Re: Question about source IP persistence (balance source) when a server goes down:

2009-01-17 Thread Willy Tarreau
Hi Malcolm, On Fri, Jan 16, 2009 at 02:48:18PM +, Malcolm Turnbull wrote: The manual states that when using balance source: The source IP address is hashed and divided by the total weight of the running servers to designate which server will receive the request. This ensures that the

Re: Balancing OpenLDAP

2009-01-19 Thread Willy Tarreau
On Mon, Jan 19, 2009 at 10:16:46PM +0100, Jordi Espasa wrote: Jordi's question got me thinking. Does haproxy support externally scripted healthchecks? If not, this would be useful for implementing a variety of healthchecks that aren't built into haproxy. Yes. It would be a very cool feature.

Re: HAProxy: listening port set up and performance

2009-01-19 Thread Willy Tarreau
Hi, On Mon, Jan 19, 2009 at 06:11:13PM -0800, Hsin, Chih-fan wrote: Hi, I am new to HAProxy and have questions about the configuration and performance. I downloaded HAProxy 1.3.15.7 from http://haproxy.1wt.eu/blocked::http://haproxy.1wt.eu/ to /home/user/Tool Unpacked it by tar

Re: Balancing OpenLDAP

2009-01-20 Thread Willy Tarreau
On Tue, Jan 20, 2009 at 07:43:25PM +0800, Unai Rodriguez wrote: How about writing a bash script that checks LDAP status somehow and have this script managed by xinetd? The script should return HTTP/1.1 200 OK\r\n if the LDAP server is fine or something else if not (e.g. HTTP/1.1 503

Re: reqrep help

2009-01-21 Thread Willy Tarreau
Hi Dave, On Wed, Jan 21, 2009 at 12:44:53PM -0500, Dave Pascoe wrote: Long-time haproxy user...first time poster. Finally ran into a rewrite issue I just haven't been able to solve. Seems like it ought to be simple. Problem: Need to rewrite requests like /foo/favicon.ico and to just

Re: stats socket problem

2009-01-21 Thread Willy Tarreau
Hi Martin, On Wed, Jan 21, 2009 at 12:13:35PM +0100, Martin Karbon wrote: Hi I am relatively new to this great software and I am having problems with the feature stats socket. it won't write the haproxy.stat file no matter what. so I cannot run the socat. r...@lb1:~# echo show stat |

Re: haproxy configuration for load balancing

2009-01-21 Thread Willy Tarreau
On Wed, Jan 21, 2009 at 06:53:16PM +0530, vaibhav pol wrote: Hi , I am using ajaxterm service on loadbalncer where i setup haproxy and i want to balance this web terminal service which running on the 8022 port when client wants to connect to the this service it has to redirect to one of

Re: stats socket problem

2009-01-21 Thread Willy Tarreau
On Wed, Jan 21, 2009 at 09:43:58PM +0100, Martin Karbon wrote: Quoting Willy Tarreau w...@1wt.eu: Hi Willy, thanks for the fast reply Hi Martin, On Wed, Jan 21, 2009 at 12:13:35PM +0100, Martin Karbon wrote: Hi I am relatively new to this great software and I am having problems

Re: Problems with HAProxy, down servers and 503 errors

2009-01-25 Thread Willy Tarreau
Hi John, On Sun, Jan 25, 2009 at 11:23:24AM -0500, John Marrett wrote: I'm embarassed to report that this is not an HAProxy issue. Don't feel embarassed. I'm glad that you found the issue. And it's kind to send us an update. In addition to the changes being made on the load balancing level,

Re: Check on Port 60000 not responding in time

2009-01-25 Thread Willy Tarreau
Hi Joseph, On Fri, Jan 23, 2009 at 07:21:08PM -0500, Joseph Hardeman wrote: Hi Guys, Here is a question I am hoping someone has either seen before or has a suggestion for me. For the first time since we put haproxy in months ago, the primary haproxy we have did not respond in 10

Re: Stunnel + HAProxy + Apache + Tomcat

2009-01-25 Thread Willy Tarreau
Hi Jill, On Thu, Jan 22, 2009 at 02:30:55PM -0500, Jill Rochelle wrote: I'm just getting started with all this; I thought I had this working last year, but having issues now. When using stunnel and xforwardfor with haproxy, is the URL suppose to stay https or will it change to http? If

Re: Problems with HAProxy, down servers and 503 errors

2009-01-25 Thread Willy Tarreau
On Sun, Jan 25, 2009 at 07:06:23PM -0500, John Marrett wrote: Willy, No problem, no time wasted yet ! Well, none of your time :) It took me far longer than it should have to realise my error. Regretable, packet captures are usually my first diagnostic tool. A mistake I won't make again

Re: load balancing based off type of request

2009-01-26 Thread Willy Tarreau
On Mon, Jan 26, 2009 at 09:28:48PM -0800, Joe Williams wrote: I am attempting to load balance based off of the type of request (POST, PUT, DELETE, GET, etc). Sending GETs to all backend servers and POST, DELETE and PUT to only one. From the documentation it looks like this might be

