://www.haproxy.com/blog/how-to-install-haproxy-on-ubuntu
According to your previous information, it would result in:
https://haproxy.debian.net/#distribution=Ubuntu=jammy=2.8
--
Cyril Bonté
in configuration file :
/etc/haproxy/haproxy.cfg
[ALERT] (521883) : config : Fatal errors found in configuration.
Because it should be in the global section, not the defaults one ;)
--
Cyril Bonté
Hi all,
Le 20/06/2023 à 11:57, Amaury Denoyelle a écrit :
On Tue, Jun 13, 2023 at 03:18:19PM +0200, Tim Düsterhus, WoltLab GmbH wrote:
Hi
please find the patch attached.
This email address is not subscribed to the list, please keep it in Cc
when replying.
Thanks Tim, I applied all of your
.github.io/haproxy-dconv/. I'm not sure about
who maintains this page but it may be a good idea to update to haproxy.org.
See https://hub.docker.com/_/haproxy
Thanks ;)
Cyril Bonté
://cbonte.github.io/haproxy-dconv/
I'm sad to not find enough time to contribute to haproxy. But well, at
least I try to read mail subjects :-/
With some delays, I've now pushed the documentation for 2.3 and 2.4-dev ;-)
--
Cyril Bonté
reproduce the behavior
4. Do you have any idea what may have caused this?
5. Do you have an idea how to solve the issue?
6. What's the configuration?
7. Output of haproxy -vv and uname -a
What do you think about it ?
--
Cyril Bonté
versions are available, including the dev branch ;-)
--
Cyril Bonté
the issue in all conditions ?
From what I've observed, it seems we can rely on the
HTX_SL_F_NORMALIZED_URI flag to detect if the URI was normalized by
haproxy and in that case, we should start at the path instead of the URI.
--
Cyril Bonté
diff --git a/src/http_act.c b/src/http_act.c
index d6015d362
).
http://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=30ee1efe67
--
Cyril Bonté
---
doc/configuration.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index d8fe6b650..0bb7313cd 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13245,7 +13245,7 @@ hex2i
Converts a hex string
Le 26/10/2019 à 16:53, Troels Arvin a écrit :
Hello,
Cyril Bonté wrote:
if no "timeout tunnel" is specified in the configuration, there is
no timeout for that specific case. "timeout client" and "timeout server"
take the relay, if they're defined as well.
O
Le 26/10/2019 à 09:24, Troels Arvin a écrit :
Hello,
Cyril Bonté wrote:
You will find the information at several places :
[...]
No matter how hard I look, I can't find an answer to this:
Let's say my defaults section has the following three timeout related
lines:
timeout connect
valid, you will certainly encounter various
problems
| with such a configuration. To fix this, please ensure that all
following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
--
Cyril Bonté
can't connect to the old resolved
one. You should have a look to the documentation chapter "Server IP
address resolution using DNS" :
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#5.3
--
Cyril Bonté
performing a synchronous
operation somewhere, I'll check.
And I confirm that commit 5b06cb33eb (BUG/MEDIUM: mux_h1: Don't bother
subscribing in recv if we're not connected) fixes the issue ;-)
--
Cyril Bonté
;)
It looks to be very specific to the 2.0 branch, I can't reproduce it in
1.9 and 2.1.
--
Cyril Bonté
the HTML documentation for
2.0.0 and 2.1-dev. I really need to clean up/repair/rewrite my scripts ;)
--
Cyril Bonté
) complete configuration to investigate
further, as the lines provided are not valid and are not sufficient to
reproduce the issue.
--
Cyril Bonté
-dconv/1.9/configuration.html#7.1.6
Well, for that kind of notation, you can refer to the inet manpage,
where everything is explained ;-)
https://linux.die.net/man/3/inet
(I hope the reply will arrive in the right thread cause I didn't receive
the email but found the question in mail-archive instead).
