Hi Apollon,
On Wed, Oct 08, 2014 at 03:14:41PM +0300, Apollon Oikonomopoulos wrote:
By default systemd will send SIGTERM to all processes in the service's
control group. In our case, this includes the wrapper, the master
process and all worker processes.
Since commit c54bdd2a the wrapper
Hi,
On Tue, Oct 07, 2014 at 08:19:59AM -0500, B. Heath Robinson wrote:
I am trying to use the dynamic backend selection feature of 1.5, but I am
missing something. Here is a snippet of my configuration:
frontend sledgehammer
bind *:1
option http-pretend-keepalive
Dear All!
I have been using haproxy for more than a year with total satiscation.
This is the first problem we are unable to solve, maybe someone has already
meet any similar!
There are two JBOSS servers (http, port 8080), behind a haproxy (HA config
with keepalived, but this is irrelevant at
Hi Ivan,
On Thu, Oct 09, 2014 at 04:10:29PM +1300, Ivan Kurnosov wrote:
Since `haproxy v1.5.0` it was possible to temporarily stop reverse-proxying
traffic to frontends using
set maxconn frontend frontend_name 0
command.
I've noticed that if haproxy is configured to maintain
I'm really amazed by the amount of breakage these new service managers are
causing to a simple process management that has been working well for over
40 years of UNIX existence now, and the difficulty we have to work around
this whole mess!
If there was a poster child for knowing better than
Hi Willy,
On 11:26 Thu 09 Oct , Willy Tarreau wrote:
Hi Apollon,
On Wed, Oct 08, 2014 at 03:14:41PM +0300, Apollon Oikonomopoulos wrote:
By default systemd will send SIGTERM to all processes in the service's
control group. In our case, this includes the wrapper, the master
process
It's something I'd like to add also for the graceful shutdown, but for now
we don't have an easy way to navigate through the idle connections. However
something I was considering was to avoid keep-alive when serving a response
over a saturated frontend or when the process is stopping. That way
On Thu, Oct 09, 2014 at 12:35:10PM +0300, Apollon Oikonomopoulos wrote:
Hi Willy,
On 11:26 Thu 09 Oct , Willy Tarreau wrote:
Hi Apollon,
On Wed, Oct 08, 2014 at 03:14:41PM +0300, Apollon Oikonomopoulos wrote:
By default systemd will send SIGTERM to all processes in the service's
On 11:44 Thu 09 Oct , Willy Tarreau wrote:
On Thu, Oct 09, 2014 at 12:35:10PM +0300, Apollon Oikonomopoulos wrote:
Hi Willy,
On 11:26 Thu 09 Oct , Willy Tarreau wrote:
Hi Apollon,
On Wed, Oct 08, 2014 at 03:14:41PM +0300, Apollon Oikonomopoulos wrote:
By default
On Thu, Oct 09, 2014 at 12:55:25PM +0300, Apollon Oikonomopoulos wrote:
On 11:44 Thu 09 Oct , Willy Tarreau wrote:
OK, so I'm merging your patch if you think it's the best solution.
Well, I think it's the most sane thing to do and is behaviour-compatible
with the current wrapper
On 12:07 Thu 09 Oct , Willy Tarreau wrote:
Anyway we're not there to discuss the benefits or defaults of systemd,
some major distros have adopted it and now we have to work around its
breakages so that users can continue to use their systems as if it was
still a regular, manageable UNIX
Hi,
I have some 1.5.3 configurations which contain a default_backend which is
actually disabled.
Snippet below.
On upgrading to 1.5.5 - the first backend following the disabled line gets
silently lost.
Frontend main *:80
...
default_backend default
On Thu, Oct 09, 2014 at 10:37:04PM +1300, Ivan Kurnosov wrote:
It's something I'd like to add also for the graceful shutdown, but for now
we don't have an easy way to navigate through the idle connections. However
something I was considering was to avoid keep-alive when serving a response
Finally it turned out NOT to be TLS related.
The problem was the HTTP acl matching in the frontend.
I used acl: hdr(host). The mobile client was the only in the whole world
which specified the :443 for https: URLs, so I have never noticed earlier,
that it can be a problem.
changed to
as the patch name says ... systemd gives us a hook to run stuff before
the service is started, we can use that to test if the config is valid.
that's something that my old init script also did.
with kind regards
darix
--
openSUSE - SUSE Linux is my linux
Hi,
On Mon, Oct 06, Kari Mattsson wrote:
(IP numbers are imaginary, not real.)
When I go to http://200.200.200.111 and http://200.200.200.222, and press F5
(refresh) on Firefox for a few time, I end up with 4 cookies instead of 2.
For example when you go to .111 and hit refresh few times do
I think I can reproduce this and a similar bug that causes a SEGFAULT (on
load or config check) when 'disabled' appears in a backend using the config
shown below.
defaults
timeout client 5s
timeout server 5s
frontend main :
default_backend one
backend one
backend two
disabled
A
Hi guys,
On Thu, Oct 09, 2014 at 11:57:03AM -0700, Bryan Talbot wrote:
I think I can reproduce this and a similar bug that causes a SEGFAULT (on
load or config check) when 'disabled' appears in a backend using the config
shown below.
defaults
timeout client 5s
timeout server 5s
Hi Marcus,
On Thu, Oct 09, 2014 at 05:00:09PM +0200, Marcus Rueckert wrote:
as the patch name says ... systemd gives us a hook to run stuff before
the service is started, we can use that to test if the config is valid.
that's something that my old init script also did.
with kind regards
Hi,
On Thu, Oct 09, 2014 at 02:15:19PM +0200, Attila Heidrich wrote:
Finally it turned out NOT to be TLS related.
The problem was the HTTP acl matching in the frontend.
I used acl: hdr(host). The mobile client was the only in the whole world
which specified the :443 for https: URLs, so I
Hello,
can we log SNI headers (req_ssl_sni) or generally,
SNI availability (ssl_fc_has_sni) the same way we
log SSL version (%sslv)?
/---/
*/Best regards,/*
/Eugene Istomin/
Hello,
yesterday we are looking for the client-side SNI custom string for one of
our clients and choose stunnel (as outbound TLS termination) for two
reasons:
1) ability to send client certificate (client mode)
2) ability to send custom SNI header in client mode
We use haproxy as main L7
Hello Eugene,
On Fri, Oct 10, 2014 at 08:13:43AM +0300, Eugene Istomin wrote:
Hello,
yesterday we are looking for the client-side SNI custom string for one of
our clients and choose stunnel (as outbound TLS termination) for two
reasons:
1) ability to send client certificate (client mode)
23 matches
Mail list logo