Re: Retrying backend servers

2009-01-27 Thread Willy Tarreau
Hi Dylan, On Tue, Jan 27, 2009 at 12:13:04PM +1100, Dylan Egan wrote: Hi, I want to understand the process a bit more to clarify whether or not a retry should be occurring in this situation. Essentially I have a pretty standard haproxy setup and it has 7 backend servers. Now when a request

Re: Log setting in haproxy configure file

2009-01-27 Thread Willy Tarreau
On Tue, Jan 27, 2009 at 07:25:02AM -0500, John Lauro wrote: You must enable syslog to listen via IP (default is socket only). On centos/redhat, modify /etc/sysconfig/syslog to include -r option, such as: SYSLOGD_OPTIONS=-m 0 -r We'll have to add this one to the future FAQ BTW, as it's one

Re: [PATCH] [MEDIUM] access control (block) rework - rfc

2009-01-27 Thread Willy Tarreau
Hi Krzysztof, On Tue, Jan 27, 2009 at 05:50:08PM +0100, Krzysztof Piotr Oledzki wrote: From 5368532099b8e8c2c6970df8a2d1463a7eaa72bc Mon Sep 17 00:00:00 2001 From: Krzysztof Piotr Oledzki o...@ans.pl Date: Tue, 27 Jan 2009 16:47:15 +0100 Subject: [MEDIUM] access control (block) rework - rfc

Re: [PATCH] [MEDIUM] access control (block) rework - rfc

2009-01-28 Thread Willy Tarreau
On Thu, Jan 29, 2009 at 01:38:13AM +0100, Krzysztof Oledzki wrote: On Wed, 28 Jan 2009, Willy Tarreau wrote: CUT We may start with implementing a sequential ordering for req (request) and supporting three default targets: deny, tarpit and allow. And redirect please ;-) If we do

Re: Reducing I/O load of logging

2009-02-13 Thread Willy Tarreau
Hi guys, On Fri, Feb 13, 2009 at 08:04:50AM -0500, John Lauro wrote: It wouldn't hurt to put RHEL 5 or Centos 5 on the box instead of FC. FC is generally meant for desktops instead of servers. A customer has encountered a similar issue a few times on RHEL3. We noticed there was swap on the

Re: Response with leading space?

2009-02-14 Thread Willy Tarreau
On Sat, Feb 14, 2009 at 10:19:33AM -0500, Luke Melia wrote: On Fri, Feb 13, 2009 at 09:30:18PM +0100, Willy Tarreau wrote: Wow. That's pretty strange. I don't see any possibility for haproxy to do something like this, especially at the beginning of the data. But I can't imagine how nor why

Re: Problem with haproxy under testload

2009-02-19 Thread Willy Tarreau
Hi Valentino, On Thu, Feb 19, 2009 at 11:04:21AM -0800, Valentino Volonghi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've been trying to use haproxy 1.3.15.7 in front of a couple of erlang mochiweb servers in EC2. The server alone can deal with about 3000 req/sec and I

Re: HAProxy mod_rails (Passenger)

2009-02-19 Thread Willy Tarreau
On Thu, Feb 19, 2009 at 10:02:36AM +0100, Matthias Müller wrote: Hello there I'm trying to find a suitable solution to load balance Rails applications via Passenger and HAProxy.Currentliy I'm doing a lot of testing using Apache Bench. The setting is as simple as follows: machine A:

Re: Read stat or info from the socket via perl

2009-02-19 Thread Willy Tarreau
Hi, On Sat, Feb 14, 2009 at 10:53:11PM +0100, vmware vmware wrote: Hi all, I am trying to read the information (show info, show stat) from the socket of haproxy with a perl script in order to get a similar result when using the socat command. The problem is that I am not able to read

Re: Problem with haproxy under testload

2009-02-19 Thread Willy Tarreau
On Thu, Feb 19, 2009 at 03:59:54PM -0800, Valentino Volonghi wrote: Could you check net.ipv4.tcp_tw_reuse, and set it to 1 if it's zero ? It probably was set to 0... This fix and the change of tcp_mem to the standard values (which are created dynamically depending on the available memory)

Re: A patch for haproxy 1.3.15.7 (HTTP-ECV)

2009-02-20 Thread Willy Tarreau
Hi, On Fri, Feb 20, 2009 at 05:55:22PM +0800, FinalBSD wrote: Hi Willy, I'm sorry, I think these two features are actullay the same, so I just give you one patch. OK that does not matter much. Maybe you should do some optimization for my code, but it's works now. Now we can use:

Re: Read stat or info from the socket via perl

2009-02-20 Thread Willy Tarreau
Hello Maria, On Fri, Feb 20, 2009 at 11:56:53AM +0100, Maria wrote: Dear Willy, I don't have a lot of experience in perl to. As Nagios allows also to do this via bash or c, I can also use this. My main goal is only to read this information with a language (supported by nagios) and send

Re: priority servers in an instance

2009-02-22 Thread Willy Tarreau
Hi Karl, On Fri, Feb 20, 2009 at 02:23:37PM -0800, Karl Pietri wrote: Hello everyone, I am using haproxy with ruby on rails backend servers and am trying to setup a system that will have a few mongrels dedicated to priority traffic and spill over to the main pool if those are busy.

