[PATCH] MEDIUM: init: allow directory as argument of -f
If -f argument is a directory add all the files (and only files) it containes to the config files list. These files are added in lexical order (man alphasort). Only files with ".cfg" extension are added. Only non hidden files (not prefixed with ".") are added. Symlink are followed. The -f order is still respected: $ tree -a rootdir rootdir ├── dir1 │ ├── 1.cfg │ ├── 2 │ ├── 3.cfg │ ├── 4.cfg -> 1.cfg │ ├── 5 -> 1.cfg │ ├── .6.cfg │ ├── 7.cfg -> . │ └── dir4 │ └── 8.cfg ├── dir2 │ ├── 10.cfg │ └── 9.cfg ├── dir3 │ └── 11.cfg ├── link -> dir3/ ├── root1 ├── root2 └── root3 $ ./haproxy -C rootdir -f root2 -f dir2 -f root3 -f dir1 \ -f link -f root1 root2 dir2/10.cfg dir2/9.cfg root3 dir1/1.cfg dir1/3.cfg dir1/4.cfg link/11.cfg root1 This can be useful on systemd where you can't change the haproxy commande line options on service reload. --- doc/haproxy.1 | 8 +-- doc/management.txt| 44 include/common/standard.h | 8 +++ src/haproxy.c | 128 +- src/standard.c| 32 5 files changed, 183 insertions(+), 37 deletions(-) diff --git a/doc/haproxy.1 b/doc/haproxy.1 index a836d5d..08ea9df 100644 --- a/doc/haproxy.1 +++ b/doc/haproxy.1 @@ -6,7 +6,7 @@ HAProxy \- fast and reliable http reverse proxy and load balancer .SH SYNOPSIS -haproxy \-f[\-L\ ] [\-n\ maxconn] [\-N\ maxconn] [\-C\ ] [\-v|\-vv] [\-d] [\-D] [\-q] [\-V] [\-c] [\-p\ ] [\-dk] [\-ds] [\-de] [\-dp] [\-db] [\-dM[]] [\-m\ ] [{\-sf|\-st}\ pidlist...] +haproxy \-f [\-L\ ] [\-n\ maxconn] [\-N\ maxconn] [\-C\ ] [\-v|\-vv] [\-d] [\-D] [\-q] [\-V] [\-c] [\-p\ ] [\-dk] [\-ds] [\-de] [\-dp] [\-db] [\-dM[]] [\-m\ ] [{\-sf|\-st}\ pidlist...] .SH DESCRIPTION @@ -33,8 +33,10 @@ instances without risking the system's stability. .SH OPTIONS .TP -\fB\-f \fP -Specify configuration file path. +\fB\-f \fP +Specify configuration file or directory path. If the argument is a directory +the files (and only files) it containes are added in lexical order (man +alphasort) ; only non hidden files with ".cfg" extension are added. .TP \fB\-L \fP diff --git a/doc/management.txt b/doc/management.txt index e0469aa..69b3c18 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -124,26 +124,30 @@ enforce some settings without touching the configuration files. The current list of options is : -- * : all the arguments following "--" are paths to configuration -file to be loaded and processed in the declaration order. It is mostly -useful when relying on the shell to load many files that are numerically -ordered. See also "-f". The difference between "--" and "-f" is that one -"-f" must be placed before each file name, while a single "--" is needed -before all file names. Both options can be used together, the command line -ordering still applies. When more than one file is specified, each file -must start on a section boundary, so the first keyword of each file must be -one of "global", "defaults", "peers", "listen", "frontend", "backend", and -so on. A file cannot contain just a server list for example. - - -f : adds to the list of configuration files to be -loaded. Configuration files are loaded and processed in their declaration -order. This option may be specified multiple times to load multiple files. -See also "--". The difference between "--" and "-f" is that one "-f" must -be placed before each file name, while a single "--" is needed before all -file names. Both options can be used together, the command line ordering -still applies. When more than one file is specified, each file must start -on a section boundary, so the first keyword of each file must be one of -"global", "defaults", "peers", "listen", "frontend", "backend", and so -on. A file cannot contain just a server list for example. +file/directory to be loaded and processed in the declaration order. It is +mostly useful when relying on the shell to load many files that are +numerically ordered. See also "-f". The difference between "--" and "-f" is +that one "-f" must be placed before each file name, while a single "--" is +needed before all file names. Both options can be used together, the +command line ordering still applies. When more than one file is specified, +each file must start on a section boundary, so the first keyword of each +file must be one of "global", "defaults", "peers", "listen", "frontend", +"backend", and so on. A file cannot contain just a server list for example. + + -f
