is feature.
SSL-LOAD-EXTRA-FILES is an excellent feature we’ve been waiting for as
it simplifies our cert deployment, but in its current form It’s not
really usable for us.
Thank you.
--
Marc-Antoine Leclercq
sion. You must compile from sources or wait for the next dev release.
> >
> > Actually, the function "txn.close()" causes a segfault, it will be
> > fixed in a few time.
>
> I just merged your temporary fix, Thierry, so the segfault is supposed
> to be gone. CCing
to a
> single certificate file, not a
> directory)?
yes it works fine with crt pointing to a signe certificate file.
>
> Can you make the openssl tests from the server, connecting locally without
> any intermediate
> devices?
i did and results are the same.
Regards,
>
&g
roduce the segfault ?
>
> Thierry
>
> On Mon, 17 Aug 2015 15:00:25 +0200
> Marc-Antoine wrote:
>
> > Hi,
> >
> > Cyril, as you said, if removed "txn:close()" from the lua script, I don't
> > get segfault anymore.
> >
> > I noticed
127.0.0.1:80
acl debugme req.hdr_cnt(X-debug-me) ge 1
http-request lua mirror if debugme
#default_backend be
Regards,
On Sat, 15 Aug 2015 23:56:57 +0200,
Cyril Bonté wrote :
> Hi Marc-Antoine,
>
> Le 12/08/2015 19:01, Marc-Antoine a écrit :
> > I
response .. "Content-Length: " .. buffer:len() .. "\r\n"
response = response .. "Connection: close\r\n"
response = response .. "\r\n"
response = response .. buffer
txn.res:send(response)
txn:close()
end
On
errorfile 504 /etc/haproxy/errors/504.http
### HTTP ###
frontend fe:80
bind 127.0.0.1:80
acl debugme req.hdr_cnt(X-debug-me) ge 1
http-request lua mirror if debugme
default_backend be
frontend fe:443
bind 127.0.0.1:443 ssl crt /etc/ssl/private
de
> Baptiste wrote on 8/12/2015 11:29:
> > On Wed, Aug 12, 2015 at 11:22 AM, Marc-Antoine
> > wrote:
> >> Hi all,
> >>
> >> i'm trying to use an ECC certificate under haproxy without success :
> >>
> >> * haproxy -vv
> >>
/home/provisionning/0.pem crt
/home/provisionning/cluster2.d
default_backend cluster2
any idea ?
--
Marc-Antoine
Hi,
On Mon, 20 Jul 2015 11:50:50 +0200,
Marc-Antoine wrote :
> Hi Lukas,
>
> frontend cluster:443
> bind 1.2.3.4:443 ssl strict-sni crt /home/provisionning/0.pem crt
> /home/provisionning/cluster.d
> default_backend cluster
> capture request header Host len 2
> > I made a mistake in my previous email : it works locally AND remotely !
>
> What fixed the problem? This may be useful for others as well.
>
>
> Lukas
>
>
--
Marc-Antoine
E681
> > Cert Status: good
> > This Update: Jul 20 16:42:53 2015 GMT
> > Next Update: Jul 21 04:42:53 2015 GMT
> >
> > [...]
> >
> > ---
> >
> > It works locally or remotely !
>
> Not sure I understand. Does that mean it works locally, but not remotely?
>
>
>
> Regards,
>
> Lukas
>
>
>
--
Marc-Antoine
> directory)?
>
> Can you make the openssl tests from the server, connecting locally without
> any intermediate
> devices?
>
>
>
> Thanks,
>
> Lukas
>
>
--
Marc-Antoine
rder to debug?
>
> Can you provide the output of "haproxy -vv" please and a
> config snippet (the frontend ssl configuration)?
>
> Do you see a warning if 8150.pem.ocsp contains garbage when you restart
> haproxy?
>
>
>
> Regards,
>
> Lukas
>
>
>
--
Marc-Antoine
Hi,
nobody knows plz ?
On Thu, 9 Jul 2015 13:06:59 +0200,
Marc-Antoine wrote :
> Hi all,
>
> I have some problem making ocsp stapling working. here is what i did :
>
> I have 8150.pem with chain, cert and key in it.
