current Lua implementation already allows asynchronous network sockets.
Now, what you need to do is to code a basic LDAP auth request in Lua
and be able to parse the response.
Baptiste
On Thu, Dec 3, 2015 at 11:58 PM, Grant Haywood wrote:
> Thats exactly what I am wanting to code, I just need
I am looking to automate letsencrypt with lua, the process would be to detect
to see if the domain has a cert already, if not it would execute letsencrypt on
the domain.
Any thought if this would be possible to do with lua. I am guessing using the
os.execute.
On Wed, Dec 2, 2015 at 7:01 PM, John Pingel wrote:
> Willy, Thierry, and all:
>
> My employer uses an external service provider that requires that we do not
> over use their services.So, I need to use HAProxy to help throttle/limit
> the max number of user connections per day (i.e. 2000 JSP pa
On Wed, Dec 2, 2015 at 3:14 PM, Olivier Doucet wrote:
> Hello all,
>
> I see parameter tune.ssl.cachesize with default value of 2
>
> But today, I have no idea how much of this cache I'm actually using, and I
> fail to find any information about it. Is there a way to know how much of it
> I'm
[ Profitez de votre offre pour trouver le cadeau idéal ](
http://r.journaldujour.fr/2vdiyd6r1actsbd.html ) |
Vous recevez mes news car vous vous êtes abonnés à RV [ ](
http://r.journaldujour.fr/2vdiyd6rtqctsbd.html ) [ ](
http://r.journaldujour.fr/2vdiyd6sm6ctsbd.html ) [ ](
http://r.jou
On Fri, Dec 04, 2015 at 03:07:06AM +0100, Cyril Bonté wrote:
> Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when
> they were declared in the defaults section. This is due to the use of an
> internal attribute which is set once an email-alert is at least partially
> confi
Hi,
I have two backends named "nginx-http" and "nginx-https": the first
one handle HTTP connections, the second one HTTPS connections.
The proxy protocol works successfully on nginx-http backend:
server server1 10.0.80.1:8080 send-proxy check check-send-proxy fall
3 inter 2s weight 10
But the
Hi,
All my backend servers are connected to a private, IPv6-only network.
When I'm trying to use their addresses in "server" directive, HAProxy
fails to connect to them.
Here's some configurations I've tried (fe80::ec4:7aff:fe59:91dd =
backend server, fe80::ec4:7aff:fe6c:4a89 = haproxy):
server
Tommy Atkinson and Sylvain Faivre reported that email alerts didn't work when
they were declared in the defaults section. This is due to the use of an
internal attribute which is set once an email-alert is at least partially
configured. But this attribute was not propagated to the current proxy dur
A segfault can occur during at the initialization phase, when an unknown
"mailers" name is configured. This happens when "email-alert myhostname" is not
set, where a direct pointer to an array is used instead of copying the string,
causing the segfault when haproxy tries to free the memory.
This i
When the email alert message couldn't be formatted, the logged error message
said the contrary.
This fix must be backported to 1.6.
---
src/checks.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/checks.c b/src/checks.c
index e77926a..bc7eaa7 100644
--- a/src/checks.c
+++
Hi Sylvain and Tommy,
Le 30/11/2015 10:34, Sylvain Faivre a écrit :
On 11/01/2015 06:34 PM, Tommy Atkinson wrote:
I want to enable email alerts for all my backends so I added the
"email-alert" options to the defaults section and a mailers section at
the top level. The documentation indicates th
Hello,
I see that you are one of the promising exhibitors at NAHB International
Builders' Show JAN 19-21, 2016. I am wondering if you are interested in
acquiring the potential Attendees List for this event which you can leverage
for your pre and post event campaigns.
Each record in our database c
Thats exactly what I am wanting to code, I just need an example of how to do
auth, like userlist, inside of lua.
- Original Message -
From: "Igor Cicimov"
To: "Grant Haywood"
Cc: "HAProxy"
Sent: Thursday, December 3, 2015 3:58:28 PM
Subject: Re: lua authentication
Hi Grant,
On
Hi Grant,
On Fri, Dec 4, 2015 at 7:46 AM, Grant Haywood
wrote:
> Hello,
>
> I was wondering if there is a basic example of using lua to do
> authentication?
>
> I am specificaly interested in constructing 'ldap' and 'jwt' versions of
> the 'userlist' block
>
> thx in advance for your time
>
>
Ex
Another odd thing is that both certs are loaded even if the ECC cert
doesn't have the proper name.
