add dynamic header to http response?

2013-05-07 Thread Patrick Hemmer
With haproxy 1.5, Is there any way to add a dynamic header to the http response (like the `http-request add-header` option for request headers)? I'm adding a X-Request-Id header to requests before forwarding them on to the back end, but would also like to be able to send this same header back in

syslog timestamp with millisecond

2013-05-10 Thread Patrick Hemmer
The current syslog implementation (via UDP) sends log entries with the millisecond portion of the timestamp stripped off. Our log collector is capable of handling timestamps with millisecond accuracy and I would like to have it do so. Is there any way to accomplish this? I know you can add an

haproxy duplicate http_request_counter values

2013-08-11 Thread Patrick Hemmer
I'm using the %rt field in the unique-id-format config parameter (the full value is %{+X}o%pid-%rt), and am getting lots of duplicates. In one specific case, haproxy added the same http_request_counter value to 70 different http requests within a span of 61 seconds (from various client hosts too).

Re: haproxy duplicate http_request_counter values (BUG)

2013-08-13 Thread Patrick Hemmer
On 2013/08/11 15:45, Patrick Hemmer wrote: I'm using the %rt field in the unique-id-format config parameter (the full value is %{+X}o%pid-%rt), and am getting lots of duplicates. In one specific case, haproxy added the same http_request_counter value to 70 different http requests within

content based routing with rewrite (reqrep)

2013-08-26 Thread Patrick Hemmer
So I'm trying to come up with the best way of doing this, but am having a heck of a time. Basically I have several different backend service pools, and I have one externally facing haproxy router. I want to take a map of public URLs and route them to specific backend URLs. For example

Client timeout on http put shows as a server timeout with error 504

2013-09-17 Thread Patrick Hemmer
We have this case with haproxy 1.5-dev19 where when a client is uploading data via a HTTP PUT request, the client will fail to send all it's data and haproxy will timeout the connection. The problem is that haproxy is reporting this an error 504 and connection flags of sH--, meaning it timed out

Re: Client timeout on http put shows as a server timeout with error 504

2013-09-18 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2013-09-18 01:46:50 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *Re: Client timeout on http put shows as a server timeout with error 504 Hi Patrick, On Tue, Sep 17, 2013 at 06:29:13PM -0400

Re: AW: GA Release of 1.5

2013-09-24 Thread Patrick Hemmer
*From: *Jinn Ko hapr...@mx.ixido.net *Sent: * 2013-09-24 10:22:49 E *To: *haproxy@formilux.org *Subject: *Re: AW: GA Release of 1.5 Hi, It's good to get a better idea of what's needed to see a GA release of 1.5. We've been keenly awaiting the GA release, and I certainly understand the need

Re: Client timeout on http put shows as a server timeout with error 504

2013-09-30 Thread Patrick Hemmer
*From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2013-09-18 10:26:36 E *To: *haproxy@formilux.org *Subject: *Re: Client timeout on http put shows as a server timeout with error 504 *From: *Willy Tarreau w...@1wt.eu *Sent: * 2013-09-18 01:46:50 E *To: *Patrick Hemmer hapr...@stormcloud9

handling hundreds of reqrep statements

2013-10-22 Thread Patrick Hemmer
I'm currently using haproxy (1.5-dev19) as a content based router. It takes an incoming request, looks at the url, rewrites it, and sends it on to the appropriate back end. The difficult part is that we need to all parsing and rewriting after the first match. This is because we might have a url

Re: handling hundreds of reqrep statements

2013-10-22 Thread Patrick Hemmer
*From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2013-10-22 19:13:08 E *To: *haproxy@formilux.org *Subject: *handling hundreds of reqrep statements I'm currently using haproxy (1.5-dev19) as a content based router

Re: handling hundreds of reqrep statements

2013-10-23 Thread Patrick Hemmer
*From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2013-10-22 23:32:31 E *CC: *haproxy@formilux.org *Subject: *Re: handling hundreds of reqrep statements

Re: handling hundreds of reqrep statements

2013-10-23 Thread Patrick Hemmer
*From: *hushmeh...@hushmail.com *Sent: * 2013-10-23 01:06:24 E *To: *hapr...@stormcloud9.net *CC: *haproxy@formilux.org *Subject: *Re: handling hundreds of reqrep statements On Wed, 23 Oct 2013 05:33:38 +0200 Patrick

disable backend through socket

2013-12-20 Thread Patrick Hemmer
Simple question: Is there any way to disable a backend through the socket? I see you can disable both frontends, and servers through the socket, but I don't see a way to do a backend. -Patrick

