Re: FW: HAProxy: Information request

2020-02-27 Thread Sander Klein

Hi,

please be aware you are posting to a public mailinglist. You might want
to check where you sent your emails.

Regards,

Sander Klein



On 2020-02-27 22:14, EMEA Request wrote:

Hi Team,

Apologies for delayed response.

Can you please help with the details provided below and provide a
quote.

Thanks and Regards,

 [3]

 Anandita Sharma | Procurement Specialist –GSDC| SoftwareONE

 anandita.sha...@softwareone.com [4]  | www.softwareone.com [3]
 Phone no : +91 8950320646

 Check out: Why SoftwareONE? [8] | PyraCloud [9] | Customer
Transformation [10]

From: Parsons, Branden 
Sent: Thursday, February 27, 2020 8:14 PM
To: Sharma, Anandita 
Subject: RE: HAProxy: Information request

Hi Anandita

Please see below

On AWS,  but not sure on the number of connections, can they get a
quote without knowing that? We will set up a call once we have an idea
of price?

With kind regards,

Branden Parsons

Internal Sales Executive

SoftwareONE UK Ltd

Direct. +44 203 3729 481

From: Sharma, Anandita 
Sent: 24 February 2020 14:16
To: Parsons, Branden 
Subject: FW: HAProxy: Information request

Hi Branden,

FYI

 [3]

 Anandita Sharma | Procurement Specialist –GSDC| SoftwareONE

 anandita.sha...@softwareone.com [4]  | www.softwareone.com [3]
 Phone no : +91 8950320646

 Check out: Why SoftwareONE? [8] | PyraCloud [9] | Customer
Transformation [10]

From: Anamarija Murgic 
Sent: Friday, January 17, 2020 7:23 PM
To: EMEA Request 
Cc: Sean Meroth 
Subject: Re: HAProxy: Information request

Hi Anandita,

Thanks for letting me know.

Have a great weekend!

Best,
Anamarija

On 17/01/2020 1:34 PM, EMEA Request wrote:


Hi Anamarija ,

Apologies for delay in reply.

Our team is in contact with customer for some clarifications.

Will get back to you after clarifying.

Thanks and Regards,

[3]

Anandita Sharma | Procurement Specialist –GSDC| SoftwareONE

anandita.sha...@softwareone.com [4]  | www.softwareone.com [3]
Phone no : +91 8950320646

Check out: Why SoftwareONE? [5] | PyraCloud [6] | Customer
Transformation [7]

From: Anamarija Murgic 
Sent: Tuesday, January 14, 2020 4:20 PM
To: Sharma, Anandita 
Cc: Sean Meroth 
Subject: Re: HAProxy: Information request

Hello Anandita,

I am following up on my previous email as I haven't heard back from
you. Please let me know when is a good time to talk?

Looking forward to hearing from you soon.

Thanks,
Anamarija

On 07/01/2020 6:08 PM, Anamarija Murgic wrote:


Hi Anandita,

My colleagues forwarded me your email request sent to our Open
source email asking for the product information.

We have both, ALOHA LB, virtual or hardware and we have our
software only HAProxy Enterprise Edition (HAPEE) that you would
install on your their own infrastructure.  HAProxy Enterprise
Edition (HAPEE) comes as an annual subscription per server while
ALOHA appliances prices are based on the application performance
you need to sustain.

It would be very helpful to know:

- Are they using current appliance on Azure or AWS
- The number of new connections (HTTP or HTTPS) per second
- The number of concurrent connections per second.

Also, if possible at all, if you can share with us their current
ADC configuration.

In general, we've found that it's best to get some more context in
a quick conference call that will help us understand the use case
of TheTrainline.com. Then we can make the best recommendation for
you and the project and go over pricing.

Please let me know your availability this week, tomorrow or Friday
afternoon?

Thanks,
Anamarija

--

Anamarija Murgic

Sr. Account Executive

HAProxy Technologies - Powering your uptime!

15 Avenue Raymond Aron | 92160 Antony, France

+385 99 44 11 521 | www.haproxy.com [1] | Unsubscribe [2]


--

Anamarija Murgic

Sr. Account Executive

HAProxy Technologies - Powering your uptime!

