:58 PM, Willy Tarreau w...@1wt.eu wrote:
Hi Baptiste,
On Fri, Aug 05, 2011 at 11:53:40PM +0200, Baptiste wrote:
Or using some kind of haproxy conf template with some keyword you
replace using sed with IPs you would get from the hosts file?
with inotify, you can get
On Sat, Aug 6, 2011 at 8:51 AM, Hank A. Paulson
h...@spamproof.nospammail.net wrote:
On 8/5/11 3:01 PM, Baptiste wrote:
Hi Hank
Actually stick on URL param should work with client which does not
support cookies.
is the first reply a 30[12] ?
So you are saying that stick on URL param reads
On Sat, Aug 6, 2011 at 9:32 AM, Willy Tarreau w...@1wt.eu wrote:
Hi Baptiste,
On Sat, Aug 06, 2011 at 09:24:08AM +0200, Baptiste wrote:
On Sat, Aug 6, 2011 at 8:51 AM, Hank A. Paulson
h...@spamproof.nospammail.net wrote:
On 8/5/11 3:01 PM, Baptiste wrote:
Hi Hank
Actually stick
I made it work on our Aloha load-balancer (4.1.2) :)
PHP code on the server:
cookie.php :
?php
session_start();
header(Location: /?ID= . session_id());
echo apache_getenv(SERVER_ADDR);
?
test script.php:
?php
echo apache_getenv(SERVER_ADDR);
?
it creates a set-cookie with cookie name
On Sat, Aug 6, 2011 at 12:50 PM, Willy Tarreau w...@1wt.eu wrote:
On Sat, Aug 06, 2011 at 11:27:53AM +0200, Baptiste wrote:
I made it work on our Aloha load-balancer (4.1.2) :)
Baptiste, you should stop taking hardware with you during holidays,
it's too much temptation ;-)
Since we have
Hi,
Why not only dropping this Range:bytes=0- header?
cheers
2011/8/22 Levente Peres sheri...@eurosystems.hu:
Hello,
There're a number of webserver-mace apps on the net, the newest that I heard
of being the so called Apache killer script I saw a few days agon on Full
disclosure... Here
Hi Sebastien,
Actually, bumptech has not yet integrated all the patches developed by Emeric.
And the stunnel version used is the one without Exceliance (Emeric
again) patches.
But definitely, stud is interesting.
cheers
On Tue, Aug 23, 2011 at 1:02 PM, Sebastien Estienne
for the haproxy community.
thanx
--
Sebastien E.
Le 23 août 2011 à 13:29, Baptiste bed...@gmail.com a écrit :
Hi Sebastien,
Actually, bumptech has not yet integrated all the patches developed by
Emeric.
And the stunnel version used is the one without Exceliance (Emeric
again) patches
On Tue, Aug 23, 2011 at 8:09 AM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 22, 2011 at 07:57:10PM +0200, Baptiste wrote:
Hi,
Why not only dropping this Range:bytes=0- header?
Agreed. Protecting against this vulnerability is not a matter of limiting
connections or whatever. The attack
On Wed, Aug 24, 2011 at 12:44 PM, Baptiste bed...@gmail.com wrote:
On Tue, Aug 23, 2011 at 8:09 AM, Willy Tarreau w...@1wt.eu wrote:
On Mon, Aug 22, 2011 at 07:57:10PM +0200, Baptiste wrote:
Hi,
Why not only dropping this Range:bytes=0- header?
Agreed. Protecting against this vulnerability
On Wed, Aug 24, 2011 at 1:44 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Hi all,
On Wednesday 24 August 2011 13:02:18 Baptiste wrote:
(...)
Since there is no hdr_size ACLs for now, the only way is to use a
hdr_reg to do this:
reqidel ^Range if { hdr_reg(Range) ([0-9]+-[0-9]+,){10
Hi,
In HTTP 1.1, Keep alive is the default mode and does not require any header.
On the other hand, in HTTP 1.0, there is no keepalive by default,
that's why browser and web servers had to anounce it.
