[SPAM] J'ai un message à vous transmettre
Tchat Voyance Votre tirage Anabelle Tarologue Bonjour, Je suis Anabelle, votre tarologue. Je vais vous accompagner lors de votre tirage, pour répondre à toutes vos interrogations et vous aider à envisager plus sereinement votre avenir. Êtes-vous prête ? Commencez votre tirage maintenant »!- Tirez vos cartes ! http://redirect.quemoi.com/foxredirect2-54361-0_hapr...@formilux.org Pour voir les images: Cliquez ici http://redirect.quemoi.com/foxaff2-54361-hapr...@formilux.org-b96da066147abd0879d831071dd72af7 Cliquez sur ce lien pour effacer votre adresse de la liste de diffusion Capitems. http://redirect.quemoi.com/desabo-hapr...@formilux.org-b96da066147abd0879d831071dd72af7-54361 Ce message est transmis par la plateforme de routage d'. Les emails envoyés par utilisent des cookies afin de vous proposer des offres personnalisées. En savoir plus sur l'utilisation des cookies. http://redirect.quemoi.com/cgucookie-hapr...@formilux.org
Re: use env variables in bind for bind options
Hi Holger
Am 20-05-2016 17:02, schrieb Holger Just:
Hi Aleks,
Aleksandar Lazic wrote:
My conclusion is that with or without " the ${...} is not substituted,
at least in the bind line.
From your output, it looks like you are using an older version of
HAProxy.
yep.
[root@4a9889bfd2ac conf]# haproxy -vv
HA-Proxy version 1.5.14 2015/07/02
Copyright 2000-2015 Willy Tarreau
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -DTCP_USER_TIMEOUT=18
OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1
USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents =
200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
The behavior of quoted strings in the config changed in HAProxy
1.6. It appears you are using an older version (e.g. 1.5) which does
indeed not support this syntax.
That said, even on HAProxy 1.5.14, I have been able to validate your
syntax (there without the quotes).
Please ensure you are using a resonably up-to-date version of HAProxy
(which you can verify with `haproxy -vv`) and that you actually set all
used environment variables with their respective values when starting
HAProxy.
Okay I have now used more or less recent versions ;-).
curl -vO
http://www.haproxy.org/download/1.7/src/snapshot/haproxy-ss-20160520.tar.gz
curl -vO http://www.haproxy.org/download/1.6/src/haproxy-1.6.5.tar.gz
curl -vO http://www.haproxy.org/download/1.5/src/haproxy-1.5.18.tar.gz
The last one is crucial as HAProxy does not replace environment
variables in the config file if the environment variable is not
actually
defined. From your original output, it appears you are not defining the
${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment
which thus results in the parse error.
Looks like you are right.
test_env_haproxy.conf
https://gist.github.com/anonymous/4c9af7b622d072c7a58d85d5794e0fa7
20.05.2016 22:30 export PORT=8081
20.05.2016 22:30 export PORT_OPTS="accept-proxy"
OK
haproxy-1.6.5/haproxy -f test_env_haproxy.conf -d
haproxy-ss-20160520/haproxy -f test_env_haproxy.conf -d
NOK
haproxy-1.5.18/haproxy -f test_env_haproxy.conf -d
Thanks.
Best regards
Aleks
Minor - patch 1.6.x - Fix some warnings in Connection.c
These warnings bother me.
--
*Jonathan S. Fisher*
Senior Software Engineer
https://twitter.com/exabrial
http://www.tomitribe.com
https://www.tomitribe.io
diff --git a/src/connection.c b/src/connection.c
index 991cae3..12cdef0 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -385,7 +385,7 @@ int conn_recv_proxy(struct connection *conn, int flag)
if (trash.len < 9) /* shortest possible line */
goto missing;
- if (!memcmp(line, "TCP4 ", 5) != 0) {
+ if ((!memcmp(line, "TCP4 ", 5)) != 0) {
u32 src3, dst3, sport, dport;
line += 5;
@@ -426,7 +426,7 @@ int conn_recv_proxy(struct connection *conn, int flag)
((struct sockaddr_in *)&conn->addr.to)->sin_port =
htons(dport);
conn->flags |= CO_FL_ADDR_FROM_SET | CO_FL_ADDR_TO_SET;
}
- else if (!memcmp(line, "TCP6 ", 5) != 0) {
+ else if ((!memcmp(line, "TCP6 ", 5)) != 0) {
u32 sport, dport;
char *src_s;
char *dst_s, *sport_s, *dport_s;
Re: use env variables in bind for bind options
Hi Aleks,
Aleksandar Lazic wrote:
> My conclusion is that with or without " the ${...} is not substituted,
> at least in the bind line.
>From your output, it looks like you are using an older version of
HAProxy. The behavior of quoted strings in the config changed in HAProxy
1.6. It appears you are using an older version (e.g. 1.5) which does
indeed not support this syntax.
That said, even on HAProxy 1.5.14, I have been able to validate your
syntax (there without the quotes).