Re: Regarding http basic authentication in haproxy
On 13 May 2016 4:19 am, "bln prasad"wrote: > > Hi, > I've setup basic http authentication in the frontend. I'm finding that it's asking for authentication for first time only when i access from the browser. Once it succeeds it's alway bypasses authentication even if i access it from other tabs or re access from sam tab. > > Is it expected? Yes it is expected If yes then can you please let me know how do i force authentication on every new tab or from same tab. > Only way is to close the browser. Nothing specific to haproxy thats how the basic auth works. > Thanks, > BLN
Votre écran neuf fois plus résistant Réf 72813
Cordialement, Chloé THOMAS 859649513.png Description: Binary data <>
Re: Adding backend server name as request header
Hi, remember that this directive adds a request header and not a response header i.e. you will not see this header in the response in the browser but only in the request on the backend server that will serve the request. There you can copy that information into a response header if you want. Regards, Dennis On 12.05.2016 21:15, Guillaume Bourque wrote: > Hello > > I looked into the doc to saw that we can put the directive in the backend > this is what I added to my config > > http-send-name-header X-CustomHeader > > But from my user browser I never get this header is there something that I > need to enable on the global section in order for this to be working ? > > HA-Proxy version 1.5.4 2014/09/02 > Copyright 2000-2014 Willy Tarreau> > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing > OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 > USE_PCRE=1 > > TIA > > Guillaume > > --- > Le 2016-05-12 à 14:29, Dennis Jacobfeuerborn a écrit : > >> This is exactly what I'm looking for, thanks! >> I was looking at the variables in Section 7.3 as I didn't think there >> would be a dedicated directive for this. Apparently I was wrong :) >> >> Regards, >> Dennis >> >> On 12.05.2016 18:48, Mehdi Ahmadi wrote: >>> It may be that your after: >>> ``` >>> http-send-name-header X-CustomHeader >>> ``` >>> Which would set the ID of the selected server into the header >>> `X-CustomHeader`. >>> See the documentation for further details. >>> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html >>> >>> >>> >>> On Thu, May 12, 2016 at 6:29 PM, Dennis Jacobfeuerborn < >>> denni...@conversis.de> wrote: >>> Hi, I'm wondering if there is a way to add the name of the server chosen for the request as a request header i.e. if the following server is chosen for the request: server back1 10.1.0.10:8080 check inter 2 then I'd like to receive this header on the 10.1.0.10 system: X-CustomHeader: back1 Is this possible? Regards, Dennis >>> >> >> > >
镍铝合金
你的老朋友邀你来Q群:343257759 抢优惠券
Re: dynamically choosing back-end port
Hi- I'm wondering if you need any additional information, or if I can provide any clarification, to get a response to my query. Thanks, in advance Derek On Tue, May 10, 2016 at 3:08 PM, Derek Brownwrote: > Sure. > > I have a setup where we're using HAProxy to front hundreds of different > services, each service running on a different port. > > I can figure out from the request (for example, the SNI information), which > service we want to use. However, for maintenance of the haproxy config > file, > it's very desirable to not have several hundred back-ends. > > A frontend, with a server configuration with a dynamically chosen port > seems > ideal. It would be the logical equivalent of > > server svc1 host:1001 if svc_1 > server svc2 host:1002 if svc_2 > > etc. > > Thanks, > > On Tue, May 10, 2016 at 2:53 PM, Baptiste wrote: > >> On Tue, May 10, 2016 at 8:13 PM, Derek Brown >> wrote: >> > Hello- >> > >> > I am trying to write a configuration which will allow me to choose the >> > back-end port dynamically. >> > >> > Specifically, I'd like to listen on port 443, and then choose the >> backend >> > port based on an http header >> > in the request. Something like >> > >> > frontend myserver >> > bind 443 >> > mode http >> > >> > server real-server 192.168.1.1:req.hdr(X-My-Header) >> > >> > --OR-- >> >server realserver 192.168.1.1:%[req.ssl_sni,lower,map(mapfile)] >> > >> > >> > where mapfile contains >> > hosta.domain.com 1001 >> > hostb.domain.com 1002 >> > >> > or similar. >> > >> > Is there any facility which would allow this, including the new(er) Lua >> > capabilities? >> > >> > Thanks, in advance >> >> >> Hi Derek, >> >> Could you please explain us your use case? >> >> Baptiste >> > >
