Re: Help

2016-08-02 Thread Cyril Bonté 

Hi,

Le 02/08/2016 à 23:21, Grégory MARCASSIN - Magic a écrit :

Hi,

Sorry to ask you something that I can probably find on the internet. :$
But I do not find clearly what I wish.
Thank you in advance for your help.

I wish to inform exim to support haproxy

check:

$ Telnet VIP 25
Trying 192.168.56.50 ...
Connected to vip.
Escape character is '^]'.
554 SMTP synchronization error
Connection closed by foreign host.

log:
2016-08-02 8:37:37 p.m. SMTP protocol synchronization error (input feels
without waiting for greeting) rejected connection from H lb1web
[192.168.56.51] input = "PROXY TCP4 192.168.56.1 192.168.56.50 64036 25
\ r \ not"


Currently here is my conf

 global
chroot  /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 8000
userhaproxy
group   haproxy
daemon
tune.ssl.default-dh-param 2048
tune.bufsize 72000

#nbproc 4

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

defaults
modehttp
log global
option  httplog
option  dontlognull
option  http-server-close
option forwardfor
option forwardfor   header X-ClientIP
option  redispatch
option  httpchk
retries 3
timeout http-request5s
timeout queue   1m
timeout connect 5s
timeout client  30s
timeout server  10s
timeout http-keep-alive 10s
timeout check   10s
maxconn 3000

# HAProxy web ui
listen stats 192.168.56.50:8080
mode http
stats hide-version
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:admin
stats admin if TRUE

frontend smtp_proxy
mode tcp
bind 192.168.56.50:25 transparent
default_backend bk_postfix

backend bk_postfix
mode tcp
option smtpchk
option forwardfor
#source 0.0.0.0 usesrc clientip
server postfix2 192.168.56.53:25 send-proxy check
server postfix3 192.168.56.54:25 send-proxy check


Here, you are enabling the Proxy Protocol when connecting to Exim 
(really a "good" idea to name those servers "postfix2" and "postfix3"...)



Exim with défault config


You have to enable the Proxy Protocol on the exim side, then.
Please read the Exim documentation to see how to do that (look at the 
keyword "hosts_proxy").





Le 02/08/2016 à 23:12, Jeff Palmer a écrit :

What specifically are you having issues with,  and what are the
configurations you have already tried?


Just asking someone to do your job for you isn't likely to get a lot of replies.



On Tue, Aug 2, 2016 at 4:36 PM, Grégory MARCASSIN - Magic
 wrote:

Hi,
Sorry to ask ...

Can you send me a url or a conf for the support EXIM4 ?


Thx a lot

Best regards
--







--
130-134 Avenue du Président Wilson
93512 Montreuil Cedex
www.magic.fr 


Grégory MARCASSIN
Administrateur Système
Tél : +33 (0)1 41 58 2281
Fax : +33 (0)1 56 72 93 30 
SAV : +33 (0)1 41 58 22 50 




--
Cyril Bonté

Re: Help

2016-08-02 Thread Grégory MARCASSIN - Magic 

It s true but i want the real IP of the client so i need this option.




Le 02/08/2016 à 23:37, Jeff Palmer a écrit :
I'm not familiar with exim itself,  but unless it supports the PROXY 
protocol,  you should probably remove the "send-proxy" part of your 
bk_postfix backend.




On Tue, Aug 2, 2016 at 5:21 PM, Grégory MARCASSIN - Magic 
> wrote:


Hi,

Sorry to ask you something that I can probably find on the
internet. :$
But I do not find clearly what I wish.
Thank you in advance for your help.

