Re: [PATCH] Re: 503 when using set-path and mapped backend

[Willy Tarreau]

On Sun, Apr 26, 2015 at 11:47:22PM +0200, Thierry FOURNIER wrote:
 With the patch :)

patch looks good, applied.

Thanks!
Willy

Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path

[Andrew Hayworth]

Hi Willy -

Sorry about the delay. I had to work on some other projects, and just
got back to this.
As usual, thank you for the feedback on the commit.

On Wed, Apr 15, 2015 at 4:12 AM, Willy Tarreau w...@1wt.eu wrote:

 - it did not apply to mainline, I had to apply it by hand, so I suspect
   that you did it against 1.5 instead of 1.6. Any contrib must be done
   on 1.6 (dev branch), including fixes, and if needed they're backported
   later. This ensures we never lose a fix or feature when upgrading.

Apologies for that, I was indeed working against 1.5.

 There, if I send GET \r\n\r\n, what will happen is that both spc and end
 will point to the same space, resulting in nchar being -1, so you can
 already see the segfault in memmove() and later. Also you need to keep in
 mind that multiple spaces are tolerated and that tabs are tolerated as
 well, but they're encoded as #09 after encode_string().

I wasn't aware that either GET \r\n\r\n or tabs were valid in the HTTP
request line, but if the HAProxy parser tolerates it then the logging should
definitely not blow up if such a request comes through!

I've attached a patch that I believe addresses all of your feedback.
Let me know what you thinks!


-- 
- Andrew Hayworth


From 01db55d61f9efcfe6133126ab17ca8bd22dbb1bf Mon Sep 17 00:00:00 2001
From: Andrew Hayworth andrew.haywo...@getbraintree.com
Date: Mon, 27 Apr 2015 21:37:03 +
Subject: [PATCH] Add HTTP request-line log format directives

This commit adds 4 new log format variables that parse the
HTTP Request-Line for more specific logging than %r provides.

For example, we can parse the following HTTP Request-Line with
these new variables:

  GET /foo?bar=baz HTTP/1.1

- %HM: HTTP Method (GET)
- %HV: HTTP Version (HTTP/1.1)
- %HR: HTTP Request-URI (/foo?bar=baz)
- %HP: HTTP Request-URI without query string (/foo)
---
 doc/configuration.txt |   4 ++
 include/types/log.h   |   4 ++
 src/log.c | 139 ++
 3 files changed, 147 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index a37f54c..8e090b6 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -13203,6 +13203,10 @@ Please refer to the table below for currently
defined variables :
   |   | %t   | date_time  (with millisecond resolution)  | date|
   |   | %ts  | termination_state | string  |
   | H | %tsc | termination_state with cookie status  | string  |
+  | H | %HM  | HTTP method (ex: POST)| string  |
+  | H | %HV  | HTTP version (ex: HTTP/1.0)   | string  |
+  | H | %HR  | HTTP request URI (ex: /foo?bar=baz)   | string  |
+  | H | %HP  | HTTP request URI without query string | string  |
   +---+--+---+-+

 R = Restrictions : H = mode http only ; S = SSL only
diff --git a/include/types/log.h b/include/types/log.h
index 345a09f..f02cc11 100644
--- a/include/types/log.h
+++ b/include/types/log.h
@@ -93,6 +93,10 @@ enum {
  LOG_FMT_HDRREQUESTLIST,
  LOG_FMT_HDRRESPONSLIST,
  LOG_FMT_REQ,
+ LOG_FMT_HTTP_METHOD,
+ LOG_FMT_HTTP_REQUEST,
+ LOG_FMT_HTTP_PATH,
+ LOG_FMT_HTTP_VERSION,
  LOG_FMT_HOSTNAME,
  LOG_FMT_UNIQUEID,
  LOG_FMT_SSL_CIPHER,
diff --git a/src/log.c b/src/log.c
index 866b110..d0858fa 100644
--- a/src/log.c
+++ b/src/log.c
@@ -32,6 +32,7 @@
 #include types/log.h