Re: Adding backend server name as request header
Hello I looked into the doc to saw that we can put the directive in the backend this is what I added to my config http-send-name-header X-CustomHeader But from my user browser I never get this header is there something that I need to enable on the global section in order for this to be working ? HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy TarreauBuild options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 TIA Guillaume --- Le 2016-05-12 à 14:29, Dennis Jacobfeuerborn a écrit : > This is exactly what I'm looking for, thanks! > I was looking at the variables in Section 7.3 as I didn't think there > would be a dedicated directive for this. Apparently I was wrong :) > > Regards, > Dennis > > On 12.05.2016 18:48, Mehdi Ahmadi wrote: >> It may be that your after: >> ``` >> http-send-name-header X-CustomHeader >> ``` >> Which would set the ID of the selected server into the header >> `X-CustomHeader`. >> See the documentation for further details. >> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html >> >> >> >> On Thu, May 12, 2016 at 6:29 PM, Dennis Jacobfeuerborn < >> denni...@conversis.de> wrote: >> >>> Hi, >>> I'm wondering if there is a way to add the name of the server chosen for >>> the request as a request header i.e. if the following server is chosen >>> for the request: >>> >>> server back1 10.1.0.10:8080 check inter 2 >>> >>> then I'd like to receive this header on the 10.1.0.10 system: >>> >>> X-CustomHeader: back1 >>> >>> Is this possible? >>> >>> Regards, >>> Dennis >>> >>> >> > >
Empty DNS does not mark server as down
I am using haproxy version 1.6.3 and my server is defined using dns. It is an ELB in amazon web services so it changes IP addresses frequently and that functionality seems to work fine. However, if I delete the DNS entry, the server is not marked down. It then keeps sending traffic to the IP address that existed before the DNS entry was deleted. resolvers dns nameserver AmazonDNS 169.254.169.253:53 hold valid 1s frontend search bind :80 default_backend blue backend blue server blue elbname.amazon.net:80 resolvers dns check inter 1000
Re: Adding backend server name as request header
This is exactly what I'm looking for, thanks! I was looking at the variables in Section 7.3 as I didn't think there would be a dedicated directive for this. Apparently I was wrong :) Regards, Dennis On 12.05.2016 18:48, Mehdi Ahmadi wrote: > It may be that your after: > ``` > http-send-name-header X-CustomHeader > ``` > Which would set the ID of the selected server into the header > `X-CustomHeader`. > See the documentation for further details. > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html > > > > On Thu, May 12, 2016 at 6:29 PM, Dennis Jacobfeuerborn < > denni...@conversis.de> wrote: > >> Hi, >> I'm wondering if there is a way to add the name of the server chosen for >> the request as a request header i.e. if the following server is chosen >> for the request: >> >> server back1 10.1.0.10:8080 check inter 2 >> >> then I'd like to receive this header on the 10.1.0.10 system: >> >> X-CustomHeader: back1 >> >> Is this possible? >> >> Regards, >> Dennis >> >> >
Regarding http basic authentication in haproxy
Hi, I've setup basic http authentication in the frontend. I'm finding that it's asking for authentication for first time only when i access from the browser. Once it succeeds it's alway bypasses authentication even if i access it from other tabs or re access from sam tab. Is it expected? If yes then can you please let me know how do i force authentication on every new tab or from same tab. Thanks, BLN
Re: Adding backend server name as request header
