orwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD /HTTP/1.1\r\nHost:localhost
option http-server-close
server node0 ip_web_server:443 ssl verify none
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
There are some very knowledgeable people on this list so I'm sure someone
can help, however, what might the problem actually be?
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
On 16 January 2017 at 15:32, Praveen Koppula
wrote:
> Can you please help me
Hi Praveen,
Am I right in assuming it's a socket for the stats page? Also what user is
starting HAproxy because maybe it doesn't have permissions to create the
socket?
We might need your whole config or at least the GLOBAL section...
Aaron West
Loadbalancer.org Limited
+44 (0)33
pper or not if systemd is
being used.
Otherwise, my feeling is that for whatever reason you cannot access the
socket previously created due to permissions... I mean I can get the same
error trying to start HAproxy as an unprivileged user who cannot write to
the file/directory.
Aaron West
Loadbalanc
addresses.
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
On 18 January 2017 at 03:38, Jayalath, Viranga wrote:
> Hi Haproxy team ,
>
> I have a question. I have a backed instance which attached to haproxy
> instance. I have requirement to get c
ourages using reqadd/reqdel/reqrep over http-request for 1.5+ which may
mean it's not always going to be there or something else entirely...
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
Hi Hoang,
Could we get your HAproxy config please, an example of both scenarios would
be best.
It may help to better to better understand your situation.
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
On 7 February 2017 at 01:55, Hoang Le Trung wrote:
>
[Service]
ExecStart=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
user=root
group=root
[Install]
WantedBy=multi-user.target
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.loadbalancer.org
On 9 February 2017 at 17:34, Gunuganti
Hi Dave,
I don't see the "send-proxy" directive in your config, have you tried it :
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.2-send-proxy
Sorry if I'm misunderstanding something already...
Aaron West
Loadbalancer.org Limited
+44 (0)330 380 1064
www.
e specific traffic through
the firewall? You can cherry pick exactly what to allow so only allow
the destination or sources that you actually require, it would be much
much easier.
Sorry if that's not what you wanted to hear or if I'm wrong in some way...
Aaron West
Loadbalancer.org
www.l
On 8 July 2017 at 11:25, Aaron West wrote:
> for me at least, it would
> boggle the mind that you have a reverse proxy using a forward proxy.
I think I I should clarify the above... I don't mean using forward
proxies as a real server(Think webfilters) because that makes sense I
just m
Hi Liam,
Can we get the config and version number that you are running?
Nothing springs to mind although someone cleverer than me on the list
may have an instant suggestion.
Aaron West
Loadbalancer.org
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalancer.org
LEAVE A
Liam,
Still not seeing anything jump out, your timeout settings look fine to
me at least.
Do you use the stats page and if so do you see errors incrementing there?
Also, do you have the log lines for these connections?
Aaron West
Loadbalancer.org
www.loadbalancer.org
+1 888 867 9504 / +44 (0
Trenton,
To clarify I believe it will stick on XFF header if present but if not
present fall back to stick on source.IP. Basically, it will use the
first working "stick on" declaration, source IP will always work as
there will always be one so that goes in as a last resort.
I suspect your looking for this site: https://discourse.haproxy.org/
It's a better place to get configuration advice and works in the
fashion you are after, no old mailing list necessary.
Aaron West
Loadbalancer.org
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 10
Hey Logan,
Sure is!
Kind Regards
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalancer.org
LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG
On 5 October 2017 at 00:28, Logan Hicks wrote:
> To whom it may concern:
>
>
> Is th
Hi John,
As mentioned in the previous thread, LVS lives in the Kernel and works
as a router. HAproxy is userspace and a reverse proxy so a completely
different beast! So to answer your question, no it doesn't.
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (
Hi Willy,
Sorry to bother you, just a quick question if I may.
Does support for QUIC imply we'd have rudimentary UDP support as well
or is it only going to support QUIC Protocol?
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 10
Yes! RDP 8.0+ can use UDP traffic for a better connection, that's what
I was thinking when I asked.
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalancer.org
LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG
on so I'm just
starting the ball rolling really...
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalancer.org
LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG
n the observed throughput issue as yet...
I wonder what else might have changed.
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalancer.org
LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG
s to the second connection? I display the table
> and it never changes with nopurge set. But when not set, the table updates
> and the connection persists on the new connection.
So is it a bug? Or is it a change in the behavior where we might need to go
back and update the documentation?
Thanks in advance!
Aaron West
+1
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017>
<https://plus.google.com/+LoadbalancerOrg>
<https://twitter.com/loadbalancerorg>
<http://www.linkedin.com/company/3191352?trk=prof-exp-company-name>
<https://www
arent-mode-on-centos-6-x/
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
aa...@loadbalancer.org
LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG
Hi,
The TPROXY method truly makes it source IP transparent(Your real
servers will see the connection as coming from the client's IP) so it
will be fine for IP based privileges I think.
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 10
Just another idea, you could utilize the external check feature to
script something that does the check and logs the output:
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#option%20external-check
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
+1 888 867 9504 / +44 (0
would need to only cache the HTML body rather than
headers... Does that make any sense at all?
It may be that the small object cache would help? Or the idea itself
may be a waste of time... Currently, I've been looking at the Apache
module mod_cache.
I'd value your opinion either way.
p_mem
Anyway, just thought I'd mention it for info and to say you are not alone ;)
Aaron West
Loadbalancer.org Ltd.
www.loadbalancer.org
Hi Jessy,
We made an opensource feedback agent which you can use if you like,
it'll save you the need to make anything:
https://www.loadbalancer.org/blog/open-source-windows-service-for-reporting-server-load-back-to-haproxy-load-balancer-feedback-agent/
Aaron West
Loadbalancer.org Ltd.
I've not used it yet with IPVS because I have nothing with a new enough
Kernel (4.18+ I think), however, isn't this quite similar to HAProxy's
consistent hash options?
Aaron
Loadbalancer.org
server ProdRIP 192.168.0.245 weight 100 cookie ProdRIP check port 80
inter 4000 rise 2 fall 2 minconn 0 maxconn 0
backend fallback
mode http
balance leastconn
option abortonclose
option forwardfor
option accept-invalid-http-response
option http-keep-alive
server FallbackRIP 192.168.0.246 weigh
Hi,
I'm not aware of a way to achieve what you want exactly.
The stick table expiry works best with something like HTTP where
connections are not that long so fresh connections keep refreshing the
timer.
In the case of SSH or RDP you have 1 potentially very long connection so
the only option you
32 matches
Mail list logo