I wish to inform exim to support haproxy

check:

$ Telnet VIP 25
Trying 192.168.56.50 ...
Connected to vip.
Escape character is '^]'.
554 SMTP synchronization error
Connection closed by foreign host.

log:
2016-08-02 8:37:37 p.m. SMTP protocol synchronization error (input
feels without waiting for greeting) rejected connection from H
lb1web [192.168.56.51] input = "PROXY TCP4 192.168.56.1
192.168.56.50 64036 25 \ r \ not"


Currently here is my conf

 global
chroot  /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 8000
userhaproxy
group   haproxy
daemon
tune.ssl.default-dh-param 2048
tune.bufsize 72000

#nbproc 4

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

defaults
modehttp
log global
option  httplog
option  dontlognull
option  http-server-close
option forwardfor
option forwardfor   header X-ClientIP
option  redispatch
option  httpchk
retries 3
timeout http-request5s
timeout queue   1m
timeout connect 5s
timeout client  30s
timeout server  10s
timeout http-keep-alive 10s
timeout check   10s
maxconn 3000

# HAProxy web ui
listen stats 192.168.56.50:8080 
mode http
stats hide-version
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:admin
stats admin if TRUE

frontend smtp_proxy
mode tcp
bind 192.168.56.50:25  transparent
default_backend bk_postfix

backend bk_postfix
mode tcp
option smtpchk
option forwardfor
#source 0.0.0.0 usesrc clientip
server postfix2 192.168.56.53:25 
send-proxy check
server postfix3 192.168.56.54:25 
send-proxy check


Exim with défault config

Le 02/08/2016 à 23:12, Jeff Palmer a écrit :

What specifically are you having issues with,  and what are the
configurations you have already tried?


Just asking someone to do your job for you isn't likely to get a lot of 
replies.



On Tue, Aug 2, 2016 at 4:36 PM, Grégory MARCASSIN - Magic
   wrote:

Hi,
Sorry to ask ...

Can you send me a url or a conf for the support EXIM4 ?


Thx a lot

Best regards
--




-- 
130-134 Avenue du Président Wilson

93512 Montreuil Cedex
www.magic.fr 

Grégory MARCASSIN
Administrateur Système
Tél : +33 (0)1 41 58 2281
Fax : +33 (0)1 56 72 93 30 
SAV : +33 (0)1 41 58 22 50 




--
Jeff Palmer
https://PalmerIT.net


--
130-134 Avenue du Président Wilson
93512 Montreuil Cedex
www.magic.fr 

Grégory MARCASSIN
Administrateur Système
Tél : +33 (0)1 41 58 2281
Fax : +33 (0)1 56 72 93 30 
SAV : +33 (0)1 41 58 22 50

Re: Help

2016-08-02 Thread Jeff Palmer 
I'm not familiar with exim itself,  but unless it supports the PROXY
protocol,  you should probably remove the "send-proxy" part of your
bk_postfix backend.



On Tue, Aug 2, 2016 at 5:21 PM, Grégory MARCASSIN - Magic <
gmarcas...@magic.fr> wrote:

