Issue with uploads and HAProxy 2.4.11

2022-01-10 Thread Sander Klein
rver server1 [redacted]:80 cookie cookie1 server server2 [redacted]:80 cookie cookie2 # Sorry Server server outage 127.0.0.1:80 backup retries 1 --- If any more info is needed, please let me know. Regards, Sander Klein

SPOE

2023-06-15 Thread Sander Klein
Hi, Is there a way to filter which URL's go through SPOE and which are just handled directly in a single frontend? I can't seem to find it in the documentantion. I'm currently on HAProxy 2.6.14. Regards, Sander Klein

Re: SPOE

2023-06-15 Thread Sander Klein
On 2023-06-15 22:11, Sander Klein wrote: Hi, Is there a way to filter which URL's go through SPOE and which are just handled directly in a single frontend? I can't seem to find it in the documentantion. I'm currently on HAProxy 2.6.14. Right after I mailed this I read SPOE.t

Old style OCSP not working anymore?

2023-07-13 Thread Sander Klein
Hi, I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't connect to any of the sites behind it. While looking at the error it seems like OCSP is not working anymore. Right now I have a setup in which I provision the certificates with the corresponding ocsp file next to it

Re: Old style OCSP not working anymore?

2023-07-14 Thread Sander Klein
Hi, On 2023-07-14 01:56, Shawn Heisey wrote: On 7/13/23 09:01, Sander Klein wrote: I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't connect to any of the sites behind it. While looking at the error it seems like OCSP is not working anymore. Right now I have a

Re: Old style OCSP not working anymore?

2023-07-17 Thread Sander Klein
On 2023-07-17 15:17, William Lallemand wrote: On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: Hi, I tried upgrading from 2.6.14 to 2.8.1, but after the upgrade I couldn't connect to any of the sites behind it. While looking at the error it seems like OCSP is not wo

Re: Old style OCSP not working anymore?

2023-07-20 Thread Sander Klein
On 2023-07-19 11:00, William Lallemand wrote: On Mon, Jul 17, 2023 at 08:12:59PM +0200, Sander Klein wrote: On 2023-07-17 15:17, William Lallemand wrote: > On Thu, Jul 13, 2023 at 05:01:06PM +0200, Sander Klein wrote: >> Hi, >> >> I tried upgrading from 2.6.14 to 2.8.1, bu

Re: Old style OCSP not working anymore?

2023-07-20 Thread Sander Klein
On 2023-07-20 11:14, William Lallemand wrote: On Thu, Jul 20, 2023 at 10:23:21AM +0200, Sander Klein wrote: On 2023-07-19 11:00, William Lallemand wrote: "show ssl ocsp-resonse" gives me a lot of output like: Certificate ID key : *LONGID* Certificate path : /parth/to/cert.pem Cert

Re: Old style OCSP not working anymore?

2023-07-21 Thread Sander Klein
On 2023-07-21 11:51, Jarno Huuskonen wrote: If I change the order of ipv4 / ipv6 binds (so bind ipv6@:::443 name v6ssl... is first) then haproxy(2.8.1) sends ocsp with ipv6 connection and not with ipv4. Hmmm, I cannot reproduce this, but this might be because I have multiple frontends with m

Re: FW: HAProxy: Information request

2020-02-27 Thread Sander Klein
Hi, please be aware you are posting to a public mailinglist. You might want to check where you sent your emails. Regards, Sander Klein On 2020-02-27 22:14, EMEA Request wrote: Hi Team, Apologies for delayed response. Can you please help with the details provided below and provide a quote

Sudden queueing to backends

2020-03-10 Thread Sander Klein
bc:abc:abc::1:80 cookie name1 server name2 abc:abc:abc::2:80 cookie name2 # Sorry Server server outage 127.0.0.1:80 backup retries 1 Regards, Sander Klein

Haproxy 2.2.0 segfault

2020-07-20 Thread Sander Klein
Hi, Last Thursday I've upgraded to HAProxy 2.2.0 from Vincent Bernat's marvelous repository, but now I experience segfaults. I haven't investigated it further since I just discovered it. But, it seems related to reloading HAProxy with config changes. The logs show: Jul 20 09:51:05 lb01-a ker

Re: Haproxy 2.2.0 segfault

2020-07-20 Thread Sander Klein
In the meantime I've captured a coredump. It gives the following output: GNU gdb (Debian 8.2.1-2+b3) 8.2.1 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribu

Re: Haproxy 2.2.0 segfault

2020-07-20 Thread Sander Klein
On 2020-07-20 16:38, Christopher Faulet wrote: Could you retry with the latest 2.2 snapshot (http://www.haproxy.org/download/2.2/src/snapshot/haproxy-ss-LATEST.tar.gz) ? Yes, I just did. Still a segfault. Just in case the new core is below. Reading symbols from haproxy...Reading symbols from