15 Avenue Raymond Aron | 92160 Antony, France

+385 99 44 11 521 | www.haproxy.com [1] | Unsubscribe [2]


--

Anamarija Murgic

Sr. Account Executive

HAProxy Technologies - Powering your uptime!

15 Avenue Raymond Aron | 92160 Antony, France

+385 99 44 11 521 | www.haproxy.com [11] | Unsubscribe [12]

Links:
--
[1]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.com_&d=DwMDaQ&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=t_QP427c6yP1s5t47wSRYPnCW5oQW71pV6vHdqbRap8&m=SdHBecwJYxDvk1OEHAJB19YxCUoN___V5z6l1bRc8Dw&s=VjsyrZ9hejKpS-zBGVukDcHhAXXYjJsF8nVP92Ocg6U&e>
 [2]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.com_manage-2Demail-2Dpreferences_&d=DwMDaQ&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=t_QP427c6yP1s5t47wSRYPnCW5oQW71pV6vHdqbRap8&m=SdHBecwJYxDvk1OEHAJB19YxCUoN___V5z6l1bRc8Dw&sgFR5QK4GXUhO2mbkb-MDVmXX-OZjVZlHwRZsF3UOBU&e>
 [3] http://www.softwareone.com/
[4] http://@softwareone.com
[5]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DeGTUj4NtJP0&d=DwMDaQ&c=-5LgSL_TkF3nGR

FW: HAProxy: Information request

2020-02-27 Thread EMEA Request

Hi Team,

Apologies for delayed response.


Can you please help with the details provided below and provide a quote.



Thanks and Regards,
[cid:image002.jpg@01D5ED7C.621F1730]<http://www.softwareone.com/>

 Anandita Sharma | Procurement Specialist –GSDC| SoftwareONE
 anandita.sha...@softwareone.com<http://@softwareone.com>  | 
www.softwareone.com<http://www.softwareone.com/>
 Phone no : +91 8950320646
 Check out: Why SoftwareONE?<https://www.youtube.com/watch?v=eGTUj4NtJP0> | 
PyraCloud<https://www.youtube.com/watch?v=cr1hcu7Hs5Q> | Customer 
Transformation <https://youtu.be/16iCTnSZ5Bg>


From: Parsons, Branden 
Sent: Thursday, February 27, 2020 8:14 PM
To: Sharma, Anandita 
Subject: RE: HAProxy: Information request

Hi Anandita

Please see below

On AWS,  but not sure on the number of connections, can they get a quote 
without knowing that? We will set up a call once we have an idea of price?


With kind regards,

Branden Parsons
Internal Sales Executive
SoftwareONE UK Ltd
Direct. +44 203 3729 481

[cid:image003.png@01D5EDE1.0F69E3C0]


From: Sharma, Anandita 
mailto:anandita.sha...@softwareone.com>>
Sent: 24 February 2020 14:16
To: Parsons, Branden 
mailto:branden.pars...@softwareone.com>>
Subject: FW: HAProxy: Information request

Hi Branden,

FYI

[cid:image002.jpg@01D5ED7C.621F1730]<http://www.softwareone.com/>

 Anandita Sharma | Procurement Specialist –GSDC| SoftwareONE
 anandita.sha...@softwareone.com<http://@softwareone.com>  | 
www.softwareone.com<http://www.softwareone.com/>
 Phone no : +91 8950320646
 Check out: Why SoftwareONE?<https://www.youtube.com/watch?v=eGTUj4NtJP0> | 
PyraCloud<https://www.youtube.com/watch?v=cr1hcu7Hs5Q> | Customer 
Transformation <https://youtu.be/16iCTnSZ5Bg>


From: Anamarija Murgic mailto:amur...@haproxy.com>>
Sent: Friday, January 17, 2020 7:23 PM
To: EMEA Request 
mailto:request.e...@softwareone.com>>
Cc: Sean Meroth mailto:smer...@haproxy.com>>
Subject: Re: HAProxy: Information request


Hi Anandita,

Thanks for letting me know.