More information available here:
Hi,
HAProxy is fine and can protect your Apache.
Have a look at this page, you'll find some HAProxy configuration example:
http://blog.exceliance.fr/2011/08/25/protect-apache-against-apache-killer-script/
Basically, removing the malformed Range header is easy to do.
Usually, the same source IP
Hello,
you server might be very slow or your server timeout in your conf
might be too low.
If you can copy/paste your conf and tell us which version you're using
and the underlying OS.
cheers
On Thu, Sep 8, 2011 at 1:35 PM, Christophe Rahier
christo...@qualifio.com wrote:
Hi,
I've a
!
Christophe
Le 08/09/11 14:16, « Baptiste » bed...@gmail.com a écrit :
Hello,
you server might be very slow or your server timeout in your conf
might be too low.
If you can copy/paste your conf and tell us which version you're using
and the underlying OS.
cheers
On Thu, Sep 8, 2011 at 1:35 PM
5 or 10s sounds good :)
cheers
On Sun, Sep 11, 2011 at 8:11 PM, Christophe Rahier
christo...@qualifio.com wrote:
Hi Cyril,
Thanks for your help, I'll adapt my config file.
About timeout http-keep-alive, which value do you recommend?
Christophe
Le 11/09/11 13:34, « Cyril Bonté »
Hi Dwyer,
well, the question is not how to bench HAProxy, it's more how to
bench the application through HAProxy.
If you just want to bench pure haproxy performance, then an apache
serving a static file and ab as a client might be enough.
cheers
On Tue, Sep 13, 2011 at 3:16 AM, Dwyer, Simon
Hi Liong,
You can also play with vm.swapiness to avoid your ubuntu server to use its swap.
cheers
heh,
This has nothing to see with haproxy but more how your hypervisor
manages VMs which doesn't do anything :)
cheers
On Tue, Sep 13, 2011 at 1:35 PM, Tim Korves t...@whtec.net wrote:
Hi,
It's very strange. When I check the server load, it is almost zero.
same here... Anyone got
Hi,
Can you try with the configuration below:
frontend ft_application
bind :80
mode tcp
use_backend bk_xml if !HTTP
default_backend bk_http
backend bk_xml
mode tcp
balance roundrobin
stick match src table bk_http
server s1
since your request is not RFC compliant, HAProxy will drop it.
You may give a try with the option accept-invalid-http-request on
the frontend definition.
cheers
On Fri, Sep 16, 2011 at 10:42 AM, Vladimir Dronnikov
dronni...@gmail.com wrote:
If you send cookies with your XML requests, then this
might be patchable :)
I'll look at it and let you know.
On Fri, Sep 16, 2011 at 10:51 AM, Vladimir Dronnikov
dronni...@gmail.com wrote:
since your request is not RFC compliant, HAProxy will drop it.
You may give a try with the option accept-invalid-http-request on
the frontend definition.
have you turned on the proxy to mode http ?
this macro might be available only in http mode.
On Fri, Sep 16, 2011 at 10:51 AM, Vladimir Dronnikov
dronni...@gmail.com wrote:
since your request is not RFC compliant, HAProxy will drop it.
You may give a try with the option
Hi there,
Finally, we've finished our bench on SSL tools available for HAProxy:
stud and stunnel.
Please read the benchmark here:
http://blog.exceliance.fr/2011/09/16/benchmarking_ssl_performance/
cheers
the same problem.
To be sure, I tried with an other browser and the problem is the same.
When I call my page locally from the server, the result is OK.
Christophe
Le 19/09/11 13:45, « Baptiste » bed...@gmail.com a écrit :
hi Christophe,
HAProxy is *only* a reverse proxy.
