Re: ssl offloading

your team > don't > want to handle software (but in this case, you can also look at the > Aloha appliance). Go for the maximum number of GHz and as many cores as > you want since the performance scales almost linearly. > -- - Andrew Hayworth

Re: simply copy mapped value into acl

oxy-dconv/configuration-1.6.html#http-request (especially note the section about variable scope). -- - Andrew Hayworth

Re: simply copy mapped value into acl

prior acl evaluated to true. An added benefit of this is that you can scale out easily to many values in the map/acl file without polluting your configuration. Additionally, you can use the socket commands to dynamically add things to the map/acl without reloading haproxy, if you wanted (something like 'add map '). Hope that helps! - Andrew Hayworth

Re: [PATCH] MINOR: cli: ability to set per-server maxconn

Many thanks! On Wed, Oct 28, 2015 at 2:04 AM, Willy Tarreau <w...@1wt.eu> wrote: > On Tue, Oct 27, 2015 at 04:50:35PM -0500, Andrew Hayworth wrote: >> Ah, thanks - I hadn't thought about the case where connections were >> queued up. In my tests, I had a very low queue

Re: HA Proxy - packet capture functionality

On Tue, Oct 27, 2015 at 10:51 AM, Javier Torres wrote: > > Hi Jeff, > Does that mean that HA proxy doesn't offer the capability to do this > functionality at the load balancing level? No - it doesn't. There's no inbuilt capability to capture packets via HAProxy. But, assuming

Re: [PATCH] MINOR: cli: ability to set per-server maxconn

up. In my tests, I had a very low queue timeout. The code you suggested seems to do the trick. Updated patch below. -- - Andrew Hayworth >From 0bad55c2cdd6d4086c11cd445de309693ec72afa Mon Sep 17 00:00:00 2001 From: Andrew Hayworth <andrew.haywo...@getbraintree.com> Date: Tue, 27 Oct 2015 21:46

Re: [PATCH] MEDIUM: dns: Don't use the ANY query type

uot;resolution->resolver_family_priority = >> s->resolver_family_priority;" before using the value stored in it. >> >> Appart this, it looks good. >> >> Baptiste >> >> >> On Tue, Oct 20, 2015 at 12:39 AM, Andrew Hayworth >> <andrew

[PATCH] MINOR: cli: ability to set per-server maxconn

f the code. However, I've tested it by curling slow endpoints (the nginx echo_sleep module, specifically) and can confirm that NOSRV is returned appropriately according to whatever maxconn settings are set via the socket. - Andrew Hayworth >From 186f4a33fea210e63ef25b023adab9abf133004d Mon Sep 17

Re: Dynamically change server maxconn possible?

ng to review the patch and help if any difficulty is faced. > > Regards, > Willy > > > -- - Andrew Hayworth

Re: [PATCH] MINOR: cli: ability to set per-server maxconn

Apologies for two posts in a row: this version of the patch includes a blurb for doc/management.txt as well. - Andrew Hayworth >From 6c54812a06706460dd2944ce7d51ea29636ed989 Mon Sep 17 00:00:00 2001 From: Andrew Hayworth <andrew.haywo...@getbraintree.com> Date: Mon, 19 Oct 2015 19:15

[PATCH] MEDIUM: dns: Don't use the ANY query type

to either the explicit preferences of the operator, or the implicit default (/IPv6). - Andrew Hayworth >From 8ed172424cbd79197aacacd1fd89ddcfa46e213d Mon Sep 17 00:00:00 2001 From: Andrew Hayworth <andrew.haywo...@getbraintree.com> Date: Mon, 19 Oct 2015 22:29:51 + Subject: [PATCH] ME

Re: [call to comment] HAProxy's DNS resolution default query type

here is a reason for this implementation, and you can > fallback to OS resolvers without any problems (just with their drawbacks). > > > > > Regards, > > Lukas > > > [1] https://getdnsapi.net/ > -- - Andrew Hayworth

Re: Interactive stats socket broken on master

M, Andrew Hayworth > <andrew.haywo...@getbraintree.com> wrote:> > > Attached is a patch that fixes the issue for me. > > Willy, any thoughts on merging this patch into 1.6? > -- - Andrew Hayworth

Re: [PATCH 1/1] MINOR: cli: Dump all resolvers stats if no resolver

nd approved. >> >> Willy, you can apply :) >> >> Thanks a lot for your contribution, Andrew. > > Applied, thanks guys! > > Willy > -- - Andrew Hayworth

Re: [PATCH 1/1] MINOR: cli: Dump all resolvers stats if no resolver

gt;ctx.resolvers.ptr != NULL && appctx->ctx.resolvers.ptr != > presolvers) continue;" > Please write "continue" on a new line. Done. > > Please repost an updated patch and I'll give it a try before final approval. > > Baptiste Updated patch below: >From 19