Re: disable backend through socket

2013-12-22 Thread Patrick Hemmer
*To: *haproxy@formilux.org *Subject: *Re: disable backend through socket On 22 Dec 2013 20:32, Patrick Hemmer hapr...@stormcloud9.net mailto:hapr...@stormcloud9.net wrote: That disables a server. I want to disable a backend. No, you want to disable all the servers in a backend. I'm not sure there's

Re: disable backend through socket

2013-12-23 Thread Patrick Hemmer
On Sun, Dec 22, 2013 at 05:05:16PM -0500, Patrick Hemmer wrote: No. As I said, I want to disable the backend. http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-disabled That doesn't really work for backends since they don't decide to get traffic. At least if a config accepts

Re: disable backend through socket

2013-12-26 Thread Patrick Hemmer
*From: *Gabriel Sosa sosagabr...@gmail.com *Sent: * 2013-12-26 09:41:21 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org *Subject: *Re: disable backend through socket On Mon, Dec 23, 2013 at 12:21 PM, Patrick Hemmer hapr...@stormcloud9.net mailto:hapr...@stormcloud9

Re: Just a simple thought on health checks after a soft reload of HAProxy....

2014-01-21 Thread Patrick Hemmer
*From: *Malcolm Turnbull malc...@loadbalancer.org *Sent: * 2014-01-14 07:13:27 E *To: *haproxy@formilux.org haproxy@formilux.org *Subject: *Just a simple thought on health checks after a soft reload of HAProxy Just a simple though on health checks after a soft reload of HAProxy If for

determine size of http headers

2014-01-23 Thread Patrick Hemmer
What I'd like to do is add a few items to the log line which contain the size of the headers, and then the value of the Content-Length header. This way if the connection is broken for any reason, we can determine if the client sent all the data they were supposed to. Logging the Content-Length

Re: haproxy duplicate http_request_counter values

2014-01-25 Thread Patrick Hemmer
*Sent: * 2013-08-13 11:53:16 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *Re: haproxy duplicate http_request_counter values Hi Patrick, On Sun, Aug 11, 2013 at 03:45:36PM -0400, Patrick Hemmer wrote: I'm using the %rt field

Re: haproxy duplicate http_request_counter values

2014-01-25 Thread Patrick Hemmer
. -Patrick *From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2014-01-25 03:40:38 E *To: *Willy Tarreau w...@1wt.eu *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *Re: haproxy duplicate http_request_counter

Re: haproxy duplicate http_request_counter values

2014-01-25 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-01-25 04:43:28 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *Re: haproxy duplicate http_request_counter values Hi Patrick, On Sat, Jan 25, 2014 at 03:40:38AM -0500, Patrick Hemmer wrote

Re: haproxy duplicate http_request_counter values

2014-01-25 Thread Patrick Hemmer
Confirmed. Testing various scenarios, and they all work. Thanks for the quick patch :-) -Patrick *From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-01-25 05:09:09 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy

Re: Real client IP address question

2014-01-27 Thread Patrick Hemmer
You can use the proxy protocol for this. Haproxy doesn't allow manipulation of the TCP stream itself as it could be any number of protocols which haproxy doesn't support. However the proxy protocol sends a line at the very beginning of the stream containing the client source IP, port, destination,

capture.req.hdr

2014-02-06 Thread Patrick Hemmer
I really like this feature, and it was something actually on my todo list of things to look into adding to haproxy. However there is one thing I would consider supporting. Instead of requiring the index of the capture keyword in the config, which is very cumbersome and awkward in my opinion,

Re: Just a simple thought on health checks after a soft reload of HAProxy....

2014-02-22 Thread Patrick Hemmer
*From: *Sok Ann Yap sok...@gmail.com *Sent: * 2014-02-21 05:11:48 E *To: *haproxy@formilux.org *Subject: *Re: Just a simple thought on health checks after a soft reload of HAProxy Patrick Hemmer haproxy@... writes

Re: Just a simple thought on health checks after a soft reload of HAProxy....

