Android TV stick,making a Smart TV
MeiLin-Industrial.com Android TV stick TV Stick : 1GB RAM 4GB ROM ( ITV23 )$40.00 Android 4.2 Dual-core Mini PC ( MK808 ) $39.50 Quad-core Bluetooth TV dongle ( ITV810B ) $57.00 Android TV Stick 1GB RAM 4GB ROM ( ITV22 )$35.00 Spy Hidden Cameras Waterproof camera with IR 8GB ( IRW-Q1 ) $40.98 HD 720P AVI TF pen camera 8GB ( ML-961 ) $21.31 1080P HD IR Camera 8GB ( ML-908M ) $54.92 30fps waterproof watch camear 8GB ( WR-05 ) $22.91 Copyright@2004-2013 MeiLin-industrial.com All Rights Reserved. 11/F, Front Block,Hang Lok Building,130 Wing Lok St,HongKong. Tel: (86) 136 7020 1700 Fax: (86) 755 8345 1931 E-mail:sa...@meilin-industrial.com If you don't wish to receive these notifications, please,click here UnSubscribe.
Re: Consistent hashing alternative to sdbm
Hi Bhaskar, On Tue, Oct 29, 2013 at 12:44:58AM -0400, Bhaskar Maddala wrote: Hello, Can you please take a look at [1]? Make sure it is what you had in mind, I read thru our conversation here again and I understood that the change we wanted to implement allowed selection of the hash function in addition to map-based/consistent and avalance. The change provide the ability to specify. indicates optional hash-type consistent sdbm/djb2/wt6 hash-type map-based sdbm/djb2/wt6 hash-type avalanche sdbm/djb2/wt6 Not all of it is implemented, i am in the middle of testing, but wanted any early feed back you might have before i spent a lot of time on it. I feel a bit bothered by having the if on the hash type done for every single character. I'd rather have 3 hash functions that work on (ptr, len) and call the right one with the string and length instead. It will also allow us to have clean hash functions resusable for anything else. Concerning the config, initially I thought that having a separate keyword (eg: hash-algo) to set the algorithm was better than mixing it with the hash-type keyword. But now I'm not completely sure about this because probably people who want to set the algo will also want to be sure about the type of hashing they're applying. I'd like to get other users' feedback on this, particularly those using the consistent hashing. Thanks, Willy
Re: Is anyone balancing Adobe Media Server
Hi Robert, On Mon, Oct 28, 2013 at 09:09:53PM -0400, Robert Snyder wrote: Hi, We currently balance 21 http and a dozen HTTPS (TCP listen block) web properties against caching servers and web heads in multiple data centers. We do some header-based traffic shaping (mostly redirecting mobile requests story our dedicated mobile site). We have been running out pair of failover physical HAProxy servers using heartbeat and keepalived VIP to failover. We are adding balancing media streaming to our web content. We will balance two backend Adobe Media Streaming servers. I am planning to use a TCP listen block. Does anyone have any experiences with HAProxy and streaming media? Ant things you wish you know before deployment? Just wondering, as I have zero knowledge on these servers, are they the same as Adobe Flash Media Streaming ? Because if so, there seems to be a good howto at f5 : http://www.f5.com/pdf/deployment-guides/f5-adobe-flash-media-dg.pdf And since they're using totally generic TCP forwarding (even for health checks), it might help you configure the servers appropriately for being load balanced. Best regards, Willy
Доброго времени суток
Само!--- Тут двух мнений быть не может, - произнес Великий Фокусник. - Она голову потеряла от любви к тебе. Как ты мог быть таким слепцом?--!--Интересно--!--- Мне бы гвоздиков купить, краску и линолеум, --е Эффективно!--Взойду невидимо и сяду между вами,--е снадобье в войн!--машуня--е с избыточным весом http://7daybellyblast.net/wp-content/uploads/cbayz.htm
Re: HTTP and send-proxy
