Hi Willy,
Some time back, I had worked on making health checks being done by only
one HAProxy process, and to share this information on a UP/DOWN event to
other processes (tested for 64 processes). Before I finish it completely, I
wanted to check with you if this feature is useful. At that time, I
On Mon, Feb 13, 2017 at 10:50:36PM +0100, Aleksandar Lazic wrote:
> What I mean is that.
>
> haproxy have already a config parser.
>
> Why not use this config parser and add new keyword for error files.
>
> With this approach the customers can reuse there config without problems.
But I don't se
Am 13-02-2017 14:47, schrieb Willy Tarreau:
Hi Aleks,
On Mon, Feb 13, 2017 at 01:19:54PM +0100, Aleksandar Lazic wrote:
Hi.
Am 13-02-2017 12:15, schrieb Willy Tarreau:
> On Mon, Feb 13, 2017 at 11:33:53AM +0100, Michael Hamburger wrote:
> > > Willy wrote:
[snipp]
> > > Maybe you're interest
On Mon, Feb 13, 2017 at 05:19:42PM +0100, Michael Hamburger wrote:
> I started working on the changes. To discuss the changes I forked unofficial
> HAProxy repository. I know it's not synchronized to the git repo but I think
> it's easier discussing some changes via links I can post directly in thi
Mathieu,
I have often been fooled like this by multiple haproxy instances running at the
same time.
Whenever I had restarted them with config changes there were sometimes open
client connections keeping instances with older configs alive. Those would
respond to a random set of the connections.
I started working on the changes. To discuss the changes I forked
unofficial HAProxy repository. I know it's not synchronized to the git
repo but I think it's easier discussing some changes via links I can
post directly in this mail. Everyone just can click on the URLs and
knows what I mean.
Hello.
I have setup HAProxy on our environment and I can see a very strange behaviour.
I have the following configuration (Just a part of it) :
global
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
tune.maxrewrite 4096
### Def
New version of this patch.
It’s a cleanup, it avoid internal structure usage and remove CBS_strdup need.
Extended tests with mixing npn/alpn in crt-list show that boringssl need to
use SSL_CTX_set_select_certificate_cb (only in boringssl) to work correctly.
(With openssl the certificate is selecte
Hi Aleks,
On Mon, Feb 13, 2017 at 01:19:54PM +0100, Aleksandar Lazic wrote:
> Hi.
>
> Am 13-02-2017 12:15, schrieb Willy Tarreau:
> > On Mon, Feb 13, 2017 at 11:33:53AM +0100, Michael Hamburger wrote:
> > > > Willy wrote:
> [snipp]
>
> > > > Maybe you're interested in trying to implement the stu
Hi.
Am 13-02-2017 12:15, schrieb Willy Tarreau:
On Mon, Feb 13, 2017 at 11:33:53AM +0100, Michael Hamburger wrote:
> Willy wrote:
[snipp]
> Maybe you're interested in trying to implement the stuff above ? If
> so, just let me know, I can give you a few hints which could possibly
> help.
I wo
On Mon, Feb 13, 2017 at 11:33:53AM +0100, Michael Hamburger wrote:
> > Thanks for the description. However this change causes a big issue which
> > is that a printf-format file is directly exposed outside. The nasty side
> > effect is that someone using 2 "%s" instead of exactly one will cause
> >
Hello Willy,
thanks for answering.
Thanks for the description. However this change causes a big issue which
is that a printf-format file is directly exposed outside. The nasty side
effect is that someone using 2 "%s" instead of exactly one will cause
the process to randomly crash for example, an
On Mon, Feb 13, 2017 at 10:22:35AM +0100, Willy Tarreau wrote:
> On Fri, Feb 10, 2017 at 01:57:58AM +0800, Igor Pav wrote:
> > Thank you, did the trick. Config haproxy backend server to use SSL
> > like "server s1 s1.local:1000 ssl" will cause segment fault.
> >
> > boringssl/crypto/digest/digest.
> Le 13 févr. 2017 à 08:20, Willy Tarreau a écrit :
>
> On Fri, Feb 10, 2017 at 10:54:46AM +0100, Emmanuel Hocdet wrote:
>> Hi,
>>
>>> Le 10 févr. 2017 à 10:07, Jarno Huuskonen a écrit :
>>>
>>> Hi,
>>>
>>> On Wed, Feb 08, Jarno Huuskonen wrote:
On Tue, Feb 07, Emmanuel Hocdet wrote:
>>
On Mon, Feb 13, 2017 at 11:29:26AM +0200, Jarno Huuskonen wrote:
> Yes, this patch fixes the crash for me.
>
> (also reverting commit 405ff31e31eb1cbdc76ba0d93c6db4c7a3fd497a ->
> no crash).
OK thanks to all involved. I'm going to merge this one now. I thought I
had backported the faulty patch to
> De: "Willy Tarreau"
> > From some quick tests in a docker container with centos 7, once the
> > patch is applied, I don't reproduce the segfault anymore.
> > I let Jarno confirm but it looks promising ;-)
>
> Cool, thanks. Did you reproduce it without the patch ?
Yes, using the configuration p
Hi,
On Mon, Feb 13, Willy Tarreau wrote:
> On Fri, Feb 10, 2017 at 10:54:46AM +0100, Emmanuel Hocdet wrote:
> > Hi,
> >
> > > Le 10 févr. 2017 à 10:07, Jarno Huuskonen a
> > > écrit :
> > >
> > > Hi,
> > >
> > > On Wed, Feb 08, Jarno Huuskonen wrote:
> > >> On Tue, Feb 07, Emmanuel Hocdet wro
On Fri, Feb 10, 2017 at 01:57:58AM +0800, Igor Pav wrote:
> Thank you, did the trick. Config haproxy backend server to use SSL
> like "server s1 s1.local:1000 ssl" will cause segment fault.
>
> boringssl/crypto/digest/digest.c:98: EVP_MD_CTX_cleanup: Assertion
> `ctx->pctx == ((void *)0) || ctx->p
Hi Jarno,
On Sat, Feb 11, 2017 at 12:11:47PM +0200, Jarno Huuskonen wrote:
> > I think there's a problem in http_error_message(), there were some
> > conditions to detect certain error cases on reused connections for
> > which we had to remain silent and these conditions have disappeared
> > so we
Hi Cyril,
On Mon, Feb 13, 2017 at 10:12:34AM +0100, Cyril Bonté wrote:
> Hi Willy,
>
> > De: "Willy Tarreau"
> > [...]
> > Hmmm wait a minute, there's bug in this commit :
> >
> > @@ -4022,15 +4022,15 @@ static void ssl_sock_shutw(struct connection
> > *conn, int
> > {
> > if (conn->fl
Hi Willy,
> De: "Willy Tarreau"
> [...]
> Hmmm wait a minute, there's bug in this commit :
>
> @@ -4022,15 +4022,15 @@ static void ssl_sock_shutw(struct connection
> *conn, int
> {
> if (conn->flags & CO_FL_HANDSHAKE)
> return;
> + if (!clean)
> + /*
21 matches
Mail list logo