Re: No Private Key found in '/etc/letsencrypt/live/www.mydomain.org/fullchain.pem.key

://www.haproxy.com/blog/how-to-install-haproxy-on-ubuntu According to your previous information, it would result in: https://haproxy.debian.net/#distribution=Ubuntu=jammy=2.8 -- Cyril Bonté

Re: Wierd issue with OCSP updating

in configuration file : /etc/haproxy/haproxy.cfg [ALERT]    (521883) : config : Fatal errors found in configuration. Because it should be in the global section, not the defaults one ;) -- Cyril Bonté

Re: [PATCH] DOC: Attempt to fix dconv parsing error for tune.h2.fe.initial-window-size

Hi all, Le 20/06/2023 à 11:57, Amaury Denoyelle a écrit : On Tue, Jun 13, 2023 at 03:18:19PM +0200, Tim Düsterhus, WoltLab GmbH wrote: Hi please find the patch attached. This email address is not subscribed to the list, please keep it in Cc when replying. Thanks Tim, I applied all of your

some updates around haproxy-dconv

.github.io/haproxy-dconv/. I'm not sure about who maintains this page but it may be a good idea to update to haproxy.org. See https://hub.docker.com/_/haproxy Thanks ;) Cyril Bonté

Re: [ANNOUNCE] haproxy-2.3.0

://cbonte.github.io/haproxy-dconv/ I'm sad to not find enough time to contribute to haproxy. But well, at least I try to read mail subjects :-/ With some delays, I've now pushed the documentation for 2.3 and 2.4-dev ;-) -- Cyril Bonté

github template

reproduce the behavior 4. Do you have any idea what may have caused this? 5. Do you have an idea how to solve the issue? 6. What's the configuration? 7. Output of haproxy -vv and uname -a What do you think about it ? -- Cyril Bonté

Re: Documentation

versions are available, including the dev branch ;-) -- Cyril Bonté

Re: [2.1.1] http-request replace-uri does not work

the issue in all conditions ? From what I've observed, it seems we can rely on the HTX_SL_F_NORMALIZED_URI flag to detect if the URI was normalized by haproxy and in that case, we should start at the path instead of the URI. -- Cyril Bonté diff --git a/src/http_act.c b/src/http_act.c index d6015d362

Re: [2.1.1] http-request replace-uri does not work

). http://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=30ee1efe67 -- Cyril Bonté

[PATCH] doc: fix date and http_date keywords syntax

--- doc/configuration.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index d8fe6b650..0bb7313cd 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -13245,7 +13245,7 @@ hex2i Converts a hex string

Re: Timeout defaults?

Le 26/10/2019 à 16:53, Troels Arvin a écrit : Hello, Cyril Bonté wrote: if no "timeout tunnel" is specified in the configuration, there is no timeout for that specific case. "timeout client" and "timeout server" take the relay, if they're defined as well. O

Re: Timeout defaults?

Le 26/10/2019 à 09:24, Troels Arvin a écrit : Hello, Cyril Bonté wrote: You will find the information at several places : [...] No matter how hard I look, I can't find an answer to this: Let's say my defaults section has the following three timeout related lines: timeout connect

Re: Timeout defaults?

valid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. -- Cyril Bonté

Re: haproxy doesn't bring failed server up

can't connect to the old resolved one. You should have a look to the documentation chapter "Server IP address resolution using DNS" : https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.3 -- Cyril Bonté

Re: haproxy 2.0.x: another case of high CPU consumption

performing a synchronous operation somewhere, I'll check. And I confirm that commit 5b06cb33eb (BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected) fixes the issue ;-) -- Cyril Bonté

haproxy 2.0.x: another case of high CPU consumption

;) It looks to be very specific to the 2.0 branch, I can't reproduce it in 1.9 and 2.1. -- Cyril Bonté

Re: [ANNOUNCE] haproxy-2.0.0

the HTML documentation for 2.0.0 and 2.1-dev. I really need to clean up/repair/rewrite my scripts ;) -- Cyril Bonté

Re: segfault using cache with 1.9.4

) complete configuration to investigate further, as the lines provided are not valid and are not sufficient to reproduce the issue. -- Cyril Bonté

[DOC] Clarification of the "abbreviated form with all-0-octets omitted" for IPv4 addresses needed

-dconv/1.9/configuration.html#7.1.6 Well, for that kind of notation, you can refer to the inet manpage, where everything is explained ;-) https://linux.die.net/man/3/inet (I hope the reply will arrive in the right thread cause I didn't receive the email but found the question in mail-archive instead). -- Cyril Bonté

Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9?

