Re: ssl-skip-self-issued-ca option does not work
Hi,
I've applied this patch in 2.2.x repository.
It works well in any case.
Thank you!!
Seri
-Original Message-
From: "William Lallemand"
To: "Sehoon Kim";
Cc: ; ;
Sent: 2020-08-11 (화) 00:17:20 (GMT+09:00)
Subject: Re: ssl-skip-self-issued-ca option does not work
On Thu, Jul 30, 2020 at 12:03:52PM +0200, William Lallemand wrote:
> On Fri, Jul 17, 2020 at 04:47:10PM +0900, Sehoon Kim wrote:
> > Hi,
> >
> > ssl-skip-self-issued-ca option does not work.
> > commit "83cb2cb7" seems to remove this option.
> >
> >
> > Best regards,
> > Seri
>
>
> I suppose you were talking about commit f187ce6.
>
> There is indeed a problem there, because a previous patch was breaking
> the compatibility with the bundles...
>
> I'm not sure how to fix this since we can't skip the the Root CA with
> SSL_CTX_set1_chain. Maybe we could move it from the chain and move it to
> the issuer.
>
>
Hello,
The problem was fixed with the commit bf298af ("BUG/MEDIUM: ssl: fix the
ssl-skip-self-issued-ca option"). Could you check that it works for your
use-case ?
Thanks.
--
William Lallemand
Re: haproxy 1.6.0 crashes
Christopher Faulet <cfaulet@...> writes: > I confirm the bug. Here is a very quick patch. Could you confirm that it > works for you ? > Hi, I can confirm this patch fixes the crash!! cf. because of my mail service, I've changed my e-mail Thanks a lot. Seri
haproxy 1.6.0 crashes
Hi, all HAProxy 1.6.0 crashes in multiple certificates environment as belows, bind :443 ssl crt test.com.pem crt test2.com.pem ecdhe prime256v1 but, in single certificate environment, haproxy doesn't crash. bind :443 ssl crt test.com.pem ecdhe prime256v1 after applying commit d2cab92, haproxy seems to crash. Thanks in advance. Seri
RE: haproxy segmentation fault
Hi Lukas, I don't think you can do that, please remove any comments, newlines and unnecessary spaces from those files. I remove comments, newlines and unnecessary spaces. But, haproxy crashes frequently when checking configuration and starting haproxy. This configuration works well in 1.5.4 release version and b53934e. but, in 5436afc commit, haproxy crashes frequently. Any comments? Regards, Seri
RE: haproxy segmentation fault
Hi Lucas, Can you post haproxy -vv output? Does haproxy crashes right away when starting, when the first request comes in or sporadically? Can you reliably reproduce it and can you help us do the same? Can you show some example content of ip_blacklist.acl and host_to_backend.map? haproxy crashes when checking configuration. -- # ./haproxy -c -f ./h.conf -p /var/run/haproxy.pid Segmentation fault # haproxy -vv HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy Tarreau w...@1wt.eu Build options : TARGET = linux2628 CPU = native CC = gcc CFLAGS = -O2 -march=native -g -fno-strict-aliasing OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1i 6 Aug 2014 Running on OpenSSL version : OpenSSL 1.0.1i 6 Aug 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.35 2014-04-04 PCRE library supports JIT : yes Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. # cat ip_blacklist.acl ip_blacklist.acl # IP ACL Definition # cat host_to_backend.map Host to Backend mapping list # Edge Domain t11.test.comgcache_edge t12.test.comgcache_edge # PUSH Domain t21.test.comgcache_push t22.test.comgcache_push -- Regards, Seri
RE: haproxy segmentation fault
Hi, Lucas # ./haproxy -c -f ./h.conf -p /var/run/haproxy.pid Segmentation fault and haproxy crashes when starting # ./haproxy -f ./h.conf -p /var/run/haproxy.pid Segmentation fault Regards, Seri
haproxy segmentation fault
