Re: maxconn limit not working after reload / sighup

Hi, Think this explains it in details https://www.haproxy.com/blog/should-you-reload-or-restart-haproxy Particularly this part: Reloading starts a new HAProxy instance (or “process”) which handles new requests, while the old instance maintains connections until they naturally close or the

Re: ACL with multi or

http-request tarpit deny_status 403 unless XMail_Autodiscover || XMail_EAS || XMail_ECP || XMail_EWS || XMail_MAPI || XMail_OAB || XMail_OWA || XMail_RPC || XMail_PowerShell Get Outlook for Android Public From: Henning Svane Sent:

Re: Server timeouts since HAProxy 2.2

Because of keep-alive? From: William Edwards Sent: Thursday, 4 August 2022, 00:26 To: haproxy@formilux.org Subject: Server timeouts since HAProxy 2.2 [You don't often get email from wedwa...@cyberfusion.nl. Learn why this is important at

Re: Blocking log4j CVE with HAProxy

You should also take into account path that can have base64 encoded payload. To me the best bet for protecting via haproxy is using spoa mod_security WAF given people have already come with a comprehensive protection rules. Get Outlook for Android

Re: Question about available fetch-methods for http-request

Hi Maya, Maybe try this: http-request set-header Host context_path.ms.example.com if { path_beg /context_path } { hdr(Host) -i example.com } From: Maya Lena Ayleen Scheu Sent: Wednesday, August 11, 2021 9:58 PM To: haproxy@formilux.org Subject: Question about

Re: Apache Proxypass mimicing ?

> But if I do some configuration tweaks in "wp-config.php", like adding the > following two lines : > define('WP_HOME', 'https://front1.domain.local'); > define('WP_SITEURL', 'https://front1.domain.local'); > > It seems to work correctly. > > It is not an acceptable solution however, as these WP

Re: [2.0.17] crash with coredump

Hi Maciej, On Wed, Sep 16, 2020 at 9:00 PM Maciej Zdeb wrote: > Hi, > > Our HAProxy (2.0.14) started to crash, so first we upgraded to 2.0.17 but > it didn't help. Below you'll find traces from coredump > > Version: > HA-Proxy version 2.0.17 2020/07/31 - https://haproxy.org/ > Build options : >

http2 smuggling

Should we be worried? https://portswigger.net/daily-swig/http-request-smuggling-http-2-opens-a-new-attack-tunnel IC

Dynamic peers section

Hi guys, As we know everything is dynamic these days including haproxy servers coming and going all the time in a proxy/lb tier so wonder if there is any way to achieve a dynamic peers section in haproxy? Maybe via resolvers or the data plane API? Interested to know how are people managing this

Re: Rate Limit per IP with queueing (delay)

; http-request lua.delay_request if { sc_http_req_rate(0) gt 30 } > use_backend api > > Basically if there are more than 30 request per 10 seconds, i will make > them wait 50*count (so starting from 1500ms up to whatver they keep > insisting) > does it make sense? > d

Re: Rate Limit per IP with queueing (delay)

On Tue, Jun 9, 2020 at 6:48 PM Stefano Tranquillini wrote: > Hello, > i didn't really get what has been changed in this example, and why. > > On Tue, Jun 9, 2020 at 9:46 AM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Modify your frontend from th

Re: Rate Limit per IP with queueing (delay)

now it is by IP or User via auth or JWT. > The problem that I've is with the primitives to define this maximum number > of calls per minute/seconds etc. > > > On Tue, Jun 9, 2020 at 6:08 AM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> >> >> O

Re: Rate Limit per IP with queueing (delay)

On Mon, Jun 8, 2020 at 5:18 PM Stefano Tranquillini wrote: > > > On Sun, Jun 7, 2020 at 11:11 PM Илья Шипицин wrote: > >> >> >> вс, 7 июн. 2020 г. в 19:59, Stefano Tranquillini : >> >>> Hello all, >>> >>> I'm moving to HA using it to replace NGINX and I've a question regarding >>> how to do a

Re: Haproxy 1.8.25 segfault

Hi Willy, On Tue, May 26, 2020 at 4:43 PM Willy Tarreau wrote: > On Sun, May 24, 2020 at 10:35:10AM +1000, Igor Cicimov wrote: > > We are getting segfaults with haproxy 1.8.25 > > By the way, does this mean you didn't get them with a previous version > (presumably 1.8.

