Hi,
On Thu, 2019-09-12 at 08:12 +0200, Willy Tarreau wrote:
> Hi Conrad,
>
> On Wed, Sep 11, 2019 at 04:53:18PM +0200, Conrad Hoffmann wrote:
> > Hey again,
> >
> > sorry for reviving an old(ish) thread, but I would love to get some
> > kind of feedback, even
with spaces to an ACL
over the command socket at all in 2.0?
Thanks a lot,
Conrad
On Wed, 2019-09-04 at 10:17 +0200, Conrad Hoffmann wrote:
> Hi there,
>
> I just started some testing with haproxy 2.0 and noticed something
> that
> I guess could be considered a regression? Not sure,
On Wed, 2019-09-04 at 21:41 +0200, Tim Düsterhus wrote:
> Conrad,
>
> Am 04.09.19 um 10:17 schrieb Conrad Hoffmann:
> > More for illustrative purposes than anything else I attached a
> > patch
> > that fixes the issue for me (against 2.0 repo). However, I have not
>
m not just missing something really obvious here :)
As usual, thanks for all the fish,
Conrad
--
Conrad Hoffmann
Systems and Traffic Engineering
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Artem Fishman | Incorporated in England & Wales
with Company No. 6
tely help with that.
>
> I assume the rand [1] does not suffice. In this case, I'd suggest
> to
> use LUA for this, maybe by using some library like lua-resty-jit-
> uuid
> [2].
>
>
> Lukas
>
> [1]
> https://cbonte.github.io/h
On 08/11/2017 02:56 PM, Conrad Hoffmann wrote:
> Hi,
>
> first of all: great to see that this is making progress! I am very excited
> about everything related to SRV records and also server-templates. I tested
> a fresh master build with these patches applied, here are
ently requested features at some point :)
These just as "quick" feedback, depending on the time I'll have I'll try to
take a closer look at a few things and provide more details if possible.
Again, thanks a lot for working on this, let me know if you are interested
in any specific details.
Thank
On 04/13/2017 05:10 PM, Olivier Houchard wrote:
> On Thu, Apr 13, 2017 at 04:59:26PM +0200, Conrad Hoffmann wrote:
>> Sure, here it is ;P
>>
>> I now get a segfault (on reload):
>>
>> *** Error in `/usr/sbin/haproxy': corrupted double-linked list:
>
On 04/13/2017 03:50 PM, Olivier Houchard wrote:
> On Thu, Apr 13, 2017 at 03:06:47PM +0200, Conrad Hoffmann wrote:
>>
>>
>> On 04/13/2017 02:28 PM, Olivier Houchard wrote:
>>> On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote:
>>>> On 0
On 04/13/2017 02:28 PM, Olivier Houchard wrote:
> On Thu, Apr 13, 2017 at 12:59:38PM +0200, Conrad Hoffmann wrote:
>> On 04/13/2017 11:31 AM, Olivier Houchard wrote:
>>> On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote:
>>>> Hi Olivier,
>>>
On 04/13/2017 11:31 AM, Olivier Houchard wrote:
> On Thu, Apr 13, 2017 at 11:17:45AM +0200, Conrad Hoffmann wrote:
>> Hi Olivier,
>>
>> On 04/12/2017 06:09 PM, Olivier Houchard wrote:
>>> On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote:
>>&
Hi Olivier,
On 04/12/2017 06:09 PM, Olivier Houchard wrote:
> On Wed, Apr 12, 2017 at 05:50:54PM +0200, Olivier Houchard wrote:
>> On Wed, Apr 12, 2017 at 05:30:17PM +0200, Conrad Hoffmann wrote:
>>> Hi again,
>>>
>>> so I tried to get this to work, but d
else? I'll send some numbers and
more details tomorrow.
Thanks a lot,
Conrad
On 04/12/2017 03:47 PM, Conrad Hoffmann wrote:
> On 04/12/2017 03:37 PM, Olivier Houchard wrote:
>> On Wed, Apr 12, 2017 at 03:16:31PM +0200, Conrad Hoffmann wrote:
>>> Hi Olivier,
>>>
>>&
On 04/12/2017 03:37 PM, Olivier Houchard wrote:
> On Wed, Apr 12, 2017 at 03:16:31PM +0200, Conrad Hoffmann wrote:
>> Hi Olivier,
>>
>> I was very eager to try out your patch set, thanks a lot! However, after
>> applying all of them (including the last three), it seem
able to accept new connections
> on it.
> The third one adds a new global optoin, nosockettransfer, if set, we assume
> we will never try to transfer listening sockets through the stats socket,
> and close any socket nout bound to our process, to save a few file
> descriptors.
>
> Re
ad_ip
>
>
> Thanks!