Re: Haproxy 2.2.0 segfault

2020-07-20 Thread Sander Klein
On 2020-07-20 19:16, Christopher Faulet wrote: Le 20/07/2020 à 17:22, Sander Klein a écrit : On 2020-07-20 16:38, Christopher Faulet wrote: Could you retry with the latest 2.2 snapshot (http://www.haproxy.org/download/2.2/src/snapshot/haproxy-ss-LATEST.tar.gz) ? Yes, I just did. Still a

Re: Haproxy 2.2.0 segfault

2020-07-24 Thread Sander Klein
On 2020-07-20 21:41, Sander Klein wrote: On 2020-07-20 19:16, Christopher Faulet wrote: Le 20/07/2020 à 17:22, Sander Klein a écrit : On 2020-07-20 16:38, Christopher Faulet wrote: Could you retry with the latest 2.2 snapshot (http://www.haproxy.org/download/2.2/src/snapshot/haproxy-ss

Stick table counter not working after upgrade to 2.2.11

2021-03-22 Thread Sander Klein
Hi, I have upgraded to haproxy 2.2.11 today and it seems like my stick table counter is not working anymore. It is only increasing on every hit and never decreases anymore. Downgrading back to 2.2.10 fixes this issue. The setup is a replicated stick table like: ``` table apikey type ipv6 siz

Re: Stick table counter not working after upgrade to 2.2.11

2021-03-23 Thread Sander Klein
On 2021-03-23 09:32, Willy Tarreau wrote: Guys, These two patches address it for me, and I could verify that they apply on top of 2.2.11 and work there as well. This time I tested with two counters at different periods 500 and 2000ms. I've just applied your patches and tested. It seems to work

Re: Table sticky counters decrementation problem

2021-03-30 Thread Sander Klein
On 2021-03-30 10:17, Lukas Tribus wrote: Hello Thomas, this is a known issue in any release train other than 2.3 ... https://github.com/haproxy/haproxy/issues/1196 However neither 2.3.7 (does not contain the offending commits), nor 2.3.8 (contains all the fixes) should be affected by this.

Re: Table sticky counters decrementation problem

2021-03-30 Thread Sander Klein
On 2021-03-30 15:13, Willy Tarreau wrote: diff --git a/src/time.c b/src/time.c index 0cfc9bf3c..fafe3720e 100644 --- a/src/time.c +++ b/src/time.c @@ -268,7 +268,7 @@ void tv_update_date(int max_wait, int interrupted) old_now_ms = global_now_ms; do { new_now_ms =

Re: Table sticky counters decrementation problem

2021-03-30 Thread Sander Klein
On 2021-03-30 18:14, Willy Tarreau wrote: No, my chance is already gone :-) OK, I'm pushing this one into 2.3, re-running the tests a last time, and issuing 2.3.9. We'll be able to issue 2.2.12 soon finally, as users of 2.2 are still into trouble between 2.2.9 and 2.2.11 depending on the bug th

Re: Table sticky counters decrementation problem

2021-03-30 Thread Sander Klein
On 2021-03-30 19:15, Willy Tarreau wrote: On Tue, Mar 30, 2021 at 07:07:41PM +0200, Sander Klein wrote: On 2021-03-30 18:14, Willy Tarreau wrote: > No, my chance is already gone :-) > > OK, I'm pushing this one into 2.3, re-running the tests a last time, > and issuing 2.3.9.

Re: CalDav with HAProxy

2016-11-11 Thread Sander Klein
On 2016-11-11 15:28, Alexandre Besnard wrote: I use HAProxy as a reverse proxy to terminate SSL connections towards all my VMs. So far so good except with Owncloud and CalDav. When Owncloud is hidden behind HAProxy, I am not able to configure my CalDav account under the Calendar app in Mac OS X

Re: Certificate order

2017-04-06 Thread Sander Klein
Hi Sander, On 2017-04-06 10:45, Sander Hoentjen wrote: Hi guys, We have a setup where we sometimes have multiple certificates for a domain. We use multiple directories for that and would like the following behavior: - Look in dir A for any match, use it if found - Look in dir B for any match, u

Re: haproxy fails to properly direct connection to correct back end.