Have a great weekend!

Best,
Anamarija
On 17/01/2020 1:34 PM, EMEA Request wrote:
Hi Anamarija ,


Apologies for delay in reply.

Our team is in contact with customer for some clarifications.

Will get back to you after clarifying.


Thanks and Regards,

[cid:image002.jpg@01D5ED7C.621F1730]<http://www.softwareone.com/>

 Anandita Sharma | Procurement Specialist –GSDC| SoftwareONE
 anandita.sha...@softwareone.com<http://@softwareone.com>  | 
www.softwareone.com<http://www.softwareone.com/>
 Phone no : +91 8950320646
 Check out: Why 
SoftwareONE?<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DeGTUj4NtJP0&d=DwMDaQ&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=SfBJQfW0uf0NVY4ThIcrA41fo_36SpqIxi1clzEeEm4&m=xWyRYnbDHfxkJ1P67Cs1weTnSNlfmzS78tzHZsav_sw&s=Vd7RBkNvf9TqXJiab-O6xjHNdcd5QkTnwa3rkWTsecE&e=>
 | 
PyraCloud<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3Dcr1hcu7Hs5Q&d=DwMDaQ&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=SfBJQfW0uf0NVY4ThIcrA41fo_36SpqIxi1clzEeEm4&m=xWyRYnbDHfxkJ1P67Cs1weTnSNlfmzS78tzHZsav_sw&s=4HiBOIUN4Fhklo2hF0T-B49X5Nr_D18fUp-z8ywF3OY&e=>
 | Customer Transformation 
<https://urldefense.proofpoint.com/v2/url?u=https-3A__youtu.be_16iCTnSZ5Bg&d=DwMDaQ&c=-5LgSL_TkF3nGRQI95ci6eeFVMQ5VESHPf5koMIAxOA&r=SfBJQfW0uf0NVY4ThIcrA41fo_36SpqIxi1clzEeEm4&m=xWyRYnbDHfxkJ1P67Cs1weTnSNlfmzS78tzHZsav_sw&s=q-wjavsg4_qOzi6w0tcjeFV1zaTHkK3U5YaPEyp8F6E&e=>


From: Anamarija Murgic <mailto:amur...@haproxy.com>
Sent: Tuesday, January 14, 2020 4:20 PM
To: Sharma, Anandita 
<mailto:anandita.sha...@softwareone.com>
Cc: Sean Meroth <mailto:smer...@haproxy.com>
Subject: Re: HAProxy: Information request


Hello Anandita,

I am following up on my previous email as I haven't heard back from you. Please 
let me know when is a good time to talk?

Looking forward to hearing from you soon.

Thanks,
Anamarija
On 07/01/2020 6:08 PM, Anamarija Murgic wrote:

Hi Anandita,

My colleagues forwarded me your email request sent to our Open source email 
asking for the product information.

We have both, ALOHA LB, virtual or hardware and we have our software only 
HAProxy Enterprise Edition (HAPEE) that you would install on your their own 
infrastructure.  HAProxy Enterprise Edition (HAPEE) comes as an annual 
subscription per server while ALOHA appliances prices are based on the 
application performance you need to sustain.

It would be very helpful to know:

- Are they using current appliance on Azure or AWS
- The number of new connections (HTTP or HTTPS) per second
- The number of concurrent connections per second.

Also, if possible at all, if you can share with us their current ADC 
configuration.

In general, we've found that it's best to 

Re: FW: HAProxy??

2019-07-11 Thread Bruno Henc
Hello Austin, for any sales inquiries regarding HAProxy Enterprise 
Edition please contact sales @ haproxy . com or use


the webform at https://www.haproxy.com/contact-us/ .

The mailing list is for the discussion of HAProxy Community Edition.

I have forward your email to the sales team which will reach out to you 
with further information.


Regards,

On 7/11/19 3:15 PM, Austin Getz wrote:


Hello Team,

Can you please provide two quotes for the below for ETS?




--
Bruno Henc
Support Engineer
HAProxy Technologies - Powering your uptime!
375 Totten Pond Road, Suite 302 | Waltham, MA 02451, US
+1 (844) 222-4340 | www.haproxy.com 


Re: FW: HAProxy??