> De: "Tim Düsterhus" > À: "Cyril Bonté" , "Willy Tarreau" , "Kevin > Mao" > Cc: haproxy@formilux.org > Envoyé: Mardi 26 Février 2019 12:12:33 > Objet: Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9? > > Willy, > Cyril, >

Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9?

Hi again, > De: "Cyril Bonté" > À: "Willy Tarreau" , "Kevin Mao" > Cc: haproxy@formilux.org > Envoyé: Mardi 26 Février 2019 09:39:08 > Objet: Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9? > > Using firefox, I'm observing the same issue.

Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9?

results occurs with the other archives. I don't have the issue using wget/curl/chromium. I'll make some more tests today. -- Cyril Bonté

Re: [PATCH] REG-TEST: mailers: add new test for 'mailers' section

"MEDIUM: mailers: Init alerts during conf parsing and refactor their processing" http://git.haproxy.org/?p=haproxy.git;a=commit;h=0108bb3e4 Hope this helps. -- Cyril Bonté

Re: Http HealthCheck Issue

> De: "PRAVEEN UPPALAPATI" > À: "Cyril Bonté" > Cc: haproxy@formilux.org > Envoyé: Mercredi 19 Décembre 2018 18:10:50 > Objet: RE: Http HealthCheck Issue > > The pointed mistake was GET which I updated and tried. I'm not sure > if there was som

Re: Http HealthCheck Issue

please, please, PLEASE ! Read the answers before telling again it's not working. Several users already told you where you made a mistake. - Mail original - > De: "PRAVEEN UPPALAPATI" > À: "Jarno Huuskonen" > Cc: haproxy@formilux.org, "THANIGAIVEL SIVANANDHAM" > Envoyé: Mercredi 19

Re: [ANNOUNCE] haproxy-1.9-dev11

result. Or is there a function to explicitely update the block size (kind of htx_set_blksz) ? I prefer to report the bug quickly so you can fix it today. Or I can work on a patch, but this will not be before the end of the day ;-) -- Cyril Bonté

Re: 'stick': unknown fetch method 'res.cook_beg'

is still valid but the syntax you used is only valid for acls. This is true for all fetches preceded by "ACL derivatives". -- Cyril Bonté

Re: [PATCH 1/2] DOC: split the http-request actions in their own section

Hi Willy, Le 17/10/2018 à 04:19, Willy Tarreau a écrit : Hi Cyril, On Wed, Oct 17, 2018 at 12:18:49AM +0200, Cyril Bonté wrote: Hi Willy, this set of patches is an attempt to make the http-request/http-response documentation more readable. If it's OK for you, I will do the same work for tcp

Re: [PATCH 1/2] DOC: split the http-request actions in their own section

Hi Willy, this set of patches is an attempt to make the http-request/http-response documentation more readable. If it's OK for you, I will do the same work for tcp-request/tcp-response. Cheers, Le 17/10/2018 à 00:14, Cyril Bonté a écrit : Since http-request was first introduced, more

[PATCH 2/2] DOC: split the http-response actions in their own section

Similarly to the "http-request" actions, this is an attempt to make the documentation easier to read. --- doc/configuration.txt | 543 ++ 1 file changed, 290 insertions(+), 253 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index

[PATCH 1/2] DOC: split the http-request actions in their own section

Since http-request was first introduced, more and more actions have been added over time. This makes the "http-request" difficult to read and some actions were forgotten in the list. This is an attempt to make the documenation cleaner. In future steps, it would be great to provide at least one