> Hi,
>
> Sorry to ask you something that I can probably find on the internet. :$
> But I do not find clearly what I wish.
> Thank you in advance for your help.
>
> I wish to inform exim to support haproxy
>
> check:
>
> $ Telnet VIP 25
> Trying 192.168.56.50 ...
> Connected to vip.
> Escape character is '^]'.
> 554 SMTP synchronization error
> Connection closed by foreign host.
>
> log:
> 2016-08-02 8:37:37 p.m. SMTP protocol synchronization error (input feels
> without waiting for greeting) rejected connection from H lb1web
> [192.168.56.51] input = "PROXY TCP4 192.168.56.1 192.168.56.50 64036 25 \ r
> \ not"
>
>
> Currently here is my conf
>
>  global
> chroot  /var/lib/haproxy
> pidfile /var/run/haproxy.pid
> maxconn 8000
> userhaproxy
> group   haproxy
> daemon
> tune.ssl.default-dh-param 2048
> tune.bufsize 72000
>
> #nbproc 4
>
> # turn on stats unix socket
> stats socket /var/lib/haproxy/stats
>
> defaults
> modehttp
> log global
> option  httplog
> option  dontlognull
> option  http-server-close
> option forwardfor
> option forwardfor   header X-ClientIP
> option  redispatch
> option  httpchk
> retries 3
> timeout http-request5s
> timeout queue   1m
> timeout connect 5s
> timeout client  30s
> timeout server  10s
> timeout http-keep-alive 10s
> timeout check   10s
> maxconn 3000
>
> # HAProxy web ui
> listen stats 192.168.56.50:8080
> mode http
> stats hide-version
> stats enable
> stats uri /stats
> stats realm HAProxy\ Statistics
> stats auth admin:admin
> stats admin if TRUE
>
> frontend smtp_proxy
> mode tcp
> bind 192.168.56.50:25 transparent
> default_backend bk_postfix
>
> backend bk_postfix
> mode tcp
> option smtpchk
> option forwardfor
> #source 0.0.0.0 usesrc clientip
> server postfix2 192.168.56.53:25 send-proxy check
> server postfix3 192.168.56.54:25 send-proxy check
>
>
> Exim with défault config
>
> Le 02/08/2016 à 23:12, Jeff Palmer a écrit :
>
> What specifically are you having issues with,  and what are the
> configurations you have already tried?
>
>
> Just asking someone to do your job for you isn't likely to get a lot of 
> replies.
>
>
>
> On Tue, Aug 2, 2016 at 4:36 PM, Grégory MARCASSIN - 
> Magic  wrote:
>
> Hi,
> Sorry to ask ...
>
> Can you send me a url or a conf for the support EXIM4 ?
>
>
> Thx a lot
>
> Best regards
> --
>
>
>
>
>
> --
> 130-134 Avenue du Président Wilson
> 93512 Montreuil Cedex
> www.magic.fr
>
> Grégory MARCASSIN
> Administrateur Système
> Tél : +33 (0)1 41 58 22 81
> Fax : +33 (0)1 56 72 93 30 <%2B33%20%280%291%2056%2072%2093%2030>
> SAV : +33 (0)1 41 58 22 50 <%2B33%20%280%291%2041%2058%2022%2050>
>



-- 
Jeff Palmer
https://PalmerIT.net

Re: Help

2016-08-02 Thread Grégory MARCASSIN - Magic 

Hi,

Sorry to ask you something that I can probably find on the internet. :$
But I do not find clearly what I wish.
Thank you in advance for your help.

I wish to inform exim to support haproxy

check:

$ Telnet VIP 25
Trying 192.168.56.50 ...
Connected to vip.
Escape character is '^]'.
554 SMTP synchronization error
Connection closed by foreign host.

log:
2016-08-02 8:37:37 p.m. SMTP protocol synchronization error (input feels 
without waiting for greeting) rejected connection from H lb1web 
[192.168.56.51] input = "PROXY TCP4 192.168.56.1 192.168.56.50 64036 25 
\ r \ not"



Currently here is my conf

 global
chroot  /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 8000
userhaproxy
group   haproxy
daemon
tune.ssl.default-dh-param 2048
tune.bufsize 72000

#nbproc 4

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

defaults
modehttp
log global
option  httplog
option  dontlognull
option  http-server-close
option forwardfor
option forwardfor   header X-ClientIP
option  redispatch
option  httpchk
retries 3
timeout http-request5s
timeout queue   1m
timeout connect 5s
timeout client  30s
timeout server  10s
timeout http-keep-alive 10s
timeout check   10s
maxconn 3000

# HAProxy web ui
listen stats 192.168.56.50:8080
mode http
stats hide-version
stats enable
stats uri /stats
stats realm HAProxy\ Statistics
stats auth admin:admin
stats admin if TRUE

frontend smtp_proxy
mode tcp
bind 192.168.56.50:25 transparent
default_backend bk_postfix

backend bk_postfix
mode tcp
option smtpchk
option forwardfor
#source 0.0.0.0 usesrc clientip
server postfix2 192.168.56.53:25 send-proxy check
server postfix3 192.168.56.54:25 send-proxy check


Exim with défault config

Le 02/08/2016 à 23:12, Jeff Palmer a écrit :

What specifically are you having issues with,  and what are the
configurations you have already tried?


