On 15.04.2016 16:01, Christian Ruppert wrote:
> Hi,
>
> would it be possible to inherit the SSL information from a SSL
> listener/frontend via PROXY protocol?
> So for example:
>
> listen ssl-relay
> mode tcp
>
> ...
>
> server rsa unix@/var/run/haproxy_ssl_rsa.sock send-proxy-v2
>
Did a bit more digging on the most recent instance, and found that the
haproxy pid doing the hogging was handling a connection to the stats
port :
listen haproxy_stats :5
stats enable
stats uri /
no log
, with this 'netstat -pantlu' entry :
tcp0 99756 10.34.17
Hi Jim,
Le 15/04/2016 23:20, Jim Freeman a écrit :
I have haproxy slaved to 2d cpu (CPU1), with frequent config changes
and a '-sf' soft-stop with the now-old non-listening process nannying
old connections.
Sometimes CPU1 goes to %100, and then a few minutes later request
latencies suffer acros
Hello,
I know this question is stupid. Is there a coding style for config
files, like this: http://www.haproxy.org/coding-style.html ?
Cheers,
Michael
signature.asc
Description: OpenPGP digital signature
I have haproxy slaved to 2d cpu (CPU1), with frequent config changes
and a '-sf' soft-stop with the now-old non-listening process nannying
old connections.
Sometimes CPU1 goes to %100, and then a few minutes later request
latencies suffer across multiple haproxy peers.
An strace of the nanny hapr
Oh, great thanks!
On Thu, Apr 14, 2016 at 11:50 PM Willy Tarreau wrote:
> Hi David,
>
> On Fri, Apr 15, 2016 at 03:35:11AM +, David Birdsong wrote:
> > Is there anyway to use:
> >
> > http-request set-var()
> >
> > to set a var for later use in forming an ACL?
> >
> > I've tried all the pref
Hi,
are there are plans to support DNS resolution based on TTL a la NGINX? This
would be helpful for use cases where the upstream is an ELB or similar
system. I've pasted a reply from AWS support based on some observations
from a couple of our services that use HAProxy 1.6 in front of ELBs. Note
t
On Apr 15, 2016 4:24 AM, "Janusz Dziemidowicz"
wrote:
>
> 2016-04-14 17:39 GMT+02:00 David Martin :
> > Here's a revised patch, it throws a fatal config error if
> > SSL_CTX_set1_curves_list() fails. The default echde option is used so
> > current configurations should not be impacted.
> >
> > So
Hi,
would it be possible to inherit the SSL information from a SSL
listener/frontend via PROXY protocol?
So for example:
listen ssl-relay
mode tcp
...
server rsa unix@/var/run/haproxy_ssl_rsa.sock send-proxy-v2
listen ssl-rsa_ecc
mode tcp
...
bind unix@/var/run/hap
Hi,
I have a concret use case that need http/2 : one ssl frontend with
multiple heterogeneous (h2,http/1.1) backends
gRPC is http2 only and if you have to use it behind a single domain
you need to be able to route http/2 traffic among http/1.1.
In this case, I need to apply some http specific ru
On 15/04/2016 11:44 πμ, Willy Tarreau wrote:
> Hi Christian,
>
> On Fri, Apr 15, 2016 at 11:26:18AM +0200, Christian Ruppert wrote:
>> Just in case someone is interested in this setup:
>> Don't put the two SSL binds into the frontend. Add a second listener for the
>> two SSL binds and from there
On Fri, Apr 15, 2016 at 11:56:20AM +0200, Pavlos Parissis wrote:
> nbproc > 1 introduces also 2 other __issues__ which has been discussed
> several times in this ML:
>
> 1) the aggregation of statistics
> 2) performing operations such as disable/enable/change weight.
> In setups where the frontend
On 15/04/2016 11:26 πμ, Christian Ruppert wrote:
> On 2016-04-14 11:06, Christian Ruppert wrote:
>> Hi Willy,
>>
>> On 2016-04-14 10:17, Willy Tarreau wrote:
>>> On Thu, Apr 14, 2016 at 08:55:47AM +0200, Lukas Tribus wrote:
Le me put it this way:
frontend haproxy_test
bind-pr
Hi Christian,
On Fri, Apr 15, 2016 at 11:26:18AM +0200, Christian Ruppert wrote:
> Just in case someone is interested in this setup:
> Don't put the two SSL binds into the frontend. Add a second listener for the
> two SSL binds and from there via send-proxy-v2 to the frontend.
> Why? Because havin
On 2016-04-14 11:06, Christian Ruppert wrote:
Hi Willy,
On 2016-04-14 10:17, Willy Tarreau wrote:
On Thu, Apr 14, 2016 at 08:55:47AM +0200, Lukas Tribus wrote:
Le me put it this way:
frontend haproxy_test
bind-process 1-8
bind :12345 process 1
bind :12345 process 2
bind :12345 process 3
2016-04-15 11:16 GMT+02:00 Pavlos Parissis :
> But on server side you need openssl 1.1.0[1] which is not ready yet and
> I think it requires changes on haproxy. Nginx has already some level of
> support[2] for openssl 1.1.0.
Sure, I didn't mean that it will work right now, but someday,
somewhere i
2016-04-14 17:39 GMT+02:00 David Martin :
> Here's a revised patch, it throws a fatal config error if
> SSL_CTX_set1_curves_list() fails. The default echde option is used so
> current configurations should not be impacted.
>
> Sorry Janusz, forgot the list on my reply.
I believe that now it is wr
On 15/04/2016 10:58 πμ, Janusz Dziemidowicz wrote:
> 2016-04-15 6:55 GMT+02:00 Willy Tarreau :
>>> Switching ECDHE curves can have performance impact, for example result
>>> of openssl speed on my laptop:
>>> 256 bit ecdh (nistp256) 0.0003s 2935.3
>>> 384 bit ecdh (nistp384) 0.0027s36
2016-04-15 6:55 GMT+02:00 Willy Tarreau :
>> Switching ECDHE curves can have performance impact, for example result
>> of openssl speed on my laptop:
>> 256 bit ecdh (nistp256) 0.0003s 2935.3
>> 384 bit ecdh (nistp384) 0.0027s364.9
>> 521 bit ecdh (nistp521) 0.0016s623.2
>> The d
19 matches
Mail list logo