Un monde à découvrir !!!

Si vous ne parvenez pas à lire la version HTML de notre lettre d'information, n'hésitez pas à la consulter en ligne à l'adresse ci-dessous : http://archives.startemail.net/2/3406/127346/index.htm WOOEL.COM, UNE REVOLUTION SUR LE WEB ! DECOUVREZ UN CONCEPT INCROYABLE : LE MONDE TOURISTIQUE

Log source port of server connection

I have an haproxy run in tcp mode: client HA my_server In my_server logs I see incoming connection from HA's ip and port. For debugging purposes I would like to match this ip and port to client's source ip and port. In HA's logs I can already see client's source ip and port and which

Help you save much cost(Horisung LED Panel Light)

Hello, Good day. This is  Daniel from Horisung Lighting. Glad to learn that you have been offering LED lights to your customers. As a professional manufacturer of LED lighting products, we can do something for you.  We are able to produce the panel lights at avrious wattage coming in diferent

Re: MySQL layer7 balancing

Hi, i say this doese not work. Normaly this has to be setup in your application which uses mysql. -- Grüsse Daniel Von: Luis Daniel Lucio Quiroz <luis.daniel.lu...@gmail.com> Datum: Sonntag, 11. Juni 2017 um 17:37 An: "haproxy@formilux.org" <haproxy@formilux.org>

http/2 Frontend

Hi There, i know that haproxy 1.8 is able now to handle http/2 connections in the frontend. My Problem is, I cant find any Documention for 1.8 on the Website. Has someone some Exmaple configs for me just to check how I need to configure it? Cheers Daniel

Re: http/2 Frontend

Ahh found it: bind :443 ssl crt /path/to/cert.crt alpn h2,http/1.1 Need to test it ;) Cheers Von: Daniel <dan...@linux-nerd.de> Datum: Montag, 4. Dezember 2017 um 11:21 An: HAProxy <haproxy@formilux.org> Betreff: http/2 Frontend Hi There, i know that haproxy

Re: Cannot handle more than 1,000 clients / s

Hi, maybe you need to increase ulimit and max connections in haproxy config. Am 12.05.18, 15:54 schrieb "Jarno Huuskonen" : Hi, On Fri, May 11, Marco Colli wrote: > > > > Do you get better results if you'll use http instead of https ? > >

Re: First time setup

Jan-Frode Myklebust wrote: On 2009-04-01, Jan-Frode Myklebust janfr...@tanso.net wrote: This could be a lot of IP-adresses if you have many virtual hosts. So you might want to consider running a loadbalancer that support SSL instead of HAProxy, f.ex. apache's mod_proxy_balancer. Then only your

HAProxy and FreeBSD CARP failover

? (latest haproxy-devel from FreeBSD ports) ---Daniel

Re: HAProxy and FreeBSD CARP failover

Good idea except ... that HAProxy server load-balances for a couple different sites :( - Original Message - From: John Lauro john.la...@covenanteyes.com To: Daniel Gentleman dani...@chegg.com, haproxy@formilux.org Sent: Thursday, July 23, 2009 3:23:06 PM GMT -08:00 US/Canada Pacific

HAProxy + Heartbeat

eth3 225.0.0.1 694 1 0 ucast eth3 192.168.100.2 udp eth3 logfacility local0 nodehaproxy1 nodehaproxy2 Thanks Daniel

External script

server... ? Thanks Daniel *

Re: External script

balance roundrobin option ssl-hello-chk server web1 192.168.1.10 check server web2 192.168.2.10 check backup Thanks Daniel 2010/4/10 Bernhard Krieger b...@noremorze.at Hi, you can use keepalived to install a active/passive loadbalancer. Look at this howto. http

Re: HAProxy on GuruPlug-Server

Hi Willy, Great article. Glad I did not go through with the order myself. Daniel Storjordet On 30.05.2010 18:44, Willy Tarreau wrote: Hi Daniel, On Tue, Mar 09, 2010 at 01:40:32PM +0100, Daniel Storjordet wrote: Hi. Is there any success stories on using HAproxy on a GuruPlug Server