Re: mailing list errors

2009-02-24 Thread Willy Tarreau
Hi Michael, On Mon, Feb 23, 2009 at 02:25:50PM -0800, Michael Fortson wrote: I can't tell if my posts are going through -- have I made a couple of posts in the last few hours? your posts are there. Benoit found what was reporting errors. It's just that all mails sent to the list are also

Re: protection against DDoS attacks

2009-02-24 Thread Willy Tarreau
On Tue, Feb 24, 2009 at 07:43:53PM +0300, Ahmad Al-Ibrahim wrote: Hi, I'm using HAProxy in the frontend as a reverse proxy to backend servers, I'm thinking of possible ways to protect backend servers from being attacked. How effective is doing url redirect to protect against these

Re: Error / Under Maintenance notice page?

2009-02-24 Thread Willy Tarreau
On Tue, Feb 24, 2009 at 02:15:57PM -0500, John Marrett wrote: You could also considering using the errorloc directive, a 503 response will be emitted when there is no backed server available to service the request. There's a table of response codes, and what circumstances they are generated

Re: Tw timeout server, but no retries happened? sQ 503 NOSRV error in logs

2009-02-24 Thread Willy Tarreau
On Mon, Feb 23, 2009 at 12:12:43PM -0800, Michael Fortson wrote: Feb 23 18:50:22 www haproxy[15344]: 11.1.11.1:45025 [23/Feb/2009:18:50:21.939] webservers fast_mongrels/NOSRV 0/101/-1/-1/101 503 212 - - sQ-- 322/309/9/0/0 0/1 GET /blahblah/update/57f6c2408f HTTP/1.1 sQ The session spent

Re: Just a small inconsistency in the docs for listening on multiple ports?

2009-02-26 Thread Willy Tarreau
Hi Malcolm, On Thu, Feb 26, 2009 at 11:45:31AM +, Malcolm Turnbull wrote: I'm using haproxy-1.3.15.7.tar.gz for some testing and looking at the options to bind multiple ports. The docs imply that you can use a line such as: listen    VIP_Name :80,:81,:8080-8089 But this gives me :

Re: measuring haproxy performance impact

2009-03-06 Thread Willy Tarreau
Hi Michael, On Thu, Mar 05, 2009 at 01:04:06PM -0800, Michael Fortson wrote: I'm trying to understand why our proxied requests have a much greater chance of significant delay than non-proxied requests. The server is an 8-core (dual quad) Intel machine. Making requests directly to the nginx

Re: Multi-format about the Documentations

2009-03-06 Thread Willy Tarreau
Hi, On Mon, Mar 02, 2009 at 08:07:08PM +0800, FinalBSD wrote: Hi, Yes Alexander, actually I wrote this by XML and compiled by DocBook tools, SGML here just means Docbook :), LaTeX is really the best for wrtting tecnical docs, but it's also complicated and need much to write. I'm

Re: A bug in the snapshot?

2009-03-06 Thread Willy Tarreau
Hi, On Mon, Mar 02, 2009 at 08:19:22PM +0800, FinalBSD wrote: Hi there, I'm not sure it's a bug in the snapshot(ss-20090207 and ss-20090223), but I really cannot get the right reponse when I use the monitor-net option like following:

Re: Frontend request errors

2009-03-06 Thread Willy Tarreau
Hi Steve, On Tue, Mar 03, 2009 at 03:17:43PM +0800, Sun Yijiang wrote: Hi everyone, I've been testing HAProxy for two days, it runs very well. However, I noticed that during the last 4 hours, with total 520K sessions, the number of frontend request errors (row Frontend, column Errors/Req

Re: option httpchk is reporting servers as down when they're not

2009-03-06 Thread Willy Tarreau
Hi Thomas, On Thu, Mar 05, 2009 at 08:45:20AM -0500, Allen, Thomas wrote: Hi Jeff, The thing is that if I don't include the health check, the load balancer works fine and each server receives equal distribution. I have no idea why the servers would be reported as down but still work when

Re: load balancer and HA

2009-03-06 Thread Willy Tarreau
On Wed, Mar 04, 2009 at 12:12:21AM +0100, Alexander Staubo wrote: On Tue, Mar 3, 2009 at 11:44 PM, Martin Karbon martin.kar...@asbz.it wrote: just wanted to know if anyone knows an opensource solution for a so called transparent failover: what I mean with that is, I installed two machines

