I've tried both options and I'm still not getting A+.
Unfortunately, I can't ask the user what the error is.
If I'll run into this again, I'll try to get this info.
Thanks
On Mon, Sep 8, 2014 at 9:46 AM, Jarno Huuskonen
wrote:
> Hi,
>
> On Sun, Sep 07, pablo platt wrote:
> > Hi,
> >
> > I'm us
Hi,
On 09.09.2014 11:43, pablo platt wrote:
> I've tried both options and I'm still not getting A+.
>
> Unfortunately, I can't ask the user what the error is.
> If I'll run into this again, I'll try to get this info.
>
To reach A+ you need
rspadd Strict-Transport-Security:\ max-age=31536
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/09/2014 5:19 p.m., Willy Tarreau wrote:
> Hi Dave,
>
> On Mon, Sep 08, 2014 at 04:25:22PM -0400, Dave McCowan wrote:
>>>
>>>
>>> Second patch :
>>>
diff --git a/include/types/connection.h
b/include/types/connection.h index 89f4f38..a
Hi guys,
Long story short: We have a need for a new feature for haproxy, which
allows logging to normal files (as opposed to the current domain
socket/UDP servers). This will of course require adding such an option
to the configuration. I am willing to write the whole feature (with
reviews from th
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains if
ssl-proxy
Do I need to add it to the frontend or backend?
Will it break raw TLS (not HTTPS)?
Thanks
On Tue, Sep 9, 2014 at 1:25 PM, Thomas Heil
wrote:
> Hi,
>
>
> On 09.09.2014 11:43, pablo platt wrote:
>
> I've tried
Hello,
I have HAproxy 1.5.4 installed in Debian Wheezy x64. My configuration file
is attached. I want session stickiness so i use appsession attribute but I
have a serious performance issue with ssl. Initially I didn't use nbproc
parameter and haproxy could only serve 50reqs/sec with 100% cpu usin
Hi John,
On Tue, Sep 09, 2014 at 02:48:46PM +0300, John Schwarz wrote:
> Hi guys,
>
> Long story short: We have a need for a new feature for haproxy, which
> allows logging to normal files (as opposed to the current domain
> socket/UDP servers). This will of course require adding such an option
>
On Tue, Sep 9, 2014 at 4:01 PM, wrote:
> Hello,
>
> I have HAproxy 1.5.4 installed in Debian Wheezy x64. My configuration file
> is attached. I want session stickiness so i use appsession attribute but I
> have a serious performance issue with ssl. Initially I didn't use nbproc
> parameter and ha
Hi all,
I'm just doing some performance test on a ha-proxy 1.5.4
and 'ab' on the client side:
* http => OK
* https => OK
* https + Keep-Alive => NOT OK (really bad performance)
Can someone explain this result to me. What did I miss?
Here the relevant config:
-8<-
Hello,
I'm running linux Mint 17 qiana.
$ uname -a
Linux cingarfield-dt 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
The packaged haproxy for this distro is version 1.4.24:
$ /usr/sbin/haproxy -vv
HA-Proxy version 1.4.24 2013/06/17
Copyright 2000
Hi all,
I did the ab test with concurrency = 1 and keep-alive.
I found the following log entries written by HAProxy.
Sep 9 16:54:20 server haproxy[29183]: :60646
[09/Sep/2014:16:54:20.014] fe_ssl_static~ be_bl/server02 19/0/0/1/29 200 93412
- - 10/9/0/1/0 0/0 "GET /jquery.js HTTP/
Hi Colin,
On Tue, 09 Sep 2014, 17:00:37 +0200, Colin Ingarfield wrote:
> Hello,
>
> I'm running linux Mint 17 qiana.
> $ uname -a
> Linux cingarfield-dt 3.13.0-24-generic #47-Ubuntu SMP Fri May 2
> 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
> The packaged haproxy for this distro is versi
On Tue, Sep 9, 2014 at 4:47 PM, wrote:
>> On Tue, Sep 9, 2014 at 4:01 PM, wrote:
>>> Hello,
>>>
>>> I have HAproxy 1.5.4 installed in Debian Wheezy x64. My configuration
>>> file
>>> is attached. I want session stickiness so i use appsession attribute but
>>> I
>>> have a serious performance is
On 09/09/2014 10:12 AM, Manfred Hollstein wrote:
Hi Colin,
On Tue, 09 Sep 2014, 17:00:37 +0200, Colin Ingarfield wrote:
Hello,
I'm running linux Mint 17 qiana.
$ uname -a
Linux cingarfield-dt 3.13.0-24-generic #47-Ubuntu SMP Fri May 2
23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
The packa
On 9/3/2014 4:40 PM, Shawn Heisey wrote:
> I am having some problems with SSL negotiation taking a really long
> time. There were 20 seconds between client hello and server hello on
> one session noticed with a packet capture, 28 seconds on another.
> Currently that connection is being handled by
I do not think this is a problem with haproxy (running 1.5.4), but I'm
hoping haproxy can help me debug it.
When I get SSL handshake failure, can haproxy be configured to log debug
messages about WHY it failed? We don't have any visibility into the
client -- it's at a customer site in Japan, I'm
On 08/09/2014 10:30 πμ, Juho Mäkinen wrote:
>
> On Thu, Sep 4, 2014 at 11:35 PM, Pavlos Parissis
> mailto:pavlos.paris...@gmail.com>> wrote:
>
> On 04/09/2014 08:55 πμ, Juho Mäkinen wrote:
> > I'm upgrading my old 1.4.18 haproxies to 1.5.4 and I have a mysterious
> > problem where hap
Thanks Pavlos for your help. Fortunately (and embarrassedly for me) the
mistake was not anywhere near haproxy but instead my haproxy configure
template system had a bug which mixed up the backend name and ip address.
Because of this haproxy showed different names for those servers which were
actual
Hi Andreas,
On Tue, Sep 09, 2014 at 03:05:36PM +, Andreas Mock wrote:
> Hi all,
>
> I did the ab test with concurrency = 1 and keep-alive.
> I found the following log entries written by HAProxy.
>
> Sep 9 16:54:20 server haproxy[29183]: :60646
> [09/Sep/2014:16:54:20.014] fe_ssl_st
I wanted to follow up and mention that we figured out the problem. The
"nolinger" option was producing this behavior. Disabling it seems to
have completely eliminated the issue.
On Mon, Sep 8, 2014 at 12:55 PM, Sparr wrote:
> I've got haproxy and apache on separate VMs in the same environment.
>
Hi Shawn,
On Tue, Sep 09, 2014 at 03:47:30PM -0600, Shawn Heisey wrote:
> I do not think this is a problem with haproxy (running 1.5.4), but I'm
> hoping haproxy can help me debug it.
>
> When I get SSL handshake failure, can haproxy be configured to log debug
> messages about WHY it failed?
Nor
On Tue, Sep 9, 2014 at 11:37 PM, Shawn Heisey wrote:
> On 9/3/2014 4:40 PM, Shawn Heisey wrote:
>> I am having some problems with SSL negotiation taking a really long
>> time. There were 20 seconds between client hello and server hello on
>> one session noticed with a packet capture, 28 seconds o
22 matches
Mail list logo