Re: hosting HAProxy and content servers in different locations

On 12.09.2010 22:28, Willy Tarreau wrote: Hi Daniel, On Tue, Sep 07, 2010 at 12:30:18PM +0200, Daniel Storjordet wrote: Hi! Current implementation of HAProxy is working great for us. The other day we had a server failure without us or our customers' noticing. Today our HAProxy solution

HAProxy and TIME_WAIT

Hi, I'm testing HAProxy. Now, what I came up with and it's a real bothering me is that there are a lot of network connections type TIME_WAIT. Here is my environment - on CentOS 6 server I've set up HAProxy in tcp mode to split connections between 2 web servers with SSL / Jetty web server /. All

Re: HAProxy and TIME_WAIT

Yeap, I'm aware of net.ipv4.tcp_tw_reuse and the need of TIME_WAIT state, but still if there is a way to send a RST /either configuration or compile parameter/ the connection will be destroyed. 2011/11/28 James Bardin jbar...@bu.edu On Mon, Nov 28, 2011 at 11:50 AM, Daniel Rankov daniel.ran

Re: HAProxy and TIME_WAIT

to be sent from HAProxy to backend. This way no useless resources will be taken. Greetings 2011/11/28 James Bardin jbar...@bu.edu On Mon, Nov 28, 2011 at 12:28 PM, Daniel Rankov daniel.ran...@gmail.com wrote: Yeap, I'm aware of net.ipv4.tcp_tw_reuse and the need of TIME_WAIT state, but still

Re: HAProxy and TIME_WAIT

For sure TIME_WAIT connections are not an issue when thay keep information about sockets to clients, but when TIME_WAIT connections keep sockets bussy for your host where HAProxy is deployed to the backend the limit can be reached - it's defined by ip_local_port_range. Here is what I mean: Client

Re: HAProxy and TIME_WAIT

. here is netstat -anpo | grep TIME: tcp0 0 127.0.0.1:59302 127.0.0.1:8443 TIME_WAIT - timewait (58.73/0/0) is that the expected bahaviour ? All the best ! 2011/11/29 Willy Tarreau w...@1wt.eu Hi Daniel, On Tue, Nov 29, 2011 at 06:10:46PM +0200

Re: HAProxy and TIME_WAIT

or is it a bug ? Thank you 2011/11/30 Willy Tarreau w...@1wt.eu On Wed, Nov 30, 2011 at 03:56:14PM +0200, Daniel Rankov wrote: Ok, now I'm kind of stuck here. Let me share you my observations on my really simple evirionment: for client I use wget on server with ip 192.168.2.30 haproxy

Re: HAProxy and TIME_WAIT

Thank you, works like a charm ! 2011/11/30 Willy Tarreau w...@1wt.eu On Wed, Nov 30, 2011 at 06:10:29PM +0200, Daniel Rankov wrote: Hi, Thank you, these explonations are really helpfull. Now may be because of a bug or something but option nolinger is not working for backend. it works

domain based load balancing

Hello, I want to load balance hundreds (maybe thousands) of domains to a farm of web servers. I want each domain to only ever load on 1 webserver and stay there unless there is a failure. I'd like to break this up based on traffic load so all webservers are doing roughly the same work. Can

RE: domain based load balancing

balance hdr(host) it would round robin but sticky anything with the same value to first server to get the request for that domain -Original Message- From: Alexandre Biancalana [mailto:biancal...@gmail.com] Sent: Thursday, December 6, 2012 12:51 PM To: Willy Tarreau Cc: Daniel Alfonso

Sharing stick stable with 2 instances

Is there a feature in 1.4 to share a sticky table between two or more instances of haproxy. In my situation these instances will run on different servers but point to the same backend. -Dan

Re: Sharing stick stable with 2 instances

Would it be possible to use balance source as a crude form of sharing an IP stick table? On Fri, Apr 19, 2013 at 2:25 AM, Lukas Tribus luky...@hotmail.com wrote: Hi Dan, Is there a feature in 1.4 to share a sticky table between two or more instances of haproxy. Not in 1.4. There is a

Re: Sharing stick stable with 2 instances

source IP persistence and source IP hashing load-balancing. This is fun cause this morning, I thought it should deserve an article on my company's blog! I'll write it today and paste the link here. Hopefully it will help you. Baptiste On Fri, Apr 19, 2013 at 8:53 PM, Daniel Schultze

