[SPAM] Re: Architecture guide reworked

2015-12-02 17:25 GMT+01:00 Olivier Doucet : > > 2015-12-02 15:44 GMT+01:00 Michel Blanc : > >> Very good idea. >> >> Do you plan creating a git repo somewhere so people can contribute >> and/or create issues ? >> >> You might be interested in

[SPAM] Re: Architecture guide reworked

2015-12-02 15:44 GMT+01:00 Michel Blanc : > On 02/12/2015 15:17, Olivier Doucet wrote: > > > To avoid any long and non-productive discussion, here is my plan > to > > success : > > * let's agree on a very generic plan > > * then, use one mailing-list

RE: SSLv2Hello is disabled

Hi Galit, > I want to emphasize that the following test succeeded: > > [root@proxy-au51 ~]# openssl s_client -connect 10.106.75.53:50443 -tls1 > > CONNECTED(0003)  Ok. > Built with OpenSSL version : OpenSSL 0.9.8b 04 May 2006 > Running on OpenSSL version : OpenSSL 0.9.8e-fips-rhel5

Re: heartbeat traffic with many instances

On Wed, Dec 2, 2015 at 8:02 AM, ジョハンガル wrote: > Hello, > > After tests we got best performance with nbproc = 24 (on our setup). > However it induces non negligible heartbeat traffic (nbproc=24, on a bunch of > haproxy loadbalancers, healthcheｃking hundreds of

Re: Architecture guide reworked

On 02/12/2015 15:17, Olivier Doucet wrote: > To avoid any long and non-productive discussion, here is my plan to > success : > * let's agree on a very generic plan > * then, use one mailing-list thread for each part. People that > feel at > ease

Can HAProxy be setup to limit outbound requests to specific external service providers?

Willy, Thierry, and all: My employer uses an external service provider that requires that we do not over use their services.So, I need to use HAProxy to help throttle/limit the max number of user connections per day (i.e. 2000 JSP page views/day for all internal users at my employer) from

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hello all, I¹ve written up Willy and Emeric¹s proposal and it seems to test fine, at least from a functionality standpoint. I would appreciate it if interested parties would beat on this harder than I did to work out kinks. To recap for those that are new: You can now specify as a crt or a

Re: Questions Aboute the PEM Phrase.

On 03/12/2015 6:54 AM, "Jesus Moran" wrote: > > Hello. > > Excelent work whit this tool. > > Today i was integrating haproxy 1.5 whit SSL and was easy and fast, but i wave a litte issue. > > When i create the .key file i add it a phrase. > > > i cerate the certificate

RE: haproxy doesn't get SIGUSR1

> I'm using service_loadbalancer from kubernetes > (https://github.com/kubernetes/contrib/tree/master/service-loadbalancer ) > . This program would re-spawn haproxy when it found a change of > upstream endpoints. > When service_loadbalancer starts, it runs haproxy -sf $(cat pidfile) > several

RE: SSLv2Hello is disabled

javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled  >>> You need to disable SSLv3 in haproxy  >>  >> We are talking about the SSLv2 hello format. Its not about SSLv2 >> or SSLv3, its about the hello format.  > Which can also be used by sslv3 clients hence my comment.  True, but

Re: haproxy doesn't get SIGUSR1

Tried that flock way, but it doesn't take effect. Lukas Tribus 于2015年12月2日周三 下午4:30写道： > > I'm using service_loadbalancer from kubernetes > > (https://github.com/kubernetes/contrib/tree/master/service-loadbalancer > ) > > . This program would re-spawn haproxy when it found a

Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hi Dave, On Wed, Dec 02, 2015 at 07:17:36PM +, Dave Zhu (yanbzhu) wrote: > Hello all, > > I¹ve written up Willy and Emeric¹s proposal and it seems to test fine, at > least from a functionality standpoint. Thanks a lot for doing this work! > I would appreciate it if interested parties would

20% discount before Christmas !Latest super professional 3G network camera ,HD police body camera from big reputation factory

DearSiror=Madam, Hopethingsarewellwithyou. OurH=Dwearablecamerasarewidelypromotedandwellappliedintheindustr=iesofPublicSecurity,Procuratorate,Court,Justice,Armedpolice,trans=portation,Maritime,Cityinstpection,Hygiene,IndustryandCommerceet=cformanyyearsinShenzhen,China. Bytheway,Wesup=ply oneof

what's the difference between rspdel and http-response del-header

hi, I’m a confused about the difference between `rspdel` and `http-response del-header`. if all I want is to delete a hdr of plain text instead of regular expression, does `http-response del-header` perform faster? under what circumstance should I use `rspxxx` directives instead?