Re: measuring haproxy performance impact

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 11:23:02AM -0800, Michael Fortson wrote: On Fri, Mar 6, 2009 at 8:43 AM, Willy Tarreau w...@1wt.eu wrote: Hi Michael, On Thu, Mar 05, 2009 at 01:04:06PM -0800, Michael Fortson wrote: I'm trying to understand why our proxied requests have a much greater chance

Re: measuring haproxy performance impact

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 11:49:39AM -0800, Michael Fortson wrote: Oops, looks like it's actually Gb - Gb: http://pastie.org/409653 ah nice ! Here's a netstat -s: http://pastie.org/409652 Oh there are interesting things there : - 513607 failed connection attempts = let's assume it was

Re: measuring haproxy performance impact

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 01:00:38PM -0800, Michael Fortson wrote: Thanks Willy -- here's the sysctl -a |grep ^net output: http://pastie.org/409735 after a quick check, I see two major things : - net.ipv4.tcp_max_syn_backlog = 1024 = far too low, increase it to 10240 and check if it helps

Re: question about queue and max_conn = 1

2009-03-06 Thread Willy Tarreau
Hi Greg, On Fri, Mar 06, 2009 at 03:54:13PM -0500, Greg Gard wrote: hi willy and all, wondering if i can expect haproxy to queue requests when max conn per backend it set to 1. running nginx haproxy mongrel/rails2.2.2. yes, it works fine and is even the recommended way of setting it for

Re: Dropped HTTP Requests

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 04:55:21PM -0500, Timothy Olson wrote: I'm using HAProxy 1.3.15.7 to load-balance three Tomcat instances, and to fork requests for static content to a single Apache instance. I've found that after the initial HTML page is loaded from Tomcat, the browser's subsequent

Re: measuring haproxy performance impact

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 05:20:48PM -0500, John Lauro wrote: - net.netfilter.nf_conntrack_max = 265535 - net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 = this proves that netfiler is indeed running on this machine and might be responsible for session drops. 265k

Re: measuring haproxy performance impact

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 02:36:59PM -0800, Michael Fortson wrote: On Fri, Mar 6, 2009 at 1:46 PM, Willy Tarreau w...@1wt.eu wrote: On Fri, Mar 06, 2009 at 01:00:38PM -0800, Michael Fortson wrote: Thanks Willy -- here's the sysctl -a |grep ^net output: http://pastie.org/409735 after

Re: load balancer and HA

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 11:47:14PM +0100, Alexander Staubo wrote: On Fri, Mar 6, 2009 at 7:48 PM, Willy Tarreau w...@1wt.eu wrote: When it comes to just move an IP address between two machines an do nothing else, the VRRP protocol is really better. It's what is implemented in keepalived

Re: load balancer and HA

2009-03-06 Thread Willy Tarreau
On Sat, Mar 07, 2009 at 12:14:44AM +0100, Alexander Staubo wrote: On Sat, Mar 7, 2009 at 12:07 AM, Willy Tarreau w...@1wt.eu wrote: A less ambitious scheme would have the new proxy take over the client connection and retry the request with the next available backend. Will not work because

Re: question about queue and max_conn = 1

2009-03-06 Thread Willy Tarreau
On Fri, Mar 06, 2009 at 10:02:03PM -0500, Greg Gard wrote: thanks for taking a look willy. let me know if there's anything else i should change. (...) defaults (...) # option httpclose This one above should not be commented out. Otherwise, client doing keepalive will artificially

Re: haproxy 1.3.16 getting really really closer

2009-03-07 Thread Willy Tarreau
Hi Jeff, On Sat, Mar 07, 2009 at 07:03:15PM +0800, Jeffrey 'jf' Lim wrote: Woohoo!! :) thanks, Willy, for the work. Seems like a really great list of stuff there. Especially love the HTTP invalid request and response captures per frontend/backend feature - I would definitely love to be able

[ANNOUNCE] haproxy-1.3.15.8 and 1.3.14.12

2009-03-08 Thread Willy Tarreau
Hi All, as there were a bunch of pending fixes, I have released 1.3.15.8 and 1.3.14.12. The big bug was found and fixed by Krzysztof, it involved server state tracking which could become extremely inefficient with large numbers of servers because of a typo. Some user-visible fixes include the

[ANNOUNCE] haproxy-1.3.16-rc1

2009-03-08 Thread Willy Tarreau
Hi all, Yes, this is it! 1.3.16-rc1. After almost 11 months of development! There are new features I often forget about after being used to them in the dev tree, but fortunately there are people who remind me those were not in 1.3.15 when I suggest them to use those ;-) I may forget a lot of

Re: [ANNOUNCE] haproxy-1.3.15.8 and 1.3.14.12

2009-03-08 Thread Willy Tarreau
On Sun, Mar 08, 2009 at 10:13:04PM -0400, Jeffrey Buchbinder wrote: I have attached a copy of the NSLU2 armv5b build (.ipk package) for the 1.3.15.8 release. If it doesn't attach properly, it's also available at: http://www.mediafire.com/file/bmhtdnzndu2/haproxy_1.3.15.8-1_armeb.ipk Thanks