Re: Haproxy 1.8.25 segfault

Hi Willy, On Tue, May 26, 2020 at 4:31 PM Willy Tarreau wrote: > Hi Igor, > > On Sun, May 24, 2020 at 10:35:10AM +1000, Igor Cicimov wrote: > > Hi guys, > > > > We are getting segfaults with haproxy 1.8.25 and thought I would ask if > > this rings any bell: &g

Haproxy 1.8.25 segfault

Hi guys, We are getting segfaults with haproxy 1.8.25 and thought I would ask if this rings any bell: segfault at 5609a853 ip 7f1b93928c10 sp 7ffd5e731fd8 error 4 in libc-2.19.so[7f1b9388e000+1be000] It is running on Ubuntu-14.04.2 (kernel 4.4.0-144-generic) and is happening only on

Re: doubt how to compile modsecurity module for HAproxy

Hi Ricardo, On Fri, May 1, 2020 at 1:06 PM Ricardo Barbosa wrote: > Of course, it would be a pleasure, but I still couldn't get it to work, > following the igor script I even managed to build it but it is generating > the following log. > > --- begin - >

Re: Server weight in server-template and consul dns

On Mon, Apr 27, 2020 at 10:14 PM Baptiste wrote: > > > On Mon, Apr 27, 2020 at 3:05 AM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Hi, >> >> On Mon, Apr 20, 2020 at 10:25 PM Igor Cicimov < >> ig...@encompasscorporation.com> wrot

Re: Server weight in server-template and consul dns

Hi, On Mon, Apr 20, 2020 at 10:25 PM Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi, > > I have the following template in a server backend: > > server-template tomcats 10 _tomcat._tcp.service.consul resolvers consul > resolve-prefer ipv4 check > > This

Re: doubt how to compile modsecurity module for HAproxy

Hi Ricardo, On Sun, Apr 26, 2020 at 11:36 AM Ricardo Barbosa wrote: > Hello everyone, everything good? I'm studying how to enable the > modsecurity module, but I don't know how the compilation process is done. > > I found this link >

Server weight in server-template and consul dns

Hi, I have the following template in a server backend: server-template tomcats 10 _tomcat._tcp.service.consul resolvers consul resolve-prefer ipv4 check This is the SRV records resolution: # dig +short @127.0.0.1 -p 8600 _tomcat._tcp.service.consul SRV 1 10 8080 ip-10-20-3-21.node.dc1.consul.

Re: Multiple balance statements in a backend

On Fri, Apr 3, 2020 at 11:23 PM Willy Tarreau wrote: > On Fri, Apr 03, 2020 at 09:38:58PM +1100, Igor Cicimov wrote: > > >> And in general how are duplicate statements being handled in the code, > > >> .i.e. the first one or the last one is considered as valid, and a

Re: Multiple balance statements in a backend

Hi Baptiste, On Fri, Apr 3, 2020 at 5:28 PM Baptiste wrote: > > > On Fri, Apr 3, 2020 at 5:21 AM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Hi all, >> >> Probably another quite basic question that I can't find an example of in >&

Multiple balance statements in a backend

Hi all, Probably another quite basic question that I can't find an example of in the docs (at least as a warning not to do that as it does not make sense or bad practise) or on the net. It is regarding the usage of multiple balance statements in a backend like this: balance leastconn

Re: Log lines in 2.0

Hi Willy, On Fri, Feb 28, 2020, 2:15 AM Willy Tarreau wrote: > Hi Igor, > > On Thu, Feb 27, 2020 at 10:36:44PM +1100, Igor Cicimov wrote: > > > This looks like you are running HAProxy in debug mode. Debug mode is > > > enabled via the '-d' command line switch or 'de

Re: Log lines in 2.0

Hi Tim, On Thu, Feb 27, 2020, 10:09 PM Tim Düsterhus wrote: > Igor, > > Am 27.02.20 um 05:27 schrieb Igor Cicimov: > > Feb 27 03:37:21 ip-10-0-4-33 haproxy[21361]: > > 0d56:monitor-in.accept(0009)=0012 from [IP:56142] ALPN= > > Feb 27 03:37:21 ip-10-0-4-33 h