Just asking someone to do your job for you isn't likely to get a lot of replies.



On Tue, Aug 2, 2016 at 4:36 PM, Grégory MARCASSIN - Magic
 wrote:

Hi,
Sorry to ask ...

Can you send me a url or a conf for the support EXIM4 ?


Thx a lot

Best regards
--







--
130-134 Avenue du Président Wilson
93512 Montreuil Cedex
www.magic.fr 

Grégory MARCASSIN
Administrateur Système
Tél : +33 (0)1 41 58 2281
Fax : +33 (0)1 56 72 93 30 
SAV : +33 (0)1 41 58 22 50

Re: Help

2016-08-02 Thread Jeff Palmer 
What specifically are you having issues with,  and what are the
configurations you have already tried?


Just asking someone to do your job for you isn't likely to get a lot of replies.



On Tue, Aug 2, 2016 at 4:36 PM, Grégory MARCASSIN - Magic
 wrote:
> Hi,
> Sorry to ask ...
>
> Can you send me a url or a conf for the support EXIM4 ?
>
>
> Thx a lot
>
> Best regards
> --
>
>



-- 
Jeff Palmer
https://PalmerIT.net

Help

2016-08-02 Thread Grégory MARCASSIN - Magic 

Hi,
Sorry to ask ...

Can you send me a url or a conf for the support EXIM4 ?


Thx a lot

Best regards
--

Re: Haproxy 1.6.7 segmentation fault under load

2016-08-02 Thread James Hartshorn 
Thanks for the info, I had neglected to check if ubuntu provided zlib.

ldd /usr/sbin/haproxy
linux-vdso.so.1 =>  (0x7ffe4ed8)
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x7fc9e975f000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7fc9e955b000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7fc9e9196000)
/lib64/ld-linux-x86-64.so.2 (0x7fc9e9998000)

Here's how I've been building zlib:

cd /opt
export ZLIB_VERSION=1.2.8

tar -xzvf zlib-$ZLIB_VERSION.tar.gz

cd /opt/zlib-$ZLIB_VERSION
make clean
./configure --static
make

And the relevant section of the haproxy make:

USE_ZLIB=1 ZLIB_INC=/opt/zlib-$ZLIB_VERSION/ ZLIB_LIB=/opt/zlib-$ZLIB_VERSION/


Today we will try building with os provided zlib, and also running without 
compression and possibly building without zlib.



From: Lukas Tribus 
Sent: Tuesday, August 2, 2016 10:57:24 AM
To: James Hartshorn; haproxy@formilux.org
Subject: Re: Haproxy 1.6.7 segmentation fault under load

Hi James,



Am 02.08.2016 um 19:09 schrieb James Hartshorn:
> (gdb) bt
> #0  __memcpy_sse2_unaligned () at
> ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
> #1  0x00498717 in fill_window ()
> #2  0x00498c20 in deflate_fast ()
> #3  0x0049a2e3 in deflate ()
> #4  0x00483897 in deflate_flush_or_finish (comp_ctx=0xdb9fa0,
> out=0xb139f0, flag=) at src/compression.c:790
> #5  0x004847a3 in http_compression_buffer_end
> (s=s@entry=0xe3c400, in=in@entry=0xe3c458, out=out@entry=0x872d40
> , end=) at src/compression.c:249

We can see that it crashes because of zlib compression. A workaround
could be to disable gzip compression in the meantime (if you need a
quick workaround for the production environment).

A few high level questions, to rule out any "stupid" compile issue:

Has zlib been compiled on the same box where the crash happens?
Are you sure, that both include and lib zlib path are correct?
Is zlib compiled statically (only)?
Whats the output of "ldd haproxy" on the box with the crash?
Ubuntu 14.04 ships zlib 1.2.8, any reason not to use the package from
the repository ("apt-get install zlib1g-dev")?