Hi, all In recent haproxy 1.5 git repository, segmentation fault was occurred. As below, # gdb haproxy core.11536 GNU gdb (GDB) Red Hat Enterprise Linux (7.2-64.el6_5.2) snip (gdb) bt #0 propagate_processes (from=0x36eb9906a8, to=0x144) at src/cfgparse.c:5958 #1 0x00413c56 in propagate_processes (from=0x36eb9906a8, to=value optimized out) at src/cfgparse.c:5976 #2 0x00413c56 in propagate_processes (from=0x36eb990688, to=value optimized out) at src/cfgparse.c:5976 #3 0x00413c56 in propagate_processes (from=0x36eb990668, to=value optimized out) at src/cfgparse.c:5976 #4 0x00413c56 in propagate_processes (from=0x36eb990648, to=value optimized out) at src/cfgparse.c:5976 #5 0x00413c56 in propagate_processes (from=0x36eb990628, to=value optimized out) at src/cfgparse.c:5976 #6 0x00413c56 in propagate_processes (from=0x36eb990608, to=value optimized out) at src/cfgparse.c:5976 #7 0x00413c56 in propagate_processes (from=0x36eb9905e8, to=value optimized out) at src/cfgparse.c:5976 #8 0x00413c56 in propagate_processes (from=0x36eb9905c8, to=value optimized out) at src/cfgparse.c:5976 #9 0x00413c56 in propagate_processes (from=0x36eb9905a8, to=value optimized out) at src/cfgparse.c:5976 #10 0x00413c56 in propagate_processes (from=0x36eb990588, to=value optimized out) at src/cfgparse.c:5976 #11 0x00413c56 in propagate_processes (from=0x36eb990568, to=value optimized out) at src/cfgparse.c:5976 #12 0x00413c56 in propagate_processes (from=0x36eb990548, to=value optimized out) at src/cfgparse.c:5976 #13 0x00413c56 in propagate_processes (from=0x36eb990528, to=value optimized out) at src/cfgparse.c:5976 #14 0x00413c56 in propagate_processes (from=0x36eb990508, to=value optimized out) at src/cfgparse.c:5976 #15 0x00413c56 in propagate_processes (from=0x36eb9904e8, to=value optimized out) at src/cfgparse.c:5976 #16 0x00413c56 in propagate_processes (from=0x36eb9904c8, to=value optimized out) at src/cfgparse.c:5976 #17 0x00413c56 in propagate_processes (from=0x36eb9904a8, to=value optimized out) at src/cfgparse.c:5976 #18 0x00413c56 in propagate_processes (from=0x36eb990488, to=value optimized out) at src/cfgparse.c:5976 #19 0x00413c56 in propagate_processes (from=0x36eb990468, to=value optimized out) at src/cfgparse.c:5976 #20 0x00413c56 in propagate_processes (from=0x36eb990448, to=value optimized out) at src/cfgparse.c:5976 #21 0x00413c56 in propagate_processes (from=0x36eb990428, to=value optimized out) at src/cfgparse.c:5976 #22 0x00413c56 in propagate_processes (from=0x36eb990408, to=value optimized out) at src/cfgparse.c:5976 #23 0x00413c56 in propagate_processes (from=0x36eb9903e8, to=value optimized out) at src/cfgparse.c:5976 #24 0x00413c56 in propagate_processes (from=0x36eb9903c8, to=value optimized out) at src/cfgparse.c:5976 #25 0x00413c56 in propagate_processes (from=0x36eb9903a8, to=value optimized out) at src/cfgparse.c:5976 #26 0x00413c56 in propagate_processes (from=0x36eb990388, to=value optimized out) at src/cfgparse.c:5976 #27 0x00413c56 in propagate_processes (from=0x36eb990368, to=value optimized out) at src/cfgparse.c:5976 #28 0x00413c56 in propagate_processes (from=0x36eb990348, to=value optimized out) at src/cfgparse.c:5976 #29 0x00413c56 in propagate_processes (from=0x36eb990328, to=value optimized out) at src/cfgparse.c:5976 #30 0x00413c56 in propagate_processes (from=0x36eb990308, to=value optimized out) at src/cfgparse.c:5976 #31 0x00413c56 in propagate_processes (from=0x36eb9902e8, to=value optimized out) at src/cfgparse.c:5976 #32 0x00413c56 in propagate_processes (from=0x36eb9902c8, to=value optimized out) at src/cfgparse.c:5976 #33 0x00413c56 in propagate_processes (from=0x36eb9902a8, to=value optimized out) at src/cfgparse.c:5976 #34 0x00413c56 in propagate_processes (from=0x36eb990288, to=value optimized out) at src/cfgparse.c:5976 #35 0x00413c56 in propagate_processes (from=0x36eb990268, to=value optimized out) at src/cfgparse.c:5976 #36 0x00413c56 in propagate_processes (from=0x36eb990248, to=value optimized out) at src/cfgparse.c:5976 #37 0x00413c56 in propagate_processes (from=0x36eb990228, to=value optimized out) at src/cfgparse.c:5976 #38 0x00413c56 in propagate_processes (from=0x36eb990208, to=value optimized out) at src/cfgparse.c:5976 #39 0x00413c56 in propagate_processes (from=0x36eb9901e8, to=value optimized out) at src/cfgparse.c:5976 #40 0x00413c56 in propagate_processes (from=0x36eb9901c8, to=value optimized out) at src/cfgparse.c:5976 #41 0x00413c56 in propagate_processes (from=0x36eb9901a8, to=value optimized out) at src/cfgparse.c:5976 #42 0x00413c56 in propagate_processes
Re: in uri balance, http-keep-alive broken