No caching functions
On Fri, Sep 23, 2011 at 11:53 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hello,
My understanding has been that HAProxy can be set up in conjunction
with TPROXY support in the Linux kernel so that the backend servers
see the original client's source IP address on incoming
You might want to use capture request header host len 64
cheers
On Tue, Sep 27, 2011 at 11:46 PM, John Lauro
john.la...@covenanteyes.com wrote:
Is there an easy way to have haproxy log the host with the uri instead of
just the relative uri? I have some 503 errors, and they are going to
On the same subject, an excellent article from Vincent:
http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
Good one mate :)
cheers
On Mon, Sep 19, 2011 at 12:00 PM, Baptiste bed...@gmail.com wrote:
Hi there,
Finally, we've finished our bench on SSL tools available
Hi,
This is currently not doable with HAProxy.
cheers
On Thu, Sep 29, 2011 at 4:33 PM, Galfy Pundee
galfyo.pun...@googlemail.com wrote:
Hi all,
I have two back ends - one serving fast python generated content and
one serving fast static content. I would like from the python to send
a
Hi,
Sorry, but I don't understand what you mean :)
Can explain again please?
cheers
On Thu, Sep 29, 2011 at 8:16 AM, 강동주 jinjud...@gmail.com wrote:
hello.
I already asked about least Connection Problem..
my answer is It is working well ( least Connection )
but i hava another problem
On Mon, Oct 3, 2011 at 11:02 PM, Hank A. Paulson
h...@spamproof.nospammail.net wrote:
On 10/3/11 12:19 PM, Brane F. Gračnar wrote:
On Monday 03 of October 2011 20:09:17 Hank A. Paulson wrote:
I am not sure if these counts are exceeding the never threshold
500 when haproxy encounters an
On Sun, Oct 9, 2011 at 4:50 AM, wsq003 wsq...@sina.com wrote:
Hi Willy,
In the mainpage I saw below: 1.5 will bring keep-alive to the server, but
it will probably make sense only with static servers.
While in the change-log or source code I did not find this feature
(server side
2011/10/9 Andreas Bergman andr...@sea-ab.se:
Hi All,
Earlier today we tried a emergency, not pre-tested LB solution for a
customer, needless to say this didn't go very well.
The LB part worked well, and most of the functions worked well, but among
those who didn't work at all were Ajax HXR
Hi,
Are both HAProxy to the same version?
cheers
On Fri, Oct 14, 2011 at 6:32 PM, Mathieu Simon
mathieu.simo...@gmail.com wrote:
Hello,
here my question.
I'm trying to stop gracefully a backend server using HATop.
The disable command give me a 504 status code for pending request on this
backend server.
Does it exist a workaround in
On Tue, Oct 18, 2011 at 8:31 PM, Saul s...@extremecloudsolutions.com wrote:
Hello List,
I am having an issue trying to translate some urls with my haproxy
setup and Im hoping someone can shed some light.
Information:
4 apache servers need a reliable LB such as HA. These apache servers
On Tue, Oct 18, 2011 at 6:39 PM, Cory Forsyth cory.fors...@gmail.com wrote:
Hi, my company would like to hire someone for a few hours' worth of
consulting time to help us gut-check our haproxy configuration and set
up.
In particular, this is what we are trying to do:
We are trying to limit
2011/10/19 wsq003 wsq...@sina.com:
Hi
In manual there is following:
nbproc number
Creates number processes when going daemon. This requires the daemon
mode. By default, only one process is created, which is the recommended mode
of operation. For systems limited to small sets of file
Hi Erik,
You just need to enable the option httplog in your HAProxy frontend
which is verbose and provide useful information for troubleshooting.
cheers
On Tue, Oct 25, 2011 at 10:52 PM, Erik Torlen
erik.tor...@apicasystem.com wrote:
Hi,
I will continue testing in a few days and see how the
Hi Erik,
What's your purpose here?
Depending on your load test and you haproxy configuration, the queue
timeout might generate 503 responses.
The other ones are related to the behavior you want for your web platform.
Basically, all the values you added seems too high.
Cheers
On Tue, Oct 25,
Hi,
how do you achieve session persistance in HAProxy configuration?
What load-balancing algorithm do you use?