Thanks,

Lukas

Re: Haproxy 1.6.7 segmentation fault under load

2016-08-02 Thread Lukas Tribus 

Hi James,



Am 02.08.2016 um 19:09 schrieb James Hartshorn:

(gdb) bt
#0  __memcpy_sse2_unaligned () at 
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36

#1  0x00498717 in fill_window ()
#2  0x00498c20 in deflate_fast ()
#3  0x0049a2e3 in deflate ()
#4  0x00483897 in deflate_flush_or_finish (comp_ctx=0xdb9fa0, 
out=0xb139f0, flag=) at src/compression.c:790
#5  0x004847a3 in http_compression_buffer_end 
(s=s@entry=0xe3c400, in=in@entry=0xe3c458, out=out@entry=0x872d40 
, end=) at src/compression.c:249


We can see that it crashes because of zlib compression. A workaround 
could be to disable gzip compression in the meantime (if you need a 
quick workaround for the production environment).


A few high level questions, to rule out any "stupid" compile issue:

Has zlib been compiled on the same box where the crash happens?
Are you sure, that both include and lib zlib path are correct?
Is zlib compiled statically (only)?
Whats the output of "ldd haproxy" on the box with the crash?
Ubuntu 14.04 ships zlib 1.2.8, any reason not to use the package from 
the repository ("apt-get install zlib1g-dev")?




Thanks,

Lukas

Re: Haproxy 1.6.7 segmentation fault under load

2016-08-02 Thread James Hartshorn 
This morning we generated a crash with a slightly different config, it follows 
at the end of the email.  The relevant change to the configuration was to run 
test on all processes.  The problem appears to be the same, here is the current 
config and the output of gdb:

frontend app-http
  bind public.ip:80 interface p2p1 process all
  bind public.ip:843 ssl crt haproxy/ssl/_wildcard_.pem interface p2p1 process 
all

hap01:/# gdb /usr/sbin/haproxy /core
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/haproxy...done.
[New LWP 47513]
Core was generated by `/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p 
/var/run/haproxy.pid'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __memcpy_sse2_unaligned () at 
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
36 ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S: No such file or 
directory.

(gdb) bt
#0  __memcpy_sse2_unaligned () at 
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
#1  0x00498717 in fill_window ()
#2  0x00498c20 in deflate_fast ()
#3  0x0049a2e3 in deflate ()
#4  0x00483897 in deflate_flush_or_finish (comp_ctx=0xdb9fa0, 
out=0xb139f0, flag=) at src/compression.c:790
#5  0x004847a3 in http_compression_buffer_end (s=s@entry=0xe3c400, 
in=in@entry=0xe3c458, out=out@entry=0x872d40 , end=) at 
src/compression.c:249
#6  0x00452e84 in http_response_forward_body (s=s@entry=0xe3c400, 
res=res@entry=0xe3c450, an_bit=an_bit@entry=1048576) at src/proto_http.c:7173
#7  0x00478086 in process_stream (t=) at 
src/stream.c:1939
#8  0x00411855 in process_runnable_tasks () at src/task.c:238
#9  0x00408310 in run_poll_loop () at src/haproxy.c:1573
#10 0x00404dfa in main (argc=, argv=) at 
src/haproxy.c:1933

