Re: Recommended strategy for running 1.5 in production

I use haproxy on centos. So I build a RPM i then use in spacewalk to first roll out to test, then post testing to production. On 16/04/2014 17:14, pablo platt wrote: An official Ubuntu dev repo will also make testing easier. It's much easier to use a apt-get than building from source and figuri

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

Hi David, On Wed, Apr 16, 2014 at 01:03:37PM -0400, David S wrote: (...) > This makes sense. With all the possible fields, I would prefer a more > machine friendly format. (I think that is your preference too.) Actually yes. > How about a proxy protocol extension that can be appended to

haproxy incorrectly reporting connection flags

With 1.5-dev22, we have a scenario where haproxy is saying the client closed the connection, but really the server is the one that closed it. Here is the log entry from haproxy: haproxy[12540]: 10.230.0.195:33580 storage_upd storage_upd/storage_upd_2 0/0/0/522/555 0/0/0/0/0 0/0 412/271 200 CD-- 73

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

Hi Phil, On Wed, Apr 16, 2014 at 04:46:05PM -0400, Phil Pennock wrote: > On 2014-04-15 at 12:13 +0200, Willy Tarreau wrote: > > On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: > [ SSL extensions for Proxy protocol ] > > > Please let me know your feedback. > > > [ many great improvements

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On 2014-04-15 at 12:13 +0200, Willy Tarreau wrote: > On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: [ SSL extensions for Proxy protocol ] > > Please let me know your feedback. > [ many great improvements ] > Note that this probably marks the death of protocol v2 that nobody implemented >

Re: Recommended strategy for running 1.5 in production

Nothing stopping you from using the PPA as originally suggested. :-) In regards to easy there are hundreds of how-to webpages for building deb packages. I'd grade it slightly more complicated than building RPMs correctly. When you're done you can use the same infrastructure to build o

Re: Recommended strategy for running 1.5 in production

So I "only" need to setup a VM, download a file from a personal PPA, add the source code and learn how to build a deb package... And every user need to do the same... Easy :) On Wed, Apr 16, 2014 at 11:12 PM, Ramin K wrote: > It's easy to build your own packages with the files from the

Re: Recommended strategy for running 1.5 in production

It's easy to build your own packages with the files from the PPA which is what we do. BTW, thanks Vincent for doing the groundwork. Simplest method might be: - Decide which archs you need to target. Follow a how-to for setting up a environment to build deb packages. I recommend dedicating a V

Re: RFC: removal of bsd and osx Makefiles

Migrating to linux. El 14/04/2014 06:28, "Lukas Tribus" escribió: > Hi list, > > > this is to request comments regarding the removal of bsd and osx Makfiles. > > Its was proposed by Willy Tarreau, the reason are: > - osx and bsd Makefiles don't support USE flag, so they can't be used if > S

SSL termination with nbproc > 1

Hi I have haproxy 1.5-dev22 working with SSL termination and it seems to be using quite a bit of CPU under a not very high load of SSL connections. ios_sproxy_fe session rate max 50 sessions max 805 this lb also balances unencrypted traffic ios_proxy_fe session rate max 720 sessions max 12.8

Re: Recommended strategy for running 1.5 in production

The Ubuntu PPA is great but it is not 'official' and I couldn't find Ubuntu 14.04 package. https://launchpad.net/~vbernat/+archive/haproxy-1.5 Ubuntu 14.04 LTS will be out tomorrow which means that haproxy-1.5 will be included only in the next

Re: Recommended strategy for running 1.5 in production

Hi Apollon, On Wed, Apr 16, 2014 at 09:22:56PM +0300, Apollon Oikonomopoulos wrote: > (Cc'ing the Debian maintainers as well) > > Hi all, > > On 19:28 Wed 16 Apr , Willy Tarreau wrote: > > On Wed, Apr 16, 2014 at 07:14:31PM +0300, pablo platt wrote: > > > An official Ubuntu dev repo will als

Re: redirecting based on Accept-Language

Le 16/04/2014 20:25, Thierry FOURNIER a écrit : Hi Cyril, The 0 returned is the expected behavior. If no value matches the converter, than the expression fails. In other way you can use the default value in the "language" converter itself. I think that if you write the following expression, you

Re: redirecting based on Accept-Language

On Wed, 16 Apr 2014 20:14:00 +0200 Cyril Bonté wrote: > Hi again Thierry, > > Le 16/04/2014 16:34, Thierry FOURNIER a écrit : > >> Shouldn't we need to provide a matching method (for example "-m str") ? > >> In this case, the "language" documentation also needs to be updated. > > > > > > Fixed.

Re: Recommended strategy for running 1.5 in production

(Cc'ing the Debian maintainers as well) Hi all, On 19:28 Wed 16 Apr , Willy Tarreau wrote: > On Wed, Apr 16, 2014 at 07:14:31PM +0300, pablo platt wrote: > > An official Ubuntu dev repo will also make testing easier. > > It's much easier to use a apt-get than building from source and figuring

Re: redirecting based on Accept-Language

Hi again Thierry, Le 16/04/2014 16:34, Thierry FOURNIER a écrit : Shouldn't we need to provide a matching method (for example "-m str") ? In this case, the "language" documentation also needs to be updated. Fixed. Great ! haproxy becomes fun and enlarges Y0ur creativity (dedicated to the "

RE: Regarding Haproxy Configuration

Hi, > I have configured haproxy on my server for load balancing of 2 servers. > haproxy service is running properly as it should be. But I want your > help as i am facing a problem. I want to redirect request from server1 > to server2 in case server1 gives error like 403. Thats not support