Hi, This issue is reproduced in this environment( frontend(http-keep-alive), backend(http-server-close) ). In this environment(frontend(http-server-close), backend(http-server-close)), this works well. Regards, Seri -Original Message- From: Willy Tarreauw...@1wt.eu To: Cyril Bontécyril.bo...@free.fr; Cc: Seriseri0...@naver.com; Lukas Tribusluky...@hotmail.com; HAProxyhaproxy@formilux.org; Sent: 2014-04-30 (수) 18:10:04 Subject: Re: in uri balance, http-keep-alive broken Hi again, On Wed, Apr 30, 2014 at 07:59:11AM +0200, Willy Tarreau wrote: OK, this time I think I could understand your issue and reproduce it. The minimal setup I've used : defaults mode http listen test :80 balance url_param q hash-type consistent server s demo.1wt.eu:80 This was introduced between 1.5-dev22 and 1.5-dev23 with this commit : BUG/MEDIUM: http: don't start to forward request data before the connect http://haproxy.1wt.eu/git?p=haproxy.git;a=commit;h=80a92c02f478dc1b836e0c97c891875437fc54da Moreover, during my tests haproxy took 100% cpu after the second request was sent to the persistent connection. Ah that's very interesting. I remember another report of 100% CPU one or two weeks ago that I don't think we could diagnose. It's late now so I can't analyze it more precisely tonight but I think it can be easily fixed now. Yes, I'm taking care of this now. Thanks for the bisect! Unfortunately, I found no way to reproduce the issue, either with master nor with Seri's version (a631fc8). Cyril, could you please add a printf() inside the if MSGF_WAIT_CONN in http_request_forward_body() : printf(ra=%d req=%s res=%s reqf=%08x repf=%08x, reqb=%08x resb=%08x\n, !!(s-rep-flags CF_READ_ATTACHED), http_msg_state_str(txn-req.msg_state), http_msg_state_str(txn-rsp.msg_state), txn-req.flags, txn-rsp.flags, s-req-flags, s-rep-flags); I suspect that some error condition is not properly handled when going to the missing_data block, but I can't imagine which one. Initially I thought it would be something like the READ_ATTACHED flag not being set on reused connections, but it is properly set, so I remain a bit confused. Willy
Re: in uri balance, http-keep-alive broken
Hi Willy, Cyril It works very well. Thanks for your helps. Regards, Seri -Original Message- From: Willy Tarreauw...@1wt.eu To: Seriseri0...@naver.com; Cc: Cyril Bontécyril.bo...@free.fr; Lukas Tribusluky...@hotmail.com; HAProxyhaproxy@formilux.org; Sent: 2014-05-01 (목) 03:12:42 Subject: Re: in uri balance, http-keep-alive broken On Wed, Apr 30, 2014 at 12:02:29PM +0200, Willy Tarreau wrote: On Wed, Apr 30, 2014 at 11:49:20AM +0200, Willy Tarreau wrote: On Wed, Apr 30, 2014 at 06:21:40PM +0900, Seri wrote: Hi, This issue is reproduced in this environment( frontend(http-keep-alive), backend(http-server-close) ). In this environment(frontend(http-server-close), backend(http-server-close)), this works well. Even then, still no luck for me :-( Could you take the network capture that Lukas requested ? OK with Cyril's off-list help, I now can also reproduce it, so don't waste your time with the traces. It seems extremely timing-dependant! And now here comes the fix : http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=644c101e2ddf9 It was really nasty, and used to work by chance (timing-dependant) even if the chance was always on my side during all the tests. I did something stupid, make a request analyser's progress possibly depend on the response analyser. It's fixed now. I'll push other updates, we don't need anymore to hold on the request parsing if the LB algorithm only needs the headers, so in most cases we won't have to do that except for POST requests. Also, I found that we don't use the check_post parameter anymore, we always check the body when the url_param is not found in the URL and the request is a POST. Another thing that can probably be removed to simplify configurations... Please test the fix. Emeric has some minor updates pending for the server-side SSL, and I'm about to fix the bind-process issue for listeners (at least I hope so) so I intend to issue dev25 and the only missing thing for -final will be the changes on the agent-check (part of which was already started long ago). Willy
