Re: HAproxy load balancing query

Hi. On 2024-10-03 (Do.) 08:08, Shehan Jayawardane wrote: Hi Team, We are considering to deploy HAproxy as our load balancer to our AAA solution. Is there any option to save connection session, where we can use the same path for the session period? What exactly do you mean with "save connect

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Christopher. Thank you for your detail review. I will take some time for me to make the suggested changes. Will come back to the topic as soon as I find again time to dig into it. Best regards Alex On 2024-09-24 (Di.) 15:25, Christopher Faulet wrote: Le 19/09/2024 à 13:04, Aleksandar

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Christopher. On 2024-09-19 (Do.) 16:00, Christopher Faulet wrote: Le 19/09/2024 à 13:04, Aleksandar Lazic a écrit : Hi Willy. any chance to look into