Can you configure HAProxy to log your session cookie then show us some
log lines?
cheers
On Wed, Oct 26, 2011 at 2:57 PM, Sean Patronis spatro...@add123.com wrote:
We are in the
Hi,
In order to be able to process layer 7 manipulation (what you want to
achieve) for *each* request, then you must enable http mode on your
frontebd/backend and to enable the option http-server-close.
cheers
On Thu, Oct 27, 2011 at 12:21 AM, Vivek Malik vivek.ma...@gmail.com wrote:
The
hi,
What do HAProxy logs report you when the error occur?
What version of HAPRoxy are you running?
Regards
On Fri, Oct 28, 2011 at 11:02 PM, Justin Rice jrice0...@gmail.com wrote:
To all,
I am having issues concerning downloading large files from one of my web
apps. TCP mode works just
Hi,
no :)
cheers
On Mon, Oct 31, 2011 at 12:15 PM, Christophe Rahier
christo...@qualifio.com wrote:
Hi,
In my config file, I check my servers with option httpchk HEAD
/checkCF.cfm HTTP/1.0
When the response is not 2xx or 3xx, would it possible to test an other
url?
Thanks for your
useful! Indeed, as Haproxy detects that
there is no response, it may perform an another action :-)
Christophe
Le 31/10/11 13:27, « Baptiste » bed...@gmail.com a écrit :
Hi,
no :)
cheers
On Mon, Oct 31, 2011 at 12:15 PM, Christophe Rahier
christo...@qualifio.com wrote:
Hi,
In my config
Hi,
If cookie insert is not an option, then in 1.5-dev7, you can perform
cookie persistence learning the application cookie and store it in a
stick table.
It's like appsession, unless it will survive a reload and you can
share it between HAProxy boxes. :)
cheers
On Mon, Oct 31, 2011 at 7:40 PM,
Hi,
Do you want to failover the Frontend or the Backend?
If this is the frontend, you can do it through DNS or RHI (but you
need your own AS).
If this is the backend, you have nothing to do: adding your servers in
the conf in a separated backend, using some ACL to take failover
decision and
need
any external dns services our we can use our own ns1 and ns2 for the same.
Regards
On Tue, Nov 1, 2011 at 9:06 PM, Baptiste bed...@gmail.com wrote:
Hi,
Do you want to failover the Frontend or the Backend?
If this is the frontend, you can do it through DNS or RHI (but you
need your own
T-Mobile
-Original Message-
From: Baptiste bed...@gmail.com
Date: Tue, 1 Nov 2011 18:17:25
To: Senthil Naidusenthil.na...@gmail.com
Cc: Gene Jgh5...@gmail.com; haproxy@formilux.orghaproxy@formilux.org
Subject: Re: haproxy and multi location failover
There is not (yet) a GSLB
some of the acronyms in this email thread stand for
RHI -
AS -
GSLB -
Thanks,
Vivek
On Tue, Nov 1, 2011 at 2:26 PM, Baptiste bed...@gmail.com wrote:
True :)
Despite short TTLs, some client would take a long time to failover.
But it's the only option unless you own your AS and you are able
will
send in to the list :/
/E
-Original Message-
From: Baptiste [mailto:bed...@gmail.com]
Sent: den 25 oktober 2011 23:15
To: Erik Torlen
Cc: haproxy@formilux.org
Subject: Re: Timeout values
Hi Erik,
What's your purpose here?
Depending on your load test and you haproxy
Hi,
First question: are you sure you're reaching the limit of
haproxy/varnish and not the limit of your client?
Mainly concerning the increasing response time.
How many CPUs do you have in your VM? Starting too much stud proccess
could be counter-productive.
I doubt doing CPU affinity in a VM
Hi Aleks,
It's a good and interesting start.
I already talked to Willy about the doc format, and unfortunately for
you, the way you're doing is not the one wanted by him.
As you have remarked, the doc format is quite open, each
documentation contributors tries to maintain the format, but there
I'm writting currently writting the blog article about it, but last
Emeric patch will allow you scale OUT your SSL perfomance through a
shared SSL session ID cache.
cheers
On Thu, Nov 3, 2011 at 1:21 AM, Erik Torlen erik.tor...@apicasystem.com wrote:
Yes, I'm currently on Ubuntu 10.04.