Set cookie with external service

, and no cookie is found. 2. HAProxy connects to IP/Port and gets a cookie value in return. 3. HAProxy sets this cookie. 4. HAProxy assigns backend based on cookie. Example on a returning user: 1. Cookie is found. 2. HAProxy assigns backend based on cookie. Thanks, Daniel Storjordet

Re: Set cookie with external service

state inbetween the channels. I am also considering using FiddlerCore as a inbetween proxy that can handle the logic of picking the correct application pool. Mvh, Daniel Destino AS 2013/5/3 Willy Tarreau w...@1wt.eu Hi Daniel, On Fri, May 03, 2013 at 01:57:35PM +0200, Daniel Storjordet wrote

HAProxy latest on SSL

with certificates to be used. o Supports both wildcard and regular SSL certificates in that folder. Thanks. Daniel Storjordet Destino AS

ACL file encoding/ACE

? If so, what encoding should we use on the txt file? Can we specify the domains in ACE format insted? Thanks Daniel

Re: Enable/disable to all processes?

Yes, check out the documentation on signals but a single process setup is quite fast and should be considered before a more complicated setup. On Tue, Jun 25, 2013 at 11:19 AM, Stephanie Jackson sjack...@keek.comwrote: Hi all, We're running a multi-process haproxy instance, and want to know

Hardware recommendations for HAProxy on large-scale site

? Perhaps the NICs? Speaking of NICs, what do you recommend? I'm looking at 10 Gbps NIC's, but should I look at 2? Or more? Any particular brand well-proven? Or any to avoid? Thanks for the help! Daniel Wilson Lead Software Developer The eWhiteboard Company http

RE: Hardware recommendations for HAProxy on large-scale site

limited by the NIC. But will 8-16 GB of RAM allow us to get the most out of our server? Or should we look at a lot more? Daniel -Original Message- From: Steven Le Roux [mailto:ste...@le-roux.info] Sent: Friday, January 10, 2014 4:28 AM To: Daniel Wilson Cc: haproxy Subject: Re: Hardware

Configuring HAProxy to send X_FORWARDED_FOR and X_REAL_IP at the same time.

or http-request add-header/set-header to set a the second header? Best Regards, Daniel Todorov

Stats Socket

Developers, Is anyone working on on a feature to make the stats socket more deterministic or sane. As is documented in 1.5 any haproxy instance may respond on the stat socket file. I would like to see only the most recent instance of haproxy respond to the stats socket file and an option to make

POST with x-www-form-urlencoded Content-Type

Hello all, I am attempting to balance traffic to a number of backend instances. I am balancing based off the Host header, and for the most part everything is working. When testing a bit more today, I came across some weird behavior, and am hoping someone can help out. When POSTing to a

Re: POST with x-www-form-urlencoded Content-Type

, On Thu, Jul 10, 2014 at 05:20:18PM +0200, Willy Tarreau wrote: Hi Dan, On Wed, Jul 09, 2014 at 07:13:33PM +, Daniel Dubovik wrote: Hello all, I am attempting to balance traffic to a number of backend instances. I am balancing based off the Host header, and for the most part

Re: Log source port of server connection

On Monday 25 of August 2014 20:12:16 JCM wrote: In HA's logs I can already see client's source ip and port and which server was selected to handle this connection: ... xxx.xxx.xxx.xxx:y ... backend/server_1 ... Is it possible to make HA also log what source port it used to

can't identify protocol after reload

Hello all! We have HAProxy up and running now, and I have a few questions I'm wondering someone can help me with. To start, we are running HAProxy 1.5.1 (will be updating soon to 1.5.3), and it is on CentOS6.5 What is a safe limit to have maxconn set to? We have 10Gbig NICs, currently

Stick-tables with roundrobin backend

Hey all! We have a cluster of HAProxy servers, in front of a set of Varnish nodes. Currently, we have HAProxy set to load balance traffic based on Host header to a given varnish server. Some of our sites have enough traffic, that it warrants roundrobining their traffic to multiple varnish

