[SPAM] J'ai un message à vous transmettre
Tchat Voyance Votre tirage Anabelle Tarologue Bonjour, Je suis Anabelle, votre tarologue. Je vais vous accompagner lors de votre tirage, pour répondre à toutes vos interrogations et vous aider à envisager plus sereinement votre avenir. Êtes-vous prête ? Commencez votre tirage maintenant »!- Tirez vos cartes ! http://redirect.quemoi.com/foxredirect2-54361-0_hapr...@formilux.org Pour voir les images: Cliquez ici http://redirect.quemoi.com/foxaff2-54361-hapr...@formilux.org-b96da066147abd0879d831071dd72af7 Cliquez sur ce lien pour effacer votre adresse de la liste de diffusion Capitems. http://redirect.quemoi.com/desabo-hapr...@formilux.org-b96da066147abd0879d831071dd72af7-54361 Ce message est transmis par la plateforme de routage d'. Les emails envoyés par utilisent des cookies afin de vous proposer des offres personnalisées. En savoir plus sur l'utilisation des cookies. http://redirect.quemoi.com/cgucookie-hapr...@formilux.org
Re: use env variables in bind for bind options
Hi Holger Am 20-05-2016 17:02, schrieb Holger Just: Hi Aleks, Aleksandar Lazic wrote: My conclusion is that with or without " the ${...} is not substituted, at least in the bind line. From your output, it looks like you are using an older version of HAProxy. yep. [root@4a9889bfd2ac conf]# haproxy -vv HA-Proxy version 1.5.14 2015/07/02 Copyright 2000-2015 Willy Tarreau Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18 OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.32 2012-11-30 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. The behavior of quoted strings in the config changed in HAProxy 1.6. It appears you are using an older version (e.g. 1.5) which does indeed not support this syntax. That said, even on HAProxy 1.5.14, I have been able to validate your syntax (there without the quotes). Please ensure you are using a resonably up-to-date version of HAProxy (which you can verify with `haproxy -vv`) and that you actually set all used environment variables with their respective values when starting HAProxy. Okay I have now used more or less recent versions ;-). curl -vO http://www.haproxy.org/download/1.7/src/snapshot/haproxy-ss-20160520.tar.gz curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.5.tar.gz curl -vO http://www.haproxy.org/download/1.5/src/haproxy-1.5.18.tar.gz The last one is crucial as HAProxy does not replace environment variables in the config file if the environment variable is not actually defined. From your original output, it appears you are not defining the ${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment which thus results in the parse error. Looks like you are right. test_env_haproxy.conf https://gist.github.com/anonymous/4c9af7b622d072c7a58d85d5794e0fa7 20.05.2016 22:30 export PORT=8081 20.05.2016 22:30 export PORT_OPTS="accept-proxy" OK haproxy-1.6.5/haproxy -f test_env_haproxy.conf -d haproxy-ss-20160520/haproxy -f test_env_haproxy.conf -d NOK haproxy-1.5.18/haproxy -f test_env_haproxy.conf -d Thanks. Best regards Aleks
Minor - patch 1.6.x - Fix some warnings in Connection.c
These warnings bother me. -- *Jonathan S. Fisher* Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io diff --git a/src/connection.c b/src/connection.c index 991cae3..12cdef0 100644 --- a/src/connection.c +++ b/src/connection.c @@ -385,7 +385,7 @@ int conn_recv_proxy(struct connection *conn, int flag) if (trash.len < 9) /* shortest possible line */ goto missing; - if (!memcmp(line, "TCP4 ", 5) != 0) { + if ((!memcmp(line, "TCP4 ", 5)) != 0) { u32 src3, dst3, sport, dport; line += 5; @@ -426,7 +426,7 @@ int conn_recv_proxy(struct connection *conn, int flag) ((struct sockaddr_in *)&conn->addr.to)->sin_port = htons(dport); conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET; } - else if (!memcmp(line, "TCP6 ", 5) != 0) { + else if ((!memcmp(line, "TCP6 ", 5)) != 0) { u32 sport, dport; char *src_s; char *dst_s, *sport_s, *dport_s;
Re: use env variables in bind for bind options
Hi Aleks, Aleksandar Lazic wrote: > My conclusion is that with or without " the ${...} is not substituted, > at least in the bind line. >From your output, it looks like you are using an older version of HAProxy. The behavior of quoted strings in the config changed in HAProxy 1.6. It appears you are using an older version (e.g. 1.5) which does indeed not support this syntax. That said, even on HAProxy 1.5.14, I have been able to validate your syntax (there without the quotes). Please ensure you are using a resonably up-to-date version of HAProxy (which you can verify with `haproxy -vv`) and that you actually set all used environment variables with their respective values when starting HAProxy. The last one is crucial as HAProxy does not replace environment variables in the config file if the environment variable is not actually defined. From your original output, it appears you are not defining the ${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment which thus results in the parse error. Regards, Holger