2014-02-24 Thread Patrick Hemmer
*To: *Malcolm Turnbull malc...@loadbalancer.org *CC: *Neil n...@iamafreeman.com, Patrick Hemmer hapr...@stormcloud9.net, HAProxy haproxy@formilux.org *Subject: *Re: Just a simple thought on health checks after a soft reload of HAProxy Hi Malcolm, Hence the retry and redispatch options :) I know

Re: AW: Keeping statistics after a reload

2014-02-28 Thread Patrick Hemmer
I have seen feature requests in the past that when haproxy reloads, to pull the health status of the servers so that haproxy knows their state without having to health check them. Willy has said he liked the idea (http://marc.info/?l=haproxym=139064677914723). If this gets implemented, it would

Re: rewrite URI help

2014-03-04 Thread Patrick Hemmer
The haproxy log contains the original request, not the rewritten one. If you want to see the rewritten URL you need to look at the backend server which is receiving the request. -Patrick *From: *Steve Phillips

tcp-request content track

2014-03-11 Thread Patrick Hemmer
2 related questions: I'm trying to find a way to concat multiple samples to use in a stick table. Basically in my frontend I pattern match on the request path to determine which backend to send a request to. The client requests also have a client ID header. I want to rate limit based on a

Re: tcp-request content track

2014-03-12 Thread Patrick Hemmer
bed...@gmail.com *Sent: * 2014-03-12 06:26:32 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *Re: tcp-request content track It would be easier to help you if you share your configuration! Baptiste On Wed, Mar 12, 2014 at 1:36 AM, Patrick

module/plugin support?

2014-03-18 Thread Patrick Hemmer
I was wondering if there were ever any thoughts about adding module/plugin support to haproxy. The plugin would be used for adding features to haproxy that are beyond the scope of haproxy's core focus (fast simple load balancing). Reading the recent radius authentication thread surprised me. I

Re: Radius authentication

2014-03-18 Thread Patrick Hemmer
I'm assuming it'll be generic authentication. What information will be made available to the auth daemon? Just the Authorization header? I would love a feature that allowed any/multiple header to be passed through. We use haproxy on an API service, which all incoming requests must pass in a key

Re: No ssl or crt in bind when compiled with USE_OPENSSL=1

2014-03-30 Thread Patrick Hemmer
1.4 does not support SSL. SSL was added in 1.5-dev12 -Patrick *From: *Juan Jimenez jjime...@electric-cloud.com *Sent: * 2014-03-30 02:44:42 E *To: *haproxy@formilux.org haproxy@formilux.org *Subject: *No ssl or crt in bind

haproxy intermittently not connecting to backend

2014-04-01 Thread Patrick Hemmer
We have an issue with haproxy (1.5-dev22-1a34d57) where it is intermittently not connecting to the backend server. However the behavior it is exhibiting seems strange. The reason I say strange is that in one example, it logged that the client disconnected after ~49 seconds with a connection flags

Re: haproxy intermittently not connecting to backend

2014-04-01 Thread Patrick Hemmer
-Patrick *From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2014-04-01 15:20:15 E *To: *haproxy@formilux.org *Subject: *haproxy intermittently not connecting to backend We have an issue with haproxy (1.5-dev22-1a34d57

Re: modifing default haproxy emit codes

2014-04-02 Thread Patrick Hemmer
You want the errorfile config param. http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#errorfile -Patrick *From: *Piavlo lolitus...@gmail.com *Sent: * 2014-04-02 15:16:22 E *To: *haproxy@formilux.org *Subject:

Re: haproxy intermittently not connecting to backend

2014-04-02 Thread Patrick Hemmer
That makes perfect sense. Thank you very much. -Patrick *From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-04-02 15:38:04 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org *Subject: *Re: haproxy

suppress reqrep / use_backend warning

2014-04-08 Thread Patrick Hemmer
Would it be possible to get an option to suppress the warning when a reqrep rule is placed after a use_backend rule? [WARNING] 097/205824 (4777) : parsing [/var/run/hapi/haproxy/haproxy.cfg:1443] : a 'reqrep' rule placed after a 'use_backend' rule will still be processed before. I prefer keeping

haproxy mis-reporting layer 4 checks

2014-04-10 Thread Patrick Hemmer
I've brought up this bug before (http://marc.info/?l=haproxym=139312718801838), but it seems to not have gotten any attention, so I'm raising it again. There is an issue with haproxy mis-reporting layer 4 checks. There are 2, likely related, issues. 1) When haproxy first starts up, it will report