--
Cyril Bonté
> De: "Tim Düsterhus"
> À: "Cyril Bonté" , "Willy Tarreau" , "Kevin
> Mao"
> Cc: haproxy@formilux.org
> Envoyé: Mardi 26 Février 2019 12:12:33
> Objet: Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9?
>
> Willy,
> Cyril,
>
Hi again,
> De: "Cyril Bonté"
> À: "Willy Tarreau" , "Kevin Mao"
> Cc: haproxy@formilux.org
> Envoyé: Mardi 26 Février 2019 09:39:08
> Objet: Re: Wrong sha256 checksum for HAProxy 1.8 and 1.9?
>
> Using firefox, I'm observing the same issue.
results occurs with the other archives.
I don't have the issue using wget/curl/chromium. I'll make some more
tests today.
--
Cyril Bonté
"MEDIUM: mailers: Init alerts
during conf parsing and refactor their processing"
http://git.haproxy.org/?p=haproxy.git;a=commit;h=0108bb3e4
Hope this helps.
--
Cyril Bonté
> De: "PRAVEEN UPPALAPATI"
> À: "Cyril Bonté"
> Cc: haproxy@formilux.org
> Envoyé: Mercredi 19 Décembre 2018 18:10:50
> Objet: RE: Http HealthCheck Issue
>
> The pointed mistake was GET which I updated and tried. I'm not sure
> if there was som
please, please, PLEASE ! Read the answers before telling again it's not working.
Several users already told you where you made a mistake.
- Mail original -
> De: "PRAVEEN UPPALAPATI"
> À: "Jarno Huuskonen"
> Cc: haproxy@formilux.org, "THANIGAIVEL SIVANANDHAM"
> Envoyé: Mercredi 19
result.
Or is there a function to explicitely update the block size (kind of
htx_set_blksz) ?
I prefer to report the bug quickly so you can fix it today. Or I can
work on a patch, but this will not be before the end of the day ;-)
--
Cyril Bonté
is still valid but the syntax you used is only
valid for acls. This is true for all fetches preceded by "ACL derivatives".
--
Cyril Bonté
Hi Willy,
Le 17/10/2018 à 04:19, Willy Tarreau a écrit :
Hi Cyril,
On Wed, Oct 17, 2018 at 12:18:49AM +0200, Cyril Bonté wrote:
Hi Willy,
this set of patches is an attempt to make the http-request/http-response
documentation more readable.
If it's OK for you, I will do the same work for tcp
Hi Willy,
this set of patches is an attempt to make the http-request/http-response
documentation more readable.
If it's OK for you, I will do the same work for tcp-request/tcp-response.
Cheers,
Le 17/10/2018 à 00:14, Cyril Bonté a écrit :
Since http-request was first introduced, more
Similarly to the "http-request" actions, this is an attempt to make the
documentation easier to read.
---
doc/configuration.txt | 543 ++
1 file changed, 290 insertions(+), 253 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index
Since http-request was first introduced, more and more actions have been
added over time. This makes the "http-request" difficult to read and some
actions were forgotten in the list.
This is an attempt to make the documenation cleaner. In future steps, it
would be great to provide at least one
8/configuration.html#var
PS: it's `haproxy 1.8.8`
PPS: I originally asked it at https://serverfault.com/q/935492/45086 as well
--
With best regards, Ivan Kurnosov
--
Cyril Bonté
:870:6: error: lvalue required as left operand of assignment
tid = 0;
^
http://git.haproxy.org/?p=haproxy.git;a=commit;h=f9cc07c25beab93700044955d97117465b4852ae
I prefer to report the issue as I'm not sure you've seen it ;-)
--
Cyril Bonté
till wait
a bit ;-)
Great job ! I can't reproduce the issue anymore, even with nbthread > 1
(I noticed too late it was easier to trigger). We can consider this as
fixed ;-)
I'll upgrade the haproxy instance on my test server in the morning.