>
> Alex
>
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
HRB 110657B
> enabled by default if it doesn't fallback.
>
> Hi Remi,
>
> My intention was to not enable this feature by default.
>
> Baptiste
>
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung
penSSL 1.0.1e 11 Feb 2013
> Running on OpenSSL version : OpenSSL 1.0.1t 3 May 2016 (VERSIONS DIFFER!)
> OpenSSL library supports TLS extensions : yes
> OpenSSL library supports SNI : yes
> OpenSSL library supports prefer-server-ciphers : yes
> Built with PCRE version : 8.30 2012-0
nt.
>
> We can now move forward on the next big development: filling servers in a
> backend based on records read in a DNS responses.
>
> Conrad: I have a quick and dirty and not finished patch to read and store
> SRV records. If you want to use it for your own dev, please l
gt;
> Any opinion on this is welcome. Note: the main work is done, it's only a
> matter of defining what we want to see in the logs, it's easy to adapt
> once we know what we want. BTW, I'm also thinking about adding a field to
> indicate if a request is the first one of a connection or not.
&g
eed for the health check port to be set).
>
> I'll submit my patches to Willy soon.
> Part of this patch allows changing the port through the socket like you did.
this is great news, thanks!
Conrad
>
> Baptiste
>
>
>
> On Wed, Jun 29, 2016 at 1:08 AM, Conrad Hof
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
HRB 110657B
From 094680a4f55870993e25636c3cef34e681a3
(especially the `flags` checks).
Just a thought, comments welcome.
Cheers,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office
Hi Willy,
On 06/24/2016 03:52 PM, Willy Tarreau wrote:
> Hi Conrad,
>
> On Thu, Jun 23, 2016 at 06:49:19PM +0200, Conrad Hoffmann wrote:
>> Hi,
>>
>> attached is my shot at supporting negotiating UDP message sizes > 512 bytes
>> in the Haproxy DNS impleme
work,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
HRB 110657B
From 460f879bdb669bfe0f389269113fbfb
t02.unknownservers.net,0,0,0,1,,11,17448,7938,,0,,0,0,0,0,UP,20,1,0,0,0,43,0,,3,7,25,,11,,2,0,,1,L7OK,200,0,0,5,6,0,0,0,00,0,
> pxy_xff,host02.unknownservers.net,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,,3,8,25,,0,pxy_noxff/host02.unknownservers.net,2,0,,00,0,0,0,0,0,00,0,
>
-
t;> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2
>>>>
>>>> The response from the thread you linked to still holds true.
>>>>
>>>>> I am not sure what is the best way to handle rolling out new servers and
>>>&g
ght just be good enough. If you do opt for
>> the solution mentioned in the above thread, do keep in mind that your
>> config on disk an the state in haproxy might diverge, so your deployments
>> will have take that into consideration.
>>
>> Cheers,
>> Conrad
>
y might diverge, so your deployments
will have take that into consideration.
Cheers,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 634360
free to just fix by hand :)
Happy weekend,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
o:luky...@hotmail.com>> wrote:
>> Hi list,
>>
>> what are your ideas about offloading of ssl? ssl inside haproxy is nice
>> but is very expensive.
>
> Why would you think that?
>
>
> Lukas
>
>
>
--
Conrad Hoffmann
Traffic Engineer
SoundCloud L
42718/
Thanks a lot,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
HRB 110657B
dir
This is completely made up and untested, but I hope you get the idea.
Avoids a second map lookup altogether, but also map lookups are quite fast,
so unless you map is huge you don't really need to worry about this. Also,
double negation, but this is just to give you some idea
Cheers,
Conrad
--
Conrad Hoffm
processes
> L haproxy }
> L haproxy /
>
>
> On Thu, Feb 25, 2016 at 3:02 PM, Conrad Hoffmann <con...@soundcloud.com>
> wrote:
>
>> Hi Bharat,
>>
>> On 02/24/2016 03:04 AM, BR Kumar wrote:
>>> Couple of questions related to the systemd w
t;Feb 18 11:28:17 haproxy[4303]: Proxy b started.
> <133>Feb 18 11:28:17 haproxy[4303]: Proxy stats started.
> <129>Feb 18 11:28:17 haproxy[4303]: Server b/s is DOWN, reason: Layer4
> connection problem, info: "Connection refused", check duration: 0ms. 0
> active an
gt; we figure this should not be dangerous since haproxy seems fairly well
>>> coded - so a request for something bogus, should just result in the
>>> backend being invalid - and returning a 504 (we hope) ?
>>>
>>> I can't seem to find any examples on the net..