Re: option httpchk is reporting servers as down when they're not

2009-03-09 Thread Willy Tarreau
Hi Thomas, just replying quick, as I'm in a hurry. On Mon, Mar 09, 2009 at 04:01:29PM -0400, Allen, Thomas wrote: That, along with specifying HTTP1.1, did it, so thanks! What should I load into Host: ? It seems to work fine with www, but I'd prefer to use something I understand. Please keep

Re: option httpchk is reporting servers as down when they're not

2009-03-09 Thread Willy Tarreau
On Mon, Mar 09, 2009 at 04:15:34PM -0400, Allen, Thomas wrote: I used the unit 'S' for my timeouts, as in clitimeout 60S contimeout 60S srvtimeout 60S Is that to be avoided? I assumed it meant seconds. OK it's just a minor problem. You have to use a lower-case s : 60s. It's stupid that

Re: option httpchk is reporting servers as down when they're not

2009-03-09 Thread Willy Tarreau
Hi Thomas, On Mon, Mar 09, 2009 at 05:20:49PM -0400, Allen, Thomas wrote: Hi Willy, Hm, changing to 60s for each gave me 100% 504 errors, I removed all three. Bad idea, I know, but at least it works then. then use 6, that's the old way of doing it :-) I'm running 1.2.18 because the

Re: HaProxy ACL (fwd) - access control

2009-03-15 Thread Willy Tarreau
Hi Krzysztof, On Mon, Mar 09, 2009 at 01:13:31PM +0100, Krzysztof Oledzki wrote: Hi Willy, First, please excuse that it took me nearly one moth to replay to your letter, shame on me. :( no problem, I know we're all facing the same issues trying to find time :-) In fact, I think that

Re: selinux policy for haproxy

2009-03-19 Thread Willy Tarreau
Hi, On Tue, Mar 17, 2009 at 09:26:43PM +0100, Jan-Frode Myklebust wrote: Here's an selinux policy for haproxy. The patch is built and lightly tested with haproxy-1.3.15.7-1.fc10.i386 on Fedora9, and haproxy-1.2.18 on RHEL5. believe it or not, I've never experimented at all with selinux.

Re: The gap between ``Total'' and ``LbTot'' in stats page

2009-03-22 Thread Willy Tarreau
On Thu, Mar 19, 2009 at 11:14:48PM -0700, James Satterfield wrote: I just recently upgraded my LBs to 1.3.15.8 from 1.2.something and noticed those stats. I was wondering about them as well. In my setup those numbers only seem to differ where I'm using cookies for persistence. Normally

Re: Can Haproxy work as a TCP-multiplexer i.e. combine requests into one connection to a server?

2009-03-22 Thread Willy Tarreau
Hi Malcolm, On Thu, Mar 19, 2009 at 11:42:31AM +, Malcolm Turnbull wrote: Possibly a stupid question but: Can Haproxy work as a TCP-multiplexer i.e. combine requests into one connection to a server? Or would that be related to using keep-alive? It requires that we get keep-alive to work

[ANNOUNCE] haproxy-1.3.16 (Stable)

2009-03-22 Thread Willy Tarreau
Hi all, now that's it for real. 1.3.16 is out. And with it, I'm declaring 1.3 as the new stable branch. That means that only fixes and minor feature enhancements may be merged in future 1.3 versions. New development will take place in 1.4 or maybe 2.0, I'll see. Anyway I'd like to adopt a new

Re: option httpchk is reporting servers as down when they're not

2009-03-25 Thread Willy Tarreau
Hi Thomas, On Wed, Mar 25, 2009 at 12:57:41PM -0400, Allen, Thomas wrote: Hi Willy, We now have HAProxy running over our freshly released website: http://www.infrastructurereportcard.org/ thanks for the heads up ! Thanks for this great piece of software and all the help! Only two

Re: some specfile fixes

2009-03-27 Thread Willy Tarreau
Hi Jan-Frode, On Thu, Mar 26, 2009 at 03:45:53PM +0100, Jan-Frode Myklebust wrote: And here's the patch that does everything I want to do to the specfile... Sorry about the noise. Thanks for your work on this. I have no way to test that the specfiles work, and I only update a few fields in

Re: High Cpu usage : fixed

2009-03-29 Thread Willy Tarreau
Guys, I've released 1.3.17 which fixes the high CPU usage. Bart Bobrowski helped me a lot tracking this bug that I could not reproduce here. It was caused by a timeout being re-armed just after a socket is being closed. Regards, Willy

Re: cpu 100% at strange times, epoll_wait and gettimeofday gets called too often

2009-03-29 Thread Willy Tarreau
Hi, On Fri, Mar 27, 2009 at 01:09:30PM +0100, Remco Verhoef wrote: Hi, We're experiencing strange behaviour of haproxy-1.3.15.8 and haproxy-1.3.16, at frequent times it will use 100% cpu. It appears that it is wait_time is not used. I've used both poll and epoll, same behaviour. The