Log lines in 2.0

Hi, I have an HTTP frontend running on specific PORT for the purpose of external health checks, so typical: mode http option httplog I noticed the log lines though for haproxy v2.0.13 I installed from the usual Ubuntu PPA from Vincent: # haproxy -v HA-Proxy version 2.0.13-1ppa1~bionic

Re: Termination state IR--

Hi Christopher, On Wed, Jan 29, 2020 at 7:58 PM Christopher Faulet wrote: > Le 29/01/2020 à 05:14, Igor Cicimov a écrit : > > Hi all, > > > > I'm asking this question here since I read in the docs that if I see > "Ixxx" in > > the sessio

Re: PROXY protocol and check port

Hi Olivier, On Tue, Dec 17, 2019 at 7:20 PM Olivier D wrote: > Hello Igor, > > > Le lun. 16 déc. 2019 à 23:41, Igor Cicimov > a écrit : > >> Hi, >> >> On Tue, Dec 17, 2019 at 2:55 AM Olivier D wrote: >> >>> Hello, >>> >>&

Re: ModSecurity testing

Hi Joao, On Sat, Dec 14, 2019 at 11:30 PM Joao Morais wrote: > > > > Em 13 de dez de 2019, à(s) 10:09, Christopher Faulet < > cfau...@haproxy.com> escreveu: > > > > Le 10/12/2019 à 05:24, Igor Cicimov a écrit : > >> > >> Testing with Hapro

Re: PROXY protocol and check port

Hi, On Tue, Dec 17, 2019 at 2:55 AM Olivier D wrote: > Hello, > > I found what was wrong : I was using "load-server-state-from-file" and > previous config file was using port 80 as server port. > It seems using this instruction loads previous server state but also > previous srv_port. > Is this

ModSecurity testing

Hi all, I have a quick question about running ModSecurity in Haproxy. I followed the guide https://github.com/haproxy/haproxy/tree/master/contrib/modsecurity, have compiled the modsecurity binary and have setup all required configuration for Haproxy as per the guide. I have ModSecurity running

Re: [PR/FEATURE] support for virtual hosts / Host header per server

HI Willy, On Thu, Oct 31, 2019 at 8:56 PM Willy Tarreau wrote: > > Hi Romain, > > On Fri, Oct 25, 2019 at 12:55:31PM +, Morotti, Romain D wrote: > > Hello, > > > > Patch attached. Adding an option "http-check send-name-header ". > > It adds a header per server in healthchecks, similar usage

Re: [PR/FEATURE] support for virtual hosts / Host header per server

On Wed, Oct 23, 2019, 8:36 AM Igor Cicimov wrote: > > > On Tue, Oct 22, 2019, 10:27 PM Morotti, Romain D < > romain.d.moro...@jpmorgan.com> wrote: > >> Hello, >> >> >> >> The use case is to load balance applications in multiple datacenters or

Re: [PR/FEATURE] support for virtual hosts / Host header per server

On Tue, Oct 22, 2019, 10:27 PM Morotti, Romain D < romain.d.moro...@jpmorgan.com> wrote: > Hello, > > > > The use case is to load balance applications in multiple datacenters or > regions. > > The common pattern today to cover multiple locations is to deploy services > in each location separately

The server-template and default-server options

Hi all, Just a quick one to confirm for sure, can/does server-template considers/inherits the options from a default-server line? Thanks, Igor

Re: Proof of concept SPOE based SSO solution

On Fri, Jul 5, 2019 at 11:12 AM Andrew Heberle wrote: > Hi All, > > I have put together a Go based proof of concept SPOE agent that also > implements a SAML 2 Service Provider (SP) in order to do "SSO" in > HAProxy. > > The code is located here: > >

Re: global maxconn behaviour in haproxy2.0

Hi, On Wed, Jun 26, 2019 at 2:52 AM William Dauchy wrote: > Hello, > > Using haproxy2.0 we are seeing logs with connection number while reloading: > Proxy stopped (FE: 0 conns, BE: 549563 conns). > > while we have in our configuration: > global maxconn 262144 > defaults maxconn 262134 > >

Re: How to allow Client Requests at a given rate

On Sat, 23 Feb 2019 3:09 pm Santos Das wrote: > Hi, > > I have a requirement where I need to allow only certain request rate for a > given URL. > > Say /login can be accessed at the rate of 10 RPS. If I get 100 RPS, then > 10 should be allowed and 90 should be denied. > > Any help on how this

Re: Tune HAProxy in front of a large k8s cluster

On Wed, 20 Feb 2019 3:39 am Joao Morais Hi Willy, > > > Em 19 de fev de 2019, à(s) 01:55, Willy Tarreau escreveu: > > > > use_backend foo if { var(req.host) ssl:www.example.com } > > > This is a nice trick that I’m planning to use with dynamic use_backend. I > need to concat host (sometimes

Re: Anyone heard about DPDK?