In my testing with a bind line of
bind :8443 ssl crt ./var/tls/localhost.pem
the ECC cert is loaded if it is in that directory no matter what the file
name is.
-Bryan
On Thu, Dec 3, 2015 at 2
On Thu, Dec 3, 2015 at 2:00 PM, Dave Zhu (yanbzhu)
wrote:
> Hey Bryan.
>
> I noticed that you gave HAProxy a directory. You have to give it the name
> of the cert instead of the directory.
>
> So your config should be:
>
> bind :8443 ssl crt ./var/tls/localhost.pem
>
>
>
I get the same behavio
Hey Bryan.
I noticed that you gave HAProxy a directory. You have to give it the name of
the cert instead of the directory.
So your config should be:
bind :8443 ssl crt ./var/tls/localhost.pem
-Dave
From: Bryan Talbot mailto:bryan.tal...@ijji.com>>
Date: Thursday, December 3, 2015 at 4:45 PM
Hi Dave.
I've applied the patches but things are not working as I expected. It could
be that my expectations are incorrect though. I'm expecting that with two
(ECC and RSA) self-signed testing certificates deployed with the haproxy
config shown below that ECC capable clients will connect and use t
Hello,
I was wondering if there is a basic example of using lua to do authentication?
I am specificaly interested in constructing 'ldap' and 'jwt' versions of the
'userlist' block
thx in advance for your time
On Thu, Dec 03, 2015 at 07:24:10PM +, Dave Zhu (yanbzhu) wrote:
> HAProxy will use the first ³crt² file that it loads as the default
> cert(represented by bind_conf->default_ctx).
>
> So, if you loaded multiple certs in one operation as your first cert,
> HAProxy will have to determine WHICH c
Hey Willy
On 12/3/15, 1:34 PM, "Willy Tarreau" wrote:
>
>I'm sorry but I'm missing something. In which case could we have the
>choice
>between multiple SSL_CTX ? My understanding is that if the SNI is not
>found
>in the list, we currenlty fall back to the default cert. Now the
>difference
>is su
Already did.
Unfortunately same error in servers
-Original Message-
From: Lukas Tribus [mailto:luky...@hotmail.com]
Sent: Thursday, December 03, 2015 3:36 PM
To: Cohen Galit
Cc: HAProxy
Subject: RE: SSLv2Hello is disabled
Hi,
> I'll try to pack again the OpenSSL files (must wo
On Wed, Dec 2, 2015 at 8:50 PM, Ruoshan Huang
wrote:
> hi,
> I’m a confused about the difference between `rspdel` and
> `http-response del-header`. if all I want is to delete a hdr of plain text
> instead of regular expression, does `http-response del-header` perform
> faster? under what circ
Hi Dave,
On Thu, Dec 03, 2015 at 05:36:36PM +, Dave Zhu (yanbzhu) wrote:
> On 12/3/15, 1:40 AM, "Willy Tarreau" wrote:
>
> >I didn't understand what you meant with this last sentence, it sounds like
> >there could be multiple default contexts which are more or less randomly
> >chosen so that
Hi Lukas,
On Thu, Dec 03, 2015 at 06:22:12PM +0100, Lukas Tribus wrote:
> Hi Bernd, Willy,
>
>
> > Hello,
> >
> > im getting segfault, it happens on 1 of ~500 million requests that are
> > processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems
> > updated, crash stayed).
> >
> > If yo
Hey Emeric,
On 12/3/15, 9:56 AM, "Emeric Brun" wrote:
>
>But i notice some inconsistencies.
>
>Patch2 (crt conf keywoard):
>If the file without key extension is present, this file is loaded but
>also the multi_load is called.
>
>However in Patch3 (crt-list)
>If the file without key extension is
Hey Willy
On 12/3/15, 1:40 AM, "Willy Tarreau" wrote:
>I didn't understand what you meant with this last sentence, it sounds like
>there could be multiple default contexts which are more or less randomly
>chosen so that confuses me.
Sorry if that was confusing. I was merely trying to indicate t
Hi Bernd, Willy,
> Hello,
>
> im getting segfault, it happens on 1 of ~500 million requests that are
> processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems
> updated, crash stayed).
>
> If you need more informations, let me know.
>
> Thank You.
>
> Trace:
> (gdb) thread apply all bt
Hello,
im getting segfault, it happens on 1 of ~500 million requests that are
processed on haproxy 1.6.2-2 on debian wheezy and jessie (systems
updated, crash stayed).
