Re: [PATCH] Re: 503 when using set-path and mapped backend
On Sun, Apr 26, 2015 at 11:47:22PM +0200, Thierry FOURNIER wrote: With the patch :) patch looks good, applied. Thanks! Willy
Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path
Hi Willy - Sorry about the delay. I had to work on some other projects, and just got back to this. As usual, thank you for the feedback on the commit. On Wed, Apr 15, 2015 at 4:12 AM, Willy Tarreau w...@1wt.eu wrote: - it did not apply to mainline, I had to apply it by hand, so I suspect that you did it against 1.5 instead of 1.6. Any contrib must be done on 1.6 (dev branch), including fixes, and if needed they're backported later. This ensures we never lose a fix or feature when upgrading. Apologies for that, I was indeed working against 1.5. There, if I send GET \r\n\r\n, what will happen is that both spc and end will point to the same space, resulting in nchar being -1, so you can already see the segfault in memmove() and later. Also you need to keep in mind that multiple spaces are tolerated and that tabs are tolerated as well, but they're encoded as #09 after encode_string(). I wasn't aware that either GET \r\n\r\n or tabs were valid in the HTTP request line, but if the HAProxy parser tolerates it then the logging should definitely not blow up if such a request comes through! I've attached a patch that I believe addresses all of your feedback. Let me know what you thinks! -- - Andrew Hayworth From 01db55d61f9efcfe6133126ab17ca8bd22dbb1bf Mon Sep 17 00:00:00 2001 From: Andrew Hayworth andrew.haywo...@getbraintree.com Date: Mon, 27 Apr 2015 21:37:03 + Subject: [PATCH] Add HTTP request-line log format directives This commit adds 4 new log format variables that parse the HTTP Request-Line for more specific logging than %r provides. For example, we can parse the following HTTP Request-Line with these new variables: GET /foo?bar=baz HTTP/1.1 - %HM: HTTP Method (GET) - %HV: HTTP Version (HTTP/1.1) - %HR: HTTP Request-URI (/foo?bar=baz) - %HP: HTTP Request-URI without query string (/foo) --- doc/configuration.txt | 4 ++ include/types/log.h | 4 ++ src/log.c | 139 ++ 3 files changed, 147 insertions(+) diff --git a/doc/configuration.txt b/doc/configuration.txt index a37f54c..8e090b6 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -13203,6 +13203,10 @@ Please refer to the table below for currently defined variables : | | %t | date_time (with millisecond resolution) | date| | | %ts | termination_state | string | | H | %tsc | termination_state with cookie status | string | + | H | %HM | HTTP method (ex: POST)| string | + | H | %HV | HTTP version (ex: HTTP/1.0) | string | + | H | %HR | HTTP request URI (ex: /foo?bar=baz) | string | + | H | %HP | HTTP request URI without query string | string | +---+--+---+-+ R = Restrictions : H = mode http only ; S = SSL only diff --git a/include/types/log.h b/include/types/log.h index 345a09f..f02cc11 100644 --- a/include/types/log.h +++ b/include/types/log.h @@ -93,6 +93,10 @@ enum { LOG_FMT_HDRREQUESTLIST, LOG_FMT_HDRRESPONSLIST, LOG_FMT_REQ, + LOG_FMT_HTTP_METHOD, + LOG_FMT_HTTP_REQUEST, + LOG_FMT_HTTP_PATH, + LOG_FMT_HTTP_VERSION, LOG_FMT_HOSTNAME, LOG_FMT_UNIQUEID, LOG_FMT_SSL_CIPHER, diff --git a/src/log.c b/src/log.c index 866b110..d0858fa 100644 --- a/src/log.c +++ b/src/log.c @@ -32,6 +32,7 @@ #include types/log.h #include proto/frontend.h +#include proto/proto_http.h #include proto/log.h #include proto/sample.h #include proto/stream.h @@ -108,6 +109,10 @@ static const struct logformat_type logformat_keywords[] = { { hrl, LOG_FMT_HDRREQUESTLIST, PR_MODE_TCP, LW_REQHDR, NULL }, /* header request list */ { hs, LOG_FMT_HDRRESPONS, PR_MODE_TCP, LW_RSPHDR, NULL }, /* header response */ { hsl, LOG_FMT_HDRRESPONSLIST, PR_MODE_TCP, LW_RSPHDR, NULL }, /* header response list */ + { HM, LOG_FMT_HTTP_METHOD, PR_MODE_HTTP, LW_REQ, NULL }, /* HTTP method */ + { HR, LOG_FMT_HTTP_REQUEST, PR_MODE_HTTP, LW_REQ, NULL }, /* HTTP full request */ + { HP, LOG_FMT_HTTP_PATH, PR_MODE_HTTP, LW_REQ, NULL }, /* HTTP path */ + { HV, LOG_FMT_HTTP_VERSION, PR_MODE_HTTP, LW_REQ, NULL }, /* HTTP version */ { lc, LOG_FMT_LOGCNT, PR_MODE_TCP, LW_INIT, NULL }, /* log counter */ { ms, LOG_FMT_MS, PR_MODE_TCP, LW_INIT, NULL }, /* accept date millisecond */ { pid, LOG_FMT_PID, PR_MODE_TCP, LW_INIT, NULL }, /* log pid */ @@ -923,7 +928,10 @@ int build_logline(struct stream *s, char *dst, size_t maxsize, struct list *list struct proxy *fe = sess-fe; struct proxy *be = s-be; struct http_txn *txn = s-txn; + struct chunk chunk; char *uri; + char *spc; + char *end; struct tm tm; int t_request; int hdr; @@ -1523,6 +1531,137 @@ int build_logline(struct stream *s, char *dst, size_t maxsize, struct list *list last_isspace = 0; break; + case LOG_FMT_HTTP_PATH: // %HP + uri = txn-uri
OpenStack- HAPROXY query
Hi, In OpenStack cloud framework , can we use single haproxy instance to configure multiple front end(VIP ) mapped to multiple backend(pool) Thanks, Deepa.
Re: Client ip in tcp mode
Hi Baptiste, that did the trick ! Thank you for your assistance Yves On Sat, Apr 25, 2015 at 4:35 PM, Baptiste bed...@gmail.com wrote: Hi Yves, proxy protocol is your friend. But the server must be compatible. http://blog.haproxy.com/haproxy/proxy-protocol/ Baptiste On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote: hi list, Is there any way to get the client ip passed through to the backend servers when running in tcp mode? Putting the haproxy in transparent mode is not really an option. Thank you Yves
Show outgoing headers when full debug enabled
When you run HAProxy in full debugging mode there is a debug_hdrs() call that displays all of the http headers read from the frontend, I'd also like to be able to see the headers being sent to the backend. So far I haven't pinpointed where the headers are being sent from so that I can add another debug_hdrs() call. Anyone point me to the right place?
Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path
Hi Andrew, On Mon, Apr 27, 2015 at 04:49:36PM -0500, Andrew Hayworth wrote: Hi Willy - Sorry about the delay. I had to work on some other projects, and just got back to this. Oh don't worry, I know this situation too well! (...) On Wed, Apr 15, 2015 at 4:12 AM, Willy Tarreau w...@1wt.eu wrote: There, if I send GET \r\n\r\n, what will happen is that both spc and end will point to the same space, resulting in nchar being -1, so you can already see the segfault in memmove() and later. Also you need to keep in mind that multiple spaces are tolerated and that tabs are tolerated as well, but they're encoded as #09 after encode_string(). I wasn't aware that either GET \r\n\r\n or tabs were valid in the HTTP request line, but if the HAProxy parser tolerates it then the logging should definitely not blow up if such a request comes through! This one is not valid but anyone could send it (I did it by hand) and haproxy must resist to this without crashing :-) And multiple spaces/tabs are allowed. I've attached a patch that I believe addresses all of your feedback. Let me know what you thinks! I'll try to assign some time today to review it and will keep you informed. Thanks! Willy
Re: [PATCH 1/2] MEDIUM: Do not send email alerts corresponding to log-health-checks messages
Hi Simon, On Tue, Apr 28, 2015 at 10:58:56AM +0900, Simon Horman wrote: This seems only to lead to excessive verbosity which seems much more appropriate for logs than email. Signed-off-by: Simon Horman ho...@verge.net.au --- src/checks.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index 3702d9a4b0fe..efcaff20219b 100644 --- a/src/checks.c +++ b/src/checks.c @@ -316,7 +316,6 @@ static void set_server_check_status(struct check *check, short status, const cha Warning(%s.\n, trash.str); send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str); - send_email_alert(s, LOG_NOTICE, %s, trash.str); Just a question, shouldn't we keep it and send it as LOG_INFO instead ? That way users can choose whether to have them or not. Just a suggestion, otherwise I'm fine with this as well. Willy
[PATCH 0/2] MEDIUM: Change verbosity of email alerts
Hi, the aim of this series is to make the send more email alerts when they are likely to be useful and less when they are likely to be unwanted. Simon Horman (2): MEDIUM: Do not send email alerts corresponding to log-health-checks messages MEDIUM: Send email alerts when servers are marked as UP or enter the drain state src/checks.c | 1 - src/server.c | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) -- 2.1.4
[PATCH 2/2] MEDIUM: Send email alerts when servers are marked as UP or enter the drain state
This is similar to the way email alerts are sent when servers are marked as DOWN. Like the log messages corresponding to these state changes the messages have log level notice. Thus they are suppressed by the default email-alert level of 'alert'. To allow these messages the email-alert level should be set to 'notice', 'info' or 'debug'. e.g: email-alert level notice email-alert mailers and email-alert to settings are also required in order for any email alerts to be sent. Signed-off-by: Simon Horman ho...@verge.net.au --- src/server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/server.c b/src/server.c index a50f9e123741..ee6b8508dac0 100644 --- a/src/server.c +++ b/src/server.c @@ -332,6 +332,7 @@ void srv_set_running(struct server *s, const char *reason) srv_append_status(trash, s, reason, xferred, 0); Warning(%s.\n, trash.str); send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str); + send_email_alert(s, LOG_NOTICE, %s, trash.str); for (srv = s-trackers; srv; srv = srv-tracknext) srv_set_running(srv, NULL); @@ -484,6 +485,7 @@ void srv_set_admin_flag(struct server *s, enum srv_admin mode) Warning(%s.\n, trash.str); send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str); + send_email_alert(s, LOG_NOTICE, %s, trash.str); if (prev_srv_count s-proxy-srv_bck == 0 s-proxy-srv_act == 0) set_backend_down(s-proxy); -- 2.1.4
[PATCH 1/2] MEDIUM: Do not send email alerts corresponding to log-health-checks messages
This seems only to lead to excessive verbosity which seems much more appropriate for logs than email. Signed-off-by: Simon Horman ho...@verge.net.au --- src/checks.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index 3702d9a4b0fe..efcaff20219b 100644 --- a/src/checks.c +++ b/src/checks.c @@ -316,7 +316,6 @@ static void set_server_check_status(struct check *check, short status, const cha Warning(%s.\n, trash.str); send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str); - send_email_alert(s, LOG_NOTICE, %s, trash.str); } } -- 2.1.4
Re: Client ip in tcp mode
Hi yves, Could you tell us which application server are you using? (For offline consulting of the answer) Baptiste Le 27 avr. 2015 07:01, Yves Van Wert yve...@gmail.com a écrit : Hi Baptiste, that did the trick ! Thank you for your assistance Yves On Sat, Apr 25, 2015 at 4:35 PM, Baptiste bed...@gmail.com wrote: Hi Yves, proxy protocol is your friend. But the server must be compatible. http://blog.haproxy.com/haproxy/proxy-protocol/ Baptiste On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote: hi list, Is there any way to get the client ip passed through to the backend servers when running in tcp mode? Putting the haproxy in transparent mode is not really an option. Thank you Yves
Re: China lighting led, matching quality and compare price www.china-lightingled.com
Dear Sirs, LED T8 tube, Green replacement of conventional flourescent lighting fixture,helps to keep your electricity expenses down monthly. Traditional light tubes contain some distinguished features like high energy consumption, short life, which are out of date . LED light bulb has become the new green and perfect lighting choice in the aspects luminous principle. The much lower energy usage of LED lighting can dramatically reduce operating costs, cut down electricity expenses. Kindly please view the following for details: http://www.china-lightingled.com/t8-led-tube-light/shop-factory-18w-t8-smd-led-tube-light-110-lm-w-with-led-2835-chip-p123.html http://www.china-lightingled.com/t8-led-tube-light/10w-1000lm-900mm-3-ft-t8-led-tube-light-g13-with-6000k-cold-white-p111.html Long On SourceInternational Limitedprovide 3 Years warranty after selling .Replacement for free of charge during warranty period. Good quality productwholesale online with competitive price. Looking forwardto getting your favourable response. Sincerely Yours, Long On Source International Limited. ji...@china-lightingled.com www.china-lightingled.com ; www.ruuled.com
Re: abortonclose for established connections?