2017-07-30 Thread Sander Klein
Hi P S, I have to say, the way you type your emails makes one really want to help you. You seem to be positive, constructive and I don't see any whining. And yes, I'm a sarcastic person. So, for your first problem. I don't know what goes wrong, but with me if haproxy fails to start, it actua

Re: ASML SW quote request for resale

2017-08-04 Thread Sander Klein
Hi Brigitta, You are contacting the haproxy mailing list which is used for support. The haproxy gpl edition is free for use by anyone. But if you want commercial support you probably want to contact cont...@haproxy.com Regards, Sander > On 4 Aug 2017, at 12:55, Brigitta Csaszar wrote: > >

Re: Experimental / broken HTTP/2 support

2017-10-15 Thread Sander Klein
Hi, I haven't been paying much attention to the list lately, but I am wondering what the current status of http/2 support is in 1.8-(dev|snapshot). Is it in a usable-but-needs testing state? Or more like stay-away-because-it-kills-kittens state? Greets, Sander On 2017-08-18 16:49, Willy

Re: Experimental / broken HTTP/2 support

2017-10-16 Thread Sander Klein
Hi Willy, On 2017-10-15 19:02, Willy Tarreau wrote: If everything goes well, the final rebased and cleaned up code should be available for a release candidate by the end of the month. Great, I will wait and see what you have available at the end of the month. I'm in no hurry, I just wanted to

Re: Experimental / broken HTTP/2 support

2017-10-16 Thread Sander Klein
On 2017-10-16 14:19, Willy Tarreau wrote: On Mon, Oct 16, 2017 at 01:28:12PM +0200, Pavlos Parissis wrote: I guess following step-by-step approach, 1st client side, it makes sense as it reduces the size of breakage:-) Yes but not only this. It's also the fact that the main benefits of H2 are

Re: [ANNOUNCE] haproxy-1.8.0

2017-11-26 Thread Sander Klein
s now officially released! Woohoo! Thanks for the work. Greets, Sander Klein 0x2E78FBE8.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature

CPU Spikes

2019-07-08 Thread Sander Klein
Hi, I'm having an issue with HAProxy causing CPU spikes with certain traffic. We have a client who is downloading lots of URL's during the night. When the download starts there is not much other traffic going on and there doesn't seem to be any problem. But, when the morning comes, 'normal'

Re: CPU Spikes

2019-07-08 Thread Sander Klein
Hey Willy, On 2019-07-09 08:09, Willy Tarreau wrote: What's you CPU like between the peaks ? 1%, 10%, 50% ? Just to get a rough estimate of whether it's something reaching a critical point or if it's something doing its mess alone in its corner. In between the spikes it's about 7% System, 11

Runaway process

2019-07-10 Thread Sander Klein
Hi, I seem to have runaway HAProxy process since yesterday evening around 20:50. This process is eating up 100% CPU continously. (HAProxy 1.9.8) Of course I can just kill it and go on with my life, but I was wondering if there was any interest to see if we can uncover a bug here. If so, plea

Re: Runaway process

2019-07-11 Thread Sander Klein
On 2019-07-11 12:27, Tim Düsterhus wrote: Try attaching to the process with `gdb -p 12345` with 12345 being the process ID. Then: 1. Get a backtrace for all threads: thread apply all bt 2. Generate a core file: generate-core-file If you are also able to connect to the stats socket of that proce

Re: Runaway process

2019-07-11 Thread Sander Klein
On 2019-07-12 04:27, Willy Tarreau wrote: If you can at least show the backtrace, this could be useful and we can see if the core would be needed or not. Maybe this will match another known bug. This is the BT of yesterday: --- GNU gdb (Debian 7.12-6) 7.12.0.20161007-git Copyright (C) 2016 Fr

Re: CPU Spikes

2019-07-14 Thread Sander Klein
On 2019-07-09 08:53, Sander Klein wrote: It could be useful to issue "show activity" twice 1 second apart when this happens, and maybe even "show fd" and "show sess all" if you don't have too many connections. Right, I will do the above steps. But, since t

Random 502's and instant 504's after upgrading

2019-07-18 Thread Sander Klein
Hi, Last night I tried upgrading from haproxy 1.9.8 to 2.0.2. After upgrading I get random 502's and random instant 504's when visiting pages. For the 502's I see the following in the log: Jul 18 08:14:09 HOST haproxy[2003]: xxx:xxx:xxx:xxx:xxx::xxx [18/Jul/2019:08:14:09.133] cluster1-in~ c

Re: Random 502's and instant 504's after upgrading

2019-07-18 Thread Sander Klein
On 2019-07-18 09:15, Sander Klein wrote: Hi, Last night I tried upgrading from haproxy 1.9.8 to 2.0.2. After upgrading I get random 502's and random instant 504's when visiting pages. Just tested with 'no option http-use-htx' in the defaults section and then my probl

