Re: Re[2]: FreeBSD Ports: bumping haproxy from v1.2.18 - v1.4.x

Also, changing -devel right now at the same will cause all sorts of support issues as people deal with the migration - not everyone reads the UPDATING file before issuing portupgrade -a. Even a solution should be to mark the haproxy-devel has Moved (see /usr/ports/MOVED) I see in

Re: HAproxy FreeBSD no Logging?

2010/4/1 Joe P.H. Chiang jo3chi...@gmail.com: Hi Yes im using net/haproxy port Yes the log file exist i've tried your setup.. and still not logging.. Im using haproxy 1.4.2 , i wonder if that have anything to do with the logging.. im going to downgrade to 1.3.x see if that makes any

[PATCH] bind non local ip on FreeBSD

Hi list, FreeBSD (and maybe other BSD) use IP_BINDANY flag to permite bind() to bind a non local ip (ie an ip which is not defined in an interface). In most case, you will use carp to do so, but has I needed it without carp, I make a little quick and dirty patch on 1.4.9 version. If some here

Re: [PATCH] bind non local ip on FreeBSD

2010/11/22 joris dedieu joris.ded...@gmail.com: Hi list, FreeBSD (and maybe other BSD) use IP_BINDANY flag to permite bind() to bind a non local ip (ie an ip which is not defined in an interface). In most case, you will use carp to do so, but has I needed it without carp, I make a little

Re: HAProxy Response time performance

2011/6/11 Matt Christiansen ad...@nikore.net: Thats good to know, while 2000 concurrent connections what we do right now, it will be closer to 10,000 concurrent connections come the holiday season which is closer to 2.5 GB of ram (still less then whats on the server). One though I have is

Re: haproxy and multi location failover

2011/11/1 Senthil Naidu senthil.na...@gmail.com: hi, we need to have a setup as follows site 1 site 2   LB  (ip 1)   LB (ip 2)    |   |    |

Re: HAProxy and DDOS protection

2012/2/27 Baptiste bed...@gmail.com: Hey the list, Just to let you know a new blog post about HAProxy and DDOS protection. The configuration examples applies to HAProxy 1.5 branch. Have a nice read:

Re: HAProxy with native SSL support !

Hi, Willy Thanks for this long time expected feature ! Have a lot of fun and please report your success/failures, There is an include issue in this snapshot on FreeBSD (witch is not I think ssl related) : gmake TARGET=freebsd USE_OPENSSL=1 gcc -Iinclude -Iebtree -Wall -O2 -g

Re: How to update haproxy?

Hi, cd /tmp/ wget http://haproxy.1wt.eu/download/latest/version.tar.gz tar -xvzf haproxy-*cd haproxy-(version) make TARGET=linux26 USE_PCRE=1 replace the make with whatever fits your needs mv /usr/sbin/haproxy /usr/sbin/haproxy_v.X.X keeps an old copy of the version cp haproxy

Re: SSL OCSP Stapling

2012/11/7 Hervé COMMOWICK herve.commow...@lizeo-group.com: As of now, on client side, it is only working on IE9 (not before not after) and Opera, not so common... It's enable in Firefox for a long time (Edit / Preference / Advanced / Encryption / Validation or search ocsp in about:config). See

Re: reqrep force a trailing slash

2013/5/21 Nick Jennings n...@silverbucket.net: Hi All, When someone visit www.example.com/foobar I'd like to force a trailing slash. Here's what I've got so far, but it doesn't seem to be working, and You may have a look at redirect section : # send redirects for request for articles

Re: compile warning

2013/5/22 Dmitry Sivachenko trtrmi...@gmail.com: Hello! Hi, When compiling the latest haproxy snapshot on FreeBSD-9 I get the following warning: cc -Iinclude -Iebtree -Wall -O2 -pipe -O2 -fno-strict-aliasing -pipe -DFREEBSD _PORTS-DTPROXY -DCONFIG_HAP_CRYPT -DUSE_GETADDRINFO

Re: compile warning

2013/5/23 Dmitry Sivachenko trtrmi...@gmail.com: On 23.05.2013, at 11:22, joris dedieu joris.ded...@gmail.com wrote: For my part I can't reproduce it. $ uname -a FreeBSD mailhost2 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon Apr 29 18:27:25 UTC 2013 r...@amd64-builder.daemonology.net

