Re: Product Info

I think the point Willy tried to make is that it should be handled the same way regardless of being a security patch or not. All fixes are important - so see them as "security" fixes for bugs if you like. On 06/11/2019, 10.04, "apcoeproductnotificati...@wellsfargo.com" wrote: Hi Willy,

haproxy SSL termination performance

we’re talking about a lot of added hardware to be able to handle, let’s say 500k requests per second. The VM has AES-NI available as well. Thanks in advance! Best Regards, Lucas Rolff

haproxy 1.8.2 ALPN h2 broken?

http2 support) “fixes” the issue. Best Regards, Lucas Rolff

Re: haproxy SSL termination performance

on relatively cheap hardware, so even if I want to scale to 100k+ req/s it should be no problem from what I can see ( I know there will be a slightly bigger overhead when doing a lot of clients also because of networking involving more than a single client). So thanks a lot! Best Regards, Lucas

Re: haproxy 1.8.2 ALPN h2 broken?

: pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available filters : [SPOE] spoe [COMP] compression [TRACE] trace Best Regards, Lucas Rolff From: Olivier Doucet Date: Wednesday,

Re: haproxy 1.8.2 ALPN h2 broken?

tp://url/ it will give you extensive information regarding your http2 traffic – since it will be aware of your streams, priorities etc etc. Best Regards, Lucas Rolff On 27/12/2017, 19.25, "Willy Tarreau" wrote: Hi Lucas, On Wed, Dec 27, 2017 at 04:49:31PM +,

Re: haproxy 1.8.2 ALPN h2 broken?

ormilux.org/msg28333.html - however, doesn’t seem to be the case – I’ll see if I can find the cause for that one Best Regards, Lucas Rolff On 27/12/2017, 20.15, "Willy Tarreau" wrote: On Wed, Dec 27, 2017 at 06:52:21PM +, Lucas Rolff wrote: > - you said that using mu

Re: HTTP/2 Termination vs. Firefox Quantum

I tried enabling “option httplog” within my frontend, I do have the same issue wit

Re: HTTP/2 Termination vs. Firefox Quantum

5\240o So won't be able to dig deep into whatever goes on there. Lucas Rolff wrote: I tried enabling “option httplog” within my frontend, I do have the same issue wit

Re: HTTP/2 Termination vs. Firefox Quantum

nghttp, I’ll continue to troubleshoot meanwhile, but it’s a bit odd it happens Best regards, Get Outlook for iOS<https://aka.ms/o0ukef> From: lu...@ltri.eu on behalf of Lukas Tribus Sent: Wednesday, December 27, 2017 10:51:01 PM To: Lucas Rolff Cc: h

Re: HTTP/2 Termination vs. Firefox Quantum

ure if it will actually fix it there as well. Also, sorry for the lengthy email Best Regards, Lucas Rolff From: Lucas Rolff Date: Wednesday, 27 December 2017 at 23.08 To: Lukas Tribus Cc: "haproxy@formilux.org" Subject: Re: HTTP/2 Termination vs. Firefox Quantum My small site is basica

Re: HAProxy 1.8 takes too long to update new config

Robin, there's also an ongoing thread with Firefox which has the same issues, especially with post/put requests in 1.8.2, you might wanna keep an eye on that one as well Get Outlook for iOS From: Robin Anil Sent: Thursday, December 28, 201

Re: HTTP/2 Termination vs. Firefox Quantum

y 2.0 could be named “haproxy Quantum 1.5” just for the giggles. Best Regards, Lucas R On 28/12/2017, 10.27, "Willy Tarreau" wrote: Hi Lucas, On Thu, Dec 28, 2017 at 08:38:52AM +, Lucas Rolff wrote: > It worked as it should, so I started adding more and more headers,

Re: HTTP/2 Termination vs. Firefox Quantum

’s requested in Firefox: https://snaps.hcdn.dk/3uaT06s2RJmAqMu5TqSJYAxBHjSzHOJGiHjfK0qcrV.png Best Regards, Lucas Rolff On 28/12/2017, 11.39, "Willy Tarreau" wrote: On Thu, Dec 28, 2017 at 10:27:28AM +, Lucas Rolff wrote: > In that case, haproxy should be consisten

Re: HTTP/2 Termination vs. Firefox Quantum

live" while Chrome does not. Correct, however – it seems like Safari also sends it, so in fact I have to open a bug report to Safari as well ( Best Regards, Lucas Rolff On 28/12/2017, 12.08, "Maximilian Böhm" wrote: Sorry, for my long absence. Thank you, Lucas, for perfectly des

Re: HTTP/2 Termination vs. Firefox Quantum

> the output of the http2 golang test and can you please both clarify which OS > you reproduce this on? If I visit http2 golang test, I also don’t see it, and I saw it in developer tools (Because dev tools shouldn’t put headers that isn’t requested/received) – however based on your findings, th

Re: h2 bad requests

Hi Sander, Which exact browser version do you use? There’s an ongoing thread already (https://www.mail-archive.com/haproxy@formilux.org/msg28333.html ) regarding the same issue. Best Regards, Lucas Rolff

Re: HTTP/2 Termination vs. Firefox Quantum

ed I’ll figure out if I can replicate the same issue in more browsers (without connection: keep-alive header), maybe that would give us more insight. Best Regards, Lucas Rolff On 29/12/2017, 00.08, "Willy Tarreau" wrote: Hi Lukas, On Thu, Dec 28, 2017 at 09:19:24PM +0100,

Re: HTTP/2 Termination vs. Firefox Quantum

s to fail in some cases What I’d like to know: - URL on haproxy.org that negotiates http2 correctly for Chrome and Firefox (not exactly sure why it doesn’t do it already?) ( https://snaps.hcdn.dk/JFsEzPmxspw9hnXuFyM5G4QGYst7Q6R2zXmkZbRRjz.png ) Best Regards, Lucas Rolff On 29/12/2017, 08.13