Re: Stick-tables with roundrobin backend

, Nov 24, 2014 at 11:08 PM, Daniel Dubovik ddubo...@godaddy.com wrote: Hey all! We have a cluster of HAProxy servers, in front of a set of Varnish nodes. Currently, we have HAProxy set to load balance traffic based on Host header to a given varnish server. Some of our sites have enough

termination state SQ

servers are having issues. Our main goals here are to learn what we can about the app server behavior, and to figure out what we can do in HAproxy to mitigate the issues until the developers manage to fix them.) Thanks, -Daniel Daniel Lieberman BitPusher, LLC

Re: Stick-tables with roundrobin backend

was wrong. I’ll report back if I find anything amiss. Thanks! Dan Dubovik Senior Linux Systems Engineer 480-505-8800 x4257 On 11/25/14, 3:56 AM, Daniel Dubovik ddubo...@godaddy.com wrote: I added option http-server-close to all backends (both the hdr(Host) balanced one, and the roundrobin one

Re: Stick-tables with roundrobin backend

To close the loop on this one, the issue was in part with my testing. Ultimately the fix was to use stick store-request everywhere, instead of stick on”. Thanks! Dan Dubovik Senior Linux Systems Engineer 480-505-8800 x4257 On 11/25/14, 2:05 PM, Daniel Dubovik ddubo...@godaddy.com wrote

Re: termination state SQ

be appreciated. Thanks, -Daniel On Nov 28, 2014, at 4:09 AM, Baptiste bed...@gmail.com wrote: On Tue, Nov 25, 2014 at 6:56 AM, Daniel Lieberman dlieber...@bitpusher.com wrote: We're managing a fairly high-traffic site and we're seeing a lot of HTTP 503s with termination state SQ. I'm trying

eliminate per-server queuing?

whenever we’re at maxconn, without any connections getting queued? Thanks, -Daniel

Re: eliminate per-server queuing?

On Dec 5, 2014, at 5:21 AM, Baptiste bed...@gmail.com wrote: On Thu, Dec 4, 2014 at 11:50 PM, Daniel Lieberman dlieber...@bitpusher.com wrote: We have a situation where our app servers sometimes get into a bad state, and hitting a working server is more important than enforcing persistence

Re: eliminate per-server queuing?

actually be a problem.) -Daniel On Dec 5, 2014, at 3:09 AM, Lukas Tribus luky...@hotmail.com wrote: Hi Daniel, We have a situation where our app servers sometimes get into a bad state, and hitting a working server is more important than enforcing persistence. Generally the number

Re: 1.5.9 crashes every 4 hours, like clockwork

Did some digging, and I did find this article: http://blog.tinola.com/?e=36 It could be related to the issue you are experiencing, especially since just before the SIGABRT, the process is trying to do a hostname resolution, but can’t, because it’s in a chroot (the reason you get all the No

Re: 1.5.9 crashes every 4 hours, like clockwork

Ad my email apparently hadn’t been updating all day :/ Thanks! Dan Dubovik Senior Linux Systems Engineer 480-505-8800 x4257 From: Daniel Dubovik ddubo...@godaddy.commailto:ddubo...@godaddy.com Date: Friday, December 12, 2014 at 2:09 PM To: David Adams dr...@yahoo.commailto:dr...@yahoo.com

Re: How to track 503's

I would want to route all traffic for a given domain (assuming filtering on the Host header). Thanks! Dan Dubovik Senior Linux Systems Engineer 480-505-8800 x4257 On 2/28/15, 12:22 AM, Baptiste bed...@gmail.com wrote: On Fri, Feb 27, 2015 at 8:23 PM, Daniel Dubovik ddubo...@godaddy.com

How to track 503's

Hello all! I am wanting to use HAProxy to detect if I receive a certain status code from a backend web server (say, a 503 error or some such) while processing a request. If I do receive it, track the request, so subsequent requests to the domain will behave differently (specifically, go to a

Re: SSL backends stopped working

Have you checked the time/date on the Haproxy host? If they are wrong, the certificate might look bad from HAProxy’s point of view. Daniel -- Daniel Schneller Infrastructure Architect / Developer CenterDevice GmbH On 23.04.2015, at 10:00, i...@linux-web-development.de wrote: -BEGIN

