Re: 1.7.6 redirect regression (commit 73d071ecc84e0f26ebe1b9576fffc1ed0357ef32)

❦ 21 juin 2017 11:48 +0200, William Lallemand  : >> > This bug was fixed in 1.8 (see commit >> > 9f724edbd8d1cf595d4177c3612607f395b4380e "BUG/MEDIUM: http: Drop the >> > connection establishment when a redirect is performed"). I attached >> > the patch. Could you quickly

Re: [PATCH] MINOR: cli: ability to change a server's name

Hi Joey, On Thu, Jun 22, 2017 at 04:20:36PM -0700, Joseph Lynch wrote: > Hi Willy, > > > OK so if we add a string as the external identifier (let's at least > > give a name to this thing) and the ability to lookup by transport > > address, you have everything : > > - the mesos/kubernetes

Re: [PATCH] MINOR: cli: ability to change a server's name

Hi Willy, > OK so if we add a string as the external identifier (let's at least > give a name to this thing) and the ability to lookup by transport > address, you have everything : > - the mesos/kubernetes identifier directly accessible > - the IP:port directly accessible > > Did I miss

Re: Reverse Gateway Throught Security Zones

Hello Himer, this is probably not the response you wanna hear ... Am 22.06.2017 um 22:47 schrieb Himer Martinez: > Hello Guys, > > Sorry to botter you with my specific questions :-) > > Let's imagine a paranoic security team who forbide http and tcp flows between > the dmz zone and the green

Re: [PATCH] MINOR: cli: ability to change a server's name

On Thu, Jun 22, 2017 at 11:46:12AM -0700, Joseph Lynch wrote: > Hm, I'm still struggling to understand why this is a problem as an > option for operators, sorry if I'm being dense! No it's not because you're dense, it's simply because you're using a very small subset of haproxy's features and in

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Daniel, Here's a different approach to your problem. As someone who wears too many hats, I am often asked about reencrypting connections that are terminated by haproxy. Since this is a common occurrence between a small number of systems, it is much more efficient to create a small IPSec

Re: Logging SSL pre-master-key

On 2017/6/19 13:54, Patrick Hemmer wrote: > > > On 2017/6/17 00:00, Willy Tarreau wrote: >> Hi Patrick, >> >> On Fri, Jun 16, 2017 at 09:36:30PM -0400, Patrick Hemmer wrote: >>> The main reason I had for supporting the older code is that it seems >>> many (most?) linux distros, such as the one we

Re: [PATCH] MINOR: cli: ability to change a server's name

Hm, I'm still struggling to understand why this is a problem as an option for operators, sorry if I'm being dense! > The server state is a perfect example of huge breakage that would be > caused by such a change. In short, you start with the names from the > configuration file, which are looked

Re: [PATCH] MINOR: cli: ability to change a server's name

On Thu, Jun 22, 2017 at 08:55:03AM -0700, Joseph Lynch wrote: > > If it's about the stats page, I think we'd rather emit the FQDN there, > > what do you think ? > It is about the stats page, but also about our automation's ability to > take information from a service registry (which has host+port

Re: [PATCH] MINOR: cli: ability to change a server's name

> If it's about the stats page, I think we'd rather emit the FQDN there, > what do you think ? It is about the stats page, but also about our automation's ability to take information from a service registry (which has host+port pairs + health information) and identify which server in a HAProxy

Re: SD Termination state after upgrade from 1.5.12 to 1.7.3

Le 16/06/2017 à 16:19, Christopher Faulet a écrit : Le 16/06/2017 à 13:29, Juan Pablo Mora a écrit : Linux version: Red Hat Enterprise Linux Server release 5.11 (Tikanga) Linux dpoweb08 2.6.18-417.el5 #1 SMP Sat Nov 19 14:54:59 EST 2016 x86_64 x86_64 x86_64 GNU/Linux HAProxy versión: 1.7.5

Re: Trouble getting rid of Connection Keep-Alive header

Title: Re: Trouble getting rid of Connection Keep-Alive header Hi Mats, Mats Eklund wrote on 22.06.2017: Hi Holger, Many thanks for this hint. I guess I will need to follow up with Openshift/RedHat. I have posted a question in the forum there, but so far no feedback:

Re: [PATCH] MINOR: cli: ability to change a server's name

Hi Joe, On Thu, Jun 22, 2017 at 12:42:57AM -0700, Joseph Lynch wrote: > I've been working on a change to Synapse[1] to allow it to use the > "set server addr" directive to reserve a large(ish) pool of servers in > a backend and dynamically set server host/ports into that pool as they > come and

Re: haproxy does not capture the complete request header host sometimes

Hi Daniel, On Thu, Jun 22, 2017 at 10:45:27AM +0200, Daniel Schneller wrote: > If I read the patch correctly, even though it is classified as "MINOR" it > will fail with an error on startup, when the configuration has a value > outside the range. > When backporting into the stable branches, this

Designing Your Commercial Website for More Visitors

Hello Haproxy.Org Team, I hope you are having a great day. We are Web Design company with a primary focus on SEO based Website Design & Development (ASP, ASP.Net, Java, Perl and PHP development). We have innovative web solutions for organizations including advanced database interactivity &

Re: haproxy does not capture the complete request header host sometimes

Hi! Phew, I was following this one with some concern, fearing it could be something more serious just waiting to hit us, too ;-) Great that the issue was found, thanks for that! There is just one thing I wanted to note regarding > […] It can be backported in 1.7, 1.6 and 1.5. I finally marked

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hi everyone, thanks for your suggestions. Let me go through them step by step: Actually, I would have suggested the opposite: making the whole thing less expensive, by going full blown keep-alive with http-reuse: option http-keep-alive option prefer-last-server timeout

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

netstat? Thread dumps? Test without SSL between haproxy and Tomcat. Monitor Tomcat via non haproxy path (direct curl?) *-Dsun.security.pkcs11.enable-solaris=false* On 22 Jun 2017 9:02 AM, "Igor Cicimov" wrote: > Hi Lukas, > > On 22 Jun 2017 3:02 am, "Lukas

[PATCH] MINOR: cli: ability to change a server's name

I've been working on a change to Synapse[1] to allow it to use the "set server addr" directive to reserve a large(ish) pool of servers in a backend and dynamically set server host/ports into that pool as they come and go, which would significantly reduce the number of restarts we have to do during

Re: Trouble getting rid of Connection Keep-Alive header

Hi Holger, Many thanks for this hint. I guess I will need to follow up with Openshift/RedHat. I have posted a question in the forum there, but so far no feedback: https://stackoverflow.com/questions/44134775/how-to-suppress-http-connection-keep-alive-header-in-response. Thanks also for the