Please ensure you are using a resonably up-to-date version of HAProxy
(which you can verify with `haproxy -vv`) and that you actually set all
used environment variables with their respective values when starting
HAProxy.
The last one is crucial as HAProxy does not replace environment
variables in the config file if the environment variable is not actually
defined. From your original output, it appears you are not defining the
${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS} variable in the environment
which thus results in the parse error.
Regards,
Holger
Re: License questions
Am 20.05.2016 16:12 schrieb Aleksandar Lazic: Maybe off topic and just for my curiosity 'why'. Lazy developers. Oh so shiny to get client-ip and other info "for free" from the ajp-listener/container. Next to any jboss/tomcat app I get on the table "suffers" from this. There are one/some that added ajp to nginx - and it's a major pain. We have faced a lot of problems with ajp with jboss & tomcat after switching to http(s) most of the issues was gone, jfyi ;-). Beloved ajp ping/pong exhausting the container? :) Oh - please DO NOT add AJP to haproxy :-) ciao -- pb
Re: use env variables in bind for bind options
Hi Holger.
Am 20-05-2016 15:49, schrieb Holger Just:
Hi Aleks,
Aleksandar Lazic wrote:
### bind :${ROUTER_SERVICE_HTTP_PORT}
${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ###
It's look to me that this is not possible.
To quote from Section 2.3 of configuration.txt:
Those variables are interpreted only within double quotes. Variables
are expanded during the configuration parsing. Variable names must be
preceded by a dollar ("$") and optionally enclosed with braces ("{}")
similarly to what is done in Bourne shell.
Thus, it should work once you enclose your bind values into double
quotes (without the potential linebreak added by my mail client):
bind ":${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
This will however prevent you from setting multiple (space-separated)
bind options as they will only be recognized as a single value due to
the quotes.
Thanks for answer.
Here the tests which I have done.
#
bind ":${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
+ /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/141739 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid address:
'"' in '":${ROUTER_SERVICE_HTTP_PORT}"'
[ALERT] 140/141739 (19) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/141739 (19) : Fatal errors found in configuration.
#
#
bind :"${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
+ /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/142049 (18) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind' : invalid character
'"' in port number '"9080"' in ':"${ROUTER_SERVICE_HTTP_PORT}"'
[ALERT] 140/142049 (18) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/142049 (18) : Fatal errors found in configuration.
#
#
bind :${ROUTER_SERVICE_HTTP_PORT}
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
+ /usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/142259 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind
:${ROUTER_SERVICE_HTTP_PORT}' unknown keyword
'"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"'. Registered keywords :
[ ALL] accept-proxy
[ ALL] backlog
[ ALL] id
[ ALL] maxconn
[ ALL] name
[ ALL] nice
[ ALL] process
[UNIX] gid
[UNIX] group
[UNIX] mode
[UNIX] uid
[UNIX] user
[STAT] level
[ TCP] defer-accept
[ TCP] interface
[ TCP] mss
[ TCP] tcp-ut
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ SSL] alpn
[ SSL] ca-file
[ SSL] ca-ignore-err
[ SSL] ciphers
[ SSL] crl-file
[ SSL] crt
[ SSL] crt-ignore-err
[ SSL] crt-list
[ SSL] ecdhe
[ SSL] force-sslv3
[ SSL] force-tlsv10
[ SSL] force-tlsv11
[ SSL] force-tlsv12
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tls-tickets
[ SSL] ssl
[ SSL] strict-sni
[ SSL] verify
[ SSL] npn
[ALERT] 140/142259 (19) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/142259 (19) : Fatal errors found in configuration.
#
My conclusion is that with or without " the ${...} is not substituted,
at least in the bind line.
Best regards
aleks
Re: License questions
Hi Jonathan. Am 20-05-2016 16:05, schrieb Jonathan Fisher: Hey guys, Reading through the license, I had a couple of questions. HAProxy does not speak AJP, which is not terrible, but I was thinking about implementing a module for it. Maybe off topic and just for my curiosity 'why'. I have also thought to add this protocol to haproxy but due to the fact that almost all server speaks also http(s) I don't see any benefit with ajp. This thought matches also fcgi, from my point of view. We have faced a lot of problems with ajp with jboss & tomcat after switching to http(s) most of the issues was gone, jfyi ;-). Cheers Aleks If I did, I would want the license to be ASL. If I pull in the development headers from HAProxy, would that present a license conflict? -- JONATHAN S. FISHER Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io
License questions
Hey guys, Reading through the license, I had a couple of questions. HAProxy does not speak AJP, which is not terrible, but I was thinking about implementing a module for it. If I did, I would want the license to be ASL. If I pull in the development headers from HAProxy, would that present a license conflict? -- *Jonathan S. Fisher* Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io
Re: Compilation problem: haproxy 1.6.5 (latest) on Solaris 11
You guys are great. Thanks for the information and the patch On Fri, May 20, 2016 at 12:37 AM, Willy Tarreau wrote: > with the attachment it's better :-) > > On Fri, May 20, 2016 at 06:37:05AM +0200, Willy Tarreau wrote: > > Hi Jonathan, > > > > On Wed, May 18, 2016 at 01:52:01PM -0400, Jonathan Fisher wrote: > > > Nice here's the complication output: > > > > > > > > > http://pastebin.com/iS2JKXED > > > > > > Now I just have to figure out how to add openssl, zlib, and libpcre > which > > > don't seem to be available on Oracle Solaris. > > > > Normally it should also work with the attached patch which I'd prefer to > > merge for long-term safety. > > > > Regarding the other packages you need above, when I was working on > Solaris > > I used to pick them from sunfreeware.com, they used to work out of the > box. > > > > Regards, > > Willy > -- *Jonathan S. Fisher* Senior Software Engineer https://twitter.com/exabrial http://www.tomitribe.com https://www.tomitribe.io
Re: use env variables in bind for bind options
Hi Aleks,
Aleksandar Lazic wrote:
> ### bind :${ROUTER_SERVICE_HTTP_PORT}
> ${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS} ###
>
> It's look to me that this is not possible.