Re: balance source based on a X-Forwarded-For

2009-03-29 Thread Willy Tarreau
On Sun, Mar 29, 2009 at 07:46:05PM +0200, benoit wrote: Jeffrey 'jf' Lim a écrit : On Wed, Mar 25, 2009 at 8:02 PM, Benoit maver...@maverick.eu.org wrote: diff -ru haproxy-1.3.15.7/doc/configuration.txt haproxy-1.3.15.7-cur/doc/configuration.txt --- haproxy-1.3.15.7/doc/configuration.txt

[ANNOUNCE] haproxy 1.3.17

2009-03-29 Thread Willy Tarreau
Hi all, some of you have noticed a very annoying bug in 1.3.16. CPU usage can go up to 100%. Unfortunately, it was (and still is) impossible for me to reproduce the issue as it's caused by a complex race condition, but Bart Bobrowski provided a lot of valuable help for troubleshooting this issue.

Re: balance source based on a X-Forwarded-For

2009-03-29 Thread Willy Tarreau
On Sun, Mar 29, 2009 at 12:31:27PM -0700, John L. Singleton wrote: I'm a little mystified as to the usefulness of this as well. I mean, what does hashing the domain name solve that just balancing back to a bunch of Apache instances with virtual hosting turned on doesn't? Are you saying

Re: balance source based on a X-Forwarded-For

2009-03-29 Thread Willy Tarreau
On Sun, Mar 29, 2009 at 10:17:39PM +0200, benoit wrote: BTW Benoit, be careful, you left some fprintf() in your patch. Regards, Willy Heck yes, i'll have to check on this thanks. You're welcome. Btw, why isn't this list set with a default reply to the list ? Because I hate it when

Re: x-client with SMTP, revisited

2009-03-30 Thread Willy Tarreau
Hi Eric, On Sun, Mar 29, 2009 at 09:06:40PM -0700, Eric Schwab wrote: We would like to use x-client with the SMTP protocol with haproxy, as a means to pass along some basic data to the backend SMTP servers. We looked into this a month or two ago and Willy mentioned that this would be

Re: [RFC] development model for future haproxy versions

2009-03-30 Thread Willy Tarreau
On Tue, Mar 31, 2009 at 10:57:26AM +0800, Jeffrey 'jf' Lim wrote: On Tue, Mar 31, 2009 at 5:06 AM, Willy Tarreau w...@1wt.eu wrote: Hi all! Now that the storm of horror stories has gone with release of 1.3.17, I'd like to explain what I'm planning to do for future versions of haproxy

Re: Forcing SSL encryption (a.k.a. 'redirect' keyword not recognised)

2009-04-02 Thread Willy Tarreau
On Wed, Apr 01, 2009 at 12:57:36PM +0300, John Doe wrote: I am perplexed as HAproxy 1.3.15.8 doesn't recognise the 'redirect' keyword. And it's right because 1.3.15.8 does not have it. This was implemented in 1.3.16 (use 1.3.17 instead, 1.3.16 is buggy). Also, be careful, there's a small

Re: patch: nested acl evaluation

2009-04-02 Thread Willy Tarreau
Hi Jeffrey, On Thu, Apr 02, 2009 at 02:23:44PM +0800, Jeffrey 'jf' Lim wrote: (...) Ok perhaps combinatorial was not the word that i should have used, but... I hope you can see the point/s with the explanation that i gave. The head acl only gets checked once - thereafter which it goes into

Re: patch: nested acl evaluation

2009-04-03 Thread Willy Tarreau
On Fri, Apr 03, 2009 at 01:37:53PM +0800, Jeffrey 'jf' Lim wrote: OK. Just so that I get an idea, how many use_backend rules (and how many backends) do you have in a large config ? I'm asking because I want to be able to support ACL files and rules files, and the way to implement them

Re: tcp proxy

2009-04-04 Thread Willy Tarreau
Hi Nicolas, On Fri, Apr 03, 2009 at 10:29:32PM -0300, Nicolas Cohen wrote: hi, i want to use haproxy to load balance a virtual world app we are developing in java, the app server benefits if most connected users in one particular machine are in the same regions of the virtual world

Re: patch: nested acl evaluation

2009-04-04 Thread Willy Tarreau
On Sat, Apr 04, 2009 at 10:20:23AM +0800, Jeffrey 'jf' Lim wrote: OK maybe use is OK in fact, considering the alternatives. :) some proposals for the keywords: for/use condition/use cond/use (cond/use seems the best compromise - short, but understandable enough) what would you

Re: tcp proxy

2009-04-04 Thread Willy Tarreau
On Sat, Apr 04, 2009 at 11:43:38AM -0300, Nicolas Cohen wrote: Hi Willy, It seems right to implement it. I'll review this with the team and let you know once we have an available patch. Nice, thanks! Willy