Re: License questions
Am 20.05.2016 16:12 schrieb Aleksandar Lazic: Maybe off topic and just for my curiosity 'why'. Lazy developers. Oh so shiny to get client-ip and other info "for free" from the ajp-listener/container. Next to any jboss/tomcat app I get on the table "suffers" from this. There are one/some that added ajp to nginx - and it's a major pain. We have faced a lot of problems with ajp with jboss & tomcat after switching to http(s) most of the issues was gone, jfyi ;-). Beloved ajp ping/pong exhausting the container? :) Oh - please DO NOT add AJP to haproxy :-) ciao -- pb
Re: use env variables in bind for bind options
Hi Holger. Am 20-05-2016 15:49, schrieb Holger Just: Hi Aleks, Aleksandar Lazic wrote: ### bind :${ROUTER_SERVICE_HTTP_PORT} ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ### It's look to me that this is not possible. To quote from Section 2.3 of configuration.txt: Those variables are interpreted only within double quotes. Variables are expanded during the configuration parsing. Variable names must be preceded by a dollar ("$") and optionally enclosed with braces ("{}") similarly to what is done in Bourne shell. Thus, it should work once you enclose your bind values into double quotes (without the potential linebreak added by my mail client): bind ":${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" This will however prevent you from setting multiple (space-separated) bind options as they will only be recognized as a single value due to the quotes. Thanks for answer. Here the tests which I have done. # bind ":${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/141739 (19) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid address: '"' in '":${ROUTER_SERVICE_HTTP_PORT}"' [ALERT] 140/141739 (19) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/141739 (19) : Fatal errors found in configuration. # # bind :"${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/142049 (18) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid character '"' in port number '"9080"' in ':"${ROUTER_SERVICE_HTTP_PORT}"' [ALERT] 140/142049 (18) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/142049 (18) : Fatal errors found in configuration. # # bind :${ROUTER_SERVICE_HTTP_PORT} "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" + /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/142259 (19) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind :${ROUTER_SERVICE_HTTP_PORT}' unknown keyword '"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"'. Registered keywords : [ ALL] accept-proxy [ ALL] backlog [ ALL] id [ ALL] maxconn [ ALL] name [ ALL] nice [ ALL] process [UNIX] gid [UNIX] group [UNIX] mode [UNIX] uid [UNIX] user [STAT] level [ TCP] defer-accept [ TCP] interface [ TCP] mss [ TCP] tcp-ut [ TCP] tfo [ TCP] transparent [ TCP] v4v6 [ TCP] v6only [ SSL] alpn [ SSL] ca-file [ SSL] ca-ignore-err [ SSL] ciphers [ SSL] crl-file [ SSL] crt [ SSL] crt-ignore-err [ SSL] crt-list [ SSL] ecdhe [ SSL] force-sslv3 [ SSL] force-tlsv10 [ SSL] force-tlsv11 [ SSL] force-tlsv12 [ SSL] no-sslv3 [ SSL] no-tlsv10 [ SSL] no-tlsv11 [ SSL] no-tlsv12 [ SSL] no-tls-tickets [ SSL] ssl [ SSL] strict-sni [ SSL] verify [ SSL] npn [ALERT] 140/142259 (19) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/142259 (19) : Fatal errors found in configuration. # My conclusion is that with or without " the ${...} is not substituted, at least in the bind line. Best regards aleks
Re: License questions
Hi Jonathan. Am 20-05-2016 16:05, schrieb Jonathan Fisher: Hey guys, Reading through the license, I had a couple of questions. HAProxy does not speak AJP, which is not terrible, but I was thinking about implementing a module for it. Maybe off topic and just for my curiosity 'why'. I have also thought to add this protocol to haproxy but due to the fact that almost all server speaks also http(s) I don't see any benefit with ajp. This thought matches also fcgi, from my point of view. We have faced a lot of problems with ajp with jboss & tomcat after switching to http(s) most of the issues was gone, jfyi ;-). Cheers Aleks If I did, I would want the license to be ASL. If I pull in the development headers from HAProxy, would that present a license conflict? -- JONATHAN S. FISHER Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io
License questions
Hey guys, Reading through the license, I had a couple of questions. HAProxy does not speak AJP, which is not terrible, but I was thinking about implementing a module for it. If I did, I would want the license to be ASL. If I pull in the development headers from HAProxy, would that present a license conflict? -- *Jonathan S. Fisher* Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io