3
> default_backend be_pp-xctl-https
>
> backend be_pp-xctl-http
> balance source
> server pp-xctl01002-http 172.21.12.8:80
>
> backend be_pp-xctl-https
> balance source
> server pp-xctl01002-https 172.21.12.8:443
>
> I g
gt;>
>>
>> Hey Smaine,
>>
>> I'm totally lost with all you buzz keywords!
>>
>> there is no way currently to achieve this purpose.
>> That said, we're aware of this type of requirements and are thinking
>> about different methods to achieve this goa
.0 and clang 3.6.2 do not allow this.
Cheers,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
HRB 110657B
if leaving resolver_family_priority set
to AF_UNSPEC might lead to other problems elsewhere.
Maybe there is even other/better solutions?
Regards,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | In
at that, too, if so desired...
Anyways, thanks for all the fish,
Conrad
On 09/03/2015 11:50 AM, Baptiste wrote:
> Hi Conrad,
>
> Please use the two patches in attachement.
>
> Baptiste
>
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin,
ave any thoughts on this? Is someone maybe already aware of this?
Thanks a lot,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England & Wales
with Company No. 6343600 | Local Branch Office
-START t=%Ts%ms%[env()]000
In 1.6 you can also do that :
http-request set-header X-REQUEST-START t=%Ts%ms%[str(000)]
Also, please note that what you're doing above only works because %ms is
left-padded with zeroes. I'm not seeing this documented anywhere though.
Willy
--
Conrad
that will match
only one case at a time (request line OR headers).
But I still don't understand why you want to modify the referer.
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England Wales
, Baptiste, this get's me even more excited about HAProxy than I am
already :)
Cheers,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England Wales
with Company No. 6343600 | Local
paradigms. I would also be willing
to invest some time (code) into this myself.
If you think this might be at least worth a discussion, I'd be happy to
share some more detailed thoughts and it would be great to hear your
thoughts on that, too.
Cheers,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud
for these sessions used to
calculate the final metric?
Any insights greatly appreciated,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England Wales
with Company No. 6343600
Hey Chris,
we've been running haproxy with nbproc 12 for quite a while now and it
works great for us. We haven't even gotten around to tying interrupts to
certain cores, works pretty well without. No need for multiple config
files either.
Cheers,
Conrad
On 10/27/2014 07:41 PM, Chris Allen
the order of execution, this concern is
much more explicitly expressed this way.
Regards,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England Wales
with Company No. 6343600
cannot rule out that this is an issue caused by how clients react to
the errors, but I would nevertheless love to gain some insight into this
scenario. Any hints would be greatly appreciated!
Thanks,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115
Hi,
this is the next step in my ongoing quest to give some lovin' to the
systemd wrapper.
It's against 1.6, I guess there is no reason to backport this to 1.5.
Does it look acceptable?
Cheers,
Conrad
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin
Hello,
attached are the first two patches, one fixing the actual bug I
encountered and one just tidying up the signal handling a little. More
to come.
Are they ok like this?
Cheers,
Conrad
On 07/25/2014 11:04 AM, Conrad Hoffmann wrote:
Hey,
On 07/25/2014 08:31 AM, Willy Tarreau wrote
-request content reject
Thanks!
Donovan
--
Conrad Hoffmann
Traffic Engineer
SoundCloud Ltd. | Rheinsberger Str. 76/77, 10115 Berlin, Germany
Managing Director: Alexander Ljung | Incorporated in England Wales
with Company No. 6343600 | Local Branch Office | AG Charlottenburg |
HRB
Hey Willy,
On 05/19/2014 06:30 AM, Willy Tarreau wrote:
Here is a nice way to trigger it:
- run haproxy in deamon mode, but with nbproc 1
- open a HTTP keep-alive connection (and keep it open)
- send USR1 to the only worker (it should stay running, because of the
ongoing connection)
Hi Willy,
On 05/17/2014 04:39 AM, Willy Tarreau wrote:
On 05/15/2014 11:26 AM, Conrad Hoffmann wrote:
If haproxy has been running for a certain amount of time (this part
makes reproduction cumbersome), we quite often run into the following
issue when restarting haproxy: if some of the workers
in for it.
Does this make sense?
But I guess the patch remains valid. Or maybe one could use shutdown()
for the USR1 path, too?
Any input appreciated :)
Cheers,
Conrad
On 05/15/2014 11:26 AM, Conrad Hoffmann wrote:
Hi everyone,
I am still somewhat new to haproxy, so I maybe missing a few bits
Hi everyone,
I am still somewhat new to haproxy, so I maybe missing a few bits and
pieces here. If so, don't hesitate to educate me :)
First of all, we are using HAProxy here at SoundCloud, so a big thanks
to everyone who invested time in this wonderful project!
We are very keen on using SSL
57 matches
Mail list logo