Re: Deny with 413 request too large

>>> >>> errorfile 413 /usr/local/etc/haproxy/errors/413.http >>> http-request deny deny_status 413 if { req.body_size gt 10485760 } >>> >>> ... HAProxy complains with: >>> >>> [WARNING] 135/001448 (27) : parsing [/etc/haproxy/haproxy.cfg:15] : status >>> code 413 not handled by 'errorfile',

Re: Deny with 413 request too large

> Em 17 de mai de 2017, à(s) 19:34, Bryan Talbot > escreveu: > > >> On May 15, 2017, at May 15, 6:35 PM, Joao Morais >> wrote: >> >> errorfile 413 /usr/local/etc/haproxy/errors/413.http >> http-request deny deny_status 413 if { req.body_size gt 10485760 } >> >> ... HAProxy complains wi

Re: Graceful shutdown of haproxy

Thanks for pointing out the obvious flaw Maciej. Is it possible to modify option #2 (Lua-script powered endpoint) to define a read-write endpoint where read endpoint (HTTP GET) returns the health status while the write endpoint (HTTP POST on the same port) will update an in-memory variable that re

Re: Graceful shutdown of haproxy

On 22 May 2017 at 00:23, Gold Star wrote: > We can assume that the decider process sets an environment variable, say > HEALTHY, to true or false at any time it wants. We would like an haproxy > instance to return a healthy signal iff it is genuinely healthy and the > HEALTHY environment variable i

Re: OpenSSL engine and async support

Hi Willy, On 05/17/2017 10:10 PM, Willy Tarreau wrote: > Hi Emeric, > > On Wed, May 17, 2017 at 09:49:32PM +0200, Emeric Brun wrote: >> More fixes, it appears stable now, even if session are closed during >> handshake. >> >> I also added the support of multiple async engines (latest patch: it is

Re: [PATCH] MINOR: boringssl: basic support for OCSP Stapling

Hi Emeric, > Le 22 mai 2017 à 14:21, Emeric Brun a écrit : > On 03/29/2017 04:46 PM, Emmanuel Hocdet wrote: >> >> Use boringssl SSL_CTX_set_ocsp_response to set OCSP response from file with >> '.ocsp' extension. CLI update is not supported. >> > > Could you add this detail in the doc? > yep:

[PATCH] BUILD: ssl: fix SSL_OP_NO_SSLv3 with LibreSSL >= 2.3.0

Hi Cyril,This patch should fix the build issue 0001-BUILD-ssl-fix-SSL_OP_NO_SSLv3-with-LibreSSL-2.3.0.patch Description: Binary data Can you check it’s your case?ManuLe 22 mai 2017 à 12:08, Emmanuel Hocdet a écrit :Hi Cyril,Le 18 mai 2017 à 23:02, Cyril Bonté

Re: [PATCH] MINOR: boringssl: basic support for OCSP Stapling

Hi Manu, On 03/29/2017 04:46 PM, Emmanuel Hocdet wrote: > > Use boringssl SSL_CTX_set_ocsp_response to set OCSP response from file with > '.ocsp' extension. CLI update is not supported. > Could you add this detail in the doc? R, Emeric

Re: [Patches] TLS methods configuration reworked

Hi Cyril, > Le 18 mai 2017 à 23:02, Cyril Bonté a écrit : > > Hi all, > > Le 12/05/2017 à 15:13, Willy Tarreau a écrit : >> Hi guys, >> >> On Tue, May 09, 2017 at 11:21:36AM +0200, Emeric Brun wrote: >>> It seems to do what we want, so we can merge it. >> >> So the good news is that this patc

Is it possible to disable SSL if not certificates are found?

Hi All, I am trying to automate some tasks with adding multiple https (LetsEncrypt) websites, and using HAProxy as a TLS Termination Proxy. The problem is that when you start off with an empty server, there are no certificates yet, and it is not possible to have "bind *:443 ssl crt /etc/haproxy/c

Graceful shutdown of haproxy

Hi, I am looking for a way to (1) report health from a haproxy instance, such that (2) the health response is set by another "decider" process on the same host. What is the best way to go about it? I am using version 1.7.1 but can upgrade if need be. We can assume that the decider process sets an