in uri balance, http-keep-alive broken
Hi, I've tested recent 1.5-dev24(a631fc8) git code. In frontend, option http-keep-alive In backend, balance uri or balance url_param option http-server-close In above configuration, server response is delayed or fail. Apr 29 17:01:31 localhost haproxy[1901]: x.x.x.x:7352 [29/Apr/2014:17:01:01.163] http-in bk_tv/test1 12/0/0/112/30126 200 9773 - - sD-- 1/1/0/0/0 0/0 In frontend, If I changed http-keep-alive into http-server-close, all works fine. In backend, If I changed balance uri or balance url_param into balance roundrobin, all works fine. This is a bug? Regards, Seri
RE: in uri balance, http-keep-alive broken
Hi Lukas, I've tested in test environment, 1 client, 1 haproxy, 1 backend server. Surely, no network, backend server issues. In uri balance method, no issues happened. In uri_param balance method, issues are reproduced. My test configuration as belows, frontend http-in bind :80 acl rr hdr(host) -i test1.a.com acl uri hdr(host) -i test2.a.com use_backend bk_uri if uri default_backend rr backend bk_rr id 101 balance roundrobin option http-keep-alive option prefer-last-server server test01 1.1.1.1:80 maxconn 2000 backend bk_param balance url_param q hash-type consistent option http-server-close server test01 1.1.1.1:80 maxconn 2000 # ab -n 10 -k http://test2.a.com/test.jpg?q=111 with ab tool, this is reproduced easily. What I want to do, in roundrobin environment, is to support client/server-side keep-alive, in uri, url-param etc environment, is to support client-side only keep-alive. Regards, Seri -Original Message- From: Lukas Tribusluky...@hotmail.com To: Seriseri0...@naver.com; HAProxyhaproxy@formilux.org; Cc: Sent: 2014-04-30 (수) 05:02:38 Subject: RE: in uri balance, http-keep-alive broken Hi Seri, Hi, I've tested recent 1.5-dev24(a631fc8) git code. In frontend, option http-keep-alive In backend, balance uri or balance url_param option http-server-close In above configuration, server response is delayed or fail. In a quick and unscientific test I was unable to reproduce this. Apr 29 17:01:31 localhost haproxy[1901]: x.x.x.x:7352 \ [29/Apr/2014:17:01:01.163] http-in bk_tv/test1 \ 12/0/0/112/30126 200 9773 - - sD-- 1/1/0/0/0 0/0 Can you capture example frontend and backend traffic and provide the file? In frontend, If I changed http-keep-alive into http-server-close, all works fine. http-server-close overrides http-keep-alive [1], so what you are describing is strange. Please share the full configuration when you can reproduce the issue. In backend, If I changed balance uri or balance url_param into balance roundrobin, all works fine. Are you sure all your backends work correctly, because based on your description this could also be a isolated issue on a single backend server (and by changing load balancing algorithms and http-close you throw enough entropy at the problem to disguise the result). Please double check for network and backend issues. url/url_param based load balancing doesn't really make sense with the current keep-alive implementation. We don't do any connection pooling/multiplexing, so you may as well use http-server-close if balancing via url/uri is a requirement. Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20http-keep-alive
RE: in uri balance, http-keep-alive broken
Hi Lukas, Sorry for my mis typing!! frontend http-in bind :80 acl rr hdr(host) -i test1.a.com acl param hdr(host) -i test2.a.com use_backend bk_param if param default_backend rr backend bk_rr id 101 balance roundrobin option http-keep-alive option prefer-last-server server test01 1.1.1.1:80 maxconn 2000 backend bk_param balance url_param q hash-type consistent option http-server-close server test01 1.1.1.1:80 maxconn 2000 -Original Message- From: Seriseri0...@naver.com To: Lukas Tribusluky...