[PATCH] MINOR: mute warnings while compiling with clang

Hello, I noticed several warings while compiling haproxy with clang (from FreeBSD 9.1 base system). * 145 unused-value regarding mini-clist.h (LIST_ADD, LIST_ADDQ, LIST_DEL) and standard.h (UBOUND src/haproxy.c:1206:4: warning: expression result unused [-Wunused-value]

Re: LB Layout Question

Hi Syd, I'm guessing an an NFS share from the 2 webservers to the 1 fileserver. However, from a bit of research with load balanced magento setups there seems to be a lot of negative comments about using NFS in this way. It's always better to avoid NFS as it introduce a point of failure.

Re: haproxy as a Windows service

2013/6/7 Tom Huybrechts tom.huybrec...@gmail.com: hi, I'd like to run haproxy as a service in Windows, not just as a background process. It doesn't look like this is supported out of the box, but does anyone have some tips on how to best implement this ? You can try cygrunsrv

Re: Does the transparent can't work in FreeBSD?

2013/7/12 jinge altman87...@gmail.com: Hi PiBa-NL, I just follow your advice and find my pf configure is not correct rdr on vlan64 proto tcp from any to any - 127.0.0.1 port And I change to ipfw and fwd then it works corrently. ipfw add fwd 127.0.0.1, tcp from any to any via

Re: haproxy and mobile devices

2013/9/16 Christophe Rahier christo...@qualifio.com: Hi, It's a very strange problem. Some of our users have a blank page when they try to connect to our application but no more information (very easy to debug). Have you enable haproxy logs ? It contains almost everything useful for those

Re: make haproxy notice that backend server ip has changed

2013/12/2 Pawel Veselov pawel.vese...@gmail.com: Here is my first attempt at this: http://pastebin.com/xXfZJf3f The diff is over http://git.1wt.eu/git/haproxy-1.4.git/ ref eb9632f7c6ae675bdee4c82eb0d298ba7f37fc52 To enable DNS checks on a server, the host name defined configuration should

acl + map

Hi, I have a list of valid cookies associated with client IP, that I try to make match in an acl. The map format is : cookie-value\tip-address\n This acl should do : if (client has cookie plop and plop value lookup in plop.map returns src); then the acl is valid endif I tried things like :

Re: acl + map

Hi Willy, 2015-02-25 17:32 GMT+01:00 Willy Tarreau w...@1wt.eu: Hi Joris, On Wed, Feb 25, 2015 at 02:24:45PM +0100, joris dedieu wrote: Hi, I have a list of valid cookies associated with client IP, that I try to make match in an acl. The map format is : cookie-value\tip-address\n

Re: Question regarding haproxy nagios setup

2011-05-03 0:23 GMT+02:00 Amol mandm_z...@yahoo.com: I was using the nagios plugin for haproxy http://cvs.orion.education.fr/viewvc/viewvc.cgi/nagios-plugins-perl/trunk/plugins/check_haproxy.pl?revision=135view=markup my nagios installation version is Nagios Core 3.2.0 in my host config i

Re: Haproxy 1.6 segfault on FreeBSD

Hi Lukas, This is the last commit available on github for haproxy/haproxy https://github.com/haproxy/haproxy/commit/80b59eb0d20245b4040f8ee0baae0d36b6c446b5 Best regards Joris 2015-06-11 14:17 GMT+02:00 Lukas Tribus luky...@hotmail.com: Hi! Hi everyone, It seems that since some times

Haproxy 1.6 segfault on FreeBSD

Hi everyone, It seems that since some times haproxy 1.6 segfault on freebsd Eg: at commit 80b59eb0d20245b4040f8ee0baae0d36b6c446b5 Program received signal SIGSEGV, Segmentation fault. 0x004d5cf7 in smp_resolve_args (p=0x80144b000) at src/sample.c:1080 1080

Re: Haproxy 1.6 segfault on FreeBSD

2015-06-11 14:38 GMT+02:00 Lukas Tribus luky...@hotmail.com: Hi Lukas, This is the last commit available on github for haproxy/haproxy https://github.com/haproxy/haproxy/commit/80b59eb0d20245b4040f8ee0baae0d36b6c446b5 That is a unofficial mirror, updated manually and often outdated (like