Re: haproxy mis-reporting layer 4 checks

2014-04-11 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-04-11 08:29:15 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org *Subject: *Re: haproxy mis-reporting layer 4 checks Hi Patrick, On Thu, Apr 10

Re: haproxy intermittently not connecting to backend

2014-04-11 Thread Patrick Hemmer
the configured timeout should it be a 5XX. Nginx uses 499 for client closed connection. Perhaps haproxy could use that status code as well when `option abortonclose` is used. -Patrick *From: *Patrick Hemmer hapr

Re: suppress reqrep / use_backend warning

2014-04-13 Thread Patrick Hemmer
*From: *Cyril Bonté cyril.bo...@free.fr *Sent: * 2014-04-13 11:15:26 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org *Subject: *Re: suppress reqrep / use_backend warning Hi Patrick, Le 08/04

Re: haproxy intermittently not connecting to backend

2014-04-14 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-04-14 11:27:59 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org *Subject: *Re: haproxy intermittently not connecting to backend Hi Patrick, On Sat, Apr 12, 2014 at 01:38:54AM -0400, Patrick Hemmer wrote: This just keeps

haproxy incorrectly reporting connection flags

2014-04-16 Thread Patrick Hemmer
With 1.5-dev22, we have a scenario where haproxy is saying the client closed the connection, but really the server is the one that closed it. Here is the log entry from haproxy: haproxy[12540]: 10.230.0.195:33580 storage_upd storage_upd/storage_upd_2 0/0/0/522/555 0/0/0/0/0 0/0 412/271 200 CD--

Re: haproxy incorrectly reporting connection flags

2014-04-22 Thread Patrick Hemmer
*From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2014-04-16 17:38:54 E *To: *haproxy@formilux.org haproxy@formilux.org *Subject: *haproxy incorrectly reporting connection flags With 1.5-dev22, we have a scenario where haproxy is saying the client closed the connection, but really

Re: haproxy incorrectly reporting connection flags

2014-04-23 Thread Patrick Hemmer
*From: *Cyril Bonté cyril.bo...@free.fr *Sent: * 2014-04-23 02:37:07 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *Re: haproxy incorrectly reporting connection

Re: haproxy incorrectly reporting connection flags

2014-04-23 Thread Patrick Hemmer
*From: *Lukas Tribus luky...@hotmail.com *Sent: * 2014-04-23 12:16:01 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org *Subject: *RE: haproxy incorrectly reporting connection flags Sorry about that. I see it on the mailing list archive

Re: please check

2014-05-02 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-02 02:02:11 E *To: *Rachel Chavez rachel.chave...@gmail.com *CC: *haproxy@formilux.org *Subject: *Re: please check On Thu, May 01, 2014 at 03:44:46PM -0400, Rachel Chavez wrote: The problem is: when client sends a request with incomplete body

Re: please check

2014-05-02 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-02 11:15:07 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *Rachel Chavez rachel.chave...@gmail.com, haproxy@formilux.org *Subject: *Re: please check Hi Patrick, On Fri, May 02, 2014 at 10:57:38AM -0400, Patrick Hemmer wrote: *From

Re: please check

2014-05-02 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-02 12:56:16 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *Rachel Chavez rachel.chave...@gmail.com, haproxy@formilux.org *Subject: *Re: please check On Fri, May 02, 2014 at 12:18:43PM -0400, Patrick Hemmer wrote: At any moment the server

Re: please check

2014-05-02 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-02 14:00:24 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *Rachel Chavez rachel.chave...@gmail.com, haproxy@formilux.org *Subject: *Re: please check On Fri, May 02, 2014 at 01:32:30PM -0400, Patrick Hemmer wrote: I've set up a test

Re: please check

2014-05-02 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-02 15:06:13 E *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *Rachel Chavez rachel.chave...@gmail.com, haproxy@formilux.org *Subject: *Re: please check On Fri, May

