On 17/03/2016 04:49 μμ, Nenad Merdanovic wrote:
> Hello Pavlos,
>
> On 3/17/2016 4:45 PM, Pavlos Parissis wrote:
>> I am working(not very actively) on a solution which utilizes this.
>> It will use www.vaultproject.io as central store, a generating engine
>> and a pull/push mechanism in place.
>
Also, I would consider setting maxconn appropriately to be critical. You
want it high enough to handle your peaks/spikes, but not so high as to
consume all resources available on the machine.
On Thu, Mar 17, 2016 at 9:49 AM, Baptiste wrote:
>
>
> On Thu, Mar 17, 2016 at 1:17 PM, Gregg Cransh
Thanks for the reply!
Ok so based on what you saw in my config, does it look like we’re misconfigured
enough to cause this to happen?
If we were misconfigured, one would assume we would go down all the time yeah?
From: Igor Cicimov
mailto:ig...@encompasscorporation.com>>
Date: Wednesday, March
On Thu, Mar 17, 2016 at 11:14 AM, Zachary Punches
wrote:
> I wanna say average is like 4-6 connections a second? Super minimal
>
> From what I’ve seen in the logs during the SSL errors, the log hangs then
> outputs a bunch of SSL errors all at once.
>
> Here it the output from sysctl –p
> net.ipv
I'm trying to get my head around how to get multiple HTTPS sites on
one public IP with HAProxy
After reading
http://blog.haproxy.com/2012/04/13/enhanced-ssl-load-balancing-with-server-name-indication-sni-tls-extension/
I've got a rough idea of how to do the SNI ACLs
To keep all of the HTTPS ter
On Thu, Mar 17, 2016 at 5:29 AM, Zachary Punches
wrote:
> I’m not, these guys aren’t sitting behind an ELB. They sit behind route53
> routing. If one of the proxy boxes fails 3 checks in 30 seconds (with 4
> checks done a second) then Route53 changes its routing from the first proxy
> box to the
Hello Gary,
On 3/17/2016 11:51 AM, Gary Barrueto wrote:
>
> While that would help a single server, how about when dealing with multi
> servers + anycast: Has there been any thoughts about sharing ssl/tls
> session cache between servers? Like how apache can use memcache to store
> its cache or how
On Thu, Mar 17, 2016 at 1:17 PM, Gregg Cranshaw
wrote:
> Hello,
>
> I am in the middle of a project where I have to setup a couple of load
> balancers to allow load balancing traffic to some web app servers and to
> provide an easy way to swap out some other resources. I have spent a lot of
> tim
Hi Bowen,
> Hi,
>
> We are using -p option to save the pid of HAProxy. When a new HAProxy
> is received, we use -st pid option to reload HAProxy.
> The issue we are having is that -st option sometimes does not kill the
> old process.
Please upgrade to 1.5.16 or 1.6.4, there have been fixes
Ok! Here is a bunch of info that might better assist with the issue:
Each of our clients has an HAProxy install that forwards requests for 80 and
443 to 1025 and 1026 respectively. These requests are forwarded over TCP using
proxy protocol to our HAP instances.
Our HAP instances then SSL term t
I'm trying to add a header only if the last occurrence of it is not
the frontend_name (%f), but the header field name comparison seems to
be case sensitive when it should not be ?
haproxy.cfg
listen foo.bar
bind :10001
mode http
log 127.0.0.1:514 local2 debug info
acl XOH_OK
Hi Jim,
Le 18/03/2016 21:52, Jim Freeman a écrit :
I'm trying to add a header only if the last occurrence of it is not
the frontend_name (%f), but the header field name comparison seems to
be case sensitive when it should not be ?
The analysis is not correct.
haproxy.cfg
listen foo.
Hi Lukas,
On 2016-03-16 16:53, Lukas Tribus wrote:
The "option httpclose" was on purpose. Also the client could (during a
attack) simply do the same and achieve the same result. I don't think
that will help in such cases.
So what you are actually and purposely benchmarking are SSL/TLS
handshak
Hi.
Am 16-03-2016 15:17, schrieb Christian Ruppert:
Hi,
this is rather HAProxy unrelated so more a general problem but anyway..
I did some tests with SSL vs. non-SSL performance and I wanted to share
my
results with you guys but also trying to solve the actual problem
So here is what I did:
Hi Christian,
On Fri, Mar 18, 2016 at 11:31:57AM +0100, Christian Ruppert wrote:
> I also just stumbled over this:
> https://software.intel.com/en-us/articles/accelerating-ssl-load-balancers-with-intel-xeon-v3-processors
> Might be interesting for others as well. So ECC and multi-threaded/process
15 matches
Mail list logo