2019-07-11 Thread Aleksandar Lazic
Dear Austin Getz.

Am 11.07.2019 um 15:15 schrieb Austin Getz:
> Hello Team,
> 
> Can you please provide two quotes for the below for ETS?
> 
> ETS Needs to purchase the Enterprise Edition of HA Proxy
> (https://www.haproxy.com/products/haproxy-enterprise-edition/) so that we have
> support from the vendor and can maintain high availability in AWS. We will
> require two licenses: one for PROD and one for non-PROD – quantities subject 
> to
> change.

I strongly suggest to contact cont...@haproxy.com for the enterprise edition.

Fyi: this is the public mailing list for the OSS project.

Current Archive: https://www.mail-archive.com/haproxy@formilux.org/

> Thank you.

Best regards
Aleks

> *Austin Getz *| SHI International Corp |Inside Account Manager |
> austin_g...@shi.com | _www.shi.com_
> 
> Office:732-868-8910 | Fax: 732-868-8911
> 
> https://myshi.com/marketing/companystandards/PublishingImages/2014-05-01_SHI.jpg
> 
> 
> */Innovative Solutions. World Class Support./**/ /* 
> 
> https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_Connect.pnghttps://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_Facebook.png
> https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_Twitter.png
> https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_LinkedIn.png
> https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_RSS.png
> https://myshi.com/marketing/companystandards/PublishingImages/2014-05-01_YouTube.png
> 
> 
>  
> 
>  
> 
>   
> 
> This message has originated from an *External Source*. Please use proper
> judgment and caution when opening attachments, clicking links, or responding 
> to
> this email.
> 
>  
> 
> 
> 
> Tom,
> 
>  
> 
> ETS Needs to purchase the Enterprise Edition of HA Proxy
> (https://www.haproxy.com/products/haproxy-enterprise-edition/) so that we have
> support from the vendor and can maintain high availability in AWS. We will
> require two licenses: one for PROD and one for non-PROD – quantities subject 
> to
> change.
> 
>  
> 
> Do you work with HAProxy?
> 
>  
> 
> Regards,
> 
>  
> 
> Glenn
> 
>  
> 
>  
> 
> 
> 
> This e-mail and any files transmitted with it may contain privileged or
> confidential information. It is solely for use by the individual for whom it 
> is
> intended, even if addressed incorrectly. If you received this e-mail in error,
> please notify the sender; do not disclose, copy, distribute, or take any 
> action
> in reliance on the contents of this information; and delete it from your 
> system.
> Any other use of this e-mail is prohibited.
> 
>  
> 
> Thank you for your compliance.
> 
> 




FW: HAProxy??

2019-07-11 Thread Austin Getz
Hello Team,

Can you please provide two quotes for the below for ETS?

ETS Needs to purchase the Enterprise Edition of HA Proxy 
(https://www.haproxy.com/products/haproxy-enterprise-edition/) so that we have 
support from the vendor and can maintain high availability in AWS. We will 
require two licenses: one for PROD and one for non-PROD – quantities subject to 
change.

Thank you.

Austin Getz | SHI International Corp |Inside Account Manager | 
austin_g...@shi.com | www.shi.com
Office:732-868-8910 | Fax: 732-868-8911
[https://myshi.com/marketing/companystandards/PublishingImages/2014-05-01_SHI.jpg]
Innovative Solutions. World Class Support.
[https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_Connect.png][https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_Facebook.png][https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_Twitter.png][https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_LinkedIn.png][https://myshi.com/marketing/companystandards/PublishingImages/2014-02-21_RSS.png][https://myshi.com/marketing/companystandards/PublishingImages/2014-05-01_YouTube.png]



This message has originated from an External Source. Please use proper judgment 
and caution when opening attachments, clicking links, or responding to this 
email.



Tom,

ETS Needs to purchase the Enterprise Edition of HA Proxy 
(https://www.haproxy.com/products/haproxy-enterprise-edition/) so that we have 
support from the vendor and can maintain high availability in AWS. We will 
require two licenses: one for PROD and one for non-PROD – quantities subject to 
change.