Re: Random 502's and instant 504's after upgrading

2019-07-19 Thread Sander Klein
Hi Lukas and Christopher, I've combined the answer of your 2 mails. On 2019-07-18 17:17, Lukas Tribus wrote: Could be related to: https://github.com/haproxy/haproxy/issues/176 Probably, but I'm not doing HTTP/1 and I have not found a request to reproduce it with. It happens at random. Can

Re: Random 502's and instant 504's after upgrading

2019-07-20 Thread Sander Klein
On 2019-07-19 14:05, Christopher Faulet wrote: Le 19/07/2019 à 09:36, Sander Klein a écrit : --- HTTP/1.1 200 OK Server: nginx Date: Fri, 19 Jul 2019 07:32:03 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Vary: Accept-Encoding Vary

Re: Random 502's and instant 504's after upgrading

2019-07-22 Thread Sander Klein
On 2019-07-22 10:59, Christopher Faulet wrote: Le 20/07/2019 à 19:50, Sander Klein a écrit : Sorry, I forgot to mention, I pushed another patch that may help you. In HAProxy 2.0, it is the commit 0bf28f856 ("BUG/MINOR: mux-h1: Close server connection if input data remains in h1_detach()&

Re: Random 502's and instant 504's after upgrading

2019-07-22 Thread Sander Klein
On 2019-07-22 13:05, Sander Klein wrote: On 2019-07-22 10:59, Christopher Faulet wrote: Le 20/07/2019 à 19:50, Sander Klein a écrit : Sorry, I forgot to mention, I pushed another patch that may help you. In HAProxy 2.0, it is the commit 0bf28f856 ("BUG/MINOR: mux-h1: Close server connecti

rate limiting

2019-09-05 Thread Sander Klein
Hi, I was looking at implementing rate limiting in our setup. But, since we are handling both IPv4 and IPv6 in the same frontends and backends, I was wondering how I could do that. AFAIK a stick table is either IPv4 or IPv6 and you can only have one stick table per frontend or backend. Is

Re: Truncated response on 2.0.8

2019-10-28 Thread Sander Klein
On 2019-10-26 18:10, Ing. Andrea Vettori wrote: Hello, I'm using haproxy 2.0.8 and ssl termination with h2 and http1.1 protocols. Since today we always used http1.1 on the backends. I’ve tried to use http2 on the development backend but I get truncated response (not always but very often). Tryi

h2 bad requests

2017-12-28 Thread Sander Klein
Hi, I'm playing around with http2 on haproxy 1.8.2 but when I enable it I get HTTP 400's on some requests. When sending a show errors to the admin socket I get no errors at all. Disabling http2 makes the rror go away. The logfile shows: Dec 28 22:09:02 hostname haproxy[23043]: x.x.x.x:58219

Re: h2 bad requests

2017-12-28 Thread Sander Klein
Hi Lucas, On 2017-12-28 22:38, Lucas Rolff wrote: Hi Sander, Which exact browser version do you use? There’s an ongoing thread already (https://www.mail-archive.com/haproxy@formilux.org/msg28333.html ) regarding the same issue. I just noticed and was reading up. I can reproduce this problem

Haproxy 1.8.4 400's with http/2

2018-02-21 Thread Sander Klein
Hi All, Today I tried enabling http/2 on haproxy 1.8.4. After enabling all requests to a certain backend started to give 400's while requests to other backend worked as expected. I get the following in haproxy.log: Feb 21 14:31:35 localhost haproxy[22867]: 2001:bad:coff:ee:cd97:5710:4515:7c7

Re: Haproxy 1.8.4 400's with http/2

2018-02-22 Thread Sander Klein
lease share the configuration; also you may want to try enabling proxy_ignore_client_abort in the nginx backend [1]. cheers, lukas [1] http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_client_abort On 21 February 2018 at 15:29, Sander Klein wrote: Hi All, Today I tried

Re: SNI matching issue when hostname ends with trailing dot

2018-07-27 Thread Sander Klein
Hi Warren, As far as I know this is by design. If you do not want this behavior you need to use strict-sni in your bind statement. Regards Sander > On 27 Jul 2018, at 12:47, Warren Rohner wrote: > > Hi HAProxy list > > Just thought I'd resend this report from May in case it was missed. If

Re: Using haproxy together with NFS

2018-08-03 Thread Sander Klein
Hi, You might want to have a look at IPVS for instance in combination with Keepalived. You can then even use udp mounts if you want. Just my 2 cents. Regards, Sander > On 2 Aug 2018, at 18:40, Lucas Rolff wrote: > > I indeed removed the send-proxy - then I had to put the IP of haproxy in

