INDEPENDENCE DAY SALE - Upto 50% Off on Fashion and Electronics Accessories

2014-08-16 Thread Amazon Offers 



 If you're having trouble viewing this email, please click here.





































 






















































































Up
to 60% off
Women's Clothing 
Up
to 50% off
Women's Shoes
Up
to 50% off

Custom authentication integration

2014-08-16 Thread Vivek Malik 
Hi,

I would like to set up a configuration where users are required to
authenticate via a custom authentication web app before navigating to
the content backend.

I was thinking on lines of haproxy server sending the request to the
auth server when a map entry is missing. When the user authenticates,
the authentication app will insert an entry into the haproxy map and
put a cookie in http response with same entry value.

Questions:
a) Is it possible to make entries expire in map?
b) Does this design look feasible?

Thanks for your input. I have used haproxy 1.4 quite a bit, but
haven't used 1.5/map feature/stick table yet.

Regards,
Vivek

failing health checks, when using unix sockets, with ssl server&binding, 1.5.3

2014-08-16 Thread PiBa-NL 

Hi haproxy-list,

I have some strange results trying to use unix sockets to connect 
backends to frontends.

I'm using 1.5.3 on FreeBSD 8.3. (pfSense)

With the config below the result i get is that srv1,2,3 and 5 are 
serving requests correctly (i can put all others to maintenance mode and 
the stats keep working).


And srv4 is down because of lastchk: "L6TOUT". It seems to me this 
behavior is inconsistent?


If anyone could confirm if this is indeed a problem in haproxy or tell 
if there is a reason for this, please let me know.


The config below is just what i narrowed it down to to have an easy to 
reproduce issue to find why i was having trouble forwarding a tcp 
backend to a ssl offloading frontend..
What i wanted to have is a TCP frontend using SNI to forward connections 
to the proper backends. And have a defaultbackend that does 
SSLoffloading, and then uses host header to send the requests to the 
proper backend. The purpose would be to minimize the load on haproxy 
itself, while maximizing supported clients (XP and older mobile devices).


Thanks in advance.
PiBa-NL

global
daemon
gid80
ssl-server-verify none
tune.ssl.default-dh-param 1024
chroot/tmp/haproxy_chroot

defaults
timeout connect3
timeout server3

frontend 3in1
bind0.0.0.0:800
modetcp
timeout client3
default_backendlocal84_tcp

backend local84_tcp
modetcp
retries3
optionhttpchk GET /
serversrv1 127.0.0.1:1000send-proxy check inter 1000
serversrv2 /stats1000.socket send-proxy check inter 1000
serversrv3 127.0.0.1:1001send-proxy ssl check inter 
1000 check-ssl
serversrv4 /stats1001.socket send-proxy ssl check inter 
1000 check-ssl

serversrv5 /stats1001.socket send-proxy ssl

frontend stats23
bind 0.0.0.0:1000 accept-proxy
bind /tmp/haproxy_chroot/stats1000.socket accept-proxy
bind 0.0.0.0:1001 accept-proxy ssl  crt 
/var/etc/haproxy/stats23.85.pem
bind /tmp/haproxy_chroot/stats1001.socket accept-proxy ssl  crt 
/var/etc/haproxy/stats23.85.pem

modehttp
timeout client3
default_backendstats_http

backend stats_http
modehttp
retries3
statsenable
statsuri /
statsadmin if TRUE
statsrefresh 1