Hi, Baptiste! Thanks for your reply, I found there is an incorrect configure in my On Sat, Oct 12, 2013 at 5:47 PM, Baptiste bed...@gmail.com wrote: Hi Jinge, None of your servers are available in the farm so HAProxy returns 503. you should have a look at your logs or run a tcpdump between HAProxy and the server to know the issue. Maybe your HTTP check URL is wrong or you need a Host header. Baptiste On Sat, Oct 12, 2013 at 4:48 AM, jinge altman87...@gmail.com wrote: Hi all! I want use the haproxy PROXY protocol for our use case. To send our clients ip address to the peer haproxy. But after I config the send-proxy and accept-proxy in the configuration. The web nevent be successful responsed. The 503 error always there. the configure there ha-L0.conf -- # frontend ## frontend tcp-in bind 192.168.137.41:2220 bind 192.168.132.41:2221 bind 192.168.133.41: mode tcp log global option tcplog #distingush HTTP and non-HTTP tcp-request inspect-delay 30s tcp-request content accept if HTTP #ACL DEFINE acl squid_incompatiable-Host hdr_reg(Host) -f /usr/local/etc/acl-define.d/squid_incompatiable-Host.txt acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend Direct if !HTTP use_backend Direct if HTTP_1.1 missing_host use_backend Direct if direct-dstip use_backend Direct if METH_CONNECT use_backend Direct if QQClient default_backend HAL1 backend HAL1 mode http log global source 0.0.0.0 server ha2-l1-n1 localhost:3330 send-proxy ha-L1.conf -- # frontend ## frontend localhostlister bind localhost:3330 accept-proxy mode http #ACL DEFINE acl direct-dstip dst -f /usr/local/etc/acl-define.d/direct_out-dst.txt #ACL DEFINE of websocket acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket hdr_beg(Host) -i ws acl missing_host hdr_cnt(Host) eq 0 acl QQClient hdr(User-Agent) -i QQClient acl has_range hdr_cnt(Range) gt 0 #ACTION use_backend NginxClusterWebsockets if is_websocket default_backend SquidCluster backend SquidCluster mode http option forwardfor header X-Client balance uri whole log global acl mgmt-src src -f /usr/local/etc/acl-define.d/mgmt-src.txt errorfile 502 /usr/local/etc/errorfiles/504.http acl is_internal_error status ge 500 rspideny . if is_internal_error !mgmt-src rspidel ^via:.* unless mgmt-src rspidel ^x-cache:* unless mgmt-src rspidel ^x-cache-lookup:* unless mgmt-src rspidel ^X-Ecap:* unless mgmt-src source 0.0.0.0 option httpchk GET http://192.168.172.4/check.txt server sq-L1-n1a x.x.x.x:3129 weight 20 check inter 5s maxconn 1 And we use the haproxy -d argument found the ha0 seems never send the msg to the ha1 0090:HAL1.clireq[0019:]: GET http://www.taobao.com/ HTTP/1.1 0090:HAL1.clihdr[0019:]: User-Agent: curl/7.26.0 0090:HAL1.clihdr[0019:]: Host: www.taobao.com 0090:HAL1.clihdr[0019:]: Accept: */* 0090:HAL1.clihdr[0019:]: Proxy-Connection: Keep-Alive 008d:HAL1.clicls[000e:001a] 008d:HAL1.closed[000e:001a] Is there any one can help what's the problem there ? --- Regards Jinge
Re: Is anyone balancing Adobe Media Server
Willy, Yes they are one and the same. Adobe has rebranded away from Flash since the new product is not Flash dependent. Little bit marketing (Flash is dead), but also reflects a change from Flash Player to HTML5. The ports and transports are all the same, though. Thank you. Robert On Oct 29, 2013, at 2 :34 AM, Willy Tarreau w...@1wt.eu wrote: Hi Robert, On Mon, Oct 28, 2013 at 09:09:53PM -0400, Robert Snyder wrote: Hi, We currently balance 21 http and a dozen HTTPS (TCP listen block) web properties against caching servers and web heads in multiple data centers. We do some header-based traffic shaping (mostly redirecting mobile requests story our dedicated mobile site). We have been running out pair of failover physical HAProxy servers using heartbeat and keepalived VIP to failover. We are adding balancing media streaming to our web content. We will balance two backend Adobe Media Streaming servers. I am planning to use a TCP listen block. Does anyone have any experiences with HAProxy and streaming media? Ant things you wish you know before deployment? Just wondering, as I have zero knowledge on these servers, are they the same as Adobe Flash Media Streaming ? Because if so, there seems to be a good howto at f5 : http://www.f5.com/pdf/deployment-guides/f5-adobe-flash-media-dg.pdf And since they're using totally generic TCP forwarding (even for health checks), it might help you configure the servers appropriately for being load balanced. Best regards, Willy Robert Snyder Outreach Information Technology The Pennsylvania State University The 329 Building, Suite 306E University Park PA 16802 Phone: 814-865-0912 E-mail: rsny...@psu.edu signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Consistent hashing alternative to sdbm