--
Cyril Bonté
Le 22/08/2018 à 00:40, Cyril Bonté a écrit :
Hi again Willy,
Le 21/08/2018 à 22:55, Cyril Bonté a écrit :
Thanks for the diag. I don't remember changing anything around the proxy
protocol, but it's possible that something subtle changed. Also it's not
on the regular send/receive path so maybe
Hi again Willy,
Le 21/08/2018 à 22:55, Cyril Bonté a écrit :
Thanks for the diag. I don't remember changing anything around the proxy
protocol, but it's possible that something subtle changed. Also it's not
on the regular send/receive path so maybe I overlooked certain parts and
broke
Le 21/08/2018 à 21:56, Willy Tarreau a écrit :
On Tue, Aug 21, 2018 at 07:00:39PM +0200, Cyril Bonté wrote:
Le 21/08/2018 à 18:36, Willy Tarreau a écrit :
Cyril,
if you want to test, please be sure to update to at least 1b13bfd as
we've just added another fix on top of this series.
OK, I
Le 21/08/2018 à 19:00, Cyril Bonté a écrit :
Le 21/08/2018 à 18:36, Willy Tarreau a écrit :
Cyril,
if you want to test, please be sure to update to at least 1b13bfd as
we've just added another fix on top of this series.
OK, I was performing some tests, I've now updated with this patch
m.c:1932
#4 0x563f9aa14978 in process_runnable_tasks () at src/task.c:381
#5 0x563f9a9c3371 in run_poll_loop () at src/haproxy.c:2386
#6 run_thread_poll_loop (data=) at src/haproxy.c:2451
#7 0x563f9a91d9de in main (argc=,
argv=0x7ffd1da4e748) at src/haproxy.c:3053
--
Cyril Bonté
> De: "Cyril Bonté"
> À: "Willy Tarreau"
> Cc: "HAProxy"
> Envoyé: Mardi 21 Août 2018 16:09:55
> Objet: haproxy-1.9-dev [0c026f49e]: 100% CPU when a server goes DOWN with
> option redispatch
>
> Hi Willy,
> Here is another issue seen
Hi Willy,
Here is another issue seen today with the current dev branch [tests were also
made after pulling recent commit 3bcc2699b].
Since 0c026f49e, when a server status is set to DOWN and option redispatch is
enabled, the haproxy process hits 100% CPU.
Even more, with the latest commits, if
Hi Willy,
I'm afraid there's still some issues with HTTP/2 in the current dev branch :-(
This morning, I've upgraded a test server and discovered that some HTTPS sites
did not work anymore (content hangs and is not sent to the client), I've also
noticed some segfaults in haproxy.
As this is a
Since commit #56cc12509, haproxy accepts double values for timeouts. The
value is then converted to milliseconds before being rounded up and cast
to int. The issue is that to round up the value, a constant value of 0.5
is added to it, but too early in the conversion, resulting in an
additional
is not to round
up every values but to round values to the nearest int.
On Sun, Aug 19, 2018 at 12:27:13AM +0200, Cyril Bonté wrote:
if (dtmout > INT_MAX) /* overflow check */
- WILL_LJMP(luaL_error(L, "settimeout: cannot set values larger than
%d&q
Since commit #56cc12509, haproxy accepts double values for timeouts. The
value is then converted to milliseconds before being round up and cast
to int. The issue is that to round up the value, a constant value of 0.5
is added to it, but too early in the conversion, resulting in an
additional
Sachin Shetty reported that socket timeouts set in LUA code have no effect.
Indeed, connect timeout is never modified and is always set to its default,
set to 5 seconds. Currently, this patch will apply the specified timeout
value to the connect timeout.
For the read and write timeouts, the issue
Hi Willy and Sachin,
Le 14/08/2018 à 01:27, Cyril Bonté a écrit :
Thanks for the feedback. I've made some tests with the lines of code
you suggested and it looks to work fine. I'll prepare the patches tomorrow.
OK, some updates on the patch.