Do you work with HAProxy?

Regards,

Glenn




This e-mail and any files transmitted with it may contain privileged or 
confidential information. It is solely for use by the individual for whom it is 
intended, even if addressed incorrectly. If you received this e-mail in error, 
please notify the sender; do not disclose, copy, distribute, or take any action 
in reliance on the contents of this information; and delete it from your 
system. Any other use of this e-mail is prohibited.


Thank you for your compliance.




Fw: haproxy@formilux.org

2016-12-27 Thread Ralph










FW: haproxy log

2015-12-14 Thread Cohen Galit
Hello!

Can you examine the logger below?
I'm afraid I have a configuration problem in haproxy config, maybe in one of 
the timeout limits.
These lines are printed only after load tests are starting to  fail over tcp 
against 5 imap servers round robin.

We are load testing over than  1M create sockets.

Here is the configuration:

global
log 127.0.0.1  local0 debug  #emerg  alert  crit   errwarning 
notice info  debug
maxconn 90096
tune.ssl.default-dh-param 2048
uid 55301
   gid 55301

defaults
logglobal
modetcp
option tcplog
option dontlognull
retries 3
maxconn 90096
timeout client 60
timeout server 6
timeout connect 5000

listen HAProxy_VVM
log global
option tcplog
mode tcp
bind :50143 name VVM_PLAIN
bind :50443 name VVM_SSL
   #bind :50993 name VVM_TLS
balance roundrobin
#option tcp-check
#tcp-check connect port 50443 ssl  # USED FOR MIST VVM HEALTH CHECK. DO 
NOT COMMENT OR CHANGE THIS LINE.
#tcp-check expect string *\ OK
maxconn 90096
timeout client 60
timeout server 12
timeout connect 5000
#server mips 10.45.92.35 check verify none inter 3
server cas-au53 10.106.75.53 check verify none inter 3
server cas-au61 10.106.75.61 check verify none inter 3
server cas-au62 10.106.75.62 check verify none inter 3
server cas-au63 10.106.75.63 check verify none inter 3
server cas-au132 10.106.138.132 check verify none inter 3



Thanks,
Galit

From: Kuterman Itzik
Sent: Sunday, December 13, 2015 12:09 PM
To: Cohen Galit
Subject: haproxy log?


Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.146:34747 
[13/Dec/2015:10:55:05.698] HAProxy_VVM HAProxy_VVM/cas-au53 1/0/ 966 -- 
447/447/447/88/0 0/0
Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.163:63043 
[13/Dec/2015:10:55:05.751] HAProxy_VVM HAProxy_VVM/cas-au63 1/0/ 966 -- 
445/445/445/89/0 0/0
Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.163:63043 
[13/Dec/2015:10:55:05.751] HAProxy_VVM HAProxy_VVM/cas-au63 1/0/ 966 -- 
445/445/445/89/0 0/0
Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.166:49649 
[13/Dec/2015:10:55:05.807] HAProxy_VVM HAProxy_VVM/cas-au53 1/0/10004 966 -- 
443/443/443/88/0 0/0
Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.166:49649 
[13/Dec/2015:10:55:05.807] HAProxy_VVM HAProxy_VVM/cas-au53 1/0/10004 966 -- 
443/443/443/88/0 0/0
Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.162:14719 
[13/Dec/2015:10:55:05.923] HAProxy_VVM HAProxy_VVM/cas-au61 1/0/9998 1239 -- 
442/442/442/88/0 0/0
Dec 13 10:55:15 localhost.localdomain haproxy[11803]: 10.106.161.162:14719 
[13/Dec/2015:10:55:05.923] HAProxy_VVM HAProxy_VVM/cas-au61 1/0/9998 1239 -- 
442/442/442/88/0 0/0
Dec 13 10:55:16 localhost.localdomain haproxy[11803]: 10.106.161.164:17564 
[13/Dec/2015:10:55:06.025] HAProxy_VVM HAProxy_VVM/cas-au63 1/0/ 1238 -- 
443/443/443/89/0 0/0
Dec 13 10:55:16 localhost.localdomain haproxy[11803]: 10.106.161.164:17564 
[13/Dec/2015:10:55:06.025] HAProxy_VVM HAProxy_VVM/cas-au63 1/0/ 1238 -- 
443/443/443/89/0 0/0
Dec 13 10:55:16 localhost.localdomain haproxy[11803]: 10.106.161.164:17565 
[13/Dec/2015:10:55:06.032] HAProxy_VVM HAProxy_VVM/cas-au132 1/0/ 1239 -- 
443/443/443/89/0 0/0