Re: Delay incoming tcp connections

2009-04-04 Thread Willy Tarreau
Hi, On Sat, Apr 04, 2009 at 07:46:28PM +0400, Alexey wrote: Hi, I saw post about delaying incoming smtp connections via haproxy. Looks like I need transparent proxy for saving source ip addresses, but it requires TPROXY in linux kernel. yes it does. I need to patch kernel + iptables

Re: Understanding stress conditions of a haproxy setups

2009-04-06 Thread Willy Tarreau
Hi, On Mon, Apr 06, 2009 at 03:50:13PM -0300, Mariano Cortesi wrote: Hi, I'm trying to optimize my haproxy and servers configuration, but I'm having problem when I want to understand what's failing or limiting the configuration. I'm using autobench with httperf to generate up to 3000 to

Re: Forcing SSL encryption (a.k.a. 'redirect' keyword not recognised)

2009-04-12 Thread Willy Tarreau
Hi, On Tue, Apr 07, 2009 at 11:05:16AM +0300, John Doe wrote: Hi For some reason acl stunnel src 10.0.0.0/8 doesn't seem to work (with version 1.3.15.8). That's not expected at all. Are you sure you were not mixing up with another problem ? Could you please retest with 1.3.17 ?

Re: A different kind of rate limiting

2009-04-12 Thread Willy Tarreau
Hi, On Sat, Apr 04, 2009 at 11:18:06PM -0700, Will Buckner wrote: Hey guys, I'm trying to find a solution to a problem I'm having This might be a unique use case, but the why is a bit complicated so I'll just leave that out of the picture for now. I would like to make a maximum of

Re: httpchk with apache tomcat

2009-04-12 Thread Willy Tarreau
On Tue, Apr 07, 2009 at 12:34:37PM -0400, Jill Rochelle wrote: I have a unique, maybe not unique, situation. The flow is like this In on apache 80 haproxy on 85 to find servers server is tomcat server but port is which goes back to apache then apache uses mod_jk to forward to

Re: Using acls to check if # connections less than number of up servers

2009-04-12 Thread Willy Tarreau
On Tue, Apr 07, 2009 at 02:58:27PM -0700, Karl Pietri wrote: Hey all I'm trying to use Acls to have a priority queue of servers for a special ip/port and fail over to the regular section and i'm wondering if its possible to have an acl that would check if dst_conn gt nbsrv(backend); the code

Re: [PATCH] Added 'option inject' for mode 'tcp'

2009-04-16 Thread Willy Tarreau
Hi Maik, On Fri, Apr 17, 2009 at 04:29:11AM +0200, Maik Broemme wrote: Hi, attached is a patch which adds a new option to HAProxy called 'inject' for the mode 'tcp'. In the current version of this patch you can only add data at the beginning of the session. I think this is very useful - at

HAProxy running at 10 Gigabit/s

2009-04-19 Thread Willy Tarreau
Hi all, I've wanted to redo those benchmarks at 10 Gbps for quite some time now, in fact since the release of 1.3.16 which brought splicing support and the new I/O layer. Now I found a few hours to re-run them, the results have been posted here : http://haproxy.1wt.eu/10g.html In short,

Re: A patch for haproxy-1.3.17 which add X-Original-Dst header.

2009-04-19 Thread Willy Tarreau
Hi Maik, On Fri, Apr 17, 2009 at 06:53:21PM +0200, Maik Broemme wrote: okay attached is now the final version, there were no new features or enhancements. I only renamed it from 'X-Original-Dst' to 'X-Original-To' because it is a common practice to name it so. For example Postfix does it in a

Re: Simple TCP with backup config

2009-04-19 Thread Willy Tarreau
Hi Michael, On Fri, Apr 17, 2009 at 04:47:38PM +0100, Michael Miller wrote: Hi, I am doing some intial testing with HAProxy and have come across a problem I don't seem to be able to resolve. A summary of what I am initially trying to achieve follows. I am trying to use HAProxy to provide

Re: option splice-auto

2009-04-20 Thread Willy Tarreau
Hi, On Sun, Apr 19, 2009 at 10:56:29PM +0100, Robert Simmons wrote: I am trying to configure HAProxy to use connection splicing, however 1.3.17 does not seem to accept this option. I've tried splice-auto along with request and response without success. According to the configuration,

Re: potential corruption in request body [1.3.15.7]

2009-04-20 Thread Willy Tarreau
On Sun, Apr 19, 2009 at 09:25:19PM -0700, Arash Ferdowsi wrote: another piece of (potentially useful) information is that the I have haproxy load balancing to 3 different machines with appservers (one of them being the same machine running haproxy). the corruption only occured when balancing

Re: HAProxy running at 10 Gigabit/s

2009-04-20 Thread Willy Tarreau
On Mon, Apr 20, 2009 at 10:02:44AM +0100, Malcolm Turnbull wrote: Willy, I've played around with using an old mkinitrd (from the same hardware but older kernel) and this allows you to boot Not sure if thats a bad idea or not though :-). Does you disk device change from hda to sda when