Hello, I updated the diff [1], it uses function now instead of macros, and added hash function wt6. I did smoke testing stepping thru the code via the debugger for all hash functions and it looks good, however requires more rigorous testing which I will do later today. On mixing on hashing function I initially tried the alternative of a separate keyword and settled on using the same keyword when I found the unused nibble in the bit masks. Fwiw, using the separate keyword makes the code a little simpler, but from a end user standpoint (which includes me) I found not having another keyword to be better. It would be great if you can take a look at [1] once more and see if you want anything changed. I did not look hard enough, but can/should I add some configs to tests/ folder and how/do these get run when invoking make, or do you run these in some other manner. Are there any additional tests you would like written? Thanks Bhaskar [1] https://github.com/maddalab/haproxy/pull/1 On Tue, Oct 29, 2013 at 2:13 AM, Willy Tarreau w...@1wt.eu wrote: Hi Bhaskar, On Tue, Oct 29, 2013 at 12:44:58AM -0400, Bhaskar Maddala wrote: Hello, Can you please take a look at [1]? Make sure it is what you had in mind, I read thru our conversation here again and I understood that the change we wanted to implement allowed selection of the hash function in addition to map-based/consistent and avalance. The change provide the ability to specify. indicates optional hash-type consistent sdbm/djb2/wt6 hash-type map-based sdbm/djb2/wt6 hash-type avalanche sdbm/djb2/wt6 Not all of it is implemented, i am in the middle of testing, but wanted any early feed back you might have before i spent a lot of time on it. I feel a bit bothered by having the if on the hash type done for every single character. I'd rather have 3 hash functions that work on (ptr, len) and call the right one with the string and length instead. It will also allow us to have clean hash functions resusable for anything else. Concerning the config, initially I thought that having a separate keyword (eg: hash-algo) to set the algorithm was better than mixing it with the hash-type keyword. But now I'm not completely sure about this because probably people who want to set the algo will also want to be sure about the type of hashing they're applying. I'd like to get other users' feedback on this, particularly those using the consistent hashing. Thanks, Willy
RE: Consistent hashing alternative to sdbm
Unsubscribe From: Bhaskar Maddala [mailto:madda...@gmail.com] Sent: Tuesday, October 29, 2013 9:20 AM To: Willy Tarreau Cc: haproxy@formilux.org Subject: Re: Consistent hashing alternative to sdbm Hello, I updated the diff [1], it uses function now instead of macros, and added hash function wt6. I did smoke testing stepping thru the code via the debugger for all hash functions and it looks good, however requires more rigorous testing which I will do later today. On mixing on hashing function I initially tried the alternative of a separate keyword and settled on using the same keyword when I found the unused nibble in the bit masks. Fwiw, using the separate keyword makes the code a little simpler, but from a end user standpoint (which includes me) I found not having another keyword to be better. It would be great if you can take a look at [1] once more and see if you want anything changed. I did not look hard enough, but can/should I add some configs to tests/ folder and how/do these get run when invoking make, or do you run these in some other manner. Are there any additional tests you would like written? Thanks Bhaskar [1] https://github.com/maddalab/haproxy/pull/1 On Tue, Oct 29, 2013 at 2:13 AM, Willy Tarreau w...@1wt.eumailto:w...