It was working well with haproxy 1.7, the same
l#log
http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#tune.http.logurilen
--
Cyril Bonté
Hi Willy,
Le 13/08/2018 à 09:28, Willy Tarreau a écrit :
Hi Cyril,
On Sun, Aug 12, 2018 at 10:49:13PM +0200, Cyril Bonté wrote:
2. hlua_socket_settimeout() initializes rto/wto values, maybe it should also
compute the rex/wex values :
socket->s->req.rex = tick_add_ifset(now_ms,
already set (in your case the task doesn't wake up after 2
secondes because a first timeout was set to 3 seconds) :
task_wakeup(socket->s->task, TASK_WOKEN_OTHER);
At least, it seems to fix the issue but before sending a patch, I want
to be sure that's how we should fix this.
--
Cyril Bonté
out kicks in at about 4 seconds, and at settimeout(2),
readtimeout kicks in at about 8 seconds.
is that expected? I couldn't find read timeout explicitly set
anywhere in the same source file.
Thanks
Sachin
On Fri, Jul 27, 2018 at 5:18 AM, Cyril Bonté mailto:cyril.bo...@free.f
no
connection to reuse when switching to the second server for the second
request.
Thanks in advance,
Alessandro
--
Cyril Bonté
NSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[COMP] compression
[TRACE] trace
[SPOE]
cookies sent list, or in the browser’s cookies folder)
he *never* experiences an unexpected disconnect.
Suggestions, please?
You have to make a choice, either you use stick tables, either you use
cookies, but don't mix both otherwise you'll have the situation you are
describing.
--
Cyril Bonté
t hello (1):
curl: (92) HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)
[2] haproxy[19803]: :63832 [05/Jun/2018:15:36:24.202]
incoming_https~ local_author_app_http/ 0/-1/-1/-1/0 503 1441 - -
SCDN 3/1/0/0/0 0/0 "GET /libs/cq/core/content/welcome.html HTTP/1.1"
--
Cyril Bonté
m using that configuration
elsewhere in cases where I only want the traffic to go to one server as
long as that server is up, and I need the backup server to take over
quickly when the primary fails.
Thanks,
Shawn
--
Cyril Bonté
Hi Robin,
> De: "Robin Geuze"
> À: "Willy Tarreau"
> Cc: haproxy@formilux.org
> Envoyé: Lundi 9 Avril 2018 10:24:43
> Objet: Re: Haproxy 1.8.4 crashing workers and increased memory usage
>
> Hey Willy,
>
> So I made a build this morning with libslz and
-c -o src/haproxy.o src/haproxy.c
src/haproxy.c:1:1: warning: gcc has detected the presence of C code in this
file. This language is potentially unsafe as it lets the developer do things
that the compiler doesn't understand. Please upgrade to a new language, support
will be deprecated in gcc-9. [-Wc-deprecated].
Thanks,
Willy
--
Cyril Bonté
) path
log-format %{+Q}r\ %{+Q}[var(txn.path_rewrite)]
--
Cyril Bonté
Since commit 0f99e3497, loggers are not limited to 2 instances anymore.
---
doc/configuration.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index d6f8b8d38..c2e44354d 100644
--- a/doc/configuration.txt
+++
>From the very first day of force-persist and ignore-persist features,
they only applied to backends, except that the documentation stated it
could also be applied to frontends.
In order to make it clear, the documentation is updated and the parser
will raise a warning if the keywords are used in
objection ?
With some delay, no objection at all. This is probably the safest option
as it used to work like this since the beginning. I'm working on the patch.
--
Cyril Bonté
Krishna Kumar reported a 100% cpu usage with a configuration using
cpu-map and a high number of threads,
Indeed, this minimal configuration to reproduce the issue :
global
nbthread 40
cpu-map auto:1/1-40 0-39
frontend test
bind :8000
This is due to a wrong type in a shift
with a reasonable commit
message. It should be ready in a few minutes ;-)
--
Cyril Bonté
Hi Krishna and Willy,
- Mail original -
> De: "Krishna Kumar (Engineering)"
> À: "HAProxy"
> Envoyé: Lundi 12 Mars 2018 07:48:50
> Objet: Idle HAProxy 1.8 spins at 100% in user space
>
> As an aside, could someone also post a simple
: are you certain it is present in your
browser's request when you get the 503 ? If the 3 char of the termination
flags in the logs indicates '-' or 'N', it means it's absent. Or if you
can run haproxy in debug mode (with -d), you will see all requests on the
screen and it will be easy to tell whether the cookie is there or not.