Re: Interactive stats socket broken on master

atch that fixes the issue for me. Thanks! >From 9f785d7bc67c34ea441187c0e14c0ef573a71692 Mon Sep 17 00:00:00 2001 From: Andrew Hayworth <andrew.haywo...@getbraintree.com> Date: Fri, 2 Oct 2015 15:08:10 + Subject: [PATCH 1/1] BUG/MINOR: Handle interactive mode in cli handler A previous comm

[PATCH 1/1] MINOR: cli: Dump all resolvers stats if no resolver

on it! Thanks - Andrew Hayworth -- >From c4061d948d21cabb95f093b5d9655c9d226724af Mon Sep 17 00:00:00 2001 From: Andrew Hayworth <andrew.haywo...@getbraintree.com> Date: Fri, 2 Oct 2015 20:33:01 + Subject: [PATCH 1/1] MINOR: cli: Dump all resolvers stats if no resolver section

http-request set-nice

. :) -- - Andrew Hayworth

Re: http-request set-nice

Gotcha. Thanks for the clarification! :) On Mon, Aug 17, 2015 at 11:40 AM, Baptiste bed...@gmail.com wrote: On Mon, Aug 17, 2015 at 4:13 PM, Andrew Hayworth andrew.haywo...@getbraintree.com wrote: Hi all - I've been tweaking our HAProxy config here, and we have a desire to slow down

Re: [PATCH] Add log-format variable %HQ, to log HTTP query strings

On Mon, Aug 3, 2015 at 8:53 AM, Willy Tarreau w...@1wt.eu wrote: I agree, I found this a bit awkward as well :-) Regards, Willy Hi all - Thanks for the feedback. I moved the string-scanning bit, but did not use the find_param_list function. Updated patch is attached. -- - Andrew Hayworth

[PATCH] Add log-format variable %HQ, to log HTTP query strings

Since this came up in another thread, it seems reasonable to add a patch that implements %HQ as a log-format variable to record the HTTP query string. Leaving the initial '?' is intentional, but I don't feel strongly one way or another. -- - Andrew Hayworth From

Re: OCSP stapling troubleshooting

the URL of the site: https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html Will do. I'm under NDA for this, so I can't publicly post anything specific. Thanks, Shawn -- - Andrew Hayworth

Re: OCSP stapling troubleshooting

that response? Do I need to diffeentiate them, or simply send all the ocsp responses in via the stats socket? No, you do not need to differentiate them. HAProxy will parse needed information out of the base64-encoded response. -- - Andrew Hayworth

Re: [SOLVED] Re: OCSP stapling troubleshooting

Awesome, glad it's all settled! On Tue, Jun 2, 2015 at 3:31 PM, Shawn Heisey hapr...@elyograg.org wrote: On 6/2/2015 1:29 PM, Andrew Hayworth wrote: On Tue, Jun 2, 2015 at 2:16 PM, Shawn Heisey hapr...@elyograg.org wrote: My script may update a dozen ocsp responses all used by a single haproxy

Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path

contain at least one whitespace character. Thanks! -- - Andrew Hayworth From 74b1abcfe2202f7da5de7c6e2f33c303e5dd4f62 Mon Sep 17 00:00:00 2001 From: Andrew Hayworth andrew.haywo...@getbraintree.com Date: Mon, 27 Apr 2015 21:37:03 + Subject: [PATCH] Add HTTP request-line log format directives

Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path

Thanks! On Tue, Apr 28, 2015 at 2:07 PM, Willy Tarreau w...@1wt.eu wrote: Hi Andrew, On Tue, Apr 28, 2015 at 10:54:58AM -0500, Andrew Hayworth wrote: (...) I changed %HR - %HU, and mentioned '(path)' in the docs. I found it was not changed in the parser nor the doc but I fixed it, don't

Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path

know what you thinks! -- - Andrew Hayworth From 01db55d61f9efcfe6133126ab17ca8bd22dbb1bf Mon Sep 17 00:00:00 2001 From: Andrew Hayworth andrew.haywo...@getbraintree.com Date: Mon, 27 Apr 2015 21:37:03 + Subject: [PATCH] Add HTTP request-line log format directives This commit adds 4 new log

Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path

much more elegantly, building on what you suggested. I've also attached an updated patch file in case my mail client messes up tabs/spaces or something. Thank you so much! - Andrew Hayworth From 8cda7475e6b456636f61c48c2132ecf32f4c23b1 Mon Sep 17 00:00:00 2001 From: Andrew Hayworth andrew.haywo

[PATCH] Add a new log format variable %p that spits out the sanitized request path

It's often undesirable to log query params - and in some cases, it can create legal compliance problems. This commit adds a new log format variable that logs the HTTP verb and the path requested sans query string (and additionally ommitting the protocol). For example, the following HTTP request