"This e-mail message may contain confidential, commercial or privileged 
information that constitutes proprietary information of Xura, Inc. or its 
subsidiaries. If you are not the intended recipient of this message, you are 
hereby notified that any review, use or distribution of this information is 
absolutely prohibited and we request that you delete all copies and contact us 
by e-mailing to: secur...@xura.com. Thank You."


Re: RE : FW: HAProxy

2015-10-11 Thread Willy Tarreau
On Mon, Oct 12, 2015 at 04:48:41AM +, Cédric Petter wrote:
> Thanks Willy and thanks Thierry Fournier too (He answers some days before and
> didn't get the time to test before)
> 
> It work like a charm now :-)

Great!

> It's weird but no blogs speaks about this. All blogs I found do redirect to
> 80 on backend. Or they use 443 but there is nothing in the config explained
> :-(

Well maybe that leaves an opportunity for you to post a blog article
somewhere. Also, please keep in mind that the documentation is supposed
to be used before blogs, although I admit it's a bit large now and I
understand why some people prefer too look for a blog post before reading
all the doc!

Regards,
Willy




RE : FW: HAProxy

2015-10-11 Thread Cédric Petter
Thanks Willy and thanks Thierry Fournier too (He answers some days before and 
didn't get the time to test before)

It work like a charm now :-)
It's weird but no blogs speaks about this. All blogs I found do redirect to 80 
on backend. Or they use 443 but there is nothing in the config explained :-(

So I really appreciate your help. 
It saves me some sleep hours :-)

Kind Regards

Cédric Petter
VP of Support & IT

BPA Solutions
Headquarters – Switzerland

Build Closer Relationships with SharePoint

p. +41 24 524 25 50
e. cedric.pet...@bpa-solutions.net


De : Willy Tarreau [w...@1wt.eu]
Date d'envoi : samedi 10 octobre 2015 08:12
À : Cédric Petter
Cc: haproxy@formilux.org
Objet : Re: FW: HAProxy

Hello Cédric,

On Tue, Oct 06, 2015 at 01:56:41PM +, Cédric Petter wrote:
> Bonjour
>
> First of all, if I need to explain in English, please tell me.

Yes the list is in english, but I understood your problem so I'll
put out a quick summary and will respond :-)

> Je suis bloqué avec HAProxy sur une VM.
> J'ai un serveur Debian 8.2 avec HAProxy 1.5.14.
> Et "derrière", j'ai 2 serveurs Windows avec IIS 8.5 & SharePoint 2013.
>
> Cela fonctionne bien en HTTP, mais pas en HTTPS.
> avec HTTPS j'ai soit des erreurs 503 & 504 en altérnance.
> Si quelqu'un à une idée ca serait cool.

In short Cedric faces an issue where he gets errors 503/504 on haproxy
when passing HTTPS requests to IIS but that's OK with HTTP.

Cedric, the problem is that you are connecting to port 443 in clear
because you didnt specify "ssl" on the server lines :

   backend www-backend-https
 server www-1 192.168.1.2:443 check
 server www-2 192.168.1.3:443 check

Just add "ssl" at the end of the line and it will work better. You'll
get a warning upon startup that you need to add "ssl-verify-none" or
to put a CA file. If haproxy and the servers are on the same local
network and you consider this network to be safe, you can easily add
that option.

Additionnally, maybe you don't even need to pass again via port 443
and you can pass everything to port 80 ? That can make a simpler
config and avoid to re-encrypt+decrypt.