(gdb) bt full
#0  __memcpy_sse2_unaligned () at 
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:36
No locals.
#1  0x00498717 in fill_window ()
No symbol table info available.
#2  0x00498c20 in deflate_fast ()
No symbol table info available.
#3  0x0049a2e3 in deflate ()
No symbol table info available.
#4  0x00483897 in deflate_flush_or_finish (comp_ctx=0xdb9fa0, 
out=0xb139f0, flag=) at src/compression.c:790
ret = 
out_len = 0
strm = 0xdb9fa0
#5  0x004847a3 in http_compression_buffer_end (s=s@entry=0xe3c400, 
in=in@entry=0xe3c458, out=out@entry=0x872d40 , end=) at 
src/compression.c:249
to_forward = 
left = 
msg = 0xe3c710
ib = 0xe74b30
ob = 0xb139f0
tail = 
ret = 
#6  0x00452e84 in http_response_forward_body (s=s@entry=0xe3c400, 
res=res@entry=0xe3c450, an_bit=an_bit@entry=1048576) at src/proto_http.c:7173
sess = 0xcf5bf0
txn = 0xe3c700
msg = 0xe3c710
tmpbuf = 0xb139f0
compressing = 1
ret = 
#7  0x00478086 in process_stream (t=) at 
src/stream.c:1939
max_loops = 
ana_list = 1048576
ana_back = 1048576
flags = 2147483650
s = 0xe3c400
sess = 
rqf_last = 143065088
rpf_last = 
rq_prod_last = 
rq_cons_last = 
---Type  to continue, or q  to quit---
rp_cons_last = 
rp_prod_last = 
req_ana_back = 
req = 0xe3c410
res = 0xe3c450
si_f = 0xe3c5f8
si_b = 0xe3c618
#8  0x00411855 in process_runnable_tasks () at src/task.c:238
t = 0x7f522a2bf128
#9  0x00408310 in run_poll_loop () at src/haproxy.c:1573
next = 
#10 0x00404dfa in main (argc=, argv=) at 
src/haproxy.c:1933
err = 
retry = 
limit = {rlim_cur = 206127, rlim_max = 206127}
errmsg = "\000\000\000\000\000\000\000\000b\001", '\000' , 
"\300\066\315*R\177\000\000\002\000\000\000\000\000\000\000(\000\000\000\000\000\000\000\317\030_\000\000\000\000\000\070\\M\000\000\000\000\000\001\000\000\000\374\177\000\000pW\234\000\000\000\000\000\000\000\000"
pidfd = 




From: Olivier Doucet 
Sent: Tuesday, August 2, 2016 1:36:20 AM
To: James Hartshorn
Cc: haproxy@formilux.org
Subject: Re: Haproxy 1.6.7 segmentation fault under load

Hello James,


2016-08-02 4:35

Re: Haproxy 1.6.7 segmentation fault under load

2016-08-02 Thread Olivier Doucet 
Hello James,


2016-08-02 4:35 GMT+02:00 James Hartshorn :

> Hi, We’re running into segmentation faults on a new haproxy system we’re
> developing.  We’ve been building haproxy 1.6.7 on ubuntu 14.04.5 with
> openssl,pcre, and zlib.  The problem doesn’t manifest when running a single
> process.  Load testing is approximately 1gbps of ssl traffic from four test
> servers on the internet, there are two backend servers handling it.  It
> seems that only processes assigned to handle the traffic die and only under
> load.  We have tried with Pthreads and Mutex off, but the problem remained.
>  In the config listed below I have omitted some other front/backends for
> brevity, they are unused at present and are very simple (no ssl, no process
> assignments).
>


>
> Segmentation fault is as:
>
> [592869.807299] haproxy[31045]: segfault at 7f02cfca88e8 ip
> 7f02cf971eee sp 7ffe1380d4a8 error 4 in libc-2.19.so
> [7f02cf8da000+1ba000]
>

Can you get the coredump when it happens ? You can get it like this :
ulimit -c unlimited
echo '/tmp/coredump-%e.%p' > /proc/sys/kernel/core_pattern
haproxy -f /your/config/file.cfg

Then wait for crash to happen.

Then, see coredump file in /tmp ; you can get the backtrace details like
this :
gdb /usr/bin/haproxy /tmp/coredump***
> bt
> bt full

This will give extra informations that will be very useful.