Willy
--
Cyril Bonté
/haproxy-dconv/1.8/configuration.html#4
"[...]A "defaults" section sets default parameters for all other
sections following its declaration. Those default parameters are reset
by the next "defaults" section.[...]"
It works the same, using one configuration file or many.
Can someone explain to me how haproxy is working ? I would rather not sift
through the sourcecode ;-)
--
Cyril Bonté
8001 check
I have tried v1.8.3 and v1.7.10
And I missing something?
Thanks
--
Cyril Bonté
Hi,
- Mail original -
> De: "Aleksandar Lazic"
> À: haproxy@formilux.org
> Envoyé: Lundi 22 Janvier 2018 13:34:33
> Objet: Re[4]: How to parse custom PROXY protocol v2 header for custom routing
> in HAProxy configuration?
>
> Hi.
>
> Have anyone a Idea how haproxy
Hi all,
- Mail original -
> De: "Willy Tarreau"
> À: "Emmanuel Hocdet"
> Cc: "haproxy"
> Envoyé: Vendredi 12 Janvier 2018 15:24:54
> Objet: Re: [BUG] 100% cpu on each threads
>
> On Fri, Jan 12, 2018 at 12:01:15PM +0100, Emmanuel
->proxy->options2 &
PR_O2_LOGHCHKS)) ? check_reason_string(check) : NULL);
+ srv_set_running(s, NULL, (!s->track && !(s->proxy->options2 &
PR_O2_LOGHCHKS)) ? check : NULL);
}
[...]
Thanks ;-)
--
Cyril Bonté
the same tests with the patch applied, I can
confirm I don't reproduce the issue anymore ;-)
--
Cyril Bonté
be very available for the next days).
--
Cyril Bonté
Randomly, haproxy could fail to start when a "http-request capture"
action is defined, without any change to the configuration. The issue
depends on the memory content, which may raise a fatal error like :
unable to find capture id '' referenced by http-request capture
rule
Commit fd608dd2
one).
--
Cyril Bonté
ch part of this
function and I fear that any minimal modification inside it can
introduce side effects on one feature or another ;-/
--
Cyril Bonté
n_req_capture;
- rule->check_ptr= check_http_req_capture;
rule->arg.cap.expr = expr;
rule->arg.cap.hdr = hdr;
}
--
Cyril Bonté
Adrian Williams reported that several balancing methods were broken and
sent all requests to one backend. This is a regression in haproxy 1.8 where
the server score was not correctly recalculated.
This fix must be backported to the 1.8 branch.
---
src/lb_map.c | 2 +-
1 file changed, 1
, Cyril Bonté <cyril.bo...@free.fr> wrote:
Hi Adrian,
Le 14/12/2017 à 00:08, Adrian Williams a écrit :
Several backend balancing methods seem to be broken with the 1.8
releases. All traffic is directed to one backend even when multiple
are listed. This happens on both 1.8 and 1.8.1. Ch
Hi all,
Late this night, I had an issue I didn't met during my previous tests, related
to the cache feature : sometimes, I had some corrupted images in the browser.
After adding some debug messages, it seems there's an issue in
cache_store_http_forward_data() when there is not enough contiguous
Cache sections were not defined as the others, preventing them to be
correctly parsed by the HTML converter. Also, the "Cache" subsections
where not added to the summary.
This patch should be backported to the 1.8 branch.