@1wt.eu wrote: Hi Bhaskar, On Tue, Oct 29, 2013 at 12:44:58AM -0400, Bhaskar Maddala wrote: Hello, Can you please take a look at [1]? Make sure it is what you had in mind, I read thru our conversation here again and I understood that the change we wanted to implement allowed selection of the hash function in addition to map-based/consistent and avalance. The change provide the ability to specify. indicates optional hash-type consistent sdbm/djb2/wt6 hash-type map-based sdbm/djb2/wt6 hash-type avalanche sdbm/djb2/wt6 Not all of it is implemented, i am in the middle of testing, but wanted any early feed back you might have before i spent a lot of time on it. I feel a bit bothered by having the if on the hash type done for every single character. I'd rather have 3 hash functions that work on (ptr, len) and call the right one with the string and length instead. It will also allow us to have clean hash functions resusable for anything else. Concerning the config, initially I thought that having a separate keyword (eg: hash-algo) to set the algorithm was better than mixing it with the hash-type keyword. But now I'm not completely sure about this because probably people who want to set the algo will also want to be sure about the type of hashing they're applying. I'd like to get other users' feedback on this, particularly those using the consistent hashing. Thanks, Willy
Re: Loadbalancing with ssl on www only
If it is any help you can get a certificate for *. domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
Re: Loadbalancing with ssl on www only
A wildcard cert is helpful for some things, but domain.com will not validate against a cert issued for *.domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com http://domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org mailto:fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host) url.com http://url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
Re: Loadbalancing with ssl on www only
Ahh, thank you -Bhaskar On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.netwrote: A wildcard cert is helpful for some things, but domain.com will not validate against a cert issued for *.domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
AW: Loadbalancing with ssl on www only
So it's simply impossible to redirect the request? I was using nginx as reverse proxy before and even apache can do that with a redirection. I'm a little surprised that this is simply impossible and i need another ssl vertificate. But thanks for the quick answers! Von: Bhaskar Maddala [mailto:madda...@gmail.com] Gesendet: Dienstag, 29. Oktober 2013 16:07 An: David Coulson Cc: Felix; haproxy@formilux.org Betreff: Re: Loadbalancing with ssl on www only Ahh, thank you -Bhaskar On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.net mailto:da...@davidcoulson.net wrote: A wildcard cert is helpful for some things, but domain.com http://domain.com will not validate against a cert issued for *.domain.com http://domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com http://domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org mailto:fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com http://url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
Re: AW: Loadbalancing with ssl on www only
No way it worked with Apache. Ssl verification happens before http can do anything. Sent from my iPad On Oct 29, 2013, at 12:39 PM, Felix Ferchland fe...@ferchland.org wrote: So it’s simply impossible to redirect the request? I was using nginx as reverse proxy before and even apache can do that with a redirection… I’m a little surprised that this is simply impossible and i need another ssl vertificate. But thanks for the quick answers! Von: Bhaskar Maddala [mailto:madda...@gmail.com] Gesendet: Dienstag, 29. Oktober 2013 16:07 An: David Coulson Cc: Felix; haproxy@formilux.org Betreff: Re: Loadbalancing with ssl on www only Ahh, thank you -Bhaskar On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.net wrote: A wildcard cert is helpful for some things, but domain.com will not validate against a cert issued for *.domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
AW: AW: Loadbalancing with ssl on www only