Re: potential corruption in request body [1.3.15.7]

2009-04-21 Thread Willy Tarreau
On Mon, Apr 20, 2009 at 11:05:23PM -0700, Arash Ferdowsi wrote: hi willy, I'm running 2.6.24-19 (on ubuntu 8.04). I don't explicitly have splicing turned on (is it on by default?) No, it requires a specific build option. Well, right now I'm at loss, especially since several big sites are

Re: haproxy 1.3.14.2 bad request outage

2009-04-24 Thread Willy Tarreau
Hi, On Fri, Apr 24, 2009 at 09:36:34AM +0200, Jean-Baptiste Quenot wrote: Hi there, This morning I noticed interesting problems regarding haproxy (1.3.14.2 here, yes I know archeology might be involved, I must upgrade). I have to say that we had a blackout during a few hours this night on

Re: HAProxy running at 10 Gigabit/s

2009-05-06 Thread Willy Tarreau
On Wed, May 06, 2009 at 06:42:42PM +0200, Julien VEHENT wrote: Hi, I'm not willy, but I know the location. The soft is available here : http://1wt.eu/tools/inject/ I built it with the following command : gcc -O3 -falign-functions=4 -falign-jumps -falign-loops -Wall -o inject31

Re: All backends appear to be used despite acls

2009-05-06 Thread Willy Tarreau
Hello, On Wed, May 06, 2009 at 06:55:09PM -0700, Brian Long wrote: Hello, I'm trying to configure haproxy to route static urls to Apache, and dynamic (api-rpc) requests straight to Tomcat. The config looks like: backend static mode http option forwardfor balance

Re: 1.3.17 in TCP mode sees dead servers (but they're not)

2009-05-06 Thread Willy Tarreau
On Mon, May 04, 2009 at 11:47:10AM +0200, Nicolas MONNET wrote: I'm experiencing a problem since updating to 1.3.17, whereby checks periodically see a backend service as down, one at a time, but for all 3 checks; and it picks right up again on the next check. Not sure what info I could get

Re: A patch for haproxy-1.3.17 which add X-Original-Dst header.

2009-05-08 Thread Willy Tarreau
Hi Maik, On Fri, May 08, 2009 at 04:44:05PM +0200, Maik Broemme wrote: Hi, many thanks Willy, I have still found a line which was missing in the patch. In 'src/cfgparse.c' around line 677 there are the default values set. I missed the following line: curproxy-except_to =

Re: [PATCH] Fix 'tcp-request content [accept|reject] if condition' parser for missing 'if'.

2009-05-12 Thread Willy Tarreau
Hi Maik, On Tue, May 12, 2009 at 01:36:46AM +0200, Maik Broemme wrote: Hi, attached is a patch which fixes a configuration mistake regarding the 'tcp-request' option. If you have the following in your configuration file: acl localnet dst 10.0.0.0/8 tcp-request

Re: TCP traffic multiplexing as balance algorithm?

2009-05-12 Thread Willy Tarreau
Hi Maik, On Tue, May 12, 2009 at 01:57:47AM +0200, Maik Broemme wrote: Hi, I have a small question. Did someone know if it is possible to do simple traffic multiplexing with HAProxy? Maybe I am missing it somehow, but want to ask on the list before creating a patch for it. what do you call

Re: New HAProxy user keeps loosing connection

2009-05-13 Thread Willy Tarreau
On Wed, May 13, 2009 at 04:53:15PM -0400, Tom Potwin wrote: Thanks Alex for the info. Unfortunately, I'm already using 'option httpclose'. Here's my current cfg: global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghostlocal0 info maxconn

Re: New HAProxy user keeps loosing connection

2009-05-15 Thread Willy Tarreau
On Fri, May 15, 2009 at 03:04:24PM -0400, Tom Potwin wrote: Willy, I don't want to post the entire syslog here - waste of space. Is there something I could look for? yes, grep for your browser's IP address. This will give you the logs of your connections in which we will find what is

Re: New HAProxy user keeps loosing connection

2009-05-15 Thread Willy Tarreau
On Fri, May 15, 2009 at 05:03:07PM -0400, Tom Potwin wrote: I don't think I'm going to be much help there. I'm connected to the Internet through a wireless broadband right now. I connect to my network through a VPN connection. The server just sees me as a local address. I had it working for

Re: New HAProxy user keeps loosing connection

2009-05-16 Thread Willy Tarreau
On Sat, May 16, 2009 at 09:44:53AM -0400, Tom Potwin wrote: Hi Willy I checked the cfg files for both HAProxy and heartbeat, and they're the same where they are supposed to be. You we're right about the SYSLOGD=-r setting. I didn't know I had to do that. I've attached a new copy of the

  1   2   3   4   5   6   7   8   9   10   >