Re: [PATCH] MINOR: support for http-request set-timeout client
Le 27/09/2023 à 16:43, Vladimir Vdovin a écrit : Added set-timeout for frontend side of session, so it can be used to set custom per-client timeouts if needed. Added cur_client_timeout to fetch client timeout samples. Thanks Vladimir! The patch is merged now. -- Christopher Faulet
Re: haproxy.org bug pages broken (missing html headers and footer?)
Hi Lukas, On Wed, Sep 27, 2023 at 09:49:53PM +, Lukas Tribus wrote: > Hello, > > looks like the bug pages are broken; they contain the table of bugs > but there is really no formatting happening and it appears the entire > HTML header and footer is missing: > > Example: > http://www.haproxy.org/bugs/bugs-2.4.html > http://www.haproxy.org/bugs/bugs-2.6.2.html Argh, thanks for notifying us! Haproxy dev5 crashed leaving a huge core that filled the FS (I hope it's complete, not checked yet), and the cron job that rebuilds the bugs page miserably failed as you can see :-/ That's now fixed, thank you! Willy
Session means differently between frontend and backends?
i HAProxy community, As a new user of HAproxy, I'm puzzled by the definition of "sessions" in HAproxy. I can't seem to find it anywhere in docs. Test setup:- - HAproxy instance with one frontend, one backend and a stats frontend. - Backend connects to a custom Go program that supports persistent connections. - Load-testing program "hey" doing "1 req per sec" over "1 tcp connection". Full configs are available here: https://gist.github.com/shadyabhi/fc511449600092364b08e58e2b07079f After 10s of starting the experiment, this is what I see on stats page:- - On "http frontend", the stats page shows "0 session rate", which makes sense because "hey" is reusing TCP connections for multiple HTTP requests. - On "default_backend backend", it appears that the session is incremented on each HTTP transaction. Wait, does a session on frontend doesn't mean the same session at backend? - Session reuse seems to be 90%, so it's unlikely that the backend is creating a new TCP connection (aka session??) to serve every request initiated by "hey". I see sessions being used here (https://www.haproxy.com/documentation/hapee/latest/configuration/variables/syntax/#scoping), and it seems to suggest that session signifies a "tcp session". That holds true for frontend, but not for backend as per the above experiment. So, what really is a session? Stats page link: https://gist.github.com/shadyabhi/fc511449600092364b08e58e2b07079f -- Cheers, Abhijeet (https://abhi.host)
OCSP update restarts all proxies
The haproxy -vv output is at the end of this message. I got the built-in OCSP udpating mechanism working. Works beautifully. Today I discovered that once an hour when the OCSP gets updated, haproxy stops all its proxies and starts them back up. syslog: Sep 27 15:00:01 - haproxy[3520801] Proxy web80 stopped (cumulated conns: FE: 42, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy web stopped (cumulated conns: FE: 1403, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy be_deny stopped (cumulated conns: FE: 0, BE: 122). Sep 27 15:00:01 - haproxy[3520801] Proxy be_raspi1_81 stopped (cumulated conns: FE: 0, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy be_raspi2_81 stopped (cumulated conns: FE: 0, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy be_raspi3_81 stopped (cumulated conns: FE: 0, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy be_smeagol_81 stopped (cumulated conns: FE: 0, BE: 700). Sep 27 15:00:01 - haproxy[3520801] Proxy be_plex_32400_tls stopped (cumulated conns: FE: 0, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy be_gitlab_8881 stopped (cumulated conns: FE: 0, BE: 235). Sep 27 15:00:01 - haproxy[3520801] Proxy be_gitlab2_8881 stopped (cumulated conns: FE: 0, BE: 180). Sep 27 15:00:01 - haproxy[3520801] Proxy be_artifactory_8082 stopped (cumulated conns: FE: 0, BE: 0). Sep 27 15:00:01 - haproxy[3520801] Proxy be_zabbix_81 stopped (cumulated conns: FE: 0, BE: 969). Sep 27 15:00:01 - haproxy[3545799] -:- [27/Sep/2023:15:00:01.668] /etc/ssl/certs/local/REDACTED_org.wildcards.combined .pem 1 "Update successful" 0 1 Sep 27 15:00:01 - haproxy[3545799] -:- [27/Sep/2023:15:00:01.795] /etc/ssl/certs/local/REDACTED2.com.wildcards.combined.p em 1 "Update successful" 0 1 Sep 27 15:00:01 - haproxy[3520801] -:- [27/Sep/2023:15:00:01.944] /etc/ssl/certs/local/REDACTED_org.wildcards.combined .pem 1 "Update successful" 0 2 Sep 27 15:00:02 - haproxy[3520801] -:- [27/Sep/2023:15:00:01.998] /etc/ssl/certs/local/REDACTED2.com.wildcards.combined.p em 1 "Update successful" 0 2 The really irritating effect is that once an hour, my Zabbix server records an event saying haproxy has been restarted: https://imgur.com/a/WPkKoFa (imgur will claim the image has mature content. it doesn't.) It looks like the only thing that resets back to zero on the stats page is the uptime in the "status" column for each backend. That's good news, but I would hope for none of the data to be reset. I have one big concern, which may be unfounded: I'm worried that the proxies going down will mean that in-flight connections will be terminated. I'm guessing that the work for seamless reloads will ensure that doesn't happen, I just want to be sure. Not knowing a lot about how haproxy is architected, I do not know if there is some reason that the backends have to be cycled. Seems like only frontends that listen with TLS would need that. I would hope it would be possible to even avoid that ... maybe have OCSP data be copied from a certain memory location every time a frontend needs it, and when OCSP gets updated, overwrite the data in that memory location in a thread-safe way. I know a fair amount about thread safety in Java, but nothing about it in C. Final questions for today: 1) Can the OCSP update interval be changed? I don't recall exactly what the validity for a LetsEncrypt OCSP response is, but I know it was at least 24 hours, and I think it might have even been as long as a week. I would like to increase the interval to 8-12 hours if I can. 2) There are two certs being used in my setup, and haproxy logs updates for both of them twice. I would have hoped for that to only happen once. I'm a bit mystified by the fact that it is done twice. I would have expected either one time or four times ... I have one frontend that listens with TLS, with four bind lines all using exactly the same certificate list. (one TCP, and three UDP) - HAProxy version 2.8.3-0499db-3 2023/09/14 - https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2028. Known bugs: http://www.haproxy.org/bugs/bugs-2.8.3.html Running on: Linux 6.1.0-1022-oem #22-Ubuntu SMP PREEMPT_DYNAMIC Wed Sep 6 08:19:34 UTC 2023 x86_64 Build options : TARGET = linux-glibc CPU = native CC = cc CFLAGS = -O2 -march=native -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment OPTIONS = USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_QUIC=1 USE_PCRE2_JIT=1 DEBUG = Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCR
Re: haproxy.org bug pages broken (missing html headers and footer?)
Hello, And https://www.haproxy.org/bugs/index.html is an empty document. There is a link for it on haproxy.org home page (as Known bugs). Le 27/09/2023 à 23:49, Lukas Tribus a écrit : Hello, looks like the bug pages are broken; they contain the table of bugs but there is really no formatting happening and it appears the entire HTML header and footer is missing: Example: http://www.haproxy.org/bugs/bugs-2.4.html http://www.haproxy.org/bugs/bugs-2.6.2.html BR, Lukas -- Best regards, Artur
haproxy.org bug pages broken (missing html headers and footer?)