>
> I have 8150.pem.ocsp that seems ok :
>
>
,
--
Marc-Antoine
Hi, just to let you know changelog is missing 1.5.14 infos ;)
great job by the way !
On Fri, 3 Jul 2015 17:55:56 +0200,
Willy Tarreau wrote :
> Changelog: http://www.haproxy.org/download/1.5/src/CHANGELOG
--
Marc-Antoine
the running haproxy process (well, you do,
but not only), you *replace* it.
What you may be looking for, though, is haproxy-systemd-wrapper, which
does all this automatically when it receives SIGUSR2 or SIGHUP.
Regards,
Marc-Antoine
On 11 September 2014 07:44, Willy Tarreau wrote:
> On Wed, Sep 10, 2014 at 10:38:55PM -0700, Matt Robenolt wrote:
>> Awesome, thanks. :)
>>
>> Is it possible to also get this applied into the 1.5 branch since this is
>> low risk and doesn???t break any backwards compatibility and whatnot?
>
> I'v
stemd wrapper: propagate exit status
>
> src/haproxy-systemd-wrapper.c | 69
> ++-
> 1 file changed, 49 insertions(+), 20 deletions(-)
>
> --
> 1.9.1
>
>
>
Looks good to me.
Any comments, Will?
Regards,
Marc-Antoine
On Sat, 2014-02-15 at 20:04 -0600, Ryan O'Hara wrote:
> On Sun, Feb 16, 2014 at 10:08:31AM +0900, Marc-Antoine Perennou wrote:
>
> > This is why you get
> >
> > haproxy-systemd-wrapper -> main haproxy process -> haproxy worker.
> >
> > haproxy-sys
proxy-systemd-wrapper waits for the main haproxy process to exit to
avoir zombies. The main haproxy process exits when all its workers are
done.
> Thanks.
> Ryan
>
Hope that helps and sounds right.
Marc-Antoine
comments/suggestions are welcome. :)
> >
> > In case the patches get stripped, they are also available from my
> > github account [2]. They are applied to a copy of 1.4.24 there, but
> > should apply cleanly to the development tree.
>
> Great, thank you! I'll wait fo
Formerly, if A was replaced by B, and then B by C before
A finished exiting, we didn't wait for B to finish so it
ended up as a zombie process.
Fix this by waiting randomly every child we spawn.
Signed-off-by: Marc-Antoine Perennou
---
src/haproxy-systemd-wrapper.c | 10 --
1
On 1 April 2013 23:49, Willy Tarreau wrote:
> Great. I'm planning a dev18 release for tomorrow afternoon, tell me
> if you want me to wait a bit more.
>
> Thanks,
> Willy
>
It will be ready before the afternoon so that you can get it in dev18!
Thanks
Hi,
After checking out the man page of waitpid, wait would indeed be sufficient
here.
I didn't actually know about waitpid(-1)
I'll resubmit an updated patch tomorrow!
Thanks
On 1 April 2013 23:32, Willy Tarreau wrote:
> Hi Marc-Antoine,
>
> On Thu, Mar 14, 2013 at 02:
Formerly, if A was replaced by B, and then B by C before
A finished exiting, we didn't wait for B to finish so it
ended up as a zombie process.
Fix this by queuing all process we spawn for waitpid.
Signed-off-by: Marc-Antoine Perennou
---
src/haproxy-systemd-wrapper.c
Formerly, if A was replaced by B, and then B by C before
A finished exiting, we didn't wait for B to finish so it
ended up as a zombie process.
Fix this by queuing all process we spawn for waitpid.