If you need more informations, let me know.
Thank You.
Trace:
(gdb) thread apply all bt full
Thread 1 (Thread 0x7fd8112547
On Thu, Dec 03, 2015 at 03:56:45PM +0100, Sylvain Faivre wrote:
> According to our logs, both HAproxy processes were started at Nov 24
> 11:25:xx and application errors caused by lack of session replication
> started happenning at Dec 1 17:05:35
> So that's a bit more than 1 week later.
>
> We'
Hey Emeric,
I’m in the process of cleaning up the patches, indentation and style so
I’ll post up another set to the mailing list as Willy suggested.
-Dave
On 12/3/15, 9:56 AM, "Emeric Brun" wrote:
>On 12/02/2015 08:17 PM, Dave Zhu (yanbzhu) wrote:
>> Hello all,
>>
>> I¹ve written up Willy and
Hi Willy,
Thanks for your help.
On 12/03/2015 03:25 PM, Willy Tarreau wrote:
>
> [...]
Thanks for this precision. All I can say for now is that you clearly
encountered a bug but that we don't know what this bug is. We'll have
to check in the code for something which could cause this. It would
b
On 12/02/2015 08:17 PM, Dave Zhu (yanbzhu) wrote:
> Hello all,
>
> I¹ve written up Willy and Emeric¹s proposal and it seems to test fine, at
> least from a functionality standpoint.
>
> I would appreciate it if interested parties would beat on this harder than
> I did to work out kinks.
>
> To r
Hi Alain,
On Thu, Dec 03, 2015 at 12:14:20PM +, Labedan, Alain wrote:
>
> Hi,
>
> I have HAPROXY in front of servers backend which are load balanced.
>
> So, in https, we have only one address where the front https haproxy listen
> : bind :443.
> And we have some clients for which, we
Hi Sylvain,
On Thu, Dec 03, 2015 at 12:05:02PM +0100, Sylvain Faivre wrote:
> Hi,
>
> We just had a strange replication problem on our staging environment.
> We have 2 HAproxy servers. They were running for 2 weeks now.
> At the beginning, I checked that the stick tables were properly synced.
>
Dear Sir / Madam ,
Good day.
I'm Agnes from HMX Electronic, a professional PCB manufacturer of Prototype,
Small volume and Medium volume orders with the certificates of UL, ISO9001, and
RoHs.
Our factory highlights as below:
1, High Quality and Technology Capability
We process the p
On Thu, Dec 03, 2015 at 10:43:56AM +, Ben Shillito wrote:
> Hi,
>
> Attached is a patch with an edit to the information in the README regarding
> 51Degrees installation and configuration.
Applied to 1.7 and 1.6, thanks Ben.
Willy
Hi Alex,
On Thu, Dec 03, 2015 at 05:32:16AM -0800, Alex wrote:
> Hi Guys , how do unsubscribe :)
As indicated on the site, by sending an e-mail to :
haproxy+unsubscr...@formilux.org
but I've done it for you right now.
Best regards,
Willy
Hi,
> I'll try to pack again the OpenSSL files (must work with rpm) from
> original repository and will let you know. Thanks.
Ok, but first try the other proposal (takes less time):
>> Should I just add to haproxy.cfg the following?
>> force-tlsv10
>
> Yes, you can try:
>
> global
> ss
Hi Guys , how do unsubscribe :)
Thanks
Alex
> On Dec 3, 2015, at 2:35 AM, Willy Tarreau wrote:
>
> On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote:
>> Hi all,
>>
>> Here it is a slight change, the DeviceAtlas module logging is silented by
>> default.
>> Also via the -vv flag,
i am looking to setup a transparent intercepting proxy, where i use
iptables to DNAT traffic on port 80 and redirect it to HAProxy and in
turn load balance to Squid for fulfillment. the DNAT to HAProxy works
and the load balance to Squid works, but Squid sees the request without
the correct or
Hi,
I have HAPROXY in front of servers backend which are load balanced.
So, in https, we have only one address where the front https haproxy listen :
bind :443.
And we have some clients for which, we only pass-through the traffic, so we use
the mode tcp .
Frontend https-tcp-in
Mode tcp
O
Hi all,
I'm using this snippet in the config of version 1.5.14 of haproxy:
http-request redirect location
https://www.domain.%[req.fhdr(accept-language),lower,language(de-at;de-ch,de),map(/etc/haproxy/language-map.txt,de)]/
code 301
As soon as there is NO Accept-Language-Header in the request
Hi Baiyang,
On Thu, Dec 03, 2015 at 06:44:29PM +0800, baiyang wrote:
> Hi Willy,
>
> It's a peaceful week, I think the root of the bug has been exactly located to
> "timeout client-fin" and "timeout server-fin" options.