---
doc/configuration.txt | 26 +++---
bind :443 ssl crt localhost.pem alpn h2,http/1.1
option httplog
http-response cache-store proxy
http-request cache-use proxy
server real backend:80
cache proxy
total-max-size 4
--
Cyril Bonté
000
listen health_url
bind :27000
mode health
option httpchk
# ...
# Other TCP frontends
# ...
However, if I add `log-format "GARBAGE"` to the health_url listener,
then the error goes away.
Or you can specify "option tcplog" in your "health_url" section (or any
other tcp sections).
--
Cyril Bonté
;-)
--
Cyril Bonté
,
the expected behaviour and to ensure there is no regression between
versions. The only issue is that it requires some time :)
--
Cyril Bonté
haproxy -v
> HA-Proxy version 1.7.9 2017/08/18
> Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org>
I guess that you compiled haproxy yourself and forgot to enable the SSL support.
If you run the following command :
haproxy -vv
it will probably show you that haproxy was compiled without SSL support.
Cyril Bonté
> De: "Julian Zielke" <jzie...@next-level-integration.com>
> À: "Cyril Bonté" <cyril.bo...@free.fr>
> Cc: haproxy@formilux.org
> Envoyé: Mercredi 30 Août 2017 15:11:47
> Objet: AW: Enable SSL Forward Secrecy
>
> Hi Cyril,
>
> tired it
+HIGH:!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH:!DHE
I think that with this ciphers list, ECHDE ones should now be available.
Cyril Bonté
> De: "Julien Laffaye"
> Hello Cyril,
>
>
> Well, you can also think of this use case which I find legit:
> - you don't have probe
> - you want to have probe so you add one and reload haproxy
> - you realize your probe does not do want you intended, your backends
> are
save the servers state and
reload haproxy, You'd certainly want to have that server still DOWN (which is a
different state than DOWN for maintenance, the one set by the "disabled"
keyword).
Please avoid top posting ;-)
>
>
>
>
>
>
>
>
> De : Cyril Bont
> 6. Start the backend.
> 7. Reload the Stats page and notice that the backend still is 'DOWN'.
>
> Tim
>
--
Cyril Bonté
s appears to exit early when there is no
parameter of type string passed in.
I hope someone can shed some light on this. :)
You're right. currently, the code and the documentation don't say the
same things.
Can you try the attached patch ?
--
Cyril Bonté
diff --git a/src/proto_http.c b/src/
2400
server web2-ip2 192.168.2.22:80 check source 192.168.2.116
non-stick inter 30s maxconn 102400
[...]
Thanks!
Stefan
--
Cyril Bonté
/haproxy-dconv/1.7/configuration.html#resolvers%20(Server%20and%20default-server%20options)
--
Cyril Bonté
; :
word(1,/) => returns "x"
word(2,/) => returns "y"
word(3,/) => returns "z"
whereas :
field(1,/) => returns "x"
field(2,/) => returns ""
field(3,/) => returns "y"
--
Cyril Bonté
p.example.net:8086",
not "influxdb-drp.example.net". You can verify this with this acl instead :
acl host_influxdb-drp.example.net hdr(host) -i
influxdb-drp.example.net:8086
Or you can even capture the header in your logs, it's quite useful to
debug acls ;-)
--
Cyril Bonté
ONID?
Do you have clients so broken they support only one single cookie?
Regards,
Lukas
[1] https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4.2-cookie
[2] https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-cookie
--
Cyril Bonté
for the noise ;-)
--
Cyril Bonté
://www.haproxy.org/git?p=haproxy.git;a=commit;h=5db33cbdc4f2952cbd3c140edce0eda84e1447b4
--
Cyril Bonté
Hi Willy,
> De: "Willy Tarreau"
> À: "jaseywang"
[...]
> > Below is the data during benchmark:
> > *maxsock = *136; *maxconn = *50; *maxpipes = *0
> > current conns = 7488; current pipes = 0/0; conn rate = 322/sec
> > Running tasks: 7366/7449; idle =
1 - 100 of 687 matches
Mail list logo