Re: Questions Aboute the PEM Phrase.

On Thu, Dec 03, 2015 at 07:53:33AM +1100, Igor Cicimov wrote: > On 03/12/2015 6:54 AM, "Jesus Moran" wrote: > Just remove the passphrase: > > openssl rsa -in /path/to/originalkeywithpass.key -out > /path/to/newkeywithnopass.key Please be aware that this exposes the

Re: [SPAM] Re: Architecture guide reworked

2015-12-02 17:31 GMT+01:00 Olivier Doucet : > > > 2015-12-02 17:25 GMT+01:00 Olivier Doucet : > >> >> 2015-12-02 15:44 GMT+01:00 Michel Blanc : >> >>> Very good idea. >>> >>> Do you plan creating a git repo somewhere so people can

Re: Two questions about lua

On Wed, Dec 02, 2015 at 11:33:19AM +0100, Thierry FOURNIER wrote: > For information, we try to find an existing service (like reddit) for > collecting HAProxy useful Lua script and sharing ti between users. > Actually, I store my own scripts on my personnal web page >

Re: Multiproc balance

On 30/11/2015 06:03 μμ, Stefan Johansson wrote: > Hello, > > > > I’ve started to switch to a multiproc setup for a high traffic site and > I was pondering a potential stupid question; What is actually balancing > the balancers so to speak? Is it Linux itself that balances the number > of

Re: Two questions about lua

On Tue, 1 Dec 2015 18:58:13 +0100 joris dedieu wrote: > 2015-12-01 10:57 GMT+01:00 Thierry FOURNIER : > > On Mon, 30 Nov 2015 18:03:00 +0100 > > joris dedieu wrote: > > > >> Thanks Thierry, for your answers. > >> >

[PATCH] MINOR: DeviceAtlas slight update

Hi all, Here it is a slight change, the DeviceAtlas module logging is silented by default. Also via the -vv flag, the DeviceAtlas support should be displayed. Please cc ttr...@deviceatlas.com for all answers. Kindest regards From 261ef622c99717c2ac57bf27c17a9d8cfeafac3d Mon Sep 17 00:00:00 2001

Re：Tungsten Shot

Dear Sir/Madam, Maybe you are not in charge of purchasing.But as you know,the raw material of low price makes your product more competitive in the market.That means it will make your sell much easier. Please kindly forward this email to the manager of purchase.Or if

RE: SSLv2Hello is disabled

Thanks, all, for your help! For your questions: I use openssl 0.9.8 Haproxy -vv: [root@proxy-au51 ~]# haproxy -vv HA-Proxy version 1.5.9 2014/11/25 Copyright 2000-2014 Willy Tarreau Build options : TARGET = linux26 CPU = i686 CC = gcc

[PATCH]: BUG/MEDIUM: da

HI all, another patch to fix an use case when the attended HTTP header by the convertor is not found, either by Haproxy req*del modifiers or even just the web browser, hence avoiding a segfault. Please cc ttr...@deviceatlas.com for any answer. Kindest regards. From

RE: Multiproc balance

Hello, the usage is based on session rate (i.e the percentage I listed, those are the approximate session rates per haProxy process). The CPU% of the respective core mirrors this as well (nothing else running on those cores basically). I do realize now that your example is different from my

Re: haproxy doesn't get SIGUSR1

❦ 2 décembre 2015 09:30 +0100, Lukas Tribus  : > Also see Lukas Lösche's reports and efforts: > https://github.com/haproxy/haproxy/issues/48 Totally unrelated with the current issue, but on the GitHub page, this is said that issues are ignored but some of them are actually

Re: [SPAM] Architecture guide reworked

Hi, 2015-11-29 10:30 GMT+01:00 Aleksandar Lazic : > Dear Olivier > > Am 27-11-2015 17:18, schrieb Olivier: > >> Hello everyone ! >> >> I'm a huge fan of HAProxy. In my mind, this is a great toolbox. Like all >> toolbox, to use it at 100%, you need good examples. >> HAProxy