On Mon, 11 Feb 2019 1:49 am Bruno Henc Hi, > > > Another good explanation on what DPDK does is available here: > > > https://learning.oreilly.com/videos/oscon-2017/9781491976227/9781491976227-video306685 > > https://wiki.fd.io/images/1/1d/40_Gbps_IPsec_on_commodity_hardware.pdf > > > > On 2/10/19

Re: Using server-template for DNS resolution

Hi Baptise, On Fri, Feb 8, 2019 at 6:10 PM Baptiste wrote: > > > On Fri, Feb 8, 2019 at 6:09 AM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> On Fri, Feb 8, 2019 at 2:29 PM Igor Cicimov < >> ig...@encompasscorporation.com> wrote: >> &g

Re: Using server-template for DNS resolution

On Fri, Feb 8, 2019 at 2:29 PM Igor Cicimov wrote: > Hi, > > I have a Jetty frontend exposed for couple of ActiveMQ servers behind SSL > terminating Haproxy-1.8.18. They share same storage and state via lock file > and there is only one active AMQ at any given time. I'm t

Using server-template for DNS resolution

Hi, I have a Jetty frontend exposed for couple of ActiveMQ servers behind SSL terminating Haproxy-1.8.18. They share same storage and state via lock file and there is only one active AMQ at any given time. I'm testing this now with dynamic backend using Consul DNS resolution: # dig +short

Re: redirect question

On Thu, Dec 13, 2018 at 10:18 PM Sevan Gelici wrote: > Hello, > > Could someone help me with a problem? I want to use haproxy but cannot get > one part working. All traffic need to pass proxy but one folder needs to be > mask ip only. > > I try to explain by examples > > So lets say > proxy

Re: OCSP stapling with multiple domains

Hi Moemen, On Tue, Nov 27, 2018 at 1:24 AM Moemen MHEDHBI wrote: > > > On 11/14/18 1:34 AM, Igor Cicimov wrote: > > On Sun, Nov 11, 2018 at 2:48 PM Igor Cicimov > wrote: >> >> Hi, >> >> # haproxy -v >> HA-Proxy version 1.8.14-1ppa1~xenial

Re: Generic backend in HAProxy config with server options as placeholders

On Thu, Nov 15, 2018 at 1:36 AM Aleksandar Lazic wrote: > Hi Vijay. > > Am 14.11.2018 um 10:14 schrieb Vijay Bais: > > Hello Aleksandar, > > > > We already considered using haproxy maps but we still have to define N > backends > > for corresponding N keys in the map file. > > I'm looking more at

Re: OCSP stapling with multiple domains

On Sun, Nov 11, 2018 at 2:48 PM Igor Cicimov wrote: > Hi, > > # haproxy -v > HA-Proxy version 1.8.14-1ppa1~xenial 2018/09/23 > Copyright 2000-2018 Willy Tarreau > > I noticed that in case of multiple domains and OCSP setup: > > # ls -1 /etc/haproxy/ssl.d/

Re: h2 & server PUSH

On Mon, 12 Nov 2018 4:23 am Louis Chanouha Hello, > > If I'm right (I may have missed some exchanges in mailing), h2 main > improvement in 1.9 will be end2end working. So to have an h2 with Server > Push, we will need to have h2 enabled backends. > > Is a server push initiated by HAProxy based

OCSP stapling with multiple domains

Hi, # haproxy -v HA-Proxy version 1.8.14-1ppa1~xenial 2018/09/23 Copyright 2000-2018 Willy Tarreau I noticed that in case of multiple domains and OCSP setup: # ls -1 /etc/haproxy/ssl.d/*.ocsp /etc/haproxy/ssl.d/star_domain2_com.crt.ocsp /etc/haproxy/ssl.d/star_domain_com.crt.ocsp

Re: haproxy used to redirect sql server with ssl

On Tue, Oct 30, 2018 at 2:45 AM Marcos Gonzalez wrote: > > Hi list > > I'm using haproxy to redirect traffic directly to backend server. We are > looking how to load balance sql servers directly, and this works, but I don't > know how to add ssl support. > > I'm using this config setup and

Re: enabling H2 slows down my webapp, how to use keep-alive on backend ssl connection?

