Re: HAProxy proxying JDBC requests two a percona cluster
Hi! If it's not too much trouble maybe you could send a short message to haproxy list describing how you fixed the problem. This might help someone else who reads the list archives. Yes, Jarno. You're absolutely right. The main problem of this was the enormous default idle timeout of Hybris - 50 minutes. Once I configure all timeouts (timeout connect, timeout client, timeout server. Though I'm actually not sure, if I really needed ALL timeouts) to reflect that, everything worked fine. Thanks again for the help! Kind regards Dennis -- Dennis Plöger Systemadministrator und Berater -- Besuchen Sie uns auf unseren nächsten Veranstaltungen: - J.Boye Web- und Intranetkonferenz, 04.-06.11.2014, Aarhus - konaktiva, 11.11.2014, Halle 3 B / Stand G4 (Westfalenhallen), Dortmund -- getit - Gesellschaft für Technologie- und Informationstransfer mbH Emil-Figge-Straße 76-80 44227 Dortmund Tel: +49.231.9742.7846 Fax: +49.231.9742.356 http://www.getit.de Amtsgericht Dortmund, HRB-Nr. 26548 Geschäftsführung: Dr. Thomas Krämerkämper (Vorsitzender) Christoph Hecker Dietmar Müller Leonardo Musso
Re: Question about srv_conn and beconn
Hi, On 2014/10/23 13:24, 王继红 wrote: Hi Godbach Another question I want to ask, I see when the backend web server response time is more than 50s, then the haproxy will return http 504 to the client user, if the web server response the request but the response content is partly to the haproxy server (async process in web server internal) , whether the haproxy will response the partly content to client user so the user will not get a 504 error? Regards HAProxy will only emit HTTP 504 to client if it can not get the whole header of http response. So if HAProxy can receive the whole http header of response, it can forward the data all it received to client successfully, maybe including partial body, http 504 will not be emitted anymore. Meanwhile, HAProxy will reset the connection if it cannot received more data of http body for a long time which exceeds server timeout. For your situation, you can enlarge the server timeout value by the following configuration to avoid 504: timeout server timeout -- Best Regards, Godbach
userlist with bcrypt $2y$ encrypted passwords on Debian Wheezy
Hi all, I am currently trying to have basic user authentication enabled using a hash starting with $2y$ While this hash is working very fine in combination with PHP's password_hash(), it seems the same hash string is not working for basic authentication in haproxy.cfg. I'm not entirely sure about Wheezy supporting the latest Blowfish algorithm ($2y$) and did not find anything on the web to it either. Using the insecure-password method in haproxy.cfg the authentication works just fine so my conclusion is HAproxy might not be aware of how to handle this hash string correctly (even though the documentation indicates it just relies on the system's crypt() function). Would anybody have a clue how I could investigate this issue any further or would even have a suggestion to solve it on Debian Wheezy? Many thanks, Julian
RE: userlist with bcrypt $2y$ encrypted passwords on Debian Wheezy
Hi all, I am currently trying to have basic user authentication enabled using a hash starting with $2y$ While this hash is working very fine in combination with PHP's password_hash(), it seems the same hash string is not working for basic authentication in haproxy.cfg. I'm not entirely sure about Wheezy supporting the latest Blowfish algorithm ($2y$) and did not find anything on the web to it either. Using the insecure-password method in haproxy.cfg the authentication works just fine so my conclusion is HAproxy might not be aware of how to handle this hash string correctly (even though the documentation indicates it just relies on the system's crypt() function). Would anybody have a clue how I could investigate this issue any further or would even have a suggestion to solve it on Debian Wheezy? glibc's crypt() simply doesn't support it. Check with: man crypt Other than MD5, crypt() in Debian Wheezy almost certainly only supports sha256 (id $5$) and sha512 (id $6$). There is a mysterious comment in the manpage about blowfish (id $2a$), that suggests it *may* be supported, although its not in mainline glibc. I suggest to stick with sha512, that should be secure enough (its salted anyway). See here [1] for a list of crypt() ids. Oh and please upgrade haproxy, starting with v1.5.4 we verify that the encryption method is actually supported by crypt(), so HAproxy won't even start with unsupported password methods. Regards, Lukas [1] http://en.wikipedia.org/wiki/Crypt_%28C%29#Blowfish-based_scheme
[SPAM] Get Free Mobile Recharge of Rs. 10
Hi,As a valued user of YouMint, we would request you to spare 10 minutes of your time as we seek your opinion for the following study. Approx Time: 10-15 minsCash Credit: Rs 10 on successful completion of this survey. An email confirmation of the cash credit will be sent on successful completion of the survey. Click Here : http://www.giftl.com/s/?pid=1413882026 Happy Minting :-)Team YouMint P.S There are some criteria in the profile which need to be matched, so it is possible that you may not fit it entirely, in which case you will be informed. If you fulfill the profile criteria and complete the questionnaire, you stand a chance to win an IPOD.You have received this mailer from us because you indicated that you would like to receive special offers.To unsubscribe from this offer, please click here to unsubscribe.
Thank you to cbonte
Just wanted to say thank you to cbonte for the searchable version of the docs at http://cbonte.github.io/haproxy-dconv/ They're fantastic. Thank you for putting the effort into making that interface. -J
Length of peername
Is there a max length of a peername? We're noticing HAProxy can't find the local peer because it's hostname is quite long and HAProxy appears to be truncating the last 4 characters when trying to match. -J
PROXY protocol healthchecks
How are folks deal with direct healthchecks (e.g. from Nagios) of backend servers that have PROXY protocol enabled? Currently we're using a BASH scripts around wget and curl, but since wget and curl can't send the PROXY header, that approach doesn't work. Hoping someone has a a slick wrapper solution that might work...otherwise looks like we're cooking up new HCs in Python. -J