SSL and Piranha conversion

Hello All, First time caller, short time listener. So this is the deal. My organization was running a CentOS box with Piranha on it to work as our load balancer between our two web servers. Well the CentOS box was a Gateway workstation from 2000 and it finally gave up the

RE: SSL and Piranha conversion

Malcolm, The Piranha gui had some configurations about Virtual IPs and I am not sure how that works or how it is different than HAProxy. The firewall had some rules that pointed website requests to the virtual ips. Daniel -Original Message- From: Malcolm Turnbull [mailto:malc

Re: Healthchecks with many nbprocs

Thanks! That helped quite alot with a 1s cache :) Best regards Daniel Ylitalo System & Network manager about.mytaste.com <http://about.mytaste.com> "Experience is something you earn just right after you screwed up and were really in need of it" Den 2016-06-20 kl. 17:

Healthchecks with many nbprocs

balancing, however, this leads to 56 healthchecks being done each second against our web nodes which hammers them quite hard. How exactly are you guys solving this issue? Because at this size, the healthchecks kind of starts eating more cpu than they are helpful. -- Daniel Ylitalo System & Net

HTTP 429 Too Many Requests

allow me to specify different values for the "Retry-After:" header to inform well-written clients after which time they should come back and try again. Does that sound like a sensible addition? Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH https://www.centerdevice.de

Re: HTTP 429 Too Many Requests

in the logs and being nice and readable :-) > On 24 Jun 2016, at 23:13, Cyril Bonté <cyril.bo...@free.fr> wrote: > >> Le 24/06/2016 à 22:57, Daniel Schneller a écrit : >> That is indeed pretty cool :-) >> Would the addition of a header work the way I originally suggeste

Re: HTTP 429 Too Many Requests

deny_status ] > > Example : > http-request deny deny_status 429 > > [1] > http://www.haproxy.org/git?p=haproxy-1.6.git;a=commit;h=108b1dd69d4e26312af465237487bdb855b0de60 > [2] > http://www.haproxy.org/git?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e69

Re: CIDR Notation in ACL -- silent failure

On 12.04.2016, at 14:07, Willy Tarreau <w...@1wt.eu> wrote:I will at least provide a documentation patch then, soon.OK.As promised, a few words, hopefully clarifying things in the docs. 0001-DOC-Clarify-IPv4-address-mask-notation-rules.patch Description: Binary data Cheers,Daniel

CIDR Notation in ACL -- silent failure

. Especially if ACLs are used for actual access control, this can have nasty consequences. What do you think? Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH

Re: CIDR Notation in ACL -- silent failure

Hi Pavlos! > On 09.04.2016, at 11:39, Pavlos Parissis <pavlos.paris...@gmail.com> wrote: > > On 08/04/2016 11:59 πμ, Daniel Schneller wrote: >> Hi! >> >> I noticed that while this ACL matches my source IP of 192.168.42.123: >> >> acl src_interna

Re: CIDR Notation in ACL -- silent failure

will be typos or other accidental mistakes in config files. I might be alone here, but I believe a warning (not a failure) about these rather unorthodox notations being used would improve things :) Thoughts? Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice G

Re: http-request capture id frontend/backend not working?

ll bail if it does find a referenced ID that is not declared in the current proxy entry. As my declaration is in the frontend, but the actual capture tries to reference it in the backend, they are in different proxies, making this check fail? Daniel > On 18.03.2016, at 13:43, Daniel Schneller <daniel

DOC Patch: tune.vars.xxx-max-size

From 29bddd461c30bc850633350ac81e3c9fd7b56cb8 Mon Sep 17 00:00:00 2001 From: Daniel Schneller <d...@danielschneller.de> Date: Mon, 21 Mar 2016 20:46:57 +0100 Subject: [PATCH] DOC: Clarify tunes.vars.xxx-max-size settings Adds a little more clarity to the description of the maximum

http-request capture id frontend/backend not working?

