regarding tune.http.maxhdr

2017-02-07 Thread Sukbum Hong
Hi, All. One customer is experiencing "502 Bad Gateway" error when Apache web server responses with lots(over 100) of "Set-Cookie" Header and found that following limitation in the default configuration of haproxy. Environment is L7 haproxy ==> nginx reverse proxy ==> Apache web server as HTTP or

RE: Haproxy loabalance with cookie

2017-02-07 Thread Hoang Le Trung
Hi Aaron, Here is my haproxy configure frontend kylin-web bind 192.168.1.120:7077 acl url_static path_beg -i /kylin stats enable stats uri /haproxy?stats stats realm Strictly\ Private default_backend app #

Re: Lua sample fetch logging ends up in response when doing http-request redirect

2017-02-07 Thread Willy Tarreau
On Tue, Feb 07, 2017 at 06:37:09PM +, Jesse Schulman wrote: > Thank you for the update, we are running the patch Thierry provided with > success, but we only do a lua call within the %[] almost identically to the > simple reproducer I provided. I *think* we are safe considering we don't > do a

Re: Debug Log: Response headers logged before rewriting

2017-02-07 Thread Daniel Schneller
Hello everyone! While I have since figured out what my original problem was, the original question remains. Is this intentional, am I missing something, or both? :) Cheers, Daniel > On 3. Feb. 2017, at 13:40, Daniel Schneller > wrote: > > Hi there! > > I currently trying to figure out a p

Re: Debug Log: Response headers logged before rewriting

2017-02-07 Thread Skarbek, John
I’ve run into this issue in the past. It’d be great if someone could provide some insight. I ended up blogging about this in the past: http://jtslear.github.io/haproxy-url-rewrite-logging-double-take/ -- John Skarbek On February 7, 2017 at 14:00:25, Daniel Schneller (daniel.schnel...@centerd

Re: Lua sample fetch logging ends up in response when doing http-request redirect

2017-02-07 Thread Jesse Schulman
Thank you for the update, we are running the patch Thierry provided with success, but we only do a lua call within the %[] almost identically to the simple reproducer I provided. I *think* we are safe considering we don't do any redirect in the way that your (Willy's) reproducer is doing it. We w

Dynamically manage server SSL certificates?

2017-02-07 Thread Cedric Maion
Hi, I'm thinking about using HAProxy to terminate SSL connections for thousands of domains on a single frontend (using SNI). Certificates will obviously need to be added/removed/renewed quite regularly. Right now it seems that the usual strategy to manage this is to maintain the list of all cert

Re: Strange behavior of sample fetches in http-response replace-header option

2017-02-07 Thread Holger Just
Hi all, I just checked and the issue is still present in current master. Could you maybe have a look at this issue? It smells a bit like this could potentially be connected to the issue discussed in the thread "Lua sample fetch logging ends up in response when doing http-request redirect". Howeve

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

2017-02-07 Thread Emmanuel Hocdet
you need: ADDLIB="-lpthread -ldecrepit" > Le 7 févr. 2017 à 16:09, Igor Pav a écrit : > > Hi, Emmanuel. build with static lib, but no luck, can you provide some > building details? Thanks. > > /build/slib/libcrypto.a(thread_pthread.c.o): In function `CRYPTO_MUTEX_init': > /root/boringssl/crypto

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

2017-02-07 Thread Igor Pav
Hi, Emmanuel. build with static lib, but no luck, can you provide some building details? Thanks. /build/slib/libcrypto.a(thread_pthread.c.o): In function `CRYPTO_MUTEX_init': /root/boringssl/crypto/thread_pthread.c:31: undefined reference to `pthread_rwlock_init' /build/slib/libcrypto.a(thread_pth

Re: ROI Driven Campaign For haproxy.org

2017-02-07 Thread Caroll Acosta
Hello *haproxy.org* Team, I was fascinated visiting your website – *haproxy.org* . Clearly, your company has a rich and interactive website and hopefully you make adequate online traffic, sales or lead generation. No? Allow me to put toget

Re: 1.8dev 405ff31e31eb1cbdc76ba0d93c6db4c7a3fd497a regression ?

2017-02-07 Thread Emmanuel Hocdet
Hi Jarno, I'm not able to reproduce this crash with current 1.8dev and openssl 1.0.2j. Manu > Le 5 févr. 2017 à 20:04, Jarno Huuskonen a écrit : > > Hi, > > Commit 405ff31e31eb1cbdc76ba0d93c6db4c7a3fd497a > (BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL) is causing > trouble (with

Re: [PATCH] BUILD: ssl: fix to build (again) with boringssl

2017-02-07 Thread Emmanuel Hocdet
I Igor, I build haproxy with boringssl static library to avoid any conflict with openssl shared lib. It also need to be link with libdecrepit (boringssl). > Le 30 janv. 2017 à 14:28, Igor Pav a écrit : > > sorry for unclear question, it's quite simple, build haproxy from git > with boringssl (D

RE: frequently reload haproxy without sleep time result in old haproxy process never dying

2017-02-07 Thread Pierre Cheynier
Hi, I guess you're using a systemd-based distro. You should have a look at this thread https://www.mail-archive.com/haproxy@formilux.org/msg23867.html. The patches were applied to 1.7, but apparently backported to 1.6.11 and 1.5.19 since. Now I have a clean termination of old processes, no mo

Re: Lua sample fetch logging ends up in response when doing http-request redirect

2017-02-07 Thread Willy Tarreau
On Tue, Feb 07, 2017 at 11:21:20AM +0100, thierry.fourn...@arpalert.org wrote: > Hi, > > This bug should be backported from 1.5 to 1.7, and obviously in 1.8. > unfortunately, the problem is nt cleanly fixed (it is just move), so we > work on another - and definitive - fix. Indeed, just to give a

Re: Lua sample fetch logging ends up in response when doing http-request redirect

2017-02-07 Thread thierry . fournier
Hi, This bug should be backported from 1.5 to 1.7, and obviously in 1.8. unfortunately, the problem is nt cleanly fixed (it is just move), so we work on another - and definitive - fix. Thierry On Mon, 06 Feb 2017 17:41:15 + Jesse Schulman wrote: > Any idea on if this will be going into 1.

Re: Haproxy loabalance with cookie

2017-02-07 Thread Aaron West
Hi Hoang, Could we get your HAproxy config please, an example of both scenarios would be best. It may help to better to better understand your situation. Aaron West Loadbalancer.org Limited +44 (0)330 380 1064 www.loadbalancer.org On 7 February 2017 at 01:55, Hoang Le Trung wrote: > Hi > > >