Hi Willy, On Wed, Apr 22, 2015 at 10:58 AM, Ludovico Cavedon cave...@lastline.com wrote: I will let you know, thanks again! I reproduced your test case and it turned out the abortonclose option was only in the listener section (and not on backend/defautls). I moved it to defaults and now haproxy is behaving as expected. Thanks for your help! Ludovico
Re: Client ip in tcp mode
Hey Baptiste, We use a custom written java daemon. But we need to perform some checks on the client ip. Regards Yves On 27-apr.-2015, at 17:30, Baptiste bed...@gmail.com wrote: Hi yves, Could you tell us which application server are you using? (For offline consulting of the answer) Baptiste Le 27 avr. 2015 07:01, Yves Van Wert yve...@gmail.com a écrit : Hi Baptiste, that did the trick ! Thank you for your assistance Yves On Sat, Apr 25, 2015 at 4:35 PM, Baptiste bed...@gmail.com wrote: Hi Yves, proxy protocol is your friend. But the server must be compatible. http://blog.haproxy.com/haproxy/proxy-protocol/ Baptiste On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote: hi list, Is there any way to get the client ip passed through to the backend servers when running in tcp mode? Putting the haproxy in transparent mode is not really an option. Thank you Yves
Re: [PATCH 1/2] MEDIUM: Do not send email alerts corresponding to log-health-checks messages
On Tue, Apr 28, 2015 at 06:43:38AM +0200, Willy Tarreau wrote: Hi Simon, On Tue, Apr 28, 2015 at 10:58:56AM +0900, Simon Horman wrote: This seems only to lead to excessive verbosity which seems much more appropriate for logs than email. Signed-off-by: Simon Horman ho...@verge.net.au --- src/checks.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index 3702d9a4b0fe..efcaff20219b 100644 --- a/src/checks.c +++ b/src/checks.c @@ -316,7 +316,6 @@ static void set_server_check_status(struct check *check, short status, const cha Warning(%s.\n, trash.str); send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str); - send_email_alert(s, LOG_NOTICE, %s, trash.str); Just a question, shouldn't we keep it and send it as LOG_INFO instead ? That way users can choose whether to have them or not. Just a suggestion, otherwise I'm fine with this as well. Good idea, I'll re-spin. In the mean time could you look at the second patch of the series? It is (currently) independent of this one.
Re: abortonclose for established connections?
Hi Ludovico, On Mon, Apr 27, 2015 at 10:54:43AM -0700, Ludovico Cavedon wrote: Hi Willy, On Wed, Apr 22, 2015 at 10:58 AM, Ludovico Cavedon cave...@lastline.com wrote: I will let you know, thanks again! I reproduced your test case and it turned out the abortonclose option was only in the listener section (and not on backend/defautls). I moved it to defaults and now haproxy is behaving as expected. Great! Thanks for your feedback! Cheers, Willy