Deny http connection

2011-11-25 Thread Sander Klein
Hi, I was wondering if it is possible to start rate-limiting or deny a connection based on response codes from the backend. For instance, I would like to start rejecting or rate limit a HTTP connection when a client triggers more than 20 HTTP 500's within a certain time frame. It this poss

Re: haproxy and interaction with VRRP

2011-12-12 Thread Sander Klein
On 12.12.2011 10:28, Guillaume Castagnino wrote: Le lundi 12 décembre 2011 10:18:33, Vincent Bernat a écrit : Hi! When haproxy is bound to an IP address managed by VRRP, this IP address may be absent when haproxy starts. What is the best way to handle this? 1. Start haproxy only when the

Re: haproxy and interaction with VRRP

2011-12-12 Thread Sander Klein
On 12.12.2011 12:15, Vincent Bernat wrote: On Mon, 12 Dec 2011 11:13:05 +0100, Sander Klein wrote: I started doing this because there is no nonlocal_bind option for IPv6 (or I didn't search well enough (-: ) From the source code, it seems that IPv4 non local bind sysctl also applies to

Re: haproxy and interaction with VRRP

2011-12-12 Thread Sander Klein
On 12.12.2011 13:10, Vincent Bernat wrote: On Mon, 12 Dec 2011 13:04:22 +0100, Sander Klein wrote: I started doing this because there is no nonlocal_bind option for IPv6 (or I didn't search well enough (-: ) From the source code, it seems that IPv4 non local bind sysctl also applies to

Re: haproxy and interaction with VRRP

2011-12-13 Thread Sander Klein
On 12.12.2011 14:32, Vincent Bernat wrote: On Mon, 12 Dec 2011 13:23:11 +0100, Sander Klein wrote: I started doing this because there is no nonlocal_bind option for IPv6 (or I didn't search well enough (-: ) From the source code, it seems that IPv4 non local bind sysctl also appli

Possible bug in 1.5-dev7

2012-01-18 Thread Sander Klein
Hi, I'm observing some strange behavior with slowstart and the track option. When taking out web1 for maintenance and putting it back online the weight of cluster1/web1 returns to 100 in 5 minutes but cluster2/web1 keeps stuk at 7. Is this expected behavior? I have the following config:

Re: Possible bug in 1.5-dev7

2012-01-19 Thread Sander Klein
On 18.01.2012 11:08, Sander Klein wrote: Hi, I'm observing some strange behavior with slowstart and the track option. When taking out web1 for maintenance and putting it back online the weight of cluster1/web1 returns to 100 in 5 minutes but cluster2/web1 keeps stuk at 7. Is this exp

Re: Geotargeting and Server DOWN problem

2012-01-26 Thread Sander Klein
Hi, On 26.01.2012 18:45, Sebastian Fohler wrote: I'm trying to setup a loadbalancing configuration with four backend server on nginx basis. The first problem I had was, while checking the haproxy stats, that they show every backendserver is at least the same time DOWN as it is UP, how can this b

Re: Geotargeting and Server DOWN problem

2012-01-27 Thread Sander Klein
On 27.01.2012 06:18, Sebastian Fohler wrote: Thank you for your answer. I try the nginx part, hope it works out. The real ip and nginx part should be fairly easy. As far as I know I don't use active checks (at least no check statement within my config). Should I? Well, if you do not do any

Re: Geotargeting and Server DOWN problem

2012-01-27 Thread Sander Klein
On 27.01.2012 16:01, Sebastian Fohler wrote: Sorry just found out that I definitly do an active check. But for some reason every second refresh of my stats shows the servers down. Any idea why that could be? The servers are definitly up all that time. Hmz, I don't know. It think it's helpful

TIME_WAIT tuning

2012-01-27 Thread Sander Klein
Hi, while benchmarking my new web-server cluster I quickly hit the limit of 32.768 sockets in TIME_WAIT state. I've been looking around on the internet but I'm a bit confused if this limit can be tuned somehow or if it's an hard limit. I read about the tcp_fin_timeout and tcp_tw_reuse/recycl

Re: TIME_WAIT tuning

2012-01-29 Thread Sander Klein
Oh dear... I did some more testing and it's not a problem with TIME_WAIT. It was a firewall in between. During my last test I easily had 60.000 connections in TIME_WAIT state. Greets, Sander On 27.01.2012 21:52, Sander Klein wrote: Hi, while benchmarking my new web-server clus

Re: TIME_WAIT tuning

2012-01-29 Thread Sander Klein
Hi Willy, Thank you for your answer. During my search on the internet I found a lot of articles about TIME_WAIT stuff and a limit of 32.768. Since I had around that many sockets in TIME_WAIT I assumed this would be my problem. I did enable tcp_tw_reuse, but I'm not sure if it will work becau