Re: Haproxy 1.6 segfault on FreeBSD

2015-06-12 8:18 GMT+02:00 joris dedieu joris.ded...@gmail.com: 2015-06-12 0:47 GMT+02:00 joris dedieu joris.ded...@gmail.com: Hi Willy, 2015-06-11 17:04 GMT+02:00 Willy Tarreau w...@1wt.eu: Hi Joris, On Thu, Jun 11, 2015 at 03:57:27PM +0200, joris dedieu wrote: Ok. I have checked out

Re: Haproxy 1.6 segfault on FreeBSD

2015-06-12 0:47 GMT+02:00 joris dedieu joris.ded...@gmail.com: Hi Willy, 2015-06-11 17:04 GMT+02:00 Willy Tarreau w...@1wt.eu: Hi Joris, On Thu, Jun 11, 2015 at 03:57:27PM +0200, joris dedieu wrote: Ok. I have checked out the main repo I'm at 28b48ccbc879a552f988e6e1db22941e3362b4db

Re: Haproxy 1.6 segfault on FreeBSD

2015-06-12 18:01 GMT+02:00 Willy Tarreau w...@1wt.eu: On Fri, Jun 12, 2015 at 05:54:13PM +0200, joris dedieu wrote: I would not be surprized that adding this line to compat.h solves the problem : #include netinet/in.h It was this one. So I finally add Great! * limits.h for things

[PATCH] BUG/MEDIUM: compat: fix segfault on FreeBSD

Since commit 65d805fd witch removes standard.h from compat.h some values were not properly set on FreeBSD. This caused a segfault at startup when smp_resolve_args is called. As FreeBSD have IP_BINDANY, CONFIG_HAP_TRANSPARENT is define. This cause struct conn_src to be extended with some fields.

Re: Haproxy 1.6 segfault on FreeBSD

2015-06-12 8:41 GMT+02:00 Willy Tarreau w...@1wt.eu: On Fri, Jun 12, 2015 at 08:35:15AM +0200, Willy Tarreau wrote: On Fri, Jun 12, 2015 at 08:27:34AM +0200, joris dedieu wrote: (...) All those one are innocents. Including sys/limits.h on common/compat.h correct those differences

Re: Haproxy 1.6 segfault on FreeBSD

2015-06-12 16:53 GMT+02:00 Willy Tarreau w...@1wt.eu: Hi Joris, On Fri, Jun 12, 2015 at 04:45:04PM +0200, joris dedieu wrote: $ git grep -n localtimezone include/common/standard.h:827:char localtimezone[6]; src/haproxy.c:588: strftime(localtimezone, 6, %z, curtime); src/standard.c

Re: Rate-limiting specific path

2015-07-08 15:28 GMT+02:00 Bastien Chong bastien...@gmail.com: Hi, I'd like to rate-limit a specific path, by rate-limit I mean continue to accept X req/s, and buffer or drop subsequent requests over the limit. That is was rate-limit sessions rate does, but is frontend-wise. It's not optimal

Re: Pop / Imap Haproxy

2015-06-19 23:21 GMT+02:00 Nathan Neulinger nn...@neulinger.org: You can use the 'proxy protocol' - but you will have to insure that your target pop/imap daemons are aware of it. dovecot has preliminary proxy protocol support http://hg.dovecot.org/dovecot-2.2/rev/4d7a83ddb644 It's not

Re: [ANNOUNCE] haproxy-1.6-dev6

Hi, 2015-09-29 0:35 GMT+02:00 Willy Tarreau : > Hi everyone, > > this is the end of a harrassing week! I wanted to issue dev6 last monday > to have a calm week dedicated to bug fixes and documentation updates only > and it ended up completely differently with numerous painful bugs

[PATCH] BUILD: IP_TTL: Fix compilation on almost FreeBSD and OpenBSD.