I can tell you, it worked. I think the difference is he kind of redirect (url vs header redirect). But I’m not an expert in proxy url rewriting, so I simply have to deal with that. I can’t order a new certificate for the domain because it’s an ev cert and these are quite expensive… Von: David Coulson [mailto:da...@davidcoulson.net] Gesendet: Dienstag, 29. Oktober 2013 17:58 An: Felix Ferchland Cc: Bhaskar Maddala; haproxy@formilux.org Betreff: Re: AW: Loadbalancing with ssl on www only No way it worked with Apache. Ssl verification happens before http can do anything. Sent from my iPad On Oct 29, 2013, at 12:39 PM, Felix Ferchland fe...@ferchland.org mailto:fe...@ferchland.org wrote: So it’s simply impossible to redirect the request? I was using nginx as reverse proxy before and even apache can do that with a redirection… I’m a little surprised that this is simply impossible and i need another ssl vertificate. But thanks for the quick answers! Von: Bhaskar Maddala [mailto:madda...@gmail.com] Gesendet: Dienstag, 29. Oktober 2013 16:07 An: David Coulson Cc: Felix; haproxy@formilux.org mailto:haproxy@formilux.org Betreff: Re: Loadbalancing with ssl on www only Ahh, thank you -Bhaskar On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.net mailto:da...@davidcoulson.net wrote: A wildcard cert is helpful for some things, but domain.com http://domain.com will not validate against a cert issued for *.domain.com http://domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com http://domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org mailto:fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com http://url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
Re: AW: AW: Loadbalancing with ssl on www only
Please post your apache configuration. There is seriously no way it worked. Redirection is redirection, and assuming it's all using ssl the certificate will impact the redirection. Sent from my iPad On Oct 29, 2013, at 1:11 PM, Felix Ferchland fe...@ferchland.org wrote: I can tell you, it worked. I think the difference is he kind of redirect (url vs header redirect). But I’m not an expert in proxy url rewriting, so I simply have to deal with that. I can’t order a new certificate for the domain because it’s an ev cert and these are quite expensive… Von: David Coulson [mailto:da...@davidcoulson.net] Gesendet: Dienstag, 29. Oktober 2013 17:58 An: Felix Ferchland Cc: Bhaskar Maddala; haproxy@formilux.org Betreff: Re: AW: Loadbalancing with ssl on www only No way it worked with Apache. Ssl verification happens before http can do anything. Sent from my iPad On Oct 29, 2013, at 12:39 PM, Felix Ferchland fe...@ferchland.org wrote: So it’s simply impossible to redirect the request? I was using nginx as reverse proxy before and even apache can do that with a redirection… I’m a little surprised that this is simply impossible and i need another ssl vertificate. But thanks for the quick answers! Von: Bhaskar Maddala [mailto:madda...@gmail.com] Gesendet: Dienstag, 29. Oktober 2013 16:07 An: David Coulson Cc: Felix; haproxy@formilux.org Betreff: Re: Loadbalancing with ssl on www only Ahh, thank you -Bhaskar On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.net wrote: A wildcard cert is helpful for some things, but domain.com will not validate against a cert issued for *.domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
Tips para la Administración Eficiente del Departamento de Compras
Administración, Organización y Control de un Departamento de Compras Bogotá 14 - Medellín 15 - Cali21de Noviembre de 2013 Tomar una decicsiòn equivocada al momento de contratar un nuevo colaboradoe significa el desperdicio de una inversiòn sustancial, no sòlo en tiempo y dinero, sino de recursos de reclutamiento, capacitaciòn y beneficios. ¡Aprenda todo lo que necesita saber para identificar al candidato verdaderamente idóneo para el puesto que necesita cubrir! Este seminario que traemos para usted es la clave para tomar decesiones acertadas y conformar el equipo que lleve a su empresa al éxito.Para ampliar la información y obtener los beneficios de inscripción temprana diligencie sin compromiso los siguientes datos: -Nombre:-Empresa:-Ciudad:-Teléfono:-E-mail: haproxy@formilux.org"Su información jamás será compartida ni comercializada. Garantizamos total confidencialidad y privacidad de sus datos" Centro de atención telefónica: 01 8000 51 30 51, PBX (4) 444 09 18Importante: En cumplimiento con la ley 1581 de 2012, queremos comunicarle que si usted no desea recibir la información actualizada con los temas más innovadores de nuestra agenda de eventos de capacitación, puede des-suscribirse de estas invitaciones respondiendo este correo con el asunto quit.La des-suscripción puede tardar de 1 a 5 días. Este correo no puede ser considerado intrusivo ya que cumple con las políticas antispa m internacionales y locales. Para des-suscribirse de estas invitaciones responda este correo con el asunto remover.Este correo ha sido enviado enviado a: haproxy@formilux.org