Re: Setting response headers conditionally

8/configuration.html#var PS: it's `haproxy 1.8.8` PPS: I originally asked it at https://serverfault.com/q/935492/45086 as well -- With best regards, Ivan Kurnosov -- Cyril Bonté

commit #f9cc07c25b: compilation error when threads are disabled

:870:6: error: lvalue required as left operand of assignment tid = 0; ^ http://git.haproxy.org/?p=haproxy.git;a=commit;h=f9cc07c25beab93700044955d97117465b4852ae I prefer to report the issue as I'm not sure you've seen it ;-) -- Cyril Bonté

Re: HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

till wait a bit ;-) Great job ! I can't reproduce the issue anymore, even with nbthread > 1 (I noticed too late it was easier to trigger). We can consider this as fixed ;-) I'll upgrade the haproxy instance on my test server in the morning. -- Cyril Bonté

Re: HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

Le 22/08/2018 à 00:40, Cyril Bonté a écrit : Hi again Willy, Le 21/08/2018 à 22:55, Cyril Bonté a écrit : Thanks for the diag. I don't remember changing anything around the proxy protocol, but it's possible that something subtle changed. Also it's not on the regular send/receive path so maybe

Re: HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

Hi again Willy, Le 21/08/2018 à 22:55, Cyril Bonté a écrit : Thanks for the diag. I don't remember changing anything around the proxy protocol, but it's possible that something subtle changed. Also it's not on the regular send/receive path so maybe I overlooked certain parts and broke

Re: HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

Le 21/08/2018 à 21:56, Willy Tarreau a écrit : On Tue, Aug 21, 2018 at 07:00:39PM +0200, Cyril Bonté wrote: Le 21/08/2018 à 18:36, Willy Tarreau a écrit : Cyril, if you want to test, please be sure to update to at least 1b13bfd as we've just added another fix on top of this series. OK, I

Re: HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

Le 21/08/2018 à 19:00, Cyril Bonté a écrit : Le 21/08/2018 à 18:36, Willy Tarreau a écrit : Cyril, if you want to test, please be sure to update to at least 1b13bfd as we've just added another fix on top of this series. OK, I was performing some tests, I've now updated with this patch

Re: HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

m.c:1932 #4 0x563f9aa14978 in process_runnable_tasks () at src/task.c:381 #5 0x563f9a9c3371 in run_poll_loop () at src/haproxy.c:2386 #6 run_thread_poll_loop (data=) at src/haproxy.c:2451 #7 0x563f9a91d9de in main (argc=, argv=0x7ffd1da4e748) at src/haproxy.c:3053 -- Cyril Bonté

Re: haproxy-1.9-dev [0c026f49e]: 100% CPU when a server goes DOWN with option redispatch

> De: "Cyril Bonté" > À: "Willy Tarreau" > Cc: "HAProxy" > Envoyé: Mardi 21 Août 2018 16:09:55 > Objet: haproxy-1.9-dev [0c026f49e]: 100% CPU when a server goes DOWN with > option redispatch > > Hi Willy, > Here is another issue seen

haproxy-1.9-dev [0c026f49e]: 100% CPU when a server goes DOWN with option redispatch

Hi Willy, Here is another issue seen today with the current dev branch [tests were also made after pulling recent commit 3bcc2699b]. Since 0c026f49e, when a server status is set to DOWN and option redispatch is enabled, the haproxy process hits 100% CPU. Even more, with the latest commits, if

HTTP/2 issues and segfaults with current 1.9-dev [7ee465]

Hi Willy, I'm afraid there's still some issues with HTTP/2 in the current dev branch :-( This morning, I've upgraded a test server and discovered that some HTTPS sites did not work anymore (content hangs and is not sent to the client), I've also noticed some segfaults in haproxy. As this is a

[PATCH] BUG/MINOR: lua: fix extra 500ms added to socket timeouts

Since commit #56cc12509, haproxy accepts double values for timeouts. The value is then converted to milliseconds before being rounded up and cast to int. The issue is that to round up the value, a constant value of 0.5 is added to it, but too early in the conversion, resulting in an additional