On Tue, Oct 30, 2018 at 10:15 AM Lukas Tribus wrote: > On Mon, 29 Oct 2018 at 23:55, Igor Cicimov > wrote: > > > > However when enabling H2 on the frontend the connection to the > webserver > > > > (which itself is also made with SSL encryption) is made for

Re: enabling H2 slows down my webapp, how to use keep-alive on backend ssl connection?

Hi Lukas, On Tue, Oct 30, 2018 at 2:42 AM Lukas Tribus wrote: > > Hi, > > > On Sun, 28 Oct 2018 at 23:47, PiBa-NL wrote: > > > > Hi List, > > > > When i enable H2 'alpn h2,http/1.1' on haproxy bind line with offloading > > 'mode http'. The overall loading of a web-application i use takes longer

Re: apache proxy pass rules in HAproxy

g something? " > > Well, I am not sure what you meant by that comment above. > > On Sun, Oct 28, 2018 at 8:07 PM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Well you need to point crsplabweb2.example.com to the haproxy IP that's >> the whole

Re: apache proxy pass rules in HAproxy

boleth will > be able to communicate with the HAP for its SSO calls. > > --imam > > > > On Sun, Oct 28, 2018 at 5:21 PM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Hi Imam, >> >> On Sat, Oct 27, 2018 at 4:42 PM Imam Toufique >> wr

Re: apache proxy pass rules in HAproxy

3_cluster server shibboleth1 10.1.100.160:80 check inter 2000 On the apache side remove the ssl settings (since now HAP will be terminating SSL) and set a SSL redirect, something like this: ServerName crsplabweb1.domain.com ServerAlias www.crsplabweb1.domain.com SetEnvIfNoCase

Re: apache proxy pass rules in HAproxy

see what is going on (please obfuscate any sensitive data). Also the use of the "cookie w1" is not clear since you are not setting it in HAP and is kinda redundant for single backend setup. > > On Thu, Oct 25, 2018 at 1:21 AM Igor Cicimov < > ig...@encompasscorporation

Re: apache proxy pass rules in HAproxy

On Thu, Oct 25, 2018 at 6:31 PM Igor Cicimov wrote: > > > On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote: > >> so I almost got this to work, based on the situation I am in. To >> elaborate just a bit, my setup involves a shibboleth SP that I need to >> authent

Re: apache proxy pass rules in HAproxy

On Thu, 25 Oct 2018 6:13 pm Imam Toufique wrote: > so I almost got this to work, based on the situation I am in. To > elaborate just a bit, my setup involves a shibboleth SP that I need to > authenticate my application. Since I can't set up the HA proxy node with > shibboleth SP - I had to

Re: Lots of PR state failed connections with HTTP/2 on HAProxy 1.8.14

On Wed, Oct 24, 2018 at 9:16 AM James Brown wrote: > > I tested enabling HTTP/2 on the frontend for some of our sites today and > immediately started getting a flurry of failures. Browsers (at least Chrome) > showed a lot of SPDY protocol errors and the HAProxy logs had a lot of lines > ending

Re: apache proxy pass rules in HAproxy

On Wed, Oct 24, 2018 at 11:35 AM Imam Toufique wrote: > Not completely there yet, but I at least got the backend server login > screen to come up with the following: > > frontend > acl host_web3 path_beg /jhub > use_backend web3_cluster if host_web3 > > backend > backend web3_cluster >mode

Re: confused by HAProxy log line

The NOSRV can simply mean you have received a request that does not match your backend selection acls, common to bots probing for wordpress login page etc. On Fri, 12 Oct 2018 12:23 am Michał Pasierb wrote: > Hello, > > I did not mention it but all servers in c_backend have a httpchk >

Re: HAProxy listed as Ingress controllers

On Wed, 26 Sep 2018 4:34 am Aleksandar Lazic wrote: > Hi Daniel. > > Thank you also to clarify this topic. > > I strongly suggest to develop a operator and not only a controller, as > this is a more future oriented pattern, imho. > > https://www.startpage.com/do/search?query=kubernetes+operator