Hello, looks like the bug pages are broken; they contain the table of bugs but there is really no formatting happening and it appears the entire HTML header and footer is missing: Example: http://www.haproxy.org/bugs/bugs-2.4.html http://www.haproxy.org/bugs/bugs-2.6.2.html BR, Lukas
Global Sources Consumer Electronis Show 2023
Hi there, I am pleased to inform you that Formilux - Global Sources Consumer Electronis Show 2023 Email list is available for the purchase with total 27417 Contacts at unlimited usage. Please let me know if you are interested. So, that I will get back to you with the pricing and other information ASAP. Your prompt reply would be appreciated. Many thanks, Ariana Reed - Demand Generation
[PATCH] MINOR: support for http-request set-timeout client
Added set-timeout for frontend side of session, so it can be used to set custom per-client timeouts if needed. Added cur_client_timeout to fetch client timeout samples. --- doc/configuration.txt | 17 +--- include/haproxy/action-t.h | 1 + include/haproxy/action.h | 6 +-- reg-tests/http-set-timeout/set_timeout.vtc | 46 +- src/action.c | 43 +--- src/http_act.c | 13 +- src/stream.c | 16 7 files changed, 105 insertions(+), 37 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 37f62da33..e98f571f3 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -7010,7 +7010,7 @@ http-request [options...] [ { if | unless } ] - set-query - set-src - set-src-port -- set-timeout { server | tunnel } { | } +- set-timeout { client | server | tunnel } { | } - set-tos - set-uri - set-var([,...]) @@ -7925,10 +7925,10 @@ http-request set-src-port [ { if | unless } ] the address family supports a port, otherwise it forces the source address to IPv4 "0.0.0.0" before rewriting the port. -http-request set-timeout { server | tunnel } { | } +http-request set-timeout { client | server | tunnel } { | } [ { if | unless } ] - This action overrides the specified "server" or "tunnel" timeout for the + This action overrides the specified "client", "server" or "tunnel" timeout for the current stream only. The timeout can be specified in millisecond or with any other unit if the number is suffixed by the unit as explained at the top of this document. It is also possible to write an expression which must returns @@ -7936,8 +7936,8 @@ http-request set-timeout { server | tunnel } { | } Note that the server/tunnel timeouts are only relevant on the backend side and thus this rule is only available for the proxies with backend - capabilities. Also the timeout value must be non-null to obtain the expected - results. + capabilities. As well as client timeout is only relevant for frontend side. + Also the timeout value must be non-null to obtain the expected results. Example: http-request set-timeout tunnel 5s @@ -20098,6 +20098,11 @@ cur_tunnel_timeout : integer In the default case, this will be equal to be_tunnel_timeout unless a "set-timeout" rule has been applied. See also "be_tunnel_timeout". +cur_client_timeout : integer + Returns the currently applied client timeout in millisecond for the stream. + In the default case, this will be equal to fe_client_timeout unless a + "set-timeout" rule has been applied. See also "fe_client_timeout". + dst : ip This is the destination IP address of the connection on the client side, which is the address the client connected to. Any tcp/http rules may alter @@ -20353,7 +20358,7 @@ fe_name : string fe_client_timeout : integer Returns the configuration value in millisecond for the client timeout of the - current frontend. + current frontend. This timeout can be overwritten by a "set-timeout" rule. res.timer.data : integer this is the total transfer time of the response payload till the last byte diff --git a/include/haproxy/action-t.h b/include/haproxy/action-t.h index 7fafd612a..f77bdce5f 100644 --- a/include/haproxy/action-t.h +++ b/include/haproxy/action-t.h @@ -99,6 +99,7 @@ enum act_name { enum act_timeout_name { ACT_TIMEOUT_SERVER, ACT_TIMEOUT_TUNNEL, + ACT_TIMEOUT_CLIENT, }; enum act_normalize_uri { diff --git a/include/haproxy/action.h b/include/haproxy/action.h index 8a35664f4..9511448e5 100644 --- a/include/haproxy/action.h +++ b/include/haproxy/action.h @@ -102,10 +102,8 @@ int check_trk_action(struct act_rule *rule, struct proxy *px, char **err); */ int check_capture(struct act_rule *rule, struct proxy *px, char **err); -int cfg_parse_rule_set_timeout(const char **args, int idx, int *out_timeout, - enum act_timeout_name *name, - struct sample_expr **expr, char **err, - const char *file, int line, struct arg_list *al); +int cfg_parse_rule_set_timeout(const char **args, int idx, struct act_rule *rule, +struct proxy *px, char **err); static inline void release_timeout_action(struct act_rule *rule) { diff --git a/reg-tests/http-set-timeout/set_timeout.vtc b/reg-tests/http-set-timeout/set_timeout.vtc index ebaa6a3b4..6fa0a35f1 100644 --- a/reg-tests/http-set-timeout/set_timeout.vtc +++ b/reg-tests/http-set-timeout/set_timeout.vtc @@ -4,7 +4,7 @@ feature ignore_unknown_macro #REQUIRE_VERSION=2.4 -server srv_h1 -repeat 3 { +server srv_h1 -repeat 5 { rxreq txresp } -start @@ -24,6 +2
Formilux - Global Sources Consumer Electronics Show 2023
Hi there, I am pleased to inform you that Global Sources Consumer Electronics Show 2023 Email list is available for the purchase with total 60,137 Contacts at unlimited usage. Please let me know if you are interested. So, that I will get back to you with the pricing and other information ASAP. Your prompt reply would be appreciated. Many thanks, Annabelle Ross - Demand Generation