Re: please check

2014-05-06 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-06 17:41:18 E *To: *Patrick Hemmer hapr...@stormcloud9.net, Rachel Chavez rachel.chave...@gmail.com *CC: *haproxy@formilux.org *Subject: *Re: please check Hi Patrick, hi Rachel, I might have fixed half of the issue, I'd like you to test

Re: please check

2014-05-07 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-07 09:45:47 E *To: *Patrick Hemmer hapr...@stormcloud9.net, Rachel Chavez rachel.chave...@gmail.com *CC: *haproxy@formilux.org *Subject: *Re: please check Hi Patrick, hi

Re: unique-id-header with capture request header

2014-05-13 Thread Patrick Hemmer
*From: *Bryan Talbot bryan.tal...@playnext.com *Sent: * 2014-05-13 11:52:32 E *To: *HAProxy haproxy@formilux.org *Subject: *unique-id-header with capture request header We have more than 1 proxy tier. The edge proxy generates a unique ID and the other tiers (and apps in between) log the value

Disable TLS renegotiation

2014-05-16 Thread Patrick Hemmer
While going through the Qualys SSL test (https://www.ssllabs.com/ssltest), one of the items it mentions is a DoS vulnerability in regards to client-side initiated SSL renegotiation (https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks). While

Re: Disable TLS renegotiation

2014-05-16 Thread Patrick Hemmer
*From: *Lukas Tribus luky...@hotmail.com *Sent: * 2014-05-16 13:23:43 E *To: *Patrick Hemmer hapr...@stormcloud9.net, haproxy@formilux.org haproxy@formilux.org *Subject: *RE: Disable TLS renegotiation Hi Patrick, While going through the Qualys SSL test (https://www.ssllabs.com/ssltest

Re: Error 408 with Chrome

2014-05-26 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-05-26 12:07:09 EDT *To: *Arnall arnall2...@gmail.com *CC: *haproxy@formilux.org *Subject: *Re: Error 408 with Chrome On Mon, May 26, 2014 at 05:52:15PM +0200, Arnall wrote:

Re: HAProxy 1.5 release?

2014-06-18 Thread Patrick Hemmer
Haproxy 1.6 is very close to release. See http://marc.info/?l=haproxym=140129354705695 and http://marc.info/?l=haproxym=140085816115800 -Patrick *From: *Stephen Balukoff sbaluk...@bluebox.net *Sent: * 2014-06-18 08:40:55

Re: HAProxy 1.5 release?

2014-06-18 Thread Patrick Hemmer
Err, pardon the typo, 1.5 :-) -Patrick *From: *Patrick Hemmer hapr...@stormcloud9.net *Sent: * 2014-06-18 08:49:27 EDT *To: *Stephen Balukoff sbaluk...@bluebox.net, haproxy@formilux.org *Subject: *Re: HAProxy 1.5 release

Re: 3rd regression : enough is enough!

2014-06-23 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-06-23 10:23:44 EDT *To: *haproxy@formilux.org *CC: *Patrick Hemmer hapr...@stormcloud9.net, Rachel Chavez rachel.chave...@gmail.com *Subject: *3rd regression : enough is enough

Re: 3rd regression : enough is enough!

2014-06-24 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-06-24 01:33:41 EDT *To: *Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org, Rachel Chavez rachel.chave...@gmail.com *Subject: *Re: 3rd regression : enough is enough! Hi Patrick, On Mon, Jun 23, 2014 at 09:30:11PM -0400, Patrick

Re: 3rd regression : enough is enough!

2014-06-24 Thread Patrick Hemmer
*From: *Lukas Tribus luky...@hotmail.com *Sent: * 2014-06-24 06:44:44 EDT *To: *Willy Tarreau w...@1wt.eu, Patrick Hemmer hapr...@stormcloud9.net *CC: *haproxy@formilux.org haproxy@formilux.org, Rachel Chavez rachel.chave

Re: Getting size of response

2014-08-26 Thread Patrick Hemmer
*From:* Nick Jennings n...@silverbucket.net *Sent:* 2014-08-26 19:55:34 EDT *To:* haproxy haproxy@formilux.org *Subject:* Getting size of response Hi all, is there a way to get the size of a response as it's being sent out through haproxy during logging? The node.js app (restify) is sending

Re: Spam to this list?

