Re: HAProxy Timeout Oddity WebKit XHR Replay

Hi Liam, Liam Middlebrook wrote on 24.07.2017: > Hi, > I'm currently running HAProxy within an Openshift Origin cluster. Until > a recent update of Openshift I did not experience issues with connection > timeouts, the connections would last up until the specified timeout as > defined by the appl

RE: X-Real-IP = X-Forwarded-For

Hi! YES http request already have X-Forwarded-For header and I want haproxy to set X-Client-IP, same value that incoming X-Forwarded-For. -Original Message- From: Jarno Huuskonen [mailto:jarno.huusko...@uef.fi] Sent: Thursday, July 20, 2017 4:18 PM To: Andrey Zakabluk Cc: haproxy@formi

Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

Hi Kevin, On Mon, Jul 24, 2017 at 04:00:04PM -0700, Kevin McArthur wrote: > To replicate my results: > > Generate 3 ssl certificates (letsenc? I used a dns-01 challenge...).. > > default.example.ca > working.example.ca > should-be-broken.example.ca > > Configure an apache instance to serve only

Re: HAProxy Timeout Oddity WebKit XHR Replay

I don't see any errors incrementing (HAProxy's config gets reloaded every couple minutes by openshift) Here's the line of the log file in relation to my timeout error. Jul 24 23:51:08 proton.csh.rit.edu haproxy[127]: 67.188.94.238:43996 [24/Jul/2017:23:50:38.543] fe_sni~ be_edge_http_gallery_gall

Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

To replicate my results: Generate 3 ssl certificates (letsenc? I used a dns-01 challenge...).. default.example.ca working.example.ca should-be-broken.example.ca Configure an apache instance to serve only the first two via https. default.example.ca and working.example.ca; don't configure any v

Subscribe

[SPAM] 4 Signs Your Heart Is In Trouble…(and death is near)

HEALTH & FITNESS You might be minutes from a heart attack When this happens to your eyes- one is coming

Re: Passing SNI value ( ssl_fc_sni ) to backend's verifyhost.

Hi Willy, I can confirm the following line does _not_ verify the hostname on the backend. server app2 ssltest.example.ca:443 ssl verify required sni ssl_fc_sni ca-file /etc/ssl/certs/ca-certificates.crt check check-ssl I setup a default https vhost on the backend server, that responds t

Re: HAProxy Timeout Oddity WebKit XHR Replay

Liam, Still not seeing anything jump out, your timeout settings look fine to me at least. Do you use the stats page and if so do you see errors incrementing there? Also, do you have the log lines for these connections? Aaron West Loadbalancer.org www.loadbalancer.org +1 888 867 9504 / +44 (0)

Re: HAProxy Timeout Oddity WebKit XHR Replay

HA-Proxy version 1.5.18 2016/05/10 And I'll try and get the config cleaned up to what should be relevant but it's pretty large so some specifics to get would be nice, I can say for sure the timeout settings are as follows: timeout connect 5s timeout client 5m timeout server 5m time

Re: HAProxy Timeout Oddity WebKit XHR Replay

Hi Liam, Can we get the config and version number that you are running? Nothing springs to mind although someone cleverer than me on the list may have an instant suggestion. Aaron West Loadbalancer.org www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 aa...@loadbalancer.org LEAVE A R

HAProxy Timeout Oddity WebKit XHR Replay

Hi, I'm currently running HAProxy within an Openshift Origin cluster. Until a recent update of Openshift I did not experience issues with connection timeouts, the connections would last up until the specified timeout as defined by the application. After an update to Openshift I changed HAProxy se

RE: AWS ELB as a backend

You dropped “server1” from the server line. So it’s reading the server address as the server-name and “check” as the server-address: server server-name server-address [check] [resolvers resolver-name] From: DHAVAL JAISWAL [mailto:dhava...@gmail.com] Sent: July-24-17 12:56 PM To: Aleksandar Lazic

[SPAM] Your account will be blocked after 48 hours due our new security update.

PayPal Your account will be blocked after 48 hours due our new security update. Dear valued customer our service has been updated for new work and we will block your account after 48 hours if you dont update your information from link below. Now all

Re: AWS ELB as a backend

With the following change its working on Haproxy. backend mybackend server server1 internal-testinelbtomcat-193184.ap-southeast-1.elb.amazonaws.com:8080 However, when i tried following config its throwing following error on Haproxy 1.7 could not resolve address 'check' resolvers myresolver

Re: BUG: Lua service timeouts while sending data (after 0194897e540cec67d7d1e9281648b70efe403f08)

On 07/24/2017 06:36 PM, Willy Tarreau wrote: > Hehe I've just committed the fixes a few minutes ago :-) We'had quite a > long head scratching session with Thierry, Christopher and Emeric on > this one. It's sometimes impressive how some sleeping bugs can patiently > wait for a subtle change to join

Re: BUG: Lua service timeouts while sending data (after 0194897e540cec67d7d1e9281648b70efe403f08)

Hi Adis, On Mon, Jul 24, 2017 at 06:30:18PM +0200, Adis Nezirovic wrote: > Hello guys, > > I've noticed that a Lua service timeouts in DATA phase, for outputs > equal or bigger than 8k (approx). > > After the timeout (timeout client), it returns the full response. > (Termination state is cD--) >