Log 400 bad request

2012-02-10 Thread Sander Klein
Hi All, I'm having a small problem with non RFC2616 requests. I would like to log them, but haproxy only logs: cluster1-in cluster1-in/ -1/-1/-1/-1/0 400 1951 - - PR-- 235/235/0/0/0 0/0 {|||} {} "" Is there a way to log them with the full host header and URL? I know I can show them with 'e

Re: Log 400 bad request

2012-02-13 Thread Sander Klein
Hi Willy, On 13.02.2012 08:07, Willy Tarreau wrote: You won't have it in the log because the request failed to completely parse. Maybe we could improve a bit the error path to be able to report the request URI when only headers fail, that would help. In my case that won't help. I need to fin

Crash with ss-20120310 and ss-20120311

2012-03-12 Thread Sander Klein
Hi, today I've experienced 3 crashes on 2 servers with haproxy. I've never had any before so I thought I would just put a note up here. 20120310 crashed with: Server 1 haproxy[3065] general protection ip:452ddf sp:7fff02906808 error:0 in haproxy[40+6e000] Server 2 haproxy[30329]: segfau

Re: Crash with ss-20120310 and ss-20120311

2012-03-15 Thread Sander Klein
Hey Willy, On 15.03.2012 07:53, Willy Tarreau wrote: Hi, On Tue, Mar 13, 2012 at 07:05:36PM +0100, Baptiste wrote: Hey, I guess Willy would be keen to get the core dump and the haproxy binary with its configuration. You should try to reach him directly. Yes Sander, please can you send me a

Re: Crash with ss-20120310 and ss-20120311

2012-03-15 Thread Sander Klein
On 15.03.2012 10:10, Willy Tarreau wrote: Do you care which snapshot I run? Ideally the first one which exhibited the issue. BTW, do you know which most recent one you used without the issue ? Eg: do you know if 20120306 has the same issue ? I'm currently running 20120207 which doesn't gi

Re: haproxy with keepalived

2012-03-20 Thread Sander Klein
Hey Esteban, Your config looks good to me. Sometimes it can happen that during failover not all servers receive the gratuitous arp and they keep sending traffic to the backup router. I normally force another failover to force another gratuitous arp get it working again. It shouldn't happen t

Re: haproxy 1.5dev7 server check failed with IPv6

2012-03-29 Thread Sander Klein
Hi, On 29.03.2012 16:44, Delta Yeh wrote: Hi, It seems haproxy failed to do server check with IPv6. The top is like: browser---haproxy-www server I did the following tests: 1. IPv4 http server with server check, it works 2. IPv6 http server with server check, I get http 503. Afte

Re: haproxy: *** glibc detected *** /usr/sbin/haproxy: double free or corruption (out): 0x0000000001ef41a0 ***

2012-05-22 Thread Sander Klein
Hmmm, I thought I typed more text... On 22.05.2012 11:06, Sander Klein wrote: Hi, When I reload haproxy I get this message: May 22 11:02:45 lb01-a haproxy: *** glibc detected *** /usr/sbin/haproxy: double free or corruption (out): 0x01ef41a0 *** I'm running haproxy 1.5-dev10

Re: haproxy: *** glibc detected *** /usr/sbin/haproxy: double free or corruption (out): 0x0000000001ef41a0 ***

2012-05-31 Thread Sander Klein
be ignored? Greets, Sander Klein

Re: haproxy: *** glibc detected *** /usr/sbin/haproxy: double free or corruption (out): 0x0000000001ef41a0 ***

2012-05-31 Thread Sander Klein
Hey Willy, On 01.06.2012 01:03, Willy Tarreau wrote: Sander, first, thank you very much for your configuration, I could reproduce the issue here. It's not 100% reproducible due to address randomization, but common enough to get the issue. The issue comes from the use of user-lists which are

Response headers max size

2012-06-21 Thread Sander Klein
Hi List, We are using HAProxy 1.5-dev11 and have a small issue with it. Some of our coders use php firebug when they are debugging code. php firebug puts a lot of stuff in the response headers (X-WF-* headers) But, it looks like HAProxy blocks responses when the headers are larger than 8KB. I

Re: Response headers max size

2012-06-21 Thread Sander Klein
Hi, On 21.06.2012 14:17, Willy Tarreau wrote: Some of our coders use php firebug when they are debugging code. php firebug puts a lot of stuff in the response headers (X-WF-* headers) But, it looks like HAProxy blocks responses when the headers are larger than 8KB. Is there a way to make HAProx