Re: HTTP/2 Termination vs. Firefox Quantum

master: Bad Request (CH) on POST/PUT 30%+ of the time and (CR) on GET requests occasionally Best Regards, Lucas Rolff On 29/12/2017, 11.13, "Willy Tarreau" wrote: On Fri, Dec 29, 2017 at 08:46:18AM +, Lucas Rolff wrote: > > Yep. For what it's worth, it's bee

Re: HTTP/2 Termination vs. Firefox Quantum

> Lucas, can you check my previous mail and see if you can enable ignoring > client aborts in your backend, assuming you are using nginx? I can confirm that ignoring client aborts in my backend using fastcgi_ignore_client_abort “resolves” the issue regarding POST requests. Best Regards, Lucas R

Re: HTTP/2 Termination vs. Firefox Quantum

Both in Firefox and Chrome my POST requests in 1.8.2 with the supplied patch, seem to do the trick (did about 300 post requests in each browser with no fails). Best Regards, On 29/12/2017, 15.58, "Willy Tarreau" wrote: On Fri, Dec 29, 2017 at 03:42:30PM +0100, Willy Tarreau wrote: > O

Re: HTTP/2 Termination vs. Firefox Quantum

and then the client: https://gist.github.com/lucasRolff/1b8f29ed61fd8ae443894d28c7efff95#file-tcpdump-pcap-L28-L32 178.63.183.xx == server (haproxy) 80.61.160.xxx == client (browser) Best Regards, Lucas Rolff On 29/12/2017, 16.47, "lu...@ltri.eu on behalf of Lukas Tribus" wrote:

Re: HTTP/2 Termination vs. Firefox Quantum

it (hopefully) Best Regards, Lucas Rolff

Re: HTTP/2 Termination vs. Firefox Quantum

(app.css) h2_frt_decode_headers:2621 h2_frt_decode_headers:2643 - Get Request (app.js) h2s_frt_make_resp_data:3180 h2s_frt_make_resp_data:3067 Best Regards, Lucas Rolff On 29/12/2017, 18.21, "Willy Tarreau" wrote: On Fri, Dec 29, 2017 at 04:48:13PM +0000, Lucas Rolff wrote: >

Re: HTTP/2 Termination vs. Firefox Quantum

application will then do a redirect to a specific page based on that input data. On 29/12/2017, 19.11, "Willy Tarreau" wrote: On Fri, Dec 29, 2017 at 06:02:15PM +0000, Lucas Rolff wrote: > POST Request (to website): > h2s_frt_make_resp_data:3180 > h2s_frt_

Re: HTTP/2 Termination vs. Firefox Quantum

;) < 'Z' - 'A') goto fail; That’s an interesting place to fail - Lucas R On 29/12/2017, 19.36, "Willy Tarreau" wrote: On Fri, Dec 29, 2017 at 06:18:00PM +, Lucas Rolff wrote: > I think you forgot to attach the patch Grrr common mistake, sorr

Re: HTTP/2 Termination vs. Firefox Quantum

cookie: laravel_session=SECURE_SESSION%3D%3D upgrade-insecure-requests: 1 pragma: no-cache cache-control: no-cache # It’s consistently the cookie header that fails. Some repeated requests, all related to cookie where header field became: 6InNEa InVMdk Best Regards, Lucas Rolff On

Re: HTTP/2 Termination vs. Firefox Quantum

I’ve tested the 1.8.3 build, and I can indeed confirm it works like charm! @Willy, thanks for the extensive time you spend on debugging and investigating this as well! Best Regards, Lucas Rolff

Re: Poll: haproxy 1.4 support ?

I also vote for both 1.4 and 1.5 being marked, if vendors do rely on old versions due to LTS, they tend to backport critical security and bug fixes anyway Get Outlook for iOS From: Pavlos Parissis Sent: Tuesday, January 2, 2018 4:34:39 PM

Re: Poll: haproxy 1.4 support ?

You don’t They’ve pinned a version to 1.5.x, in case Software gets deprecated / EOL like it happens with things such as PHP being a very good example, the distribution are required to support those versions until they EOL that specific release That’s a part of having a LTS distro, it’s their “p

Re: -Ws argument isn't document?

haproxy --help: -W master-worker mode. -Ws master-worker mode with systemd notify support. On 03/02/2018, 15.44, "Pavlos Parissis" wrote: Hi, In contrib/systemd/haproxy.service.in we see -Ws used in ExecStart as it is the recommended way to start haproxy under

Re: RHEL distribution still uses HAProxy 1.5

Well, RHEL is set to provide non-breaking software for the time a major release will exist, that's something they've decided as an OS vendor. You're free to run your own version, just be aware that it's unsupported by RHEL RHEL isn't the solution if you want cutting edge versions of software, ho

Using haproxy together with NFS

“fragment too large” when going via haproxy, or an actual working config for haproxy to do NFS 4.0 or 4.1 traffic – then please let me know! Best Regards, Lucas Rolff

Re: Using haproxy together with NFS

shares that different servers need access to I’ll try not the sample config from the link above! Thanks! Get Outlook for iOS<https://aka.ms/o0ukef> From: Michael Ezzell Sent: Thursday, August 2, 2018 2:38:06 AM To: Lucas Rolff Cc: HAproxy Mailing Lists Subje

Re: Using haproxy together with NFS

ithout too much modifications on the current NFS infrastructure (since it would introduce more complexity). Thanks for your replies both of you! Best Regards, On 02/08/2018, 18.09, "Willy Tarreau" wrote: On Thu, Aug 02, 2018 at 04:05:24AM +, Lucas Rolff wrote: > Hi michael,