Re: Recommended strategy for running 1.5 in production

On Wed, Apr 16, 2014 at 07:14:31PM +0300, pablo platt wrote: > An official Ubuntu dev repo will also make testing easier. > It's much easier to use a apt-get than building from source and figuring > out command line options. I think we're getting close to a release so we should not harrass distro

Regarding Haproxy Configuration

Dear Sir/Ma'am, I have configured haproxy on my server for load balancing of 2 servers. haproxy service is running properly as it should be. But I want your help as i am facing a problem. I want to redirect request from server1 to server2 in case server1 gives error like 403. I have already define

Re: [PATCH] FEATURE Extending PROXY protocol for SSL

On Tue, Apr 15, 2014 at 6:13 AM, Willy Tarreau wrote: > Hi David, > > On Mon, Apr 14, 2014 at 09:54:19PM -0400, David S wrote: > > Hello-- > > Part of my solution uses a non-HTTP protocol. My backend server need > > L3/L4 information, so the PROXY protocol is a perfect fit. In addition > to

Re: Recommended strategy for running 1.5 in production

An official Ubuntu dev repo will also make testing easier. It's much easier to use a apt-get than building from source and figuring out command line options. On Wed, Apr 16, 2014 at 7:05 PM, Philipp < e1c1bac6253dc54a1e89ddc046585...@posteo.net> wrote: > Am 16.04.2014 17:40 schrieb Willy Tarreau

Re: Recommended strategy for running 1.5 in production

Am 16.04.2014 17:40 schrieb Willy Tarreau: I think you summarized very well how to carefully use a development version in prod. That requires a bit of care, but with that you can get both nice features and quick fixes. Indeed :) After 1.5 is released, I'd like to switch to a faster and more r

Re: 1.5 dev22 issue on freebsd10-stable

于 14-4-16 21:35, Willy Tarreau 写道: On Wed, Apr 16, 2014 at 02:32:03PM +0100, Simon Dick wrote: On 16 April 2014 13:41, Ghislain wrote: Le 16/04/2014 08:39, Willy Tarreau a écrit : On a personal note, I'd say that I consider the support for strace and tcpdump as absolute prerequisite when i

Re: Recommended strategy for running 1.5 in production

Hi Apollon, On Wed, Apr 16, 2014 at 11:33:37AM +0300, Apollon Oikonomopoulos wrote: (...) > We run a -dev version - not necessarily the latest one, just one that is > running stable and has no security issues. In general I follow the list > on a daily basis (not reading through every mail though

Re: strange error message "unknown keyword 'tcp-request' in 'backend' section"

Hi, On Wed, Apr 16, 2014 at 04:34:02PM +0200, Thierry FOURNIER wrote: > Hello, > > I cannot reproduce your issue. I try with version 1.4.0 and 1.4.25, > this configuration runs with these two versions. > > Can you check your haproxy version with "haproxy -v" ? Just a guess, I suspect that Ghisl

Re: strange error message "unknown keyword 'tcp-request' in 'backend' section"

Hello, I cannot reproduce your issue. I try with version 1.4.0 and 1.4.25, this configuration runs with these two versions. Can you check your haproxy version with "haproxy -v" ? Thierry On Wed, 16 Apr 2014 14:03:36 +0200 Ghislain wrote: > hi, > > i am trying a very basic haproxy setting o

Re: redirecting based on Accept-Language

On Tue, 15 Apr 2014 21:57:29 +0200 Cyril Bonté wrote: > Hi Thierry, > > Le 14/04/2014 21:30, Thierry FOURNIER a écrit : > > Hi Marc, > > > > This dev is done in the current haproxy version. The keyword is > > "language", this is the documentation: > > > > language([,]) > >Returns the

Re: 1.5 dev22 issue on freebsd10-stable

On Wed, Apr 16, 2014 at 02:32:03PM +0100, Simon Dick wrote: > On 16 April 2014 13:41, Ghislain wrote: > > Le 16/04/2014 08:39, Willy Tarreau a écrit : > > > >> On a personal note, I'd say that I consider the support for strace and > >> tcpdump as absolute prerequisite when it comes to any platform

Re: 1.5 dev22 issue on freebsd10-stable

On 16 April 2014 13:41, Ghislain wrote: > Le 16/04/2014 08:39, Willy Tarreau a écrit : > >> On a personal note, I'd say that I consider the support for strace and >> tcpdump as absolute prerequisite when it comes to any platform going into >> production, to the point of even reconsidering the plat

Re: 1.5 dev22 issue on freebsd10-stable

Le 16/04/2014 08:39, Willy Tarreau a écrit : On a personal note, I'd say that I consider the support for strace and tcpdump as absolute prerequisite when it comes to any platform going into production, to the point of even reconsidering the platform if it misses them. Willy well FreeBSD has

strange error message "unknown keyword 'tcp-request' in 'backend' section"

hi, i am trying a very basic haproxy setting on 1.4 and i use a copy paste from the doc on the tcp-request part: global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon frontend anciennonhttp

Re: Recommended strategy for running 1.5 in production

Hi Jonathan, On 22:27 Mon 14 Apr , Jonathan Matthews wrote: > Hi all - > > I've been running 1.4 for a number of years, but am pondering moving > some as-yet-unreleased apps to 1.5, for SSL and ACL-ish reasons. > > I'd like to ask how you, 1.5 sysadmins and devs, track the development > vers

RE: handle error on haproxy

> Is any other solution for fixing my problem by using haproxy or Zen > load balancer. Not that I know, but you got a better chance of someone responding to your question if you answer to the mailing list, like I said. Regards, Lukas

RE: handle error on haproxy

Hi, > Hi Lukas, > > I am doing testing on both load balancer. > 1. Haproxy > 2. Zen load balancer > > I have install both on different machine and both are working fine. > > > Now I want that if 50X error occur than request forward to 2nd web server if > again 50X error occur on this server t