So
That's normal, your port 443 is binded by the first frontend.
So when HAproxy wants to bind it for your second frontend, it can't...
The only solution, in the current case, is to have one frontend per IP.
Furthermore, your ACL won't work since you're in TCP mode and the
traffic is encrypted.
Hi Christophe,
Use the HAProxy box in transparent mode: HAProxy will get connected to
your application server using the client IP.
In your backend, just add the line:
source 0.0.0.0 usesrc clientip
Bear in mind that in such configuration, the default gateway of your
server must be the HAProxy
By the way, this one is useless as long as you enable mode http,
because it's implied in it.
# Every header should end with a colon followed by one space.
reqideny^[^:\ ]*[\ ]*$
Cheers
On Thu, Nov 3, 2011 at 5:47 PM, Cyril Bonté cyril.bo...@free.fr wrote:
Le Jeudi 3
Hi,
You need to split your configuration in frontend/backend.
Then you can do content swithing based on header or prefix, depending
on how you can detect a user has a session.
So let us know how you check whether a user has a session or not, then
we can help you with the configuration.
cheers
Hi All,
After scaling up Stud, @exceliance, we (actually, @emeriBr) worked to
make it able to scale out:
More information here:
http://blog.exceliance.fr/2011/11/07/scaling-out-ssl/
Regards
On Wed, Sep 28, 2011 at 4:37 PM, Baptiste bed...@gmail.com wrote:
On the same subject, an excellent
Hi Erik,
Let me give you a few information, I don't know if it will help.
Appsession is not resilient on HAProxy reload.
Which means that since you reload after updating configuration, then
all session will be re-dispatched.
You can use stick-table too, sticking on cookie is doable easily with
On Mon, Nov 7, 2011 at 9:48 PM, Erik Torlen erik.tor...@apicasystem.com wrote:
Thank you Baptiste, seems like it should work then out-of-the-box when using
appsession.
On Haproxy reload the sessions should be cleared and then clients would be
replicated to new servers.
Actually
On Mon, Nov 7, 2011 at 10:05 PM, Erik Torlen
erik.tor...@apicasystem.com wrote:
What would you recommend if we wanted to have all our three haproxy instances
loadbalance in the same way.
And still make use of persistence when the client is using one of the haproxy
instances?
E.g Having the
Hi,
The configuration is for HAProxy 1.5-something :)
cheers
On Tue, Nov 8, 2011 at 3:00 AM, Mir Islam mis...@mirislam.com wrote:
Thanks Vincent for the link. That is exactly what I was looking for. However
the configuration they provided does not work out of the box. My knowledge in
On Thu, Nov 10, 2011 at 12:48 PM, Alex Davies a...@davz.net wrote:
Hi,
I am interested in rate limiting connections from users to stop small DOS
'attacks' from individual users.
I see the excellent post at http://blog.serverfault.com/post/1016491873/ and
have followed this in a test
There might be a dirty way:
In your backend, give a try to the above:
acl server1 srv_id 1
acl server2 srv_id 2
rspadd X-Server:\ server1 if server1
rspadd X-Server:\ server2 if server2
server 1 server11.1.1.1:80 id 1
server 2 server12.2.2.2:80 id 2
Please tell me
Hi,
Your request does not seem to be RFC compliant because of the blank char.
It should have been encoded with a %20.
cheers
On Wed, Nov 16, 2011 at 4:24 PM, Mariano Guezuraga mguezur...@gmail.com wrote:
Hello list,
I'm getting some (~400 per hour) NOSRV ...BADREQ entries in my log file.
On Fri, Nov 18, 2011 at 5:48 PM, Rerngvit Yanggratoke rerng...@kth.se wrote:
Hello All,
First of all, pardon me if I'm not communicating very well. English
is not my native language. We are running a static file distribution
cluster. The cluster consists of many web servers serving
21, 2011 at 3:24 PM, Rerngvit Yanggratoke rerng...@kth.se wrote:
Dear Baptiste,
Could you please exemplify a criterion that would reduce the
number of files per backends? And, if possible, how to implement that with
HAProxy?