Re: Haproxy and UTF8-encoded chars

2012-07-25 Thread Sander Klein
Hi, On 25.07.2012 08:22, Stojan Rancic (Iprom) wrote: Hello, we're experiencing issues with HAproxy 1.5-dev11 rejecting GET requests with UTF8-encoded characters. The encoding happens with Javascript's Encode function for east european characters (š, č, ž, etc) . We are experiencing the same

Re: Haproxy and UTF8-encoded chars

2012-07-26 Thread Sander Klein
On 26.07.2012 09:44, Stojan Rancic (Iprom) wrote: On 25.7.2012 11:21, Sander Klein wrote: We are experiencing the same issue, but it only happens with Internet Explorer. So I figured it must be a bug on the internet explorer side and not on the HAProxy side since internet explorer doesn&#

Re: unsubscribe

2012-09-21 Thread Sander Klein
no no no... isn't that cute, but it's wrong! It says: Subscribe to the list : haproxy+subscr...@formilux.org Unsubscribe from the list : haproxy+unsubscr...@formilux.org so mailing to haproxy+unsubscr...@formilux.org should do the trick... On 21.09.2012 19:10, Svancara, Randall wrote: Unsubsc

Bug in 1.5-dev15, dev-14 and maybe lower?

2012-12-12 Thread Sander Klein
s a bug in HAProxy or is it my config? Downgrading to dev11-ss-20120604 fixes the issue. Greets, Sander Klein My config: ### # Global Settings ### global log 127.0.0.1 local0 # log 127.0.0.1 local0 notice # log 127.0.0.1 local0 err #

Re: Bug in 1.5-dev15, dev-14 and maybe lower?

2012-12-13 Thread Sander Klein
Hi Willy, On 12.12.2012 22:53, Willy Tarreau wrote: Hi Sander, Could you try to disable the splice options just to see ? And if that does not change anything, please also try to disable "option abortonclose". That will help us narrow the issue down. Anyway, I don't see anything wrong with yo

Re: Testers wanted : about the stalled POST issues

2012-12-14 Thread Sander Klein
Hi Willy. On 14.12.2012 16:41, Willy Tarreau wrote: Hi, it seems there have been a few reports of stalled POST requests recently, but at this point in time we still have very few information and it's hard to draw a verdict. After a long code review, I suspect one recent fix for the CPU spi

Re: Testers wanted : about the stalled POST issues

2012-12-15 Thread Sander Klein
Hi Willy, On 15.12.2012 09:14, Willy Tarreau wrote: The bug is somehow very hard to trigger. But, I did manage to trigger the bug with dev15 a couple of times and I have not been able to trigger it with dev15-and-your-patch. So I think your patch fixes the issue. Thank you very much for tes

Rate limit URL or src IP

2013-04-02 Thread Sander Klein
Hi All, I know this question has been asked more times, but currently I'm experiencing some problems with some people harvesting data from our websites at high rates. I would like to block them based on the URL or simply on src IP. Currently I've implemented the 'Limiting the HTTP request ra

Re: Rate limit URL or src IP

2013-04-02 Thread Sander Klein
Just add an IPv6 bind to your HAProxy setup and you're done. no IPv6 to configure on your servers, since HAProxy will act as a 6to4 gateway: http://blog.exceliance.fr/2011/06/14/layer-7-ipv6-configuration/ [2] Baptiste On Tue, Apr 2, 2013 at 10:11 AM, Sander Klein wrote: Hi All, I

Problem with ss-20130402

2013-04-02 Thread Sander Klein
Hi, Today I tried upgrading to haproxy-ss-20130402 and this gave me a lot of problems. I do something like: # Web cluster acl iscluster1-1-rlhdr_sub(host) -i somehost.com anotherhost.com acl iscluster1-1 hdr(host) -f /etc/haproxy/cluster1-1.txt acl iscluster1-2 hdr(host) -f /e

Re: Problem with ss-20130402

2013-04-02 Thread Sander Klein
Hi!, On 02.04.2013 16:16, Sander Klein wrote: When using this config with ss-20130402 I do not get any traffic to cluster1-2. I didn't have enough time to do a proper debug since I was doing it in production ;-) I might have a better look at it this evening. It works fine with ss-201

Re: Problem with ss-20130402

2013-04-02 Thread Sander Klein
Replying to myself again... On 02.04.2013 16:59, Sander Klein wrote: Hi!, On 02.04.2013 16:16, Sander Klein wrote: When using this config with ss-20130402 I do not get any traffic to cluster1-2. I didn't have enough time to do a proper debug since I was doing it in production ;-) I