 #include proto/frontend.h
+#include proto/proto_http.h
 #include proto/log.h
 #include proto/sample.h
 #include proto/stream.h
@@ -108,6 +109,10 @@ static const struct logformat_type logformat_keywords[] = {
  { hrl, LOG_FMT_HDRREQUESTLIST, PR_MODE_TCP, LW_REQHDR, NULL }, /*
header request list */
  { hs, LOG_FMT_HDRRESPONS, PR_MODE_TCP, LW_RSPHDR, NULL },  /*
header response */
  { hsl, LOG_FMT_HDRRESPONSLIST, PR_MODE_TCP, LW_RSPHDR, NULL },  /*
header response list */
+ { HM, LOG_FMT_HTTP_METHOD, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP method */
+ { HR, LOG_FMT_HTTP_REQUEST, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP
full request */
+ { HP, LOG_FMT_HTTP_PATH, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP path */
+ { HV, LOG_FMT_HTTP_VERSION, PR_MODE_HTTP, LW_REQ, NULL },  /* HTTP
version */
  { lc, LOG_FMT_LOGCNT, PR_MODE_TCP, LW_INIT, NULL }, /* log counter */
  { ms, LOG_FMT_MS, PR_MODE_TCP, LW_INIT, NULL },   /* accept
date millisecond */
  { pid, LOG_FMT_PID, PR_MODE_TCP, LW_INIT, NULL }, /* log pid */
@@ -923,7 +928,10 @@ int build_logline(struct stream *s, char *dst,
size_t maxsize, struct list *list
  struct proxy *fe = sess-fe;
  struct proxy *be = s-be;
  struct http_txn *txn = s-txn;
+ struct chunk chunk;
  char *uri;
+ char *spc;
+ char *end;
  struct tm tm;
  int t_request;
  int hdr;
@@ -1523,6 +1531,137 @@ int build_logline(struct stream *s, char *dst,
size_t maxsize, struct list *list
last_isspace = 0;
break;

+ case LOG_FMT_HTTP_PATH: // %HP
+   uri = txn-uri 

OpenStack- HAPROXY query

[Soni, Deepa (Artesyn)]

Hi,

 In OpenStack cloud framework , can we use single haproxy instance to 
configure multiple front end(VIP ) mapped to multiple backend(pool)


Thanks,
Deepa.

Re: Client ip in tcp mode

[Yves Van Wert]

Hi Baptiste,

that did the trick !  Thank you for your assistance

Yves

On Sat, Apr 25, 2015 at 4:35 PM, Baptiste bed...@gmail.com wrote:

 Hi Yves,

 proxy protocol is your friend. But the server must be compatible.
 http://blog.haproxy.com/haproxy/proxy-protocol/

 Baptiste

 On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote:
  hi list,
 
  Is there any way to get the client ip passed through to the backend
 servers
  when running in tcp mode? Putting the haproxy in transparent mode is not
  really an option.
 
  Thank you
  Yves

Show outgoing headers when full debug enabled

[CJ Ess]

When you run HAProxy in full debugging mode there is a debug_hdrs() call
that displays all of the http headers read from the frontend, I'd also like
to be able to see the headers being sent to the backend.

So far I haven't pinpointed where the headers are being sent from so that I
can add another debug_hdrs() call. Anyone point me to the right place?

Re: [PATCH] Add a new log format variable %p that spits out the sanitized request path

[Willy Tarreau]

Hi Andrew,

On Mon, Apr 27, 2015 at 04:49:36PM -0500, Andrew Hayworth wrote:
 Hi Willy -
 
 Sorry about the delay. I had to work on some other projects, and just
 got back to this.

Oh don't worry, I know this situation too well!

(...)
 On Wed, Apr 15, 2015 at 4:12 AM, Willy Tarreau w...@1wt.eu wrote:
  There, if I send GET \r\n\r\n, what will happen is that both spc and end
  will point to the same space, resulting in nchar being -1, so you can
  already see the segfault in memmove() and later. Also you need to keep in
  mind that multiple spaces are tolerated and that tabs are tolerated as
  well, but they're encoded as #09 after encode_string().
 
 I wasn't aware that either GET \r\n\r\n or tabs were valid in the HTTP
 request line, but if the HAProxy parser tolerates it then the logging should
 definitely not blow up if such a request comes through!

This one is not valid but anyone could send it (I did it by hand)
and haproxy must resist to this without crashing :-) And multiple
spaces/tabs are allowed.

 I've attached a patch that I believe addresses all of your feedback.
 Let me know what you thinks!

I'll try to assign some time today to review it and will keep you
informed.

Thanks!
Willy

Re: [PATCH 1/2] MEDIUM: Do not send email alerts corresponding to log-health-checks messages

[Willy Tarreau]

Hi Simon,

On Tue, Apr 28, 2015 at 10:58:56AM +0900, Simon Horman wrote:
 This seems only to lead to excessive verbosity which seems
 much more appropriate for logs than email.
 
 Signed-off-by: Simon Horman ho...@verge.net.au
 ---
  src/checks.c | 1 -
  1 file changed, 1 deletion(-)
 
 diff --git a/src/checks.c b/src/checks.c
 index 3702d9a4b0fe..efcaff20219b 100644
 --- a/src/checks.c
 +++ b/src/checks.c
 @@ -316,7 +316,6 @@ static void set_server_check_status(struct check *check, 
 short status, const cha
  
   Warning(%s.\n, trash.str);
   send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str);
 - send_email_alert(s, LOG_NOTICE, %s, trash.str);

Just a question, shouldn't we keep it and send it as LOG_INFO instead ?
That way users can choose whether to have them or not. Just a suggestion,
otherwise I'm fine with this as well.

Willy

[PATCH 0/2] MEDIUM: Change verbosity of email alerts

[Simon Horman]

Hi,

the aim of this series is to make the send more email alerts when
they are likely to be useful and less when they are likely to be
unwanted.

Simon Horman (2):
  MEDIUM: Do not send email alerts corresponding to log-health-checks
messages
  MEDIUM: Send email alerts when servers are marked as UP or enter the
drain state

 src/checks.c | 1 -
 src/server.c | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

-- 
2.1.4

[PATCH 2/2] MEDIUM: Send email alerts when servers are marked as UP or enter the drain state

[Simon Horman]

This is similar to the way email alerts are sent when servers are marked as
DOWN.

Like the log messages corresponding to these state changes the messages
have log level notice. Thus they are suppressed by the default email-alert
level of 'alert'. To allow these messages the email-alert level should
be set to 'notice', 'info' or 'debug'. e.g:

email-alert level notice

email-alert mailers and email-alert to settings are also required in
order for any email alerts to be sent.

Signed-off-by: Simon Horman ho...@verge.net.au
---
 src/server.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/server.c b/src/server.c
index a50f9e123741..ee6b8508dac0 100644
--- a/src/server.c
+++ b/src/server.c
@@ -332,6 +332,7 @@ void srv_set_running(struct server *s, const char *reason)
srv_append_status(trash, s, reason, xferred, 0);
Warning(%s.\n, trash.str);
send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str);
+   send_email_alert(s, LOG_NOTICE, %s, trash.str);
 
for (srv = s-trackers; srv; srv = srv-tracknext)
srv_set_running(srv, NULL);
@@ -484,6 +485,7 @@ void srv_set_admin_flag(struct server *s, enum srv_admin 
mode)
 
Warning(%s.\n, trash.str);
send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str);
+   send_email_alert(s, LOG_NOTICE, %s, trash.str);
 
if (prev_srv_count  s-proxy-srv_bck == 0  
s-proxy-srv_act == 0)
set_backend_down(s-proxy);
-- 
2.1.4

[PATCH 1/2] MEDIUM: Do not send email alerts corresponding to log-health-checks messages

[Simon Horman]

This seems only to lead to excessive verbosity which seems
much more appropriate for logs than email.

Signed-off-by: Simon Horman ho...@verge.net.au
---
 src/checks.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/checks.c b/src/checks.c
index 3702d9a4b0fe..efcaff20219b 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -316,7 +316,6 @@ static void set_server_check_status(struct check *check, 
short status, const cha
 
Warning(%s.\n, trash.str);
send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str);
-   send_email_alert(s, LOG_NOTICE, %s, trash.str);
}
 }
 
-- 
2.1.4

Re: Client ip in tcp mode

[Baptiste]

Hi yves,

Could you tell us which application server are you using?
(For offline consulting of the answer)

Baptiste
Le 27 avr. 2015 07:01, Yves Van Wert yve...@gmail.com a écrit :

 Hi Baptiste,

 that did the trick !  Thank you for your assistance

 Yves

 On Sat, Apr 25, 2015 at 4:35 PM, Baptiste bed...@gmail.com wrote:

 Hi Yves,

 proxy protocol is your friend. But the server must be compatible.
 http://blog.haproxy.com/haproxy/proxy-protocol/

 Baptiste

 On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote:
  hi list,
 
  Is there any way to get the client ip passed through to the backend
 servers
  when running in tcp mode? Putting the haproxy in transparent mode is not
  really an option.
 
  Thank you
  Yves

Re: China lighting led, matching quality and compare price www.china-lightingled.com

[jimmy]

  
  
Dear Sirs,

LED T8 tube, Green replacement of conventional flourescent lighting fixture,helps to keep your electricity expenses down monthly. Traditional light tubes contain some distinguished features like high energy consumption, short life, which are out of date . LED light bulb has become the new green and perfect lighting choice in the aspects luminous principle. The much lower energy usage of LED lighting can dramatically reduce operating costs, cut down electricity expenses. Kindly please view the following for details:

http://www.china-lightingled.com/t8-led-tube-light/shop-factory-18w-t8-smd-led-tube-light-110-lm-w-with-led-2835-chip-p123.html

http://www.china-lightingled.com/t8-led-tube-light/10w-1000lm-900mm-3-ft-t8-led-tube-light-g13-with-6000k-cold-white-p111.html

Long On SourceInternational Limitedprovide 3 Years warranty after selling .Replacement for free of charge during warranty period.
Good quality productwholesale online with competitive price. Looking forwardto getting your favourable response.

Sincerely Yours,


  Long On Source International Limited. ji...@china-lightingled.com 
  www.china-lightingled.com ; www.ruuled.com


  

Re: abortonclose for established connections?

[Ludovico Cavedon]

Hi Willy,

On Wed, Apr 22, 2015 at 10:58 AM, Ludovico Cavedon cave...@lastline.com
wrote:

 I will let you know, thanks again!


I reproduced your test case and it turned out the abortonclose option was
only in the listener section (and not on backend/defautls).
I moved it to defaults and now haproxy is behaving as expected.

Thanks for your help!
Ludovico

Re: Client ip in tcp mode

[Yves Van Wert]

Hey Baptiste,

We use a custom written java daemon. But we need to perform some checks on the 
client ip. 

Regards
Yves


 On 27-apr.-2015, at 17:30, Baptiste bed...@gmail.com wrote:
 
 Hi yves,
 
 Could you tell us which application server are you using?
 (For offline consulting of the answer)
 
 Baptiste
 
 Le 27 avr. 2015 07:01, Yves Van Wert yve...@gmail.com a écrit :
 Hi Baptiste,
 
 that did the trick !  Thank you for your assistance
 
 Yves
 
 On Sat, Apr 25, 2015 at 4:35 PM, Baptiste bed...@gmail.com wrote:
 Hi Yves,
 
 proxy protocol is your friend. But the server must be compatible.
 http://blog.haproxy.com/haproxy/proxy-protocol/
 
 Baptiste
 
 On Fri, Apr 24, 2015 at 6:33 PM, Yves Van Wert yve...@gmail.com wrote:
  hi list,
 
  Is there any way to get the client ip passed through to the backend 
  servers
  when running in tcp mode? Putting the haproxy in transparent mode is not
  really an option.
 
  Thank you
  Yves

Re: [PATCH 1/2] MEDIUM: Do not send email alerts corresponding to log-health-checks messages

[Simon Horman]

On Tue, Apr 28, 2015 at 06:43:38AM +0200, Willy Tarreau wrote:
 Hi Simon,
 
 On Tue, Apr 28, 2015 at 10:58:56AM +0900, Simon Horman wrote:
  This seems only to lead to excessive verbosity which seems
  much more appropriate for logs than email.
  
  Signed-off-by: Simon Horman ho...@verge.net.au
  ---
   src/checks.c | 1 -
   1 file changed, 1 deletion(-)
  
  diff --git a/src/checks.c b/src/checks.c
  index 3702d9a4b0fe..efcaff20219b 100644
  --- a/src/checks.c
  +++ b/src/checks.c
  @@ -316,7 +316,6 @@ static void set_server_check_status(struct check 
  *check, short status, const cha
   
  Warning(%s.\n, trash.str);
  send_log(s-proxy, LOG_NOTICE, %s.\n, trash.str);
  -   send_email_alert(s, LOG_NOTICE, %s, trash.str);
 
 Just a question, shouldn't we keep it and send it as LOG_INFO instead ?
 That way users can choose whether to have them or not. Just a suggestion,
 otherwise I'm fine with this as well.

Good idea, I'll re-spin.

In the mean time could you look at the second patch of the series?
It is (currently) independent of this one.

Re: abortonclose for established connections?

[Willy Tarreau]

Hi Ludovico,

On Mon, Apr 27, 2015 at 10:54:43AM -0700, Ludovico Cavedon wrote:
 Hi Willy,
 
 On Wed, Apr 22, 2015 at 10:58 AM, Ludovico Cavedon cave...@lastline.com
 wrote:
 
  I will let you know, thanks again!
 
 
 I reproduced your test case and it turned out the abortonclose option was
 only in the listener section (and not on backend/defautls).
 I moved it to defaults and now haproxy is behaving as expected.

Great! Thanks for your feedback!

Cheers,
Willy