Re: HAProxy keeps using outdated IPs when backend (ELB) address changes

-- > > > -- > Daniel Schneller > Principal Cloud Engineer > > CenterDevice GmbH > Rheinwerkallee 3 > 53227 Bonn > www.centerdevice.com > > __ > Geschäftsführung: Dr. Patrick Peschlow, Dr. Lukas Pustina, Michael > Rosbach, Handelsregister-Nr.: HRB 18655, HR-Gericht: Bonn, > USt-IdNr.: DE-815299431 > > Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche > und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige > Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren > Sie bitte sofort den Absender und löschen Sie diese E-Mail und evtl. > beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder > Öffnen evtl. beigefügter Dateien sowie die unbefugte Weitergabe > dieser E-Mail ist nicht gestattet. > > > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* www.encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000

Re: Clarification re Timeouts and Session State in the Logs

Hi Daniel, We had similar issue in 2015, and the answer was: server timeout was too short. Simple. On Thu, 23 Aug 2018 9:56 pm Daniel Schneller < daniel.schnel...@centerdevice.com> wrote: > Friendly bump. > I'd volunteer to do some documentation amendments once I understand the > issue better

Re: HaProxy question

t port? What will the rest > of the bind look like on the front-end config in haproxy? > > Cheers > Jonathan > > On Tue, Aug 7, 2018 at 1:16 PM Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> >> >> On Tue, Aug 7, 2018 at 10:53 AM, Igor Cicimov &l

Re: HaProxy question

On Tue, Aug 7, 2018 at 10:53 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi Jonathan, > > On Tue, Aug 7, 2018 at 9:43 AM, Jonathan Opperman > wrote: > >> Hi All, >> >> I am hoping someone can give me some tips and pointers on getting >&g

Re: HaProxy question

Hi Jonathan, On Tue, Aug 7, 2018 at 9:43 AM, Jonathan Opperman wrote: > Hi All, > > I am hoping someone can give me some tips and pointers on getting > something working > in haproxy that could do the following: > > I have installed haproxy and put a web server behind it, the proxy has 2 >

Re: haproxy and changing ELB IPs

Hi Lukas, On Sat, Aug 4, 2018 at 11:19 PM, Lukas Tribus wrote: > On Sat, 4 Aug 2018 at 14:21, Igor Cicimov > wrote: > > > > Hi, > > > > On Sat, Aug 4, 2018 at 1:50 AM, K3 wrote: > >> > >> Hi, > >> We are running into a problem and wo

Re: haproxy and changing ELB IPs

Hi, On Sat, Aug 4, 2018 at 1:50 AM, K3 wrote: > Hi, > We are running into a problem and would like to hear any advice. > > Our Setup: > We use haproxy 1.7.7 with two backends. > One of the backends is AWS ELB > The haproxy is running on a linux machine in our data center (on premises) > >

Re: Help with environment variables in config

On Sat, Jul 21, 2018 at 7:12 PM, Jonathan Matthews wrote: > On Sat, 21 Jul 2018 at 09:12, jdtommy wrote: > >> I am setting them before I start haproxy in the terminal. I tried both >> starting it as a service and starting directly, but neither worked. It >> still would not forward it along. >>

Re: Help with environment variables in config

On Sat, Jul 21, 2018 at 4:49 PM, jdtommy wrote: > here is my simple `listen` section of the haproxy config file: > > listen graph_front >bind *:8182 >mode tcp >server graph_server graph.server.com:8182 > > this works just fine, but I need the address and port to be a

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

On Fri, Jul 13, 2018 at 11:26 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > On Fri, Jul 13, 2018 at 11:08 AM, Igor Cicimov < > ig...@encompasscorporation.com> wrote: > >> Hi Martin, >> >> On Thu, Jul 12, 2018 at 6:55 PM, Martin RADEL <

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

On Fri, Jul 13, 2018 at 11:08 AM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi Martin, > > On Thu, Jul 12, 2018 at 6:55 PM, Martin RADEL < > martin.ra...@rbinternational.com> wrote: > >> Hi all, >> >> >> >> we have a str

Re: TLS handshake works with certificate name mismatch using "verify required" and "verifyhost"

Hi Martin, On Thu, Jul 12, 2018 at 6:55 PM, Martin RADEL < martin.ra...@rbinternational.com> wrote: > Hi all, > > > > we have a strange situation with our HAProxy, running on Version 1.8.8 > with OpenSSL. > > (See the details in the setup listed below - some lines are missing by > intention.