Re: [PATCH] BUG/MINOR: lua: fix extra 500ms added to socket timeouts

is not to round up every values but to round values to the nearest int. On Sun, Aug 19, 2018 at 12:27:13AM +0200, Cyril Bonté wrote: if (dtmout > INT_MAX) /* overflow check */ - WILL_LJMP(luaL_error(L, "settimeout: cannot set values larger than %d&q

[PATCH] BUG/MINOR: lua: fix extra 500ms added to socket timeouts

Since commit #56cc12509, haproxy accepts double values for timeouts. The value is then converted to milliseconds before being round up and cast to int. The issue is that to round up the value, a constant value of 0.5 is added to it, but too early in the conversion, resulting in an additional

[PATCH] BUG/MEDIUM: lua: socket timeouts are not applied

Sachin Shetty reported that socket timeouts set in LUA code have no effect. Indeed, connect timeout is never modified and is always set to its default, set to 5 seconds. Currently, this patch will apply the specified timeout value to the connect timeout. For the read and write timeouts, the issue

Re: lua socket settimeout has no effect

Hi Willy and Sachin, Le 14/08/2018 à 01:27, Cyril Bonté a écrit : Thanks for the feedback. I've made some tests with the lines of code you suggested and it looks to work fine. I'll prepare the patches tomorrow. OK, some updates on the patch. It was working well with haproxy 1.7, the same

Re: Trying to get logging above 1024 characters

l#log http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tune.http.logurilen -- Cyril Bonté

Re: lua socket settimeout has no effect

Hi Willy, Le 13/08/2018 à 09:28, Willy Tarreau a écrit : Hi Cyril, On Sun, Aug 12, 2018 at 10:49:13PM +0200, Cyril Bonté wrote: 2. hlua_socket_settimeout() initializes rto/wto values, maybe it should also compute the rex/wex values : socket->s->req.rex = tick_add_ifset(now_ms,

Re: lua socket settimeout has no effect

already set (in your case the task doesn't wake up after 2 secondes because a first timeout was set to 3 seconds) : task_wakeup(socket->s->task, TASK_WOKEN_OTHER); At least, it seems to fix the issue but before sending a patch, I want to be sure that's how we should fix this. -- Cyril Bonté

Re: lua socket settimeout has no effect

out kicks in at about 4 seconds, and at settimeout(2), readtimeout kicks in at about 8 seconds. is that expected? I couldn't find read timeout explicitly set anywhere in the same source file. Thanks Sachin On Fri, Jul 27, 2018 at 5:18 AM, Cyril Bonté mailto:cyril.bo...@free.f

Re: haproxy doesn't reuse server connections

no connection to reuse when switching to the second server for the second request. Thanks in advance, Alessandro -- Cyril Bonté

Re: lua socket settimeout has no effect

NSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems :   epoll : pref=300,  test result OK    poll : pref=200,  test result OK select : pref=150,  test result OK Total: 3 (3 usable), will use epoll. Available filters :     [COMP] compression     [TRACE] trace     [SPOE]

Re: Missing SRV cookie

cookies sent list, or in the browser’s cookies folder) he *never* experiences an unexpected disconnect. Suggestions, please? You have to make a choice, either you use stick tables, either you use cookies, but don't mix both otherwise you'll have the situation you are describing. -- Cyril Bonté

Re: HAProxy 1.8.x not serving errorfiles with H2

t hello (1): curl: (92) HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2) [2] haproxy[19803]: :63832 [05/Jun/2018:15:36:24.202] incoming_https~ local_author_app_http/ 0/-1/-1/-1/0 503 1441 - - SCDN 3/1/0/0/0 0/0 "GET /libs/cq/core/content/welcome.html HTTP/1.1" -- Cyril Bonté

Re: Backup server takes too long to go active

m using that configuration elsewhere in cases where I only want the traffic to go to one server as long as that server is up, and I need the backup server to take over quickly when the primary fails. Thanks, Shawn -- Cyril Bonté