@hotmail.com; HAProxyhaproxy@formilux.org; Cc: Sent: 2014-04-30 (수) 06:41:22 Subject: RE: in uri balance, http-keep-alive broken Hi Lukas, I've tested in test environment, 1 client, 1 haproxy, 1 backend server. Surely, no network, backend server issues. In uri balance method, no issues happened. In uri_param balance method, issues are reproduced. My test configuration as belows, frontend http-in bind :80 acl rr hdr(host) -i test1.a.com acl uri hdr(host) -i test2.a.com use_backend bk_uri if uri default_backend rr backend bk_rr id 101 balance roundrobin option http-keep-alive option prefer-last-server server test01 1.1.1.1:80 maxconn 2000 backend bk_param balance url_param q hash-type consistent option http-server-close server test01 1.1.1.1:80 maxconn 2000 # ab -n 10 -k http://test2.a.com/test.jpg?q=111 with ab tool, this is reproduced easily. What I want to do, in roundrobin environment, is to support client/server-side keep-alive, in uri, url-param etc environment, is to support client-side only keep-alive. Regards, Seri -Original Message- From: Lukas Tribusluky-37@hotmail.com To: Seriseri0528@naver.com; HAProxyhaproxy@formilux.org; Cc: Sent: 2014-04-30 (수) 05:02:38 Subject: RE: in uri balance, http-keep-alive broken Hi Seri, Hi, I've tested recent 1.5-dev24(a631fc8) git code. In frontend, option http-keep-alive In backend, balance uri or balance url_param option http-server-close In above configuration, server response is delayed or fail. In a quick and unscientific test I was unable to reproduce this. Apr 29 17:01:31 localhost haproxy[1901]: x.x.x.x:7352 \ [29/Apr/2014:17:01:01.163] http-in bk_tv/test1 \ 12/0/0/112/30126 200 9773 - - sD-- 1/1/0/0/0 0/0 Can you capture example frontend and backend traffic and provide the file? In frontend, If I changed http-keep-alive into http-server-close, all works fine. http-server-close overrides http-keep-alive [1], so what you are describing is strange. Please share the full configuration when you can reproduce the issue. In backend, If I changed balance uri or balance url_param into balance roundrobin, all works fine. Are you sure all your backends work correctly, because based on your description this could also be a isolated issue on a single backend server (and by changing load balancing algorithms and http-close you throw enough entropy at the problem to disguise the result). Please double check for network and backend issues. url/url_param based load balancing doesn't really make sense with the current keep-alive implementation. We don't do any connection pooling/multiplexing, so you may as well use http-server-close if balancing via url/uri is a requirement. Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#option%20http-keep-alive
RE: map_dom, map_sub issue
Hi, Sorry for my poor english. I've used recent 1.5-dev24(a631fc8) git code. and I didn't use default-backend. # echo show map #-1 | socat stdio /var/run/haproxy.stat 0x266f4d0 www.a.com www.a.com 0x266f540 m.www.a.com m.www.a.com # echo get map #-1 www.a.com | socat stdio /var/run/haproxy.stat type=dom, found=yes, idx=list, case=sensitive, key=www.a.com, value=www.a.com, type=str # echo get map #-1 m.www.a.com | socat stdio /var/run/haproxy.stat type=dom, found=yes, idx=list, case=sensitive, key=www.a.com, value=www.a.com, type=str m.www.a.com key matches www.a.com not m.www.a.com. Thanks, Seri -Original Message- From: Lukas Tribusluky...@hotmail.com To: Seriseri0...@naver.com; HAProxyhaproxy@formilux.org; Cc: Sent: 2014-04-28 (월) 19:43:13 Subject: RE: map_dom, map_sub issue Hi, Hi, I have a map configuration as below ** haproxy configuratioin file frontend http-in ... use_backend %[req.fhdr(host),lower,map_dom(/etc/haproxy/host_to_backend.map)] ... backend www.a.com server www1 1.1.1.1:80 backend m.www.a.com server m.www1 2.2.2.2:80 ** /etc/haproxy/host_to_backend.map file www.a.com www.a.coom m.www.a.com m.www.a.com If I request Host: www.a.com, www.a.com backend is chosen. If I request Host: m.www.a.com, www.a.com backend not m.www.a.com backend is chosen. Is this right behaviour? Have I missed something? Please use recent code (1.5-dev24) to make sure that this is supported. Does default-backend point to www.a.com? What backend does a unrelated host header hit (example.com)? Regards, Lukas
Re: map_dom, map_sub issue