Last, since you're on haproxy 1.5, if you're observing important
CPU usage when using SSL, you can enable HTTP keep-alive to the
servers by removing this line :

   option http-server-close

It will use more memory by maintaining more connections though.

Regards,
Willy




Re: FW: HAProxy

2015-10-09 Thread Willy Tarreau
Hello Cédric,

On Tue, Oct 06, 2015 at 01:56:41PM +, Cédric Petter wrote:
> Bonjour
> 
> First of all, if I need to explain in English, please tell me.

Yes the list is in english, but I understood your problem so I'll
put out a quick summary and will respond :-)

> Je suis bloqué avec HAProxy sur une VM.
> J'ai un serveur Debian 8.2 avec HAProxy 1.5.14.
> Et "derrière", j'ai 2 serveurs Windows avec IIS 8.5 & SharePoint 2013.
> 
> Cela fonctionne bien en HTTP, mais pas en HTTPS.
> avec HTTPS j'ai soit des erreurs 503 & 504 en altérnance.
> Si quelqu'un à une idée ca serait cool.

In short Cedric faces an issue where he gets errors 503/504 on haproxy
when passing HTTPS requests to IIS but that's OK with HTTP.

Cedric, the problem is that you are connecting to port 443 in clear
because you didnt specify "ssl" on the server lines :

   backend www-backend-https
 server www-1 192.168.1.2:443 check
 server www-2 192.168.1.3:443 check

Just add "ssl" at the end of the line and it will work better. You'll
get a warning upon startup that you need to add "ssl-verify-none" or
to put a CA file. If haproxy and the servers are on the same local
network and you consider this network to be safe, you can easily add
that option.

Additionnally, maybe you don't even need to pass again via port 443
and you can pass everything to port 80 ? That can make a simpler
config and avoid to re-encrypt+decrypt.

Last, since you're on haproxy 1.5, if you're observing important
CPU usage when using SSL, you can enable HTTP keep-alive to the
servers by removing this line :

   option http-server-close

It will use more memory by maintaining more connections though.

Regards,
Willy




FW: HAProxy

2015-10-06 Thread Cédric Petter
Bonjour

First of all, if I need to explain in English, please tell me.

Je suis bloqué avec HAProxy sur une VM.
J'ai un serveur Debian 8.2 avec HAProxy 1.5.14.
Et "derrière", j'ai 2 serveurs Windows avec IIS 8.5 & SharePoint 2013.

Cela fonctionne bien en HTTP, mais pas en HTTPS.
avec HTTPS j'ai soit des erreurs 503 & 504 en altérnance.
Si quelqu'un à une idée ca serait cool.
Voilà ma config

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2048
tune.ssl.default-dh-param 2048
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers 
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3 defaults
log global
modehttp
option forwardfor
option http-server-close
option  httplog
option  dontlognull
timeout connect 5000
timeout client  5
timeout server  5
frontend www-http
bind *:80
default_backend www-backend
frontend www-https
bind *:443 ssl crt ./monfichier.pem
default_backend www-backend-https backend www-backend
server www-1 192.168.1.2:80 check
server www-2 192.168.1.3:80 check backend www-backend-https
server www-1 192.168.1.2:443 check
server www-2 192.168.1.3:443 check

Cédric Petter
cedric.pet...@bpa-solutions.net 




Re: FW: haproxy conditional healthchecks/failover

2012-05-29 Thread Willy Tarreau
On Tue, May 29, 2012 at 08:32:29PM +, Zulu Chas wrote:
> 
> am I wildly off course or is this config salvageable?
> 

To be honnest, your mail with overly long lines (half a kilobyte) is painful
to read, and once I made the effort of reading it, I didn't understand why
you're trying to cross-dress something which already exists and works.
 
The "disable-on-404" is made to permit enabling/disabling a server by a simple
"touch" or "rm". It appears that you want to exactly swap these two commands,
it really makes no sense to me to modify haproxy to support such a swap in a
script.

Another reason for disabling on 404 is that it will not accidently enable a
server which was started from an unmounted docroot file system. With your
method, it would still start it.