Re: Haproxy 1.8.4 crashing workers and increased memory usage

Hi Robin, > De: "Robin Geuze" > À: "Willy Tarreau" > Cc: haproxy@formilux.org > Envoyé: Lundi 9 Avril 2018 10:24:43 > Objet: Re: Haproxy 1.8.4 crashing workers and increased memory usage > > Hey Willy, > > So I made a build this morning with libslz and

Re: Grrrr.... warnings

-c -o src/haproxy.o src/haproxy.c src/haproxy.c:1:1: warning: gcc has detected the presence of C code in this file. This language is potentially unsafe as it lets the developer do things that the compiler doesn't understand. Please upgrade to a new language, support will be deprecated in gcc-9. [-Wc-deprecated]. Thanks, Willy -- Cyril Bonté

Re: Logging actual fetched URL after request is re-written

) path log-format %{+Q}r\ %{+Q}[var(txn.path_rewrite)] -- Cyril Bonté

[PATCH] DOC: log: more than 2 log servers are allowed

Since commit 0f99e3497, loggers are not limited to 2 instances anymore. --- doc/configuration.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index d6f8b8d38..c2e44354d 100644 --- a/doc/configuration.txt +++

[PATCH] BUG/MINOR: force-persist and ignore-persist only apply to backends

>From the very first day of force-persist and ignore-persist features, they only applied to backends, except that the documentation stated it could also be applied to frontends. In order to make it clear, the documentation is updated and the parser will raise a warning if the keywords are used in

Re: What is a nice way to bypass the maintenance mode for certain IP's?

objection ? With some delay, no objection at all. This is probably the safest option as it used to work like this since the beginning. I'm working on the patch. -- Cyril Bonté

[PATCH] BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc

Krishna Kumar reported a 100% cpu usage with a configuration using cpu-map and a high number of threads, Indeed, this minimal configuration to reproduce the issue : global nbthread 40 cpu-map auto:1/1-40 0-39 frontend test bind :8000 This is due to a wrong type in a shift

Re: Idle HAProxy 1.8 spins at 100% in user space

with a reasonable commit message. It should be ready in a few minutes ;-) -- Cyril Bonté

Re: Idle HAProxy 1.8 spins at 100% in user space

Hi Krishna and Willy, - Mail original - > De: "Krishna Kumar (Engineering)" > À: "HAProxy" > Envoyé: Lundi 12 Mars 2018 07:48:50 > Objet: Idle HAProxy 1.8 spins at 100% in user space > > As an aside, could someone also post a simple

Re: What is a nice way to bypass the maintenance mode for certain IP's?

: are you certain it is present in your browser's request when you get the 503 ? If the 3 char of the termination flags in the logs indicates '-' or 'N', it means it's absent. Or if you can run haproxy in debug mode (with -d), you will see all requests on the screen and it will be easy to tell whether the cookie is there or not. Willy -- Cyril Bonté

Re: Using "-f" to load config files with duplicate sections from directory

/haproxy-dconv/1.8/configuration.html#4 "[...]A "defaults" section sets default parameters for all other sections following its declaration. Those default parameters are reset by the next "defaults" section.[...]" It works the same, using one configuration file or many. Can someone explain to me how haproxy is working ? I would rather not sift through the sourcecode ;-) -- Cyril Bonté

Re: redispatch still cause error response

8001 check I have tried v1.8.3 and v1.7.10 And I missing something? Thanks -- Cyril Bonté

Re: Re[4]: How to parse custom PROXY protocol v2 header for custom routing in HAProxy configuration?