HA-Proxy version 1.6.3 2015/12/25 I assume I misunderstood something thoroughly, but I am at a loss. Cheers, Daniel

Segfault with stick-tables

errors, rerun with: -v ==4628== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Segmentation fault (core dumped) -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Merscheider Straße 1 | 42699 Solingen tel: +49

Re: Segfault with stick-tables

SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Segmentation fault (core dumped) > On 29.03.2016, at 14:16, Daniel Schneller <daniel.schnel...@centerdevice.com> > wrote: > > Hi! > > I am seeing a segfault upon the first request coming through the > c

Re: nbproc 1 vs >1 performance

? If so, that would explain some issues I had in the past when quickly iterating config changes and restarting haproxy each time, but sometimes getting results that could only have come from an older config? Thanks, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH

Re: Compilation problem: haproxy 1.6.5 (latest) on Solaris 11

On the http://www.haproxy.org <http://www.haproxy.org/> homepage there is a link to each version’s repo. Cheers, Daniel > On 19.05.2016, at 15:30, Jonathan Fisher <jfis...@tomitribe.com> wrote: > > Cool, thanks! > > Where is the git repo for haproxy? having t

haproxy terminate with ssl backend

Hi all I need to know if i can terminate SSL on a fronded with SNI and then create a new ssl session to the backend similar to how proxy forwarding works client || HA || backend i want different certificates at each point, and the user just gets x-forward with the header. I think

Re: Debug Log: Response headers logged before rewriting

Hello everyone! While I have since figured out what my original problem was, the original question remains. Is this intentional, am I missing something, or both? :) Cheers, Daniel > On 3. Feb. 2017, at 13:40, Daniel Schneller > <daniel.schnel...@centerdevice.com> wr

Debug Log: Response headers logged before rewriting

more cumbersome to debug, because I need to capture both the server’s and the client’s logs and merge them together. Is there a switch or config setting I am missing that would show what the server actually puts on the wire towards the client? Thanks Daniel -- Daniel Schneller Principal

TLS certificate precedence

where the domain actually matches one of the the CN / SAN fields? Thanks, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland daniel.schnel.

Re: SSL Termination or Passthrough

has it. All inspecting TLS proxies communicate with their own private key/certificate pair with the client. There is no way around that. Regards, Daniel > On 18 Feb 2017, at 00:47, Sam Crowell <crowes...@gmail.com> wrote: > > Is there a way to do SSL termination at th

Re: SSL Termination or Passthrough

ver > so it still throws the warning which makes sense. >> On February 17, 2017 at 7:20:14 PM, Sam Crowell (crowes...@gmail.com) wrote: >> >> Thanks for the response Daniel. What is the best way to handle SSL traffic >> through a load balancer to maintain origina

Re: SSL Termination or Passthrough

, in which case I apologize upfront). The article contains instructions about a cron job to periodically fetch a CRL and put it in the place where haproxy expects it. But doesn't haproxy load the file just once on startup? Would replacing it like that even be noticed? Daniel > On 18 Feb 2017, at

Re: Haproxy issue

a good idea to setup a `default backend` as a way to help > test where your requests are going. > For debugging these kinds of things I usually run haproxy in debug mode: haproxy -d -f haproxy.cfg That way it will echo incoming and outgoing headers. Daniel -- Daniel Schneller Princ

Re: Haproxy issue

t:8089/> > use_backend rest_services if host_rest_services > backend rest_services > server shstand 10.0.0.2:8089 ssl verify none > So It works > > De : Daniel Schneller [mailto:daniel.schnel...@centerdevice.com] > Envoyé : mardi 14 février 2017 17:17 > À :

Re: ACL randomly failing

. So I suggest you make sure first you have exactly one instance running, e. g. with “ps aux | grep haproxy”. Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711

Re: http-send-name-header for response?

d also delete it from the request in the frontend on the way in to prevent the request from actually sticking to a single server. Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754

Bytes in / out counters for TCP Keepalive Sessions

:5672 check on-marked-down shutdown-sessions Is this the expected behavior? If so, is there any configuration option we can change to show “live” stats of bytes flowing through the persistent connections? Thanks! Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH

Re: Bytes in / out counters for TCP Keepalive Sessions

Adding the list back. Sorry for dropping it earlier. > On 8 Sep 2016, at 19:56, PiBa-NL <piba.nl@gmail.com> wrote: > > Hi, > Op 8-9-2016 om 15:43 schreef Daniel Schneller: >>> http://cbonte.github.io/haproxy-dconv/1.7/snapshot/configuration.html#4.2-o

Re: Bytes in / out counters for TCP Keepalive Sessions

.xx and that there is no good way to fix it. Is there any chance of it returning, or should it maybe marked as broken in the docs at least, maybe issue a warning on startup? http://www.serverphorums.com/read.php?10,747628 Thanks :) Daniel -- Daniel Schneller Principal Cloud Engineer

[Patch] BUILD: Make use of accept4() on OpenBSD.

, Daniel>From 75838ca0fbde471e0afeeb21580565e7c3f239d7 Mon Sep 17 00:00:00 2001 From: Daniel Jakots <vig...@chown.me> Date: Tue, 27 Sep 2016 19:22:21 +0200 Subject: [PATCH 1/1] BUILD: Make use of accept4() on OpenBSD. From Brad Smith X-Bogosity: Ham, tests=bogofilter, spamicity=0.02, vers

Re: HAproxy / Reverse proxy Debian

. intermediates Make sure to have these files not world-readable as they contain secret crypto material. HTH, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711

Re: HAproxy / Reverse proxy Debian

Sounds as if you have nginx set up for TLS termination, too. This does not make sense, because haproxy will already have decrypted the traffic. Make sure nginx does not expect https on what in your config would be ip_email_server:888. -- Daniel Schneller Principal Cloud Engineer

Re: HAproxy / Reverse proxy Debian

age. If you want to configure TLS on the mail server / web server itself, there is no need to configure haproxy for TLS at all. Switch it to TCP mode and remove the TLS configuration. That way it will just hand the still encrypted traffic over to nginx. -- Daniel Schneller Principal Cl

Re: HAproxy / Reverse proxy Debian

Re-adding the list. And: > Do I have to "cat file.key file.crt file.pem > certi.chained.crt" ?? Yes. Though I am not sure what file.crt and file.pem are :) Cheers, Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH

Re: Certificate order

. Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solingen tel: +49 1754155711| Deutschland daniel.schnel...@centerdevice.de | www.centerdevice.de Geschäftsführung: Dr. Patrick

Subscribe

HAProxy 1.7.5 forwards requests blockwise

t instead connecting to the Apache zones directly, all benchmark requests are handled continously. Is this expected behaviour or did we do something wrong? Thank you very much and best regards, Daniel Heitepriem

Automatic Certificate Switching Idea

) reloads (to let haproxy read any new files in) and just drop any renewed certificate/key files into the appropriate directory as soon as you got them. I would welcome feedback on this idea, if only to be pointed at the obvious and glaring shortcomings it may have :D Cheers, Daniel

fields vs word converter, unexpected "0" result

in “0” being logged? Ideally, I’d like this to show as “-“, but empty string would be fine, too. But “0” is pretty counter-intuitive. It’s not strictly horrible, but at least it is unexpected and would also collide with cases where the actual 2nd subdomain was called “0”. Is this a bug, or am I d

Re: fields vs word converter, unexpected "0" result

d in with all the 127.0.0.1’s :) Any idea on the difference between “word” and “field”, though? Daniel

Re: req.cook_cnt() broken?

Kindly bumping this during the summer vacation time for potentially new recipients :) > On 21. Aug. 2017, at 21:14, Daniel Schneller > <daniel.schnel...@centerdevice.com> wrote: > > Hi! > > According to the documentation > > req.cook_cnt([]) : integ

Re: Automatic Certificate Switching Idea

> > That's perfect! Your feedback and possible trouble in doing this will > also definitely help! > Oh, if experience tells me one thing, no matter how “straightforward” this may look, there _will_ be trouble ;-) Cheers Daniel -- Daniel Schneller Principal Cloud Engineer

Re: Automatic Certificate Switching Idea

it separated from our specific setup, I might then release it into the wild for the select few who might find it useful :) Daniel -- Daniel Schneller Principal Cloud Engineer CenterDevice GmbH | Hochstraße 11 | 42697 Solinge

  1   2   3   >