Re: cookie insert method secure

On Sun, Jun 24, 2018 at 11:28 PM, mlist wrote: > Hi Igor, > > as I see, this is not true. > > > > I think ssl_fs is just persisted between request and response as this work > fine without setting vars (as for below example), *but never works for > cookie header inserted by “cookie insert* …”.

Re: cookie insert method secure

erarsi strettamente riservate. > > This email is confidential, do not use the contents for any purpose > whatsoever nor disclose them to anyone else. If you are not the intended > recipient, you should not copy, modify, distribute or take any action in > reliance on it.

Re: tcp-check expect with exclamation mark

Hi Dmitriy, On Thu, Jun 21, 2018 at 12:45 PM, Dmitriy Kuzmin wrote: > Greetings > > I’m using haproxy to load balance readonly queries between redis slaves. > I want to use health check system to exclude slaves from load balancing, > that are in a process of sync with master. > The idea is to

Re: Haproxy support for handling concurrent requests from different clients

On Fri, 11 May 2018 8:01 pm Mihir Shirali wrote: > Thanks Aleksandar for the help! > I did look up some examples for setting 503 - but all of them (as you've > indicated) seem based on src ip or src header. I'm guessing this is more > suitable for a DOS/DDOS attack? In

Re: HAProxy Healthcheck issue using Virtual hostname

On Fri, May 4, 2018 at 5:01 PM, Lukas Tribus <lu...@ltri.eu> wrote: > Hello Igor, Sen, > > > On 4 May 2018 at 08:46, Igor Cicimov <ig...@encompasscorporation.com> > wrote: > > Have you tried: > > > > option httpchk GET /env HTTP/1.1\r\nHost:\ %[req.hdr

Re: HAProxy Healthcheck issue using Virtual hostname

Hi, On Fri, Apr 27, 2018 at 3:03 PM, Sen wrote: > Hi > > I have an app deployed in Pivotal Cloudfoundry (PCF) and to route traffic > to an app in PCF, we have to use application route name (virtual hostname). > > We have PCF in two different datacenters and I need to load

Re: Question regarding haproxy backend behaviour

On Mon, 16 Apr 2018 6:09 pm Ayush Goyal wrote: > Hi Moemen, > > Thanks for your response. But I think I need to clarify a few things here. > > On Mon, Apr 16, 2018 at 4:33 AM Moemen MHEDHBI > wrote: > >> Hi >> >> On 12/04/2018 19:16, Ayush Goyal wrote:

Re: Can HA-Proxy set an header when he "breaks" stick routing

On Thu, Mar 22, 2018 at 10:42 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi, > > On Thu, Mar 22, 2018 at 6:24 PM, Gisle Grimen <gisle.gri...@evry.com> > wrote: > >> Hi, >> >> >> >> Thank you for your response. >> &

Re: Can HA-Proxy set an header when he "breaks" stick routing

RID with the value of the server name can help. It will have value of Server1 for the first requests that have fell over to Server2 so checking the value will tell you it came from different server. > > Best regards, > > > > Gisle > > > > > > *From: *Igor Ci

Re: Can HA-Proxy set an header when he "breaks" stick routing

l caches. > > The problem I'm having is that you don't describe exactly what you're > trying to achieve nor how you want to use that information about the > broken stickiness, so it's very hard for me to try to figure a working > solution. I proposed one involving sending

Re: Syslog with systemd

On Fri, Mar 2, 2018 at 5:49 PM, Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 2 mars 2018 09:49 +1100, Igor Cicimov <ig...@encompasscorporation.com > > : > > > $ ls -l /var/log/haproxy.log > > -rw-r- 1 syslog adm 48939 Mar 1 20:17 /var/log/haproxy.lo

Re: Syslog with systemd

On Thu, Mar 1, 2018 at 5:08 PM, Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 1 mars 2018 09:53 +1100, Igor Cicimov <ig...@encompasscorporation.com > > : > > >> > ​Same, no logging:​ > >> [...] > >> > >> Could you strace rsyslogd