Olivier



>
> Kernel is:  "Linux hap01 3.13.0-92-generic #139-Ubuntu SMP Tue Jun 28
> 20:42:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux”, Cpu is a single E5-2650
> v3, nic is an Intel X710 with i40e driver version 1.5.16
>
> We are running nbproc, relevant config sections:
>
> **
> global
>   daemon
>   ssl-server-verify none
>   log /dev/log local0 info
> #  log /dev/log local1 debug
> #  user haproxy
> #  group haproxy
>
> spread-checks 50
> #maxpipes 64000
> tune.idletimer 0
> #tune.maxpollevents 1
> #tune.comp.maxlevel 9
> #tune.zlib.memlevel 9
> stats socket /run/haproxy/stats1 uid 0 gid 0 mode 0777 level user
> process 1
> stats socket /run/haproxy/stats2 uid 0 gid 0 mode 0777 level user
> process 2
> stats socket /run/haproxy/stats3 uid 0 gid 0 mode 0777 level user
> process 3
> stats socket /run/haproxy/stats4 uid 0 gid 0 mode 0777 level user
> process 4
> stats socket /run/haproxy/stats5 uid 0 gid 0 mode 0777 level user
> process 5
> stats socket /run/haproxy/stats6 uid 0 gid 0 mode 0777 level user
> process 6
> stats socket /run/haproxy/stats7 uid 0 gid 0 mode 0777 level user
> process 7
> stats socket /run/haproxy/stats8 uid 0 gid 0 mode 0777 level user
> process 8
> #stats socket /run/haproxy/stats9 uid 0 gid 0 mode 0777 level user
> process 9
>
> stats bind-process all
>
>   nbproc 8
>   cpu-map 1 1
>   cpu-map 2 2
>   cpu-map 3 3
>   cpu-map 4 4
>   cpu-map 5 5
>   cpu-map 6 6
>   cpu-map 7 7
>   cpu-map 8 8
>   #cpu-map 9 9
>
> maxconn 10
>
> defaults
>   log global
>   timeout server 5s
>   timeout connect 5s
>   timeout client 5s
>   option accept-invalid-http-request
> #  option http-ignore-probes
> #  option dontlognull
> modehttp
> option  dontlognull
> option splice-request
> option splice-response
> default-server inter 100s
> timeout connect 5000
> timeout client  5
> timeout server  5
> compression algo gzip
>
> frontend app-http
>   bind public.ip:80 interface p2p1 process 1-3
>   bind public.ip:443 ssl crt /haproxy/ssl/_wildcard_.pem interface p2p1
> process 4-7
>   option httplog
>   log global
>   mode http
>acl white_list src someiprange/24 someip
>tcp-request content accept if white_list
>tcp-request content reject
>
>   default_backend app-http-backend
>
> backend app-http-backend
>   bind-process 8
>   mode http
>   option httplog
>   log global
>   option httpchk
>   balance static-rr
>
>   server server1-8080 internal.ip:8082 check port 8082
>   server server2-8080 internal.ip:8082 check port 8082
>
> listen stats
> bind internal.ip:1901 process 1
> bind internal.ip:1902 process 2
> bind internal.ip:1903 process 3
> bind internal.ip:1904 process 4
> bind internal.ip:1905 process 5
> bind internal.ip:1906 process 6
> bind internal.ip:1907 process 7
> bind internal.ip:1908 process 8
> modehttp
> stats   enable
> stats   uri /
> stats show-node
> stats show-legends
> *
>
> Compile Line:
>
> make TARGET=linux2628 USE_OPENSSL=1 SSL_INC=$STATICLIBSSL/include
> SSL_LIB=$STATICLIBSSL/lib ADDLIB=-ldl USE_ZLIB=1
> ZLIB_INC=/opt/zlib-$ZLIB_VERSION/ ZLIB_LIB=/opt/zlib-$ZLIB_VERSION/
> USE_STATIC_PCRE=1 PCRE_LIB=$PCRESTUFFS/lib/ PCRE_INC=$PCRESTUFFS/include/
>
> Output of haproxy -vv
>
> **
> /opt/haproxy-1.6.7#