Context: SSL stuff, haproxy HA-Proxy version 1.5-dev15 2012/12/12 ;
complete haproxy info at the bottom.
Our app does large file uploads via an ancillary java applet thingy;
these look like so:
0009:https.accept(0006)=000f from [64.236.139.254:35763]
0009:https.clireq[000f:]: POST
[reordered]
On Fri, Jan 11, 2013 at 07:14:05PM +0100, Lukas Tribus wrote:
If you are running -dev, its probably a good idea to follow the
mailing list closely and eventually read the commit message on
git.
It's hard because I only give one day a week to this company, but
I'll see what I can
On Fri, Jan 11, 2013 at 10:36:43PM +0100, Willy Tarreau wrote:
Hi Robin,
On Fri, Jan 11, 2013 at 11:10:06AM -0800, Robin Lee Powell wrote:
[reordered]
On Fri, Jan 11, 2013 at 07:14:05PM +0100, Lukas Tribus wrote:
If you are running -dev, its probably a good idea to follow
On Fri, Jan 11, 2013 at 10:36:43PM +0100, Willy Tarreau wrote:
Indeed, there were multiple bugs with the POST issue, each one
hiding another. For Sander (the reporter), the problem was very
reproducible, while I could never get it. I suspect you're hitting
the same one. Note that the fix
Just something I thought the rest of the interwebs might find
useful.
If you can get your users to first connect to an http:// address,
and then have that URL redirect them to https://, you can work
around a lack of SNI support on the client end like so:
# content switching based on host name
This is what we do, using puppet's erb templating system:
% haproxy_https_servers.keys.each do |server| %
% haproxy_https_servers[server].each do |subserver| %
% extra_conditions=''
if subserver.has_key?('extra_conditions')
On Thu, Feb 07, 2013 at 11:54:56AM -0500, S Ahmed wrote:
Is it hard to install SSL with haproxy?
I want all incoming connections to use SSL, but when haproxy
communicates with the backends I don't want them to be ssl based.
ANy tutorials on setting this up?
With 1.5-dev17 (or whatever's
Are you *only* selecting based on SNI? I ask because our setup uses
cookies as well, specifically to get around SNI issues (we store the
cookie on normal HTTP as well as HTTPS, and use it as a fallback if
SNI fails). If you have other things going on besides SNI, that
could explain that
As a starting point, the short version is: have an haproxy that
supports ssl like so:
[rlpowell@mtsinai01 ~]$ /opt/haproxy/usr/local/sbin/haproxy -vv | grep -i ssl
OPTIONS = USE_OPENSSL=1 USE_PCRE=1
Built with OpenSSL version : OpenSSL 1.0.1c 10 May 2012
OpenSSL library supports TLS extensions
On Thu, Mar 21, 2013 at 08:02:03PM +0100, Baptiste wrote:
I actually started with
http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/
, but that's out of date; the sni options have changed.
Hi Robin
I fixed the article today.
How many server elements does the backend have? That sounds like 2
out of 3 of my servers are up to me.
-Robin
On Sat, Sep 28, 2013 at 03:37:43AM +0200, Mark Ruys wrote:
Hi,
I'm using a Nagios plugin to monitor the HAProxy status. Now and then,
HAProxy reports UP 2/3 as a backend status
11 matches
Mail list logo