Re: Problem with ss-20130402

2013-04-02 Thread Sander Klein
Hi Thomas, On 02.04.2013 21:02, Thomas Heil wrote: Of course, it matters. As you explained the problem should be arround patch 86 up to 101. How does you haproxy -vv look like? Do you use compression or SSL? Could you eliminate Patch 91,92 and 98? haproxy -vv looks like: sander@lb01-a:~$ /us

haproxy-dev18 http-request

2013-04-03 Thread Sander Klein
Hi, I try to do the following in my haproxy (dev18) config: http-request set-header X-Forwarded-Proto https if ssl_fc http-request set-header X-Forwarded-Ssl on if ssl_fc http-request set-header X-Forwarded-Proto http if ! ssl_fc http-request set-header X-Forwarded-Ssl off if ! ssl_fc But, wh

Re: haproxy-dev18 http-request

2013-04-03 Thread Sander Klein
On 03.04.2013 11:38, Baptiste wrote: Hi, You want to use anonymous ACLs which requires brackets '{' and '}', like: http-request set-header X-Forwarded-Proto https if { ssl_fc } Baptiste On Wed, Apr 3, 2013 at 11:15 AM, Sander Klein wrote: Hi, I try to do the fol

Re: haproxy-dev18 http-request

2013-04-03 Thread Sander Klein
ntend-SSL %[ssl_fc] https %[ssl_fc] will be 0 in case of HTTP and 1 in case of SSL. You can't setup an ACL after the set-header directive. Baptiste On Wed, Apr 3, 2013 at 12:09 PM, Sander Klein wrote: Hmmm, nope, it still doesn't work I did: http-request set-header X-Forwarded

Re: haproxy-dev18 http-request

2013-04-03 Thread Sander Klein
On 03.04.2013 14:20, Willy Tarreau wrote: On Wed, Apr 03, 2013 at 12:09:37PM +0200, Sander Klein wrote: Hmmm, nope, it still doesn't work I did: http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Ssl on if { ssl_fc } http-request set-hea

Re: haproxy-dev18 http-request

2013-04-03 Thread Sander Klein
On 03.04.2013 14:20, Willy Tarreau wrote: On Wed, Apr 03, 2013 at 12:09:37PM +0200, Sander Klein wrote: Hmmm, nope, it still doesn't work I did: http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Ssl on if { ssl_fc } http-request set-hea

dev18 splice-auto

2013-04-05 Thread Sander Klein
Hi, I'm running haproxy-dev18 with patch 0001 to fix the tcp-request set-header stuff, and I get a lot of "SD--" messages in my syslog. When browsing websites behind haproxy random url do not get loaded. So, sometimes stylesheets or javascripts don't get loaded and sometimes the whole page do

RE: dev18 splice-auto

2013-04-05 Thread Sander Klein
Hi Lukas, On 05.04.2013 12:00, Lukas Tribus wrote: Whats is the percentage of requests failing this way? I'm not sure. But I think it's less than 1%. We do a couple of 100's request per second and about every second I see one failed request. Do you know if this is an issue introduced by a c

Re: dev18 splice-auto

2013-04-06 Thread Sander Klein
Heh, I didn't have time to test the previous one, but I'll test this one this evening. Greets, Sander On 6 apr. 2013, at 11:50, Willy Tarreau wrote: > Hi Sander, > > the patch I proposed was not enough, it only fixed a few of the > occurrences. The issue was introduced in dev12 with the con

Re: dev18 splice-auto

2013-04-06 Thread Sander Klein
On 06.04.2013 11:50, Willy Tarreau wrote: Hi Sander, the patch I proposed was not enough, it only fixed a few of the occurrences. The issue was introduced in dev12 with the connection rework. Please use the attached patch, which I have tested to fix the issue here and merged. The issue mainl

Add X-Forwarded-For

2013-05-08 Thread Sander Klein
Hi, I want to move some websites behind cloudfare. They already add an X-Forwarded-For header so I do not want to add it if the request comes from cloudfare, but I do want to add it if the request is not from cloudfare. Since both requests will pass through the same frontend I need some kin

Re: Add X-Forwarded-For

2013-05-08 Thread Sander Klein
Replying to myself ;-) On 08.05.2013 10:52, Sander Klein wrote: Hi, I want to move some websites behind cloudfare. They already add an X-Forwarded-For header so I do not want to add it if the request comes from cloudfare, but I do want to add it if the request is not from cloudfare. Since

Re: Add X-Forwarded-For

2013-05-08 Thread Sander Klein
Hey, You have the optional argument "if-none" for "option forwardfor", but you should not do this with external proxies whose addresses you don't know because anyone could pass one and fool you. This doesnt feel like a good option ;-) In practice you would need them to pass you some informat

  1   2   >