To quote from Section 2.3 of configuration.txt:
> Those variables are interpreted only within double quotes. Variables
> are expanded during the configuration parsing. Variable names must be
> preceded by a dollar ("$") and optionally enclosed with braces ("{}")
> similarly to what is done in Bourne shell.
Thus, it should work once you enclose your bind values into double
quotes (without the potential linebreak added by my mail client):
bind ":${ROUTER_SERVICE_HTTP_PORT}"
"${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}"
This will however prevent you from setting multiple (space-separated)
bind options as they will only be recognized as a single value due to
the quotes.
Regards,
Holger
use env variables in bind for bind options
Hi.
Today I tried some fancy stuff ;-).
https://github.com/git001/openshift_custom_haproxy_ext/commit/d30fdb4fae0988b9a35ee43fef5cf247ae822f6f#diff-f81691f60803593ee683f75fb91cdd03
###
bind :${ROUTER_SERVICE_HTTP_PORT}
${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}
###
It's look to me that this is not possible.
/usr/sbin/haproxy -f /var/lib/haproxy/conf/haproxy.config -p
/var/lib/haproxy/run/haproxy.pid
[ALERT] 140/092135 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:55] : 'bind
:${ROUTER_SERVICE_HTTP_PORT}' unknown keyword
'${ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS}'. Registered keywords :
[ ALL] accept-proxy
[ ALL] backlog
[ ALL] id
[ ALL] maxconn
[ ALL] name
[ ALL] nice
[ ALL] process
[UNIX] gid
[UNIX] group
[UNIX] mode
[UNIX] uid
[UNIX] user
[STAT] level
[ TCP] defer-accept
[ TCP] interface
[ TCP] mss
[ TCP] tcp-ut
[ TCP] tfo
[ TCP] transparent
[ TCP] v4v6
[ TCP] v6only
[ SSL] alpn
[ SSL] ca-file
[ SSL] ca-ignore-err
[ SSL] ciphers
[ SSL] crl-file
[ SSL] crt
[ SSL] crt-ignore-err
[ SSL] crt-list
[ SSL] ecdhe
[ SSL] force-sslv3
[ SSL] force-tlsv10
[ SSL] force-tlsv11
[ SSL] force-tlsv12
[ SSL] no-sslv3
[ SSL] no-tlsv10
[ SSL] no-tlsv11
[ SSL] no-tlsv12
[ SSL] no-tls-tickets
[ SSL] ssl
[ SSL] strict-sni
[ SSL] verify
[ SSL] npn
[ALERT] 140/092135 (19) : parsing
[/var/lib/haproxy/conf/haproxy.config:81] : 'bind
:${ROUTER_SERVICE_HTTPS_PORT}' unknown keyword
'${ROUTER_SERVICE_HTTPS_PORT_BIND_OPTONS}'.
[ALERT] 140/092135 (19) : Error(s) found in configuration file :
/var/lib/haproxy/conf/haproxy.config
[ALERT] 140/092135 (19) : Fatal errors found in configuration.
Looks like that bind_find_kw() is not able to do the ENV evaluation in
${...} syntax
http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/cfgparse.c#l2319
http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/listener.c#l538
That's the reason why I get the error massage.
http://git.haproxy.org/?p=haproxy-1.5.git;a=blob;f=src/cfgparse.c#l2361
What do you think make it sense to add the possibility for
bind_find_kw() to parse first the ${...} content and then go further in
the process?
If you ask 'Why he want to do this'.
I want to be able to add some options to the bind line, currently
accept-proxy, dynamically in a docker/openshift image to avoid to build
the image just to add a bind option.
I need to do this because we run openshift router in front of AWS ELB
and want to be able to do this
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-proxy-protocol.html
I want to be able to just make a
oc env dc/router ROUTER_SERVICE_HTTP_PORT_BIND_OPTONS="accept-proxy"
if the ELB is configured with the proxy protocol option.
For Openshift I will add a PR to add similar like with
ROUTER_SERVICE_HTTP_PORT
https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L67
but for plain haproxy it would nice to have this feature also ;-)
Opinions?
Best regards
Aleks