Re: Syslog with systemd

On Thu, Mar 1, 2018 at 2:08 AM, Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 28 février 2018 22:14 +1100, Igor Cicimov <igorc@encompasscorporation. > com> : > > > ​Same, no logging:​ > [...] > > Could you strace rsyslogd and check if it is receiving the messa

Re: Syslog with systemd

On Wed, Feb 28, 2018 at 9:28 PM, Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 28 février 2018 21:00 +1100, Igor Cicimov <igorc@encompasscorporation. > com> : > > > ​# ls -l /var/lib/haproxy/dev/log > > srw-rw-rw- 1 root root 0 Feb 28 16:06 /var/lib/haproxy/dev

Re: Syslog with systemd

Hi Vincent, On Wed, Feb 28, 2018 at 6:18 PM, Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 28 février 2018 17:51 +1100, Igor Cicimov <igorc@encompasscorporation. > com> : > > >> > ​Actually spoke too soon, still have an issue. One of the servers > started &

Re: Syslog with systemd

On Wed, Feb 28, 2018 at 5:51 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi Vincent, > > On Wed, Feb 28, 2018 at 5:14 PM, Vincent Bernat <ber...@luffy.cx> wrote: > >> ❦ 28 février 2018 15:50 +1100, Igor Cicimov < >> ig...@encompasscorpora

Re: Syslog with systemd

Hi Vincent, On Wed, Feb 28, 2018 at 5:14 PM, Vincent Bernat <ber...@luffy.cx> wrote: > ❦ 28 février 2018 15:50 +1100, Igor Cicimov <igorc@encompasscorporation. > com> : > > > ​Actually spoke too soon, still have an issue. One of the servers started > &g

Re: Syslog with systemd

On Wed, Feb 28, 2018 at 3:33 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > > > On Wed, Feb 28, 2018 at 3:28 PM, Igor Cicimov <igorc@encompasscorporation. > com> wrote: > >> Hi all, >> >> I have haproxy 1.7.10-1ppa1~xenial installed on Ubu

Re: Syslog with systemd

On Wed, Feb 28, 2018 at 3:28 PM, Igor Cicimov < ig...@encompasscorporation.com> wrote: > Hi all, > > I have haproxy 1.7.10-1ppa1~xenial installed on Ubuntu-16.04 and > struggling to enable rsyslog-ing for the service. > > I have rsyslog running and the following haproxy r

Syslog with systemd

Hi all, I have haproxy 1.7.10-1ppa1~xenial installed on Ubuntu-16.04 and struggling to enable rsyslog-ing for the service. I have rsyslog running and the following haproxy related config: # cat /etc/rsyslog.d/49-haproxy.conf # Create an additional socket in haproxy's chroot in order to allow

Re: Plans for 1.9

Hi Willy,​ On Fri, Feb 9, 2018 at 1:16 AM, Willy Tarreau wrote: Fred plans to bring SSL support to the peers among > other things, and is working on a regression testing suite (yeah!). ​Does this mean it will be possible to share the sessions tickets between the peers?​

Re: haproxy 1.8.3 has a very slow tc time after some time of running

665536bytes > Max address space unlimited unlimited bytes > Max file locksunlimitedunlimitedlocks > Max pending signals 3140131401signals > Max msgqueue si

Re: haproxy 1.8.3 has a very slow tc time after some time of running

On 6 Feb 2018 4:38 am, "Kai Timmer" wrote: Hello, I recently tried to update from v1.6.14 to v1.8.3 but experienced a lot of problems with it. I do hope that I made mistake in my configuration that works in 1.6 but blows up my system up in 1.8. So I'm going to describe my

Re: Is it good practice to set up a nginx behind haproxy with h2 or not ?

On Sat, Feb 3, 2018 at 6:02 PM, wrote: > I need to set up haproxy 1.8.3 as a loadbalancer for several nginx > webservers (1.13.x). The haproxy will be set up to support h2 connections. > I am undecided if it is a good idea to setup nginx for h2 also. I > understand that haproxy

Re: haproxy http2 benchmark

On Wed, Jan 31, 2018 at 1:41 PM, 龙红波 wrote: > *hi all,* > *recently we are ready to upgrade to haproxy 1.8，however, when testing > HTTP2, we found a drop in performance，below is the test scenario:* > * haproxy version:* > > HA-Proxy version 1.8.3-205f675

  1   2   3   >