Great, thanks for your encouraging feedback! I'm glad it worked in the end!
Hi,
We just had a strange replication problem on our staging environment.
We have 2 HAproxy servers. They were running for 2 weeks now.
At the beginning, I checked that the stick tables were properly synced.
Today, stick tables were not synced, for example :
root@proxy1>: echo "show table front
True.
This day I spent a lot of time doing a lot of calloc call writing
hence that is probably why it caught my eyes in first place :) thanks.
On 3 December 2015 at 10:33, Willy Tarreau wrote:
> On Wed, Nov 25, 2015 at 03:32:34PM +, David CARLIER wrote:
>> HI all,
>>
>> there is it is a smal
Hi Willy,
It's a peaceful week, I think the root of the bug has been exactly located to
"timeout client-fin" and "timeout server-fin" options.
Thanks :-)
--
Best Regards
BaiYang
baiy...@gmail.com
http://baiy.cn
< END OF EMAIL >
From: Willy Tarreau
Date: 2015-11-26 17:4
Hi,
Attached is a patch with an edit to the information in the README regarding
51Degrees installation and configuration.
Ben.
This email and any attachments are confidential and may also be privileged. If
you are not the named recipient, please notify the sender immediately and do
not disclos
On Wed, Dec 02, 2015 at 12:21:52PM +, David Carlier wrote:
> HI all,
>
> another patch to fix an use case when the attended HTTP header by the
> convertor is not found, either by Haproxy req*del modifiers or even just
> the web browser, hence avoiding a segfault.
>
> Please cc ttr...@deviceat
On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote:
> Hi all,
>
> Here it is a slight change, the DeviceAtlas module logging is silented by
> default.
> Also via the -vv flag, the DeviceAtlas support should be displayed.
Applied, thanks!
Willy
On Wed, Nov 25, 2015 at 03:32:34PM +, David CARLIER wrote:
> HI all,
>
> there is it is a small patch which fix a wrong calloc call, I think.
Both are technically equivalent since calloc multiplies the two members,
but you're perfectly right and seeing them reversed is at least confusing.
I k
On Wed, Nov 18, 2015 at 06:18:19AM +, David CARLIER wrote:
> Hi all,
>
> this should be a harmless patch in order to silence the compiler
> warning in some operating systems regarding time_t / printf format
> specifier.
Applied, thanks David.
Willy
Hi Unkown User!
> Is there any way to get haproxy to listen only on the public IP, other
> than by specifying the IP?
> I dont want this to listen on the loopback.
Use the interface keyword:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-interface
Regards,
Lukas
Is there any way to get haproxy to listen only on the public IP, other than
by specifying the IP?
I dont want this to listen on the loopback.
On 02/12/2015 01:35 μμ, Stefan Johansson wrote:
> Hello,
>
> the usage is based on session rate (i.e the percentage I listed, those are
> the approximate session rates per haProxy process). The CPU% of the
> respective core mirrors this as well (nothing else running on those cores
> basically
-Original Message-
From: Lukas Tribus [mailto:luky...@hotmail.com]
Sent: Wednesday, December 02, 2015 4:42 PM
To: Cohen Galit; Igor Cicimov
Cc: HAProxy
Subject: RE: SSLv2Hello is disabled
Hi Galit,
> I want to emphasize that the following test succeeded:
>
> [root@proxy-au51 ~
Looks like I might have messed something up with the original compilation
(since my target is showing as custom). I'll go back and take a look at
the procedure I used. Thanks.
>From -vv :
Build options :
TARGET = custom
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g -fno
❦ 3 décembre 2015 08:59 +0100, SL :
> I'm trying to use the cpu-map directive on haproxy 1.6 (Debian 8), but
> am getting the error:
>
> 'cpu-map' is not enabled, please check build options for
> USE_CPU_AFFINITY
>
> I understand from this that I need to recompile with some different
> options,
Hi,
I'm trying to use the cpu-map directive on haproxy 1.6 (Debian 8), but am
getting the error:
'cpu-map' is not enabled, please check build options for USE_CPU_AFFINITY
I understand from this that I need to recompile with some different
options, but could anyone point me in the direction of ho
60 matches
Mail list logo