On Sat, Nov 19, 2011 at 8:29 PM, Baptiste bed
Hi,
It will work as you said, if you have not enabled cookie persistence.
(cookie line in your backend conf).
by default, without http-server-close option, HAProxy will tunnel
requests and responses.
It will be able to analyze only the first request, taking rooting
decision, then all following
It's normal.
Either you configure a listen proxy or a set of 2 proxies: a frontend
and a backend.
So in your case, configuration should look like:
frontend proxy-https *:443
mode tcp
option ssl-hello-chk
balance roundrobin
default_backend back-https
backend
Hi,
Logging at the backend level allows HAProxy to send syslog messages to
report server status changes.
You can use them to trigger action on your own.
cheers
On Thu, Nov 24, 2011 at 11:58 AM, wsq003 wsq...@sina.com wrote:
One another way would be:
Use crontab to start a script, this script
Hi,
You could do that using a stick table and the option http_err_rate.
cheers
On Fri, Nov 25, 2011 at 1:50 PM, Sander Klein roe...@roedie.nl wrote:
Hi,
I was wondering if it is possible to start rate-limiting or deny a
connection based on response codes from the backend.
For instance, I
Hi,
what you want to do is not doable. I mean taking a piece of the host
header and inserting it into the Set-Cookie header.
How have you currently setup your persistence in HAProxy?
do you have any application cookie that would stay constant despite
the domain browsed and we could rely on to
Hi Willy and the list,
I'm currently running a configuration where I use sitck tables.
I set-up the stick table on the backend side and I want to follow two
counters in it: conn_cur and http_req_rate.
I used a bash loop to generate 100 requests. Below is print out of the
table content during the
assigen_server()?
From: Willy Tarreau
Date: 2011-11-30 01:47
To: wsq003
CC: Rerngvit Yanggratoke; haproxy; Baptiste
Subject: Re: Re: hashing + roundrobin algorithm
On Tue, Nov 29, 2011 at 02:56:49PM +0800, wsq003 wrote:
Backend proxies may be multiple layers, then every layer can have its
Hi
It's already included.
balance leastconn + weight keyword on the server line description.
Cheers
On Mon, Dec 5, 2011 at 1:47 PM, michal tekel
michal.te...@fredhopper.com wrote:
Hi,
are there any plans to include weighted least connections load
balancing? Something like Cisco SLB:
Hi,
does not make any sense!
How do you want to take such decision when the impact of each HTTP
request may be different on the server for different reason:
- static / dynamic
- object size
- number of DB access
- load on the server on the moment of the request
- etc...
Using such method for
Hi,
Maybe related to what you expect, but you can combine a use_backend
with some ACLs based on queues, backend, frontend, tables entries,
available servers, etc... to take routing decision.
cheers
On Fri, Dec 9, 2011 at 11:26 PM, Levente Peres sheri...@eurosystems.hu wrote:
Hi there,
[OFF]
Hi,
There is an ACL for that: req_proto_http (and an alias exists: HTTP)
you can choose you backend based on it's return:
tcp-request content inspect-delay 1s
use_backend bk_http if HTTP
use_backend bk_xml if !HTTP
cheers
2011/12/10 Łukasz Michalski l...@zork.pl:
Hi,
Is it possible to
, Lukasz Michalski l...@zork.pl wrote:
On 12/10/2011 04:29 PM, Baptiste wrote:
Hi,
There is an ACL for that: req_proto_http (and an alias exists: HTTP)
you can choose you backend based on it's return:
tcp-request content inspect-delay 1s
use_backend bk_http if HTTP
use_backend bk_xml if !HTTP
:52 AM, Baptiste wrote:
Hi Lukasz,
You must use stunnel in front of haproxy in order to be able to
inspect pure clear HTTP traffic.
Concerning your HAProxy configuration, it's not fully accurate.
Please give a try to the configuration below:
frontend
mode tcp
tcp-request inspect-delay
1 - 100 of 1451 matches
Mail list logo