Hi, - Mail original - > De: "Aleksandar Lazic" > À: haproxy@formilux.org > Envoyé: Lundi 22 Janvier 2018 13:34:33 > Objet: Re[4]: How to parse custom PROXY protocol v2 header for custom routing > in HAProxy configuration? > > Hi. > > Have anyone a Idea how haproxy

Re: [BUG] 100% cpu on each threads

Hi all, - Mail original - > De: "Willy Tarreau" > À: "Emmanuel Hocdet" > Cc: "haproxy" > Envoyé: Vendredi 12 Janvier 2018 15:24:54 > Objet: Re: [BUG] 100% cpu on each threads > > On Fri, Jan 12, 2018 at 12:01:15PM +0100, Emmanuel

Re: disable-on-404 functionality change in 1.8

->proxy->options2 & PR_O2_LOGHCHKS)) ? check_reason_string(check) : NULL); + srv_set_running(s, NULL, (!s->track && !(s->proxy->options2 & PR_O2_LOGHCHKS)) ? check : NULL); } [...] Thanks ;-) -- Cyril Bonté

Re: Traffic delivered to disabled server when cookie persistence is enabled after upgrading to 1.8.1

the same tests with the patch applied, I can confirm I don't reproduce the issue anymore ;-) -- Cyril Bonté

Re: Traffic delivered to disabled server when cookie persistence is enabled after upgrading to 1.8.1

be very available for the next days). -- Cyril Bonté

[PATCH] BUG: MINOR: http: don't check http-request capture id when len is provided

Randomly, haproxy could fail to start when a "http-request capture" action is defined, without any change to the configuration. The issue depends on the memory content, which may raise a fatal error like : unable to find capture id '' referenced by http-request capture rule Commit fd608dd2

Re: [PATCH] Minor : converter: Add len converter

one). -- Cyril Bonté

Re: [PATCH] Minor : converter: Add len converter

ch part of this function and I fear that any minimal modification inside it can introduce side effects on one feature or another ;-/ -- Cyril Bonté

Re: [PATCH] Minor : converter: Add len converter

n_req_capture; - rule->check_ptr= check_http_req_capture; rule->arg.cap.expr = expr; rule->arg.cap.hdr = hdr; } -- Cyril Bonté

[PATCH] BUG: MAJOR: lb_map: server map calculation broken

Adrian Williams reported that several balancing methods were broken and sent all requests to one backend. This is a regression in haproxy 1.8 where the server score was not correctly recalculated. This fix must be backported to the 1.8 branch. --- src/lb_map.c | 2 +- 1 file changed, 1

Re: BUG: 1.8.x Several balancing methods only send requests to one backend.

, Cyril Bonté <cyril.bo...@free.fr> wrote: Hi Adrian, Le 14/12/2017 à 00:08, Adrian Williams a écrit : Several backend balancing methods seem to be broken with the 1.8 releases. All traffic is directed to one backend even when multiple are listed. This happens on both 1.8 and 1.8.1. Ch

cache issue : some data skipped in the middle of the content

Hi all, Late this night, I had an issue I didn't met during my previous tests, related to the cache feature : sometimes, I had some corrupted images in the browser. After adding some debug messages, it seems there's an issue in cache_store_http_forward_data() when there is not enough contiguous

[PATCH] DOC: cache: update sections and fix some typos

Cache sections were not defined as the others, preventing them to be correctly parsed by the HTML converter. Also, the "Cache" subsections where not added to the summary. This patch should be backported to the 1.8 branch. --- doc/configuration.txt | 26 +++---

haproxy 1.8-rc4: cache and HTTP/1.1 response for HTTP/1.0 request

bind :443 ssl crt localhost.pem alpn h2,http/1.1 option httplog http-response cache-store proxy http-request cache-use proxy server real backend:80 cache proxy total-max-size 4 -- Cyril Bonté

Re: log-format in defaults section in 1.7

000 listen health_url bind :27000 mode health option httpchk # ... # Other TCP frontends # ... However, if I add `log-format "GARBAGE"` to the health_url listener, then the error goes away. Or you can specify "option tcplog" in your "health_url" section (or any other tcp sections). -- Cyril Bonté

Re: [ANNOUNCE] haproxy-1.8-rc1 : the last mile

;-) -- Cyril Bonté

Re: cppcheck finding

, the expected behaviour and to ensure there is no regression between versions. The only issue is that it requires some time :) -- Cyril Bonté