BUG: Lua service timeouts while sending data (after 0194897e540cec67d7d1e9281648b70efe403f08)

Hello guys, I've noticed that a Lua service timeouts in DATA phase, for outputs equal or bigger than 8k (approx). After the timeout (timeout client), it returns the full response. (Termination state is cD--) I've attached the minimal configuration and a Lua script to trigger the problem. You mig

Re: [PATCH 2/2] BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()

Hi Nenad. Nenad wrote on 24.07.2017: > Aleksandar, > On 7/24/2017 5:07 PM, Aleksandar Lazic wrote: >> Hi Nenad Merdanovic, >> >> Nenad Merdanovic wrote on 24.07.2017: >> >>> The get_addr() method of the Lua Server class incorrectly used >>> INET_ADDRSTRLEN for IPv6 addresses resulting in failing

Re: [PATCH] Handle SMP_T_METH samples in smp_dup/smp_is_safe/smp_is_rw

On Mon, Jul 24, 2017 at 05:01:31PM +0200, Christopher Faulet wrote: > Willy, > > Here are small patches with minor changes about samples. Applied, thanks! Willy

Re: [PATCH 2/2] BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()

Aleksandar, On 7/24/2017 5:07 PM, Aleksandar Lazic wrote: Hi Nenad Merdanovic, Nenad Merdanovic wrote on 24.07.2017: The get_addr() method of the Lua Server class incorrectly used INET_ADDRSTRLEN for IPv6 addresses resulting in failing to convert longer IPv6 addresses to strings. This fix

Re: [PATCH 2/2] BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()

Hi Nenad Merdanovic, Nenad Merdanovic wrote on 24.07.2017: > The get_addr() method of the Lua Server class incorrectly used > INET_ADDRSTRLEN for IPv6 addresses resulting in failing to convert > longer IPv6 addresses to strings. > This fix should be backported to 1.7. > --- > src/hlua_fcn.c | 2

[PATCH] Handle SMP_T_METH samples in smp_dup/smp_is_safe/smp_is_rw

Willy, Here are small patches with minor changes about samples. -- Christopher Faulet >From 364139ba3764294acbad413a4cdde94a6ea1289b Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 24 Jul 2017 16:24:39 +0200 Subject: [PATCH 3/3] MINOR: samples: Don't allocate memory for SMP_T_METH

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Mon, Jul 24, 2017 at 02:04:16PM +0200, Thierry FOURNIER wrote: > On Thu, 20 Jul 2017 15:26:52 +0200 > You will found in attchement a patch which add the proxy name as member > of the proxy object. > > Willy, can you apply it ? I'd like to but there's no attachment, so even trying hard I'm fail

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Mon, Jul 24, 2017 at 02:27:03PM +0200, Thierry FOURNIER wrote: > an other case pop in my mind: with this solution, the "listen" proxies > will be declared in both lists. I think that it is the expected behaviour, > but I have some doubt about the usage. Yes I think it's desirable. > I can add

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Mon, 24 Jul 2017 14:03:30 +0200 Willy Tarreau wrote: > Hi Thierry, > > On Mon, Jul 24, 2017 at 01:30:23PM +0200, Thierry FOURNIER wrote: > > Ok. After brainstorm, I think that the it will be netter to keep the > > current behaviour to avoid breaking existing Lua implementations. > > > > Addi

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On 07/24/2017 01:30 PM, Thierry FOURNIER wrote: > I think that the most reliable way is adding anoter tree. We keep the > "proxies" tree base with existing, and we add two trees "frontends" and > "backends" which contains respecticely the list of frontends and > backends. This would work for me to

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Thu, 20 Jul 2017 15:26:52 +0200 Adis Nezirovic wrote: > On 07/20/2017 02:55 PM, Willy Tarreau wrote: > > So you can have : > > 0 or 1 "listen" > > 0 or 1 "frontend" + 0 or 1 "backend" > > > > Just a few ideas come to my mind : > > - is it possible to store arrays into arrays ? I mean, c

Re: [PATCH] Support proxies with identical names in Lua core.proxies

Hi Thierry, On Mon, Jul 24, 2017 at 01:30:23PM +0200, Thierry FOURNIER wrote: > Ok. After brainstorm, I think that the it will be netter to keep the > current behaviour to avoid breaking existing Lua implementations. > > Adding other entries with prefix "@f:" and "@b:" in the same list that > the

Re: [PATCH] Support proxies with identical names in Lua core.proxies

On Thu, 20 Jul 2017 15:26:52 +0200 Adis Nezirovic wrote: > On 07/20/2017 02:55 PM, Willy Tarreau wrote: > > So you can have : > > 0 or 1 "listen" > > 0 or 1 "frontend" + 0 or 1 "backend" > > > > Just a few ideas come to my mind : > > - is it possible to store arrays into arrays ? I mean, c

Re: Odd behaviour with option forwardfor.

Hi Willy Tarreau, Willy Tarreau wrote on 24.07.2017: > Hi Aleks, > On Sun, Jul 23, 2017 at 09:50:41AM +0200, Aleksandar Lazic wrote: >> > Personally I use 2 rules similar to the following to append to >> > X-Forwarded-For: >> > >> >   http-request set-header X-Forwarded-For >