IP_TTL socket option is defined on some systems that don't have SOL_IP. Use IPPROTO_IP in this case. --- src/proto_tcp.c | 4 1 file changed, 4 insertions(+) diff --git a/src/proto_tcp.c b/src/proto_tcp.c index f698889..3642398 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -1456,7

Re: [ANNOUNCE] haproxy-1.6-dev6

Hi Willy 2015-09-29 13:59 GMT+02:00 Willy Tarreau <w...@1wt.eu>: > Hi Joris, > > On Tue, Sep 29, 2015 at 08:56:54AM +0200, joris dedieu wrote: >> > - TCP actions: "silent-drop". Finally it got merged as the actions >> > registration mechanism

Re: [PATCH] BUILD: IP_TTL: Fix compilation on almost FreeBSD and OpenBSD.

Already fix by ae459f3 Joris 2015-09-29 8:21 GMT+02:00 Joris Dedieu <joris.ded...@gmail.com>: > IP_TTL socket option is defined on some systems that don't have SOL_IP. > Use IPPROTO_IP in this case. > --- > src/proto_tcp.c | 4 > 1 file changed, 4 insertions(+)

Re: [ANNOUNCE] haproxy-1.6-dev6

Hi Willy, 2015-09-29 18:27 GMT+02:00 Willy Tarreau <w...@1wt.eu>: > On Tue, Sep 29, 2015 at 02:58:04PM +0200, joris dedieu wrote: >> kevent(3,0x0,0,{},5,{1.0 }) = 0 (0x0) >> kevent(3,0x0,0,{0x4,EVFILT_READ,0x0,0,0x1,0x0},5,{1.0 }) = 1 (0x1)

Re: Add query string at redirect

Hi, 2015-10-01 14:44 GMT+02:00 Andreas Mock : > Hi all, > > I really hope that this is doable with haproxy 1.5 and > I'm just too stupid to find it. After searching around > for an hour now I hope you can help me. > > Currently I use an idion like this in my config: > >

Re: Linux or FreeBSD ?

2015-10-01 1:48 GMT+02:00 Rainer Duffner : > >> Am 01.10.2015 um 01:22 schrieb Willy Tarreau : >> >>> >> >> I'd be tempted to place my judgement between yours and Jeff's. I'd say >> that if the company is already using the target OS on any other place, >> the

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

Hi, Just a few translation Linux -> FreeBSD. As pfSense is FreeBSD based. 2015-10-04 10:56 GMT+02:00 Willy Tarreau : > On Sat, Oct 03, 2015 at 12:55:33AM -0700, Daren Sefcik wrote: >> > Is there some kernel messages >> > Load, swap usage, disk space >> > >> again, according to my

Re: HAProxy Slows At 1500+ connections Really Need some help to figure out why

Le 3 oct. 2015 02:50, "Daren Sefcik" a écrit : > > So after making the changes (somewhat implied by Cyril) I ran apache bench with 2 concurrent instances of "-n 1 -c 500 -w -k" and the result on haproxy stats page is: > > pid = 18093 (process #1, nbproc = 1) > uptime

Re: Need Help

Hi, 2015-09-18 3:13 GMT+02:00 Nitesh Kumar Gupta : > Hi, > > I want to setup haproxy in way there that will work on both http and https > and also tpc but that will be conditional mean if any perticular link will > come that will go via tcp > > So can you help me how can

Re: Frontend ACL rewrites URL incorrectly to backend

Hi, 2015-10-04 23:33 GMT+02:00 Daren Sefcik : > I am trying to make some requests go to specific backends but am finding > that in certain backends that the url gets doubled up or otherwise mangled, > ie: > > request to frontend = http://my.company.com > what the backend

Re: Lua Shell letsencrypt

2015-12-05 23:42 GMT+01:00 : > On Fri, 4 Dec 2015 00:23:53 -0700 > Mela Luca wrote: > >> I am looking to automate letsencrypt with lua, the process would be to >> detect to see if the domain has a cert already, if not it would execute >>

Re: lua authentication

2015-12-06 3:44 GMT+01:00 Grant Haywood : > I found a pretty good starting point > > https://github.com/morganfainberg/HAProxyKeystoneMiddlware > > if i do anything with ldap ill post it... > > - Original Message - > From: "Grant Haywood" >

Re: Two questions about lua

Thanks Thierry, for your answers. 2015-11-30 16:53 GMT+01:00 Thierry FOURNIER <thierry.fourn...@arpalert.org>: > On Mon, 30 Nov 2015 08:37:00 +0100 > joris dedieu <joris.ded...@gmail.com> wrote: > >> Hi all, >> >> I started to drive into haproxy