Re: Error on "tcp-check connect port 3389 ssl" in config

haproxy -v > HA-Proxy version 1.7.9 2017/08/18 > Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org> I guess that you compiled haproxy yourself and forgot to enable the SSL support. If you run the following command : haproxy -vv it will probably show you that haproxy was compiled without SSL support. Cyril Bonté

Re: AW: Enable SSL Forward Secrecy

> De: "Julian Zielke" <jzie...@next-level-integration.com> > À: "Cyril Bonté" <cyril.bo...@free.fr> > Cc: haproxy@formilux.org > Envoyé: Mercredi 30 Août 2017 15:11:47 > Objet: AW: Enable SSL Forward Secrecy > > Hi Cyril, > > tired it

Re: Enable SSL Forward Secrecy

+HIGH:!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH:!DHE I think that with this ciphers list, ECHDE ones should now be available. Cyril Bonté

Re: Removed health check in combination with load-server-state-from-file (Bug)

> De: "Julien Laffaye" > Hello Cyril, > > > Well, you can also think of this use case which I find legit: > - you don't have probe > - you want to have probe so you add one and reload haproxy > - you realize your probe does not do want you intended, your backends > are

Re: Removed health check in combination with load-server-state-from-file (Bug)

save the servers state and reload haproxy, You'd certainly want to have that server still DOWN (which is a different state than DOWN for maintenance, the one set by the "disabled" keyword). Please avoid top posting ;-) > > > > > > > > > De : Cyril Bont

Re: Removed health check in combination with load-server-state-from-file (Bug)

> 6. Start the backend. > 7. Reload the Stats page and notice that the backend still is 'DOWN'. > > Tim > -- Cyril Bonté

Re: req.cook_cnt() broken?

s appears to exit early when there is no parameter of type string passed in. I hope someone can shed some light on this. :) You're right. currently, the code and the documentation don't say the same things. Can you try the attached patch ? -- Cyril Bonté diff --git a/src/proto_http.c b/src/

Re: requests are loadbalanced to servers in maintainance mode

2400 server web2-ip2 192.168.2.22:80 check source 192.168.2.116 non-stick inter 30s maxconn 102400 [...] Thanks! Stefan -- Cyril Bonté

Re: 3 HA proxy instances on 3 ECS clusters hang on and off

/haproxy-dconv/1.7/configuration.html#resolvers%20(Server%20and%20default-server%20options) -- Cyril Bonté

Re: fields vs word converter, unexpected "0" result

; : word(1,/) => returns "x" word(2,/) => returns "y" word(3,/) => returns "z" whereas : field(1,/) => returns "x" field(2,/) => returns "" field(3,/) => returns "y" -- Cyril Bonté

Re: help for configuration between http and tcp mode

p.example.net:8086", not "influxdb-drp.example.net". You can verify this with this acl instead : acl host_influxdb-drp.example.net hdr(host) -i influxdb-drp.example.net:8086 Or you can even capture the header in your logs, it's quite useful to debug acls ;-) -- Cyril Bonté

Re: HAProxy 1.7.5 cookie JSESSIONID prefix not working

ONID? Do you have clients so broken they support only one single cookie? Regards, Lukas [1] https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-cookie [2] https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-cookie -- Cyril Bonté

Re: [PATCH] BUILD: ssl: fix SSL_OP_NO_SSLv3 with LibreSSL >= 2.3.0

for the noise ;-) -- Cyril Bonté

Re: [Patches] TLS methods configuration reworked

://www.haproxy.org/git?p=haproxy.git;a=commit;h=5db33cbdc4f2952cbd3c140edce0eda84e1447b4 -- Cyril Bonté

Re: Haproxy 1.5.4 unable to accept new TCP request, backlog full, tens of thousands close_wait connection

Hi Willy, > De: "Willy Tarreau" > À: "jaseywang" [...] > > Below is the data during benchmark: > > *maxsock = *136; *maxconn = *50; *maxpipes = *0 > > current conns = 7488; current pipes = 0/0; conn rate = 322/sec > > Running tasks: 7366/7449; idle =

  1   2   3   4   5   6   7   >