It may be that your after: ``` http-send-name-header X-CustomHeader ``` Which would set the ID of the selected server into the header `X-CustomHeader`. See the documentation for further details. http://cbonte.github.io/haproxy-dconv/configuration-1.5.html On Thu, May 12, 2016 at 6:29 PM, Dennis Jacobfeuerborn < denni...@conversis.de> wrote: > Hi, > I'm wondering if there is a way to add the name of the server chosen for > the request as a request header i.e. if the following server is chosen > for the request: > > server back1 10.1.0.10:8080 check inter 2 > > then I'd like to receive this header on the 10.1.0.10 system: > > X-CustomHeader: back1 > > Is this possible? > > Regards, > Dennis > >
Adding backend server name as request header
Hi, I'm wondering if there is a way to add the name of the server chosen for the request as a request header i.e. if the following server is chosen for the request: server back1 10.1.0.10:8080 check inter 2 then I'd like to receive this header on the 10.1.0.10 system: X-CustomHeader: back1 Is this possible? Regards, Dennis
Re: Haproxy running on 100% CPU and slow downloads
Hi, Am 12.05.2016 um 14:37 schrieb Sachin Shetty: Hi Willy, We are seeing a strange problem on the patched server. We have several haproxy servers running but only one with the latest patch, and this haproxy has frozen twice in last two days, basically it hits max open connections 2000 on frontend and then stalls. From the logs it has 1999 connections on one of the backends which is nginx, but nginx_status shows me only a few active connections. It only happens on the patched haproxy server and does not happen anywhere else. Interesting thing is this haproxy is not the one doing SSL, we have two haproxies on the same box with the latest binary, the SSL one seems ok but the non SSL one keeps on accumulating connections. Right now, I see connections building on one backend hitting 150 in the last few hours, but the backend nginx only shows about 20 active connections. Can you collect "show sess all" output from the admin socket? Lukas
Re: Haproxy running on 100% CPU and slow downloads
Hi Willy, We are seeing a strange problem on the patched server. We have several haproxy servers running but only one with the latest patch, and this haproxy has frozen twice in last two days, basically it hits max open connections 2000 on frontend and then stalls. From the logs it has 1999 connections on one of the backends which is nginx, but nginx_status shows me only a few active connections. It only happens on the patched haproxy server and does not happen anywhere else. Interesting thing is this haproxy is not the one doing SSL, we have two haproxies on the same box with the latest binary, the SSL one seems ok but the non SSL one keeps on accumulating connections. Right now, I see connections building on one backend hitting 150 in the last few hours, but the backend nginx only shows about 20 active connections. On 5/10/16, 5:47 PM, "Willy Tarreau"wrote: >On Tue, May 10, 2016 at 11:10:14AM +0530, Sachin Shetty wrote: >> We deployed the latest and we saw throughput still dropped around peak >> hours a bit, then we swithed to nbproc 4 which is holding up ok. > >So probably you were reaching the processing limits for a single process, >that can easily happen with SSL if a lot of rekeying has to be done. > >> Note that >> 4 Cpus was not sufficient earlier, so I believe the latest version is >> scaling better. > >Good, that confirms that you're not facing these bugs anymore. I'm >currently >starting a new release, that will make it easier for you to deploy. > >Thanks for the report, >Willy >
[PATCH] [RFC]/MINOR: connection: Add server name to proxy protocol v2 header.
If the client provides the server name it intends to connect to, per RFC3546, Section 3.1. Server Name Indication, this patch will pass the server name onto the backend server as part of the proxy protocol v2 header. The patch defines the new SSL subtype PP2_TYPE_SSL_SNI and the corresponding flag PP2_CLIENT_SNI to accomplish this in an additional TLV. Please review. Thank you, Erik Seres 0001-RFC-MINOR-connection-Add-server-name-to-proxy-protoc.patch Description: Binary data
Server-sent event and Haproxy
Hi I'm trying to configure Haproxy to work with server_send events ( https://developer.mozilla.org/fr/docs/Server-sent_events/Using_server-sent_events ) and can't find any working configuration yet. I've tried to set long timeout server and client, to 'option httpclose' on backend, http tunnel-mode Can someone help me ? Kévin
New Arrival Hot Sell LED corn light.