Hi, Thanks for your detailed explanation!! I have misunderstanding of sub, dom, etc until now. Regards Seri -Original Message- From: Thierry FOURNIERtfourn...@exceliance.fr To: Seriseri0...@naver.com; Cc: Lukas Tribusluky...@hotmail.com; HAProxyhaproxy@formilux.org; Sent: 2014-04-28 (월) 21:25:17 Subject: Re: map_dom, map_sub issue Hello, This is not a bug. The dom matching return true when the first domain entry match. The order of declaration is important. In your case, you must order your file from the longer domain name to the shortest. But, warning: if you enter the domain a in your file, www.a.com will match. Maybe, in your case, you should use a end match type. If you want exact match of the domain name, you can use str type. Thierry On Mon, 28 Apr 2014 20:13:12 +0900 (KST) Seri seri0528@naver.com wrote: Hi, Sorry for my poor english. I've used recent 1.5-dev24(a631fc8) git code. and I didn't use default-backend. # echo show map #-1 socat stdio /var/run/haproxy.stat 0x266f4d0 www.a.com www.a.com 0x266f540 m.www.a.com m.www.a.com # echo get map #-1 www.a.com socat stdio /var/run/haproxy.stat type=dom, found=yes, idx=list, case=sensitive, key=www.a.com, value=www.a.com, type=str # echo get map #-1 m.www.a.com socat stdio /var/run/haproxy.stat type=dom, found=yes, idx=list, case=sensitive, key=www.a.com, value=www.a.com, type=str m.www.a.com key matches www.a.com not m.www.a.com. Thanks, Seri -Original Message- From: Lukas Tribusluky-37@hotmail.com To: Seriseri0528@naver.com; HAProxyhaproxy@formilux.org; Cc: Sent: 2014-04-28 (월) 19:43:13 Subject: RE: map_dom, map_sub issue Hi, Hi, I have a map configuration as below ** haproxy configuratioin file frontend http-in ... use_backend %[req.fhdr(host),lower,map_dom(/etc/haproxy/host_to_backend.map)] ... backend www.a.com server www1 1.1.1.1:80 backend m.www.a.com server m.www1 2.2.2.2:80 ** /etc/haproxy/host_to_backend.map file www.a.com www.a.coom m.www.a.com m.www.a.com If I request Host: www.a.com, www.a.com backend is chosen. If I request Host: m.www.a.com, www.a.com backend not m.www.a.com backend is chosen. Is this right behaviour? Have I missed something? Please use recent code (1.5-dev24) to make sure that this is supported. Does default-backend point to www.a.com? What backend does a unrelated host header hit (example.com)? Regards, Lukas
map_dom, map_sub issue
Hi, I have a map configuration as below ** haproxy configuratioin file frontend http-in ... use_backend %[req.fhdr(host),lower,map_dom(/etc/haproxy/host_to_backend.map)] ... backend www.a.com server www1 1.1.1.1:80 backend m.www.a.com server m.www1 2.2.2.2:80 ** /etc/haproxy/host_to_backend.map file www.a.com www.a.coom m.www.a.com m.www.a.com If I request Host: www.a.com, www.a.com backend is chosen. If I request Host: m.www.a.com, ww.a.com backend not m.www.a.com backend is chosen. Is this right behaviour? Have I missed something? Thanks, Seri
Compile Error in abf08d (2004/01/15)
Hi! In today repository abf08d, compile error/warning occurred as below. My OS Environment : CentOS 6.4 x86_64 In file included from src/listener.c:18: include/common/accept4.h:61: error: static declaration of 'accept4' follows non-static declaration /usr/include/sys/socket.h:222: note: previous declaration of 'accept4' was here make: *** [src/listener.o] Error 1 src/ssl_sock.c: In function 'ssl_sock_to_buf': src/ssl_sock.c:1356: warning: 'try' may be used uninitialized in this function
according to the ciphersuite, ECC-based and RSA-based Certificate use
Hi, According to the ciphersuites, I hope to use ECC-based certificate and RSA-based certificate. This is possible? Thanks, seri
Re: haproxy 1.5-dev18 + patch corruption happened!!
Hi, Willy
diff --git a/include/common/regex.h b/include/common/regex.h
index bab1a55..0104019 100644
--- a/include/common/regex.h
+++ b/include/common/regex.h
@@ -79,7 +79,6 @@ static inline void regex_free(regex *preg) {
#ifdef USE_PCRE_JIT
pcre_free_study(preg-extra);
pcre_free(preg-reg);
-free(preg);
#else
regfree(preg);
#endif
I've tested after applying this patch.
It works very well without corrupting.
Thanks,
Seri