2014-09-05 Thread Patrick Hemmer
*From: *Willy Tarreau w...@1wt.eu *Sent: * 2014-09-05 11:19:22 EDT *To: *Ghislain gad...@aqueos.com *CC: *Mark Janssen maniac...@gmail.com, david rene comba lareu shadow.of.sou...@gmail.com, Colin Ingarfield co...@ingarfield.com, haproxy@formilux.org haproxy@formilux.org *Subject: *Re: Spam to

Re: Spam to this list?

2014-09-05 Thread Patrick Hemmer
*From: *Cyril Bonté cyril.bo...@free.fr *Sent: * 2014-09-05 15:50:21 EDT *To: *Patrick Hemmer hapr...@stormcloud9.net, Willy Tarreau w...@1wt.eu, Ghislain gad...@aqueos.com *CC: *Mark Janssen maniac...@gmail.com, david rene comba lareu shadow.of.sou...@gmail.com, Colin Ingarfield co

mailing list archives dead

2016-04-04 Thread Patrick Hemmer
It looks like the mailing list archives stopped working mid-December. https://marc.info/?l=haproxy -Patrick

Re: unique-id-header and req.hdr

2017-01-27 Thread Patrick Hemmer
On 2017/1/27 14:38, Cyril Bonté wrote: > Le 27/01/2017 à 20:11, Ciprian Dorin Craciun a écrit : >> On Fri, Jan 27, 2017 at 9:01 PM, Cyril Bonté >> wrote: >>> Instead of using "unique-id-header" and temporary headers, you can >>> use the >>> "unique-id" fetch sample [1] :

Re: unique-id-header and req.hdr

2017-01-27 Thread Patrick Hemmer
On 2017/1/27 15:31, Ciprian Dorin Craciun wrote: > On Fri, Jan 27, 2017 at 10:24 PM, Patrick Hemmer > <hapr...@stormcloud9.net> wrote: >> Something that might satisfy both requests, why not just append to the >> existing request-id? >> >> unique-id-fo

haproxy consuming 100% cpu - epoll loop

2017-01-16 Thread Patrick Hemmer
So on one of my local development machines haproxy started pegging the CPU at 100% `strace -T` on the process just shows: ... epoll_wait(0, {}, 200, 0) = 0 <0.03> epoll_wait(0, {}, 200, 0) = 0 <0.03> epoll_wait(0, {}, 200, 0) = 0 <0.03>

missing documentation on 51degrees samples

2016-10-07 Thread Patrick Hemmer
The documentation doesn't mention the sample fetcher `51d.all`, nor the converter `51d.single`. The only place they're mentioned is the repo README. Also the documentation for `51degrees-property-name-list` indicates it takes an optional single string argument (`[]`), rather than multiple string

format string fetch method?

2016-10-06 Thread Patrick Hemmer
While working with the `http-request set-var` (and a few other places, but primarily here), it would be very useful to be able to use haproxy format strings to define the variable. For example http-request set-var(txn.foo) fmt(%ci:%cp:%Ts) Or even http-request set-var(txn.foo)

configure peer namespace

2016-10-09 Thread Patrick Hemmer
Can we get the ability to configure the peer namespace? Right now haproxy uses the default namespace, but in our system we have an "internal" interface which is able to talk to the other haproxy nodes, and this interface is in another network namespace. Additionally, the error output for failure

trouble with sc0_conn_cur

2016-11-27 Thread Patrick Hemmer
I'm trying to limit concurrent connections but having trouble getting it working with sc0_conn_cur. The relevant portion of my config looks like: frontend www log-format %ac\ %tsc\ %[sc0_conn_cur] stick-table type ip size 1 expire 10s peers cluster store conn_cur

Re: using comma in argument to sample fetch & converter

2016-12-08 Thread Patrick Hemmer
On 2016/12/7 19:15, Cyril Bonté wrote: > Hi, > > On 07/12/2016 21:40, Patrick Hemmer wrote: >> How do you use a comma inside an argument to a sample fetcher or >> converter? >> For example, the sample fetch str, if I try to do `str(foo,bar)` I get >> the error &