Re: HTTP and send-proxy
On 29 October 2013 08:30, Ge Jin altman87...@gmail.com wrote: Hi, Baptiste! Thanks for your reply, I found there is an incorrect configure in my ... email client? ;-)
Re: AW: AW: Loadbalancing with ssl on www only
Off topic:Presuming its not long dince you ordered. I would expect any decent expensive certificate issuer to allow you to get a new certificate with the additional name of the non wildcard same name without charge they will most likely want the original revoked before refunding. Unless they don't want any more orders from you. Back on topic again: A browser should not even get to the redirect without warning. However it could well cache the redirect and not bother you with warning the next time you went there in tgat browser session. Neil On 29 Oct 2013 17:13, Felix Ferchland fe...@ferchland.org wrote: I can tell you, it worked. I think the difference is he kind of redirect (url vs header redirect).*** * But I’m not an expert in proxy url rewriting, so I simply have to deal with that. I can’t order a new certificate for the domain because it’s an ev cert and these are quite expensive… ** ** ** ** *Von:* David Coulson [mailto:da...@davidcoulson.net] *Gesendet:* Dienstag, 29. Oktober 2013 17:58 *An:* Felix Ferchland *Cc:* Bhaskar Maddala; haproxy@formilux.org *Betreff:* Re: AW: Loadbalancing with ssl on www only ** ** No way it worked with Apache. Ssl verification happens before http can do anything. Sent from my iPad On Oct 29, 2013, at 12:39 PM, Felix Ferchland fe...@ferchland.org wrote: So it’s simply impossible to redirect the request? I was using nginx as reverse proxy before and even apache can do that with a redirection… I’m a little surprised that this is simply impossible and i need another ssl vertificate. But thanks for the quick answers! *Von:* Bhaskar Maddala [mailto:madda...@gmail.com madda...@gmail.com] *Gesendet:* Dienstag, 29. Oktober 2013 16:07 *An:* David Coulson *Cc:* Felix; haproxy@formilux.org *Betreff:* Re: Loadbalancing with ssl on www only Ahh, thank you -Bhaskar On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.net wrote: A wildcard cert is helpful for some things, but domain.com will not validate against a cert issued for *.domain.com On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: If it is any help you can get a certificate for *. domain.com On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote: Hello, I am using haproxy to loadbalance my webapplication but I get into a problem with our ssl certificate. haproxy is also serving the ssl certificate to the clients. this works quite well. we only have certificate for www as subdomain, so all traffic hitting haproxy should be redirected to https://www. if the visitor comes from non ssl the domain can be rewritten without a problem, but if the visitor types the domain with ssl but without subdomain, the url can't be rewritten before the (in this case invalid) ssl certificate was served by haproxy. is there a way to redirect an ssl request before serving the certificate? global maxconn 4096 daemon log 128.0.0.1 local0 defaults log global mode http contimeout 5000 clitimeout 5 srvtimeout 5 option forwardfor retries 3 option redispatch option http-server-close frontend http *:80 mode http redirect location https://www.url.com if !{ ssl_fc } frontend https # reqadd X-Forwarded-Proto:\ https # www Redirect mode http acl non-www hdr(host)url.com redirect prefix https://www.url.com if non-www bind *:443 ssl crt /crt/ssl.pem no-sslv3 default_backend web option forwardfor
Peers synchronization delay?