Signed-off-by: Marc-Antoine Perennou
---
src/haproxy-systemd-wrapper.c
Signed-off-by: Marc-Antoine Perennou
---
.gitignore | 1 +
contrib/systemd/Makefile | 8
contrib/systemd/haproxy.service.in | 11 +++
3 files changed, 20 insertions(+)
create mode 100644 contrib/systemd/Makefile
create mode 100644 contrib
Hi,
On 13 February 2013 08:11, Willy Tarreau wrote:
> Hi Marc-Antoine,
>
> On Tue, Feb 12, 2013 at 10:53:54AM +0100, Marc-Antoine Perennou wrote:
> > +systemd/haproxy.service: contrib/systemd/haproxy.service.in
> > + mkdir -p systemd
> > + sed -e
Signed-off-by: Marc-Antoine Perennou
---
.gitignore | 1 +
Makefile | 8 ++--
contrib/systemd/haproxy.service.in | 11 +++
3 files changed, 18 insertions(+), 2 deletions(-)
create mode 100644 contrib/systemd/haproxy.service.in
(not to
conflict with
haproxy itself) signal, and spawing a new haproxy with "-sf" as a child to
relay the
first one.
Signed-off-by: Marc-Antoine Perennou
---
.gitignore| 1 +
Makefile | 16 +-
src/haproxy-systemd-wrapper.c | 113 +
her systems.
Signed-off-by: Marc-Antoine Perennou
---
doc/haproxy-en.txt | 1 +
doc/haproxy-fr.txt | 1 +
doc/haproxy.1 | 4
include/types/global.h | 1 +
src/haproxy.c | 35 +++
5 files changed, 30 insertions(+), 12 deletions(
On 9 February 2013 11:06, Willy Tarreau wrote:
> Hi,
>
> On Sat, Feb 09, 2013 at 10:44:04AM +0100, Marc-Antoine Perennou wrote:
> > I just made a simple test, running a webserver serving a big file
> locally,
> > using haproxy,
> > my wrapper and systemd service. I
SIGUSR2 ok here ? I first did it with SIGUSR1 but then children couldn't
bind
to this signal on reload, since it was already a USR1 action, so I took the
first one
not colliding.
On 9 February 2013 09:49, Willy Tarreau wrote:
> On Fri, Feb 08, 2013 at 03:58:47PM +0100, Marc-Anto
On 9 February 2013 09:45, Willy Tarreau wrote:
> On Fri, Feb 08, 2013 at 03:58:46PM +0100, Marc-Antoine Perennou wrote:
> > @@ -1493,8 +1499,13 @@ int main(int argc, char **argv)
> > px = px->next;
> > }
> >
> > -
Signed-off-by: Marc-Antoine Perennou
---
.gitignore | 1 +
Makefile | 8 ++--
contrib/systemd/haproxy.service.in | 11 +++
3 files changed, 18 insertions(+), 2 deletions(-)
create mode 100644 contrib/systemd/haproxy.service.in
Signed-off-by: Marc-Antoine Perennou
---
doc/haproxy-en.txt | 1 +
doc/haproxy-fr.txt | 1 +
doc/haproxy.1 | 4
include/types/global.h | 1 +
src/haproxy.c | 35 +++
5 files changed, 30 insertions(+), 12 deletions(-)
diff --git
Hi,
Currently, to reload haproxy configuration, you have to use "-sf".
Systemd philosophy is for the daemon not to fork by themselves, but rather let
the init process do it for them.
My first patch adds a new option "-Ds" which is exactly like "-D", but instead
of
forking n times to get n jobs
Signed-off-by: Marc-Antoine Perennou
---
.gitignore| 1 +
Makefile | 16 +-
src/haproxy-systemd-wrapper.c | 122 ++
3 files changed, 137 insertions(+), 2 deletions(-)
create mode 100644 src/haproxy-systemd
It is totally normal that systemd kills the new process as the main one
which was the first has exited. This is the expected behaviour.
I'm currently patching haproxy to fully support systemd, I'll probably
submit my patches by tomorrow (It's fully functionnal here, only needs a
little cleaning)
Signed-off-by: Marc-Antoine Perennou
---
doc/haproxy-en.txt | 1 +
doc/haproxy-fr.txt | 1 +
doc/haproxy.1 | 4
include/types/global.h | 1 +
src/haproxy.c | 31 +++
5 files changed, 26 insertions(+), 12 deletions(-)
diff --git a
Hi,
I'm trying to use haproxy with systemd.
It cannot be done with a raw haproxy for now, because when "reloading" the
configuration file
with haproxy -sf , the former process gets killed, so the service enters a
"failed" state
and thus kills all its children, resulting in no haproxy running.
In
43 matches
Mail list logo