Re: Define path of configuration files in systemd unit

2016-12-13 Thread Patrick Hemmer
On 2016/12/13 11:14, Ricardo Fraile wrote: > Hello Jarno, > > > Yes, you are right, this is not an elegant solution, and reloading > doesn't work. This is the systemd report: > > > # systemctl status haproxy.service -l > ● haproxy.service - HAProxy Load Balancer >Loaded: loaded

using comma in argument to sample fetch & converter

2016-12-07 Thread Patrick Hemmer
How do you use a comma inside an argument to a sample fetcher or converter? For example, the sample fetch str, if I try to do `str(foo,bar)` I get the error fetch method 'str' : end of arguments expected at position 2, but got ',bar' All variations such as `str('foo,bar')`, `str(foo\,bar)`,

Re: [PATCH] MINOR: systemd unit works with cfgdir and cfgfile

2017-01-12 Thread Patrick Hemmer
On 2017/1/12 06:42, Ricardo Fraile wrote: > Hello, > > > As 1.7 release allow to load multiple files from a directory: > > > https://cbonte.github.io/haproxy-dconv/1.7/management.html > > -f : adds to the list of configuration files > to be loaded. If is a directory, all the

deviceatlas issues

2016-12-01 Thread Patrick Hemmer
After using the addon, I've run across a few issues trying to get it running. The first are mostly documentation issues: 1. The example for `da-csv-conv` has `da-csv()` instead of `da-csv-conv()`. 2. The documentation lists the parameter `deviceatlas-separator`. The param is really

capture header VS set-var

2016-12-04 Thread Patrick Hemmer
I was mostly just wondering about differences between using things like `capture request header`/`http-request capture` and `http-request set-var`. set-var seems to have all the capabilities of captures, and are much easier to work with. You don't have to pre-declare them, you don't have to set

Re: ALERT:sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)

2017-01-05 Thread Patrick Hemmer
On 2017/1/5 02:15, Igor Cicimov wrote: > Hi all, > > On one of my haproxy's I get the following message on reload: > > >

Re: Is it possible to avoid 503 error when one backend server has down and health check hasn't been launched yet

2016-12-24 Thread Patrick Hemmer
On 2016/12/24 10:42, Alex.Chen wrote: > for my scenario, i need to using "balance source" to keep the > persistence of haproxy's balancing, I find that when one of my backend > server (s1) has been killed, and if the next round health check is > still not launched, then s1 is still be marked as

Re: ssl offloading and send-proxy-v2-ssl

2016-12-26 Thread Patrick Hemmer
On 2016/12/23 09:28, Arnall wrote: > Hi everyone, > > i'm using a nbproc > 1 configuration for ssl offloading : > > listen web_tls > mode http > bind *:443 ssl crt whatever.pem process 2 > bind *:443 ssl crt whatever.pem process 3 > > ../.. > server web_plain u...@plain.sock

Re: capture header VS set-var

2016-12-07 Thread Patrick Hemmer
On 2016/12/5 03:35, thierry.fourn...@arpalert.org wrote: > On Sun, 4 Dec 2016 09:17:00 -0500 > Patrick Hemmer <hapr...@stormcloud9.net> wrote: > >> I was mostly just wondering about differences between using things like >> `capture request header`/`http-request capture

Re: Odd behaviour with option forwardfor.

2017-07-22 Thread Patrick Hemmer
On 2017/7/22 11:11, Claus Strommer wrote: > Hi all, I'm seeing some odd behaviour with our haproxy balancer and am > looking for some insights. > > The setup: > > I have a webserver that is behind two haproxy balancers (version > 1.5.18 on EL7), which are behind CloudFlare. In effect the request

Looking for a way to limit simultaneous connections per IP

2017-06-28 Thread Patrick Hemmer
So as the subject indicates, I'm looking to limit concurrent connections to a backend by the source IP. The behavior I'm trying for is that if the client has more than 6 connections, we sit on the request for a second, and then send back a 302 redirect to the same resource that was just requested.

Re: Looking for a way to limit simultaneous connections per IP

2017-06-28 Thread Patrick Hemmer
a value from a stick table was to track the connection. The documentation is also a little confusing as it seems to imply it'll use the string form of the IP address, when I expect the table stores the binary form of the IP address. But it seems to work from my testing. > Best, > -Mark &

Re: Logging SSL pre-master-key

2017-06-30 Thread Patrick Hemmer
On 2017/6/30 01:00, Willy Tarreau wrote: > Hi Patrick, sorry for the delay :-/ > > On Mon, Jun 19, 2017 at 01:54:36PM -0400, Patrick Hemmer wrote: >> Well my argument for keeping the name starting with `ssl_fc_session_` is >> that there is also `ssl_fc_session_id`.