Also, the suggested way of dealing with very specific health checks is to
write a CGI or servlet to handle the various situations. Most people are
already doing this, and if you absolutely want to use "rm" to start the
server and "touch" to stop it, then 5 lines of shell in a CGI will do it.

Regards,
Willy




FW: haproxy conditional healthchecks/failover

2012-05-29 Thread Zulu Chas

am I wildly off course or is this config salvageable?






> > Hi!
> >
> > I'm trying to use HAproxy to support the concepts of "offline", "in
> > maintenance mode", and "not working" servers.
> 
> Any good reason to do that???
> (I'm a bit curious)

Sure.  I want to be able to mark a machine offline by creating a file (as 
opposed to marking it online by creating a file), which is why I can't use 
disable-on-404 below.  This covers situations where I need to take a machine 
out of public-facing operation for some reason, but perhaps I still want it to 
be able to render pages etc -- maybe I'm testing a code deployment once it's 
already deployed in order to verify the system is ready to be marked online.
I also want to be able to mark a machine down for maintenance by creating a 
file, "maintenance.html", which apache will nicely rewrite URLs to etc. during 
critical deployment phases or when performing other maintenance.  In this case, 
I don't want it to render pages (usually to replace otherwise nasty-looking 500 
error pages with a nice html facade).
For normal operations, I want the machine to be up.  But if it's not 
intentionally placed "offline" or "in maintenance" and the machines fail 
heartbeat checks, then the machine is "not working" and should not be served 
requests.
Does this make sense?
> 
> >  I have separate health checks
> > for each condition and I have been trying to use ACLs to be able to switch
> > between backends.  In addition to the fact that this doesn't seem to work,
> > I'm also not loving having to repeat the server lists (which are the same)
> > for each backend.
> 
> Nothing weird here, this is how HAProxy configuration works.
Cool, but variables would be nice to save time and avoid potential 
inconsistencies between sections.
> > -- I think it's more like "if any of
> > these succeed, mark this server online" -- and that's what's making this
> > scenario complex.
> 
> euh I might misunderstanding something.
> There is nothing more simple that "if the health check is successful,
> then the server is considered healthy"...

Since it's not strictly binary, as described above, it's a bit more complex.

> > frontend staging 0.0.0.0:8080
> >   # if the number of servers *not marked offline* is *less than the total
> > number of app servers* (in this case, 2), then it is considered degraded
> >   acl degraded nbsrv(only_online) lt 2
> >
> 
> This will match 0 and 1
> 
> >   # if the number of servers *not marked offline* is *less than one*, the
> > site is considered down
> >   acl down nbsrv(only_online) lt 1
> >
> 
> This will match 0, so you're both down and degraded ACL covers the
> same value (0).
> Which may lead to an issue later
> 
> >   # if the number of servers without the maintenance page is *less than the
> > total number of app servers* (in this case, 2), then it is
> > considered maintenance mode
> >   acl mx_mode nbsrv(maintenance) lt 2
> >
> >   # if the number of servers without the maintenance page is less than 1,
> > we're down because everything is in maintenance mode
> >   acl down_mx nbsrv(maintenance) lt 1
> >
> 
> Same remark as above.
> 
> 
> >   # if not running at full potential, use the backend that identified the
> > degraded state
> >   use_backend only_online if degraded
> >   use_backend maintenance if mx_mode
> >
> >   # if we are down for any reason, use the backend that identified that fact
> >   use_backend backup_only if down
> >   use_backend backup_only if down_mx
> >
> 
> Here is the problem (see above).
> The 2 use_backend above will NEVER match, because the degraded ad
> mx_mode ACL overlaps their values!

Why would they never match?  Aren't you saying they *both* should match and 
wouldn't it then take action on the final match and switch the backend to 
maintenance mode?  That's what I want.  Maintenance mode overrides offline mode 
as a failsafe (since it's more restrictive) to prevent page rendering.
> Do you know the "disable-on-404" option?
> it may help you make your configuration in the right way (not
> considering a 404 as a healthy response).
> 

Yes, but what I actually would need is enable-on-404 :)
Thanks for your feedback!  I'm definitely open to other options, but I'm hoping 
to not have to lose the flexibility described above!
-chaz