HAProxy and site failover

2015-03-20 Thread Brendan Kearney
/ assign hundreds of proxies in the pac file, but to provide resiliency with a couple of sites serving as backups to each other, should an event warrant it. thank you, brendan kearney

Re: HAProxy and site failover

2015-03-21 Thread Brendan Kearney
On Sat, 2015-03-21 at 14:03 +0100, Lukas Tribus wrote: haproxy is a tcp (layer 3/4) proxy, that can perform application (layer 7) functions. i am already doing service checks against my proxies to validate their availability. when no pool member is available, haproxy knows it. there are no

Re: HAProxy and site failover

2015-03-23 Thread brendan kearney
I have confirmed the behavior. In both cases all new connections receive a RST when a backend server is not available to service the request. The behavior is Syn - RST in both cases. Any existing connections timeout. On Mar 21, 2015 9:11 AM, Brendan Kearney bpk...@gmail.com wrote: On Sat

SSL errors with HAProxy

2015-09-08 Thread Brendan Kearney
i am not sure what i am doing wrong, but i keep getting errors in my browser when trying to browse to my site. i just moved from an old OS and HAProxy instance to current, and may have issues with config directives to work out. please be patient :) just about every third request works.

Fwd: Re: [squid-users] intercepting traffic

2015-12-03 Thread Brendan Kearney
squ...@treenet.co.nz> To: squid-us...@lists.squid-cache.org On 20/11/2015 1:09 p.m., Brendan Kearney wrote: when i put in just the DNAT that sends the traffic to the proxy VIP and load balances the requests to the squid instances on port 3128 (not the intercept port), i issue a curl command: cur

Set the URI

2015-12-05 Thread Brendan Kearney
I am trying to use HAProxy to perform http interception and transparently proxy outbound http traffic. i am having a dog of a time trying to get this working. I need to rewrite the GET line on a request so that the request is for the absolute URL, and not the relative URI. i found this

Re: Set the URI

2015-12-20 Thread Brendan Kearney
On 12/05/2015 03:42 PM, Brendan Kearney wrote: I am trying to use HAProxy to perform http interception and transparently proxy outbound http traffic. i am having a dog of a time trying to get this working. I need to rewrite the GET line on a request so that the request is for the absolute

Re: Set the URI

2015-12-21 Thread Brendan Kearney
On 12/21/2015 11:09 AM, Willy Tarreau wrote: On Mon, Dec 21, 2015 at 10:54:00AM -0500, Brendan Kearney wrote: rpm -qi haproxy Name: haproxy Version : 1.5.12 Release : 1.fc20 Architecture: x86_64 i did try and it seems the version might be at issue.. This config stanza

Re: Set the URI

2015-12-21 Thread Brendan Kearney
On 12/21/2015 01:20 AM, Willy Tarreau wrote: On Sun, Dec 20, 2015 at 09:31:45PM -0500, Brendan Kearney wrote: On 12/05/2015 03:42 PM, Brendan Kearney wrote: I am trying to use HAProxy to perform http interception and transparently proxy outbound http traffic. i am having a dog of a time

Re: proper https interception

2016-07-17 Thread Brendan Kearney
(tcp mode, right?) all are very important for tproxy config to be working. Let me know your results if you will get first. Btw, I will be glad to see working configs from other community members. Thank you all in advance! -- Evgeniy On Sun, Jul 17, 2016 at 10:19 PM, Brendan Kearney <bpk...@gma

proper https interception

2016-07-17 Thread Brendan Kearney
i have iptables configured to redirect outbound HTTP to HAProxy, and then load balance to a couple of squid instances. the below works well: backend tproxy acl https ssl_fc http-request set-uri http://%[req.hdr(Host)]%[path]?%[query] unless https ... i have tried to

transparent or intercepting proxy with https

2016-09-20 Thread Brendan Kearney
i am trying to setup a transparent or intercepting proxy, that works with HTTPS, and have hit a bit of a wall. i am using IPTables to intercept the port 80 and 443 traffic, and DNAT'ing the traffic to a HAProxy VIP. i have the front end configured as such: frontend tproxy bind

Re: http-reuse always, work quite well

2016-10-22 Thread Brendan Kearney
On 10/22/2016 02:08 AM, Willy Tarreau wrote: You're welcome. Please note that the reuse mechanism is not perfect and can still be improved. So do not hesitate to report any issue you find, we definitely need real-world feedback like this. I cannot promise that every issue will be fixed, but at

Re: OneConnect feature in HAProxy

2017-05-25 Thread Brendan Kearney
On 05/25/2017 08:26 AM, James Stroehmann wrote: Is there a feature in HAProxy similar to OneConnect that the F5 LTM has? https://www.f5.com/pdf/deployment-guides/oneconnect-tuning-dg.pdf I am trying to migrate some frontends from an LTM to an HAProxy load balancer, and a few of the existing

invalid request

2021-12-28 Thread brendan kearney
list members, i am running haproxy, and see some errors with requests. i am trying to understand why the errors are being thrown. haproxy version and error info below. i am thinking that the host header is being exposed outside the TLS encryption, but cannot be sure that is what is going on.

Re: invalid request

2022-01-13 Thread brendan kearney
i am load balancing against 2 squid instances, and have gone down the path of using mode tcp, with proxy protocol, and found that i prefer mode http with http-reuse and x-forwarded-for. with tcp and proxy protocol, every connection is sent with the clients ip, so any ip based acls or rules are

Re: invalid request

2022-01-12 Thread brendan kearney
my haproxy config details are below. i am using haproxy to load balance 2 squid instances, and the http/layer 7 aware configs in haproxy trap these requests and fail them. [root@haproxy]# haproxy -v HA-Proxy version 2.1.11-9da7aab 2021/01/08 - https://haproxy.org/ Status: stable branch - will

Re: dsr and haproxy

2022-11-04 Thread Brendan Kearney
i've always thought of IPVS and DSR as a poor man's anycast.  for stateless protocols (DNS, NTP, RADIUS, Kerberos, Syslog) i have anycast setup.  for MariaDB, OpenLDAP and other stateful protocols, i use HAProxy.  for HTTP, which is stateless but is being driven towards stateful-ness with TLS,

Re: PostgreSQL: How can use slave for some read operations?

2023-03-15 Thread Brendan Kearney
with different VIPs for the R/W access and R/O access. HTH, brendan kearney On 3/15/23 4:12 AM, Илья Шипицин wrote: there are several L7 balancing tool like pgPool. as for haproxy, currently it does not provide such advanced postgresql routing ср, 15 мар. 2023 г. в 06:09, Muhammed Fahid : Hi

Re: haproxy 2.4 and Kafka sink/source connector issues

2023-08-01 Thread Brendan Kearney
hey, first, use "option mysql-check", for better service checking. you'll have to add a user and access to the database, and the howto is in the configuration.txt file (https://www.haproxy.org/download/2.1/doc/configuration.txt).  the "option httpchk" is doing you nothing because the backend