Re: Logging SSL pre-master-key

2017-06-12 Thread Patrick Hemmer
On 2017/6/12 15:14, Lukas Tribus wrote: > Hello, > > > Am 12.06.2017 um 19:35 schrieb Patrick Hemmer: >> Would we be able to get a new sample which provides the SSL session >> master-key? >> This is so that when performing packet captures with ephemeral ci

Logging SSL pre-master-key

2017-06-12 Thread Patrick Hemmer
Would we be able to get a new sample which provides the SSL session master-key? This is so that when performing packet captures with ephemeral ciphers (DHE), we can decrypt the traffic in the capture. -Patrick

Re: Logging SSL pre-master-key

2017-06-22 Thread Patrick Hemmer
On 2017/6/19 13:54, Patrick Hemmer wrote: > > > On 2017/6/17 00:00, Willy Tarreau wrote: >> Hi Patrick, >> >> On Fri, Jun 16, 2017 at 09:36:30PM -0400, Patrick Hemmer wrote: >>> The main reason I had for supporting the older code is that it seems >>> m

Re: Logging SSL pre-master-key

2017-06-19 Thread Patrick Hemmer
On 2017/6/17 00:00, Willy Tarreau wrote: > Hi Patrick, > > On Fri, Jun 16, 2017 at 09:36:30PM -0400, Patrick Hemmer wrote: >> The main reason I had for supporting the older code is that it seems >> many (most?) linux distros, such as the one we use (CentOS/7), still >&g

HAProxy won't shut down

2017-05-23 Thread Patrick Hemmer
We've been running across a fair amount of haproxy processes lately that won't shut down. We're currently using 1.7.5, but have also experienced the issue with earlier versions, 1.7.2 for sure, but likely back even further. The processes are getting signaled to shut down by the

Re: HAProxy won't shut down

2017-05-29 Thread Patrick Hemmer
> On 05/24/2017 10:40 AM, Willy Tarreau wrote: >> Hi Patrick, >> >> On Tue, May 23, 2017 at 01:49:42PM -0400, Patrick Hemmer wrote: >> (...) >>> haproxy 28856 root1u IPv4 420797940 0t0 >>> TCP 10.0.33.145:35754->1

Re: haproxy consuming 100% cpu - epoll loop

2017-05-18 Thread Patrick Hemmer
On 2017/1/17 17:02, Willy Tarreau wrote: > Hi Patrick, > > On Tue, Jan 17, 2017 at 02:33:44AM +, Patrick Hemmer wrote: >> So on one of my local development machines haproxy started pegging the >> CPU at 100% >> `strace -T` on the process just shows: >> &

haproxy doesn't restart after segfault on systemd

2017-05-18 Thread Patrick Hemmer
So we had an incident today where haproxy segfaulted and our site went down. Unfortunately we did not capture a core, and the segfault message logged to dmesg just showed it inside libc. So there's likely not much we can do here. We'll be making changes to ensure we capture a core in the future.

Re: HAProxy won't shut down

2017-05-30 Thread Patrick Hemmer
On 2017/5/29 16:04, Frederic Lecaille wrote: > On 05/29/2017 06:12 PM, Patrick Hemmer wrote: >> >> On 2017/5/29 08:22, Frederic Lecaille wrote: >>> >>> Hi Patrick, >>> >>> First thank you for this nice and helpful report. >>> >>

Re: Logging SSL pre-master-key

2017-06-16 Thread Patrick Hemmer
On 2017/6/16 09:34, Willy Tarreau wrote: > Hi Patrick, > > On Mon, Jun 12, 2017 at 07:31:36PM -0400, Patrick Hemmer wrote: >> I patched my haproxy to add a ssl_fc_session_key fetch, and with the >> value I was able to decrypt my te

clarification on documentation for sticky counter tracking duration

2017-05-04 Thread Patrick Hemmer
I'm looking to get some clarification around the documentation for the duration of sticky counter tracking. There are 2 specific points I'm a little confused on. 1. Under the documentation for `tcp-request content`, it says: > In case of HTTP keep-alive with the client, all tcp-request content

  1   2   3   >