Re: Compilation problem: haproxy 1.6.5 (latest) on Solaris 11
You guys are great. Thanks for the information and the patch On Fri, May 20, 2016 at 12:37 AM, Willy Tarreau wrote: > with the attachment it's better :-) > > On Fri, May 20, 2016 at 06:37:05AM +0200, Willy Tarreau wrote: > > Hi Jonathan, > > > > On Wed, May 18, 2016 at 01:52:01PM -0400, Jonathan Fisher wrote: > > > Nice here's the complication output: > > > > > > > > > http://pastebin.com/iS2JKXED > > > > > > Now I just have to figure out how to add openssl, zlib, and libpcre > which > > > don't seem to be available on Oracle Solaris. > > > > Normally it should also work with the attached patch which I'd prefer to > > merge for long-term safety. > > > > Regarding the other packages you need above, when I was working on > Solaris > > I used to pick them from sunfreeware.com, they used to work out of the > box. > > > > Regards, > > Willy > -- *Jonathan S. Fisher* Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io
Re: use env variables in bind for bind options
Hi Aleks, Aleksandar Lazic wrote: > ### bind :${ROUTER_SERVICE_HTTP_PORT} > ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ### > > It's look to me that this is not possible. To quote from Section 2.3 of configuration.txt: > Those variables are interpreted only within double quotes. Variables > are expanded during the configuration parsing. Variable names must be > preceded by a dollar ("$") and optionally enclosed with braces ("{}") > similarly to what is done in Bourne shell. Thus, it should work once you enclose your bind values into double quotes (without the potential linebreak added by my mail client): bind ":${ROUTER_SERVICE_HTTP_PORT}" "${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}" This will however prevent you from setting multiple (space-separated) bind options as they will only be recognized as a single value due to the quotes. Regards, Holger
use env variables in bind for bind options
Hi. Today I tried some fancy stuff ;-). https://github.com/git001/openshift_custom_haproxy_ext/commit/d30fdb4fae0988b9a35ee43fef5cf247ae822f6f#diff-f81691f60803593ee683f75fb91cdd03 ### bind :${ROUTER_SERVICE_HTTP_PORT} ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ### It's look to me that this is not possible. /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p /var/lib/haproxy/run/haproxy.pid [ALERT] 140/092135 (19) : parsing [/var/lib/haproxy/conf/haproxy.config:55] : 'bind :${ROUTER_SERVICE_HTTP_PORT}' unknown keyword '${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}'. Registered keywords : [ ALL] accept-proxy [ ALL] backlog [ ALL] id [ ALL] maxconn [ ALL] name [ ALL] nice [ ALL] process [UNIX] gid [UNIX] group [UNIX] mode [UNIX] uid [UNIX] user [STAT] level [ TCP] defer-accept [ TCP] interface [ TCP] mss [ TCP] tcp-ut [ TCP] tfo [ TCP] transparent [ TCP] v4v6 [ TCP] v6only [ SSL] alpn [ SSL] ca-file [ SSL] ca-ignore-err [ SSL] ciphers [ SSL] crl-file [ SSL] crt [ SSL] crt-ignore-err [ SSL] crt-list [ SSL] ecdhe [ SSL] force-sslv3 [ SSL] force-tlsv10 [ SSL] force-tlsv11 [ SSL] force-tlsv12 [ SSL] no-sslv3 [ SSL] no-tlsv10 [ SSL] no-tlsv11 [ SSL] no-tlsv12 [ SSL] no-tls-tickets [ SSL] ssl [ SSL] strict-sni [ SSL] verify [ SSL] npn [ALERT] 140/092135 (19) : parsing [/var/lib/haproxy/conf/haproxy.config:81] : 'bind :${ROUTER_SERVICE_HTTPS_PORT}' unknown keyword '${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS}'. [ALERT] 140/092135 (19) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config [ALERT] 140/092135 (19) : Fatal errors found in configuration. Looks like that bind_find_kw() is not able to do the ENV evaluation in ${...} syntax http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/cfgparse.c#l2319 http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/listener.c#l538 That's the reason why I get the error massage. http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/cfgparse.c#l2361 What do you think make it sense to add the possibility for bind_find_kw() to parse first the ${...} content and then go further in the process? If you ask 'Why he want to do this'. I want to be able to add some options to the bind line, currently accept-proxy, dynamically in a docker/openshift image to avoid to build the image just to add a bind option. I need to do this because we run openshift router in front of AWS ELB and want to be able to do this http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html I want to be able to just make a oc env dc/router ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS="accept-proxy" if the ELB is configured with the proxy protocol option. For Openshift I will add a PR to add similar like with ROUTER_SERVICE_HTTP_PORT https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L67 but for plain haproxy it would nice to have this feature also ;-) Opinions? Best regards Aleks