Hi, I have a deployment with two HAProxies in a peers configuration. A normal flow is that a client issues two subsequent calls (First response from backend servers sets a key on the sticky table and the second requests uses that key) Because the HW LB balancing between both HAProxies works in round robin, it's highly likely that first call will go to one HAProxy and second call will go to the others. The problem that I'm facing is that the second request seems not to find the key on the stickiness table and thus the requests is sent to any backend server. Worth to mention that this only happens the first time a pair of this calls is made. Subsequent calls already have the key on the stickiness table and works fine. The problem is exacerbated by the fact that I'm adding and removing backend servers to HAProxies oftenly so everytime I add a server the first client that ends in that server will have is second call fail. As suggested in this forum, I first add the backend server as disabled in both HAProxies, then I enable it in one and finally enable it in the other. Any ideas? peers section: peers cluster peer haproxy--i-46279671 172.18.80.136:1024 peer haproxy--i-b8e68a8c 172.18.81.126:1024 backend section backend farm option httpchk GET /health HTTP/1.0 option forwardfor balance roundrobin stick store-response hdr(X-Session) stick-table type string len 24 size 200k peers cluster stick match url_param(X-Session) server vm--i-37a49303 172.18.80.106 check port 80 inter 30s fastinter 5s rise 2 fall 3 server vm--i-43279674 172.18.80.60 check port 80 inter 30s fastinter 5s rise 2 fall 3 Thanks! Jose *J+*
Re: Consistent hashing alternative to sdbm
Hello, Please hold off on reviewing the code if you have not yet spent any time. I have found at least 1 issue. However feel free to respond on the questions about automated testing. I will send an update once I have the issue resolved. Thank you -Bhaskar On Tue, Oct 29, 2013 at 9:19 AM, Bhaskar Maddala madda...@gmail.com wrote: Hello, I updated the diff [1], it uses function now instead of macros, and added hash function wt6. I did smoke testing stepping thru the code via the debugger for all hash functions and it looks good, however requires more rigorous testing which I will do later today. On mixing on hashing function I initially tried the alternative of a separate keyword and settled on using the same keyword when I found the unused nibble in the bit masks. Fwiw, using the separate keyword makes the code a little simpler, but from a end user standpoint (which includes me) I found not having another keyword to be better. It would be great if you can take a look at [1] once more and see if you want anything changed. I did not look hard enough, but can/should I add some configs to tests/ folder and how/do these get run when invoking make, or do you run these in some other manner. Are there any additional tests you would like written? Thanks Bhaskar [1] https://github.com/maddalab/haproxy/pull/1 On Tue, Oct 29, 2013 at 2:13 AM, Willy Tarreau w...@1wt.eu wrote: Hi Bhaskar, On Tue, Oct 29, 2013 at 12:44:58AM -0400, Bhaskar Maddala wrote: Hello, Can you please take a look at [1]? Make sure it is what you had in mind, I read thru our conversation here again and I understood that the change we wanted to implement allowed selection of the hash function in addition to map-based/consistent and avalance. The change provide the ability to specify. indicates optional hash-type consistent sdbm/djb2/wt6 hash-type map-based sdbm/djb2/wt6 hash-type avalanche sdbm/djb2/wt6 Not all of it is implemented, i am in the middle of testing, but wanted any early feed back you might have before i spent a lot of time on it. I feel a bit bothered by having the if on the hash type done for every single character. I'd rather have 3 hash functions that work on (ptr, len) and call the right one with the string and length instead. It will also allow us to have clean hash functions resusable for anything else. Concerning the config, initially I thought that having a separate keyword (eg: hash-algo) to set the algorithm was better than mixing it with the hash-type keyword. But now I'm not completely sure about this because probably people who want to set the algo will also want to be sure about the type of hashing they're applying. I'd like to get other users' feedback on this, particularly those using the consistent hashing. Thanks, Willy
PATCH: Add ability to select HASH function amongst (SDBM/DJB2/WT6)
Hello Willy, In continuation of the thread on alternatives to consistent hashing, I am starting a new thread to track the patch that has been implemented. The results of testing can be viewed at [1]. The result match my expectations from earlier, i.e. when using consistent hashing DJB2 is better than the alternatives. I will run the additional test for 1MM requests and fill in the results shortly, however I was satisfied to send this patch along. Please lmk in case of any questions. The attached patch was generated with git format-patch master --stdout, here are some stats git apply --stat patch-hash-functions.patch Makefile|2 doc/configuration.txt | 85 +-- include/common/hash.h | 29 + include/types/backend.h |7 + src/backend.c | 272 +-- src/cfgparse.c | 19 +++ src/hash.c | 87 +++ 7 files changed, 341 insertions(+), 160 deletions(-) Thanks Bhaskar [1] http://tinyurl.com/moz5fhv patch-hash-functions.patch Description: Binary data