>> If you can't use layer 7 features then you can't access the
>> CF-Connecting-IP header in nginx.
>
> ...HAProxy, not Nginx, no ?
Yes, I mixed that up, haproxy was what I meant.
> Otherwise that would be nice to be able pass client IP address as an
> argument to send-proxy directive.
> Exampl
Am 28-01-2016 09:19, schrieb Lukas Tribus:
Otherwise that would be nice to be able pass client IP address as an
argument to send-proxy directive.
Example: send-proxy hdr_ip(x-forwarded-for)
Thats what Aleks proposed with something like this:
http-request set-src hdr(CF-Connecting-IP)
Thi
2016-01-28 10:56 GMT+01:00 Aleksandar Lazic :
> Maybe it would be a nice idea to add something like.
>
> proxy-protocol set-src hdr(CF-Connecting-IP)
>
> Opinions about this?
Something like "proxy-protocol set-src []", yep :)
--
Jonathan Leroy
http://www.inikup.com/
Tel: +33 (0)9 74 77 41 72
> Maybe it would be a nice idea to add something like.
>
> proxy-protocol set-src hdr(CF-Connecting-IP)
>
> Opinions about this?
Doesn't:
http-request set-src hdr(CF-Connecting-IP)
in combination with a standard proxy-protocol config
already do that?
Lukas
2016-01-28 11:47 GMT+01:00 Lukas Tribus :
> Doesn't:
> http-request set-src hdr(CF-Connecting-IP)
>
> in combination with a standard proxy-protocol config
> already do that?
Yes, but it doesn't work with SPDY or HTTP/2 backends.
--
Jonathan Leroy
http://www.inikup.com/
Tel: +33 (0)9 74 77 41 72
Am 28-01-2016 12:01, schrieb Jonathan Leroy - Inikup:
2016-01-28 11:47 GMT+01:00 Lukas Tribus :
Doesn't:
http-request set-src hdr(CF-Connecting-IP)
in combination with a standard proxy-protocol config
already do that?
Yes, but it doesn't work with SPDY or HTTP/2 backends.
But then it is m
Hello,
I have an option http-ignore-probes in defaults section.
When I declare frontend in "tcp" mode, I get the following warning:
[WARNING] 027/172718 (18281) : config : 'option http-ignore-probes' ignored for
frontend 'MYTEST-front' as it requires HTTP mode.
In defaults section I have other
hi,
i'm using HAProxy mainly to redistribute HTTP(S) requests to different
backends depending on their domain (via host header) to implement vhosts
on a single IP.
i'd like to have the same for SMTP, but unfortunately it's much harder,
since we get to know the target domain late in the SMTP-
Hi guys,
I figured I could use map feature of 1.5, but I'm coming up short,
trying to change this:
use_backend %[req.hdr(host),lower,map(/path/tofile)]
To instead take a part of the uri.
I can't find any list of functions (such as hdr, hdr_end etc.) in the
docs :(
I figured I could use
I got this to work:
use_backend %[path,lower,map_reg(/path/tofile)]
and with a map file containing:
^\/sebseb/
^\/test2/
and so on..
Only issue is the performance hit.. its going to do regex match with
path on each line in the map file.. :(
I'd prefer to find a function to replace path.. wh
Hi,
I am not sure if there is a better way, but the only one I can think of
would be something like:
http-request set-header X-Tmp %[path]
http-request replace-header X-Tmp /([^/]+) \1
use_backend %[req.hdr(X-Tmp),lower,map(/path/tofile)]
No idea which one is preferable with regards to
Hello,
I'm trying to use HAProxy as a ssl terminator for HTTP and WebSocket.
My problem is that sometimes (randomly it seems) HAProxy selects the wrong
backend and send my ws upgrade request to the http backend.
Below is my haproxy.cfg:
global
log 127.0.0.1 local0
chroot /var/lib
Hi Gustavo,
> Below is my haproxy.cfg:
We will need to know the exact release you are using, because they
have different defaults.
Regards,
Lukas
Right, sorry.
I compiled 1.6.3 from source with the options: TARGET=custom USE_PCRE=1
USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_OPENSSL=yes
Gustavo
On 28 January 2016 at 16:47, Lukas Tribus wrote:
> Hi Gustavo,
>
>
> > Below is my haproxy.cfg:
>
> We will need to know the exact release you are
Hi Gustavo,
> I compiled 1.6.3 from source with the options: TARGET=custom USE_PCRE=1
> USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_OPENSSL=yes
Unless you have a kernel older than 2.6.28, just use the linux2628
target:
TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1
This will enable all current kernel
Hi Lukas,
I have changed my configurations accordingly and it's working.
Thank you very much!
Gustavo
On 28 January 2016 at 18:04, Lukas Tribus wrote:
> Hi Gustavo,
>
>
>
> > I compiled 1.6.3 from source with the options: TARGET=custom USE_PCRE=1
> > USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_OP
I've been running into a problem for a few weeks that I was hoping to see
disappear w/ a simple upgrade to 1.6.3.
I'm using consul and it's templating to dynamically expand a backend list
which then runs an haproxy reload using the init scripts in the contrib dir.
I haven't been able to trace how
On 28/01/2016 10:35 μμ, David Birdsong wrote:
> I've been running into a problem for a few weeks that I was hoping to
> see disappear w/ a simple upgrade to 1.6.3.
>
> I'm using consul and it's templating to dynamically expand a backend
> list which then runs an haproxy reload using the init scrip
On Fri, Jan 29, 2016 at 2:27 AM, Klavs Klavsen wrote:
> I got this to work:
>
> use_backend %[path,lower,map_reg(/path/tofile)]
>
> and with a map file containing:
> ^\/sebseb/
> ^\/test2/
>
> and so on..
>
> Only issue is the performance hit.. its going to do regex match with path
> on each line
On Thu, Jan 28, 2016 at 6:35 PM, Pavlos Parissis
wrote:
> On 28/01/2016 10:35 μμ, David Birdsong wrote:
> > I've been running into a problem for a few weeks that I was hoping to
> > see disappear w/ a simple upgrade to 1.6.3.
> >
> > I'm using consul and it's templating to dynamically expand a ba
21 matches
Mail list logo