Dear Manager, Good day!This is Bonnie from Shenzhen Guohui Lighting Equipment Co.,Ltd.Now, I'd like to introduce our NEW ARRIVAL LED Corn light to you.This series Corn light is our private design, other suppliers don't have this item. It's IP grade is IP64 waterproof.Now,it is hot sell in the market because not only the price is competitive but also the quality is excellent.We have introduced it to our customers and received many praises. I think you can have a try! Yoy will never regret!Please see the picture below,please take it as an reference. Best Regards,Bonnie Email : bon...@szguohui.com Phone: +86 135 9015 8051 Tel : 86 0755-89728339 Skype: Bonnie lvbingqian WhatsAPP: +86 135 9015 8051 Guohui Lighting Equipment Co., Ltd. Website: www.guohui-light.com Add: No.71, Xiangyin Rd., Nanlian Community, Longgang District, Shenzhen City, China <> <>
AW: 100% cpu , epoll_wait()
Hi Lukas, starting from around 200mbit/s in, haproxy processes (nbproc 6) are hitting 100% cpu regularly (noticed up to 3 processes at the same time with 100%), but recover again on its own after some time. stracing such a process yesterday showed the following: epoll_wait(0, {}, 200, 0) = 0 epoll_wait(0, {}, 200, 0) = 0 epoll_wait(0, {}, 200, 0) = 0 epoll_wait(0, {}, 200, 0) = 0 epoll_wait(0, {}, 200, 0) = 0 Unfortunately I can't do any more debugging in this setup. HAproxy 1.5.14 is never near to 10% cpu usage with way higher bandwidth. Bye, Sebastian -Ursprüngliche Nachricht- > Von:Lukas Tribus> Gesendet: Mit 11 Mai 2016 22:55 > An: Sebastian Heid ; HAProxy > Betreff: Re: 100% cpu , epoll_wait() > > Hi Sebastian, > > > Am 11.05.2016 um 16:07 schrieb Sebastian Heid: > > Hi, > > > > I updated from 1.5.17 to 1.5.18 today, but sadly this issue still exits in > > the latest version in our environment. However downgrading to 1.5.14 > > "fixed" the issue for us. > > Seems like a different issue then. Can you elaborate what you are > seeing? Sporadic 100% cpu load? Do you have to kill it or does it > recover on its own? Can you strace it? > > > > Thanks, > > Lukas > > >
'src_http_req_rate' is neither a number nor a supported operator
Hi, I am using src_http_req_rate with a map in an ACL. The configuration is as follows: stick-table type ip size 1m expire 60s store http_req_rate(60s) acl abuse src,map_ip_int(/etc/haproxy/ips.map) -m int lt src_http_req_rate tcp-request connection reject if abuse !whitelist tcp-request connection track-sc1 src /etc/haproxy/ips.map #ip count 172.17.0.1 5 I checked official documentation which states that the src_http_req_rate is an integer indeed. Also, if I replace src_http_req_rate with a static value (for eg:5), it works. What am I missing? Please help me out. Thanks in advance. - Madhav
Re: Crash with kernel error
Hi, ok, thanks. This probably has to do with the changes regarding buffers. If this is a lab setup, my suggestion would be you don't use the init scripts to start haproxy, but start it manually from the haproxy directory (ulimit -c unlimited; ./haproxy -f configfile), when haproxy crashes it should generated a file named "core" in the haproxy directory. Just make sure you start haproxy as root, it doesn't matter if it downgrades privileges to "haproxy" after the start. Thanks, Lukas Am 12.05.2016 um 02:23 schrieb Sasha Litvak: Lukas, 1.6.3 didn't have any crashes. These crashes are sporadic and are not happening under the load, there is very little traffic as we are not running production yet. The proxy starts fine and can run for hours with the crash. Where would the core be generated? I set it up running as user haproxy would I have to adjust limits for that user? Thank you for all your help, On Wed, May 11, 2016 at 4:02 PM, Lukas Tribus> wrote: Hi Sasha, so the crash happens sporadically after hours of production traffic? Or does it crash right away after you start it? You are saying this started with 1.6.4, what was the version you used before and that worked fine? 1.6.3? Before starting haproxy, enable core dumping like this: ulimit -c unlimited Confirm its unlimited (right before starting haproxy from this shell): ulimit -c Disabling compiler optimizations will make sure the generated coredump is as meaningful as possible, you can do it like this: make clean; make CFLAGS="-O0 -g -fno-strict-aliasing -Wdeclaration-after-statement" TARGET=linux2628 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 But be advised that there will be performance/cpu impact, so you better monitor it. When you have a coredump, you can provide a backtrace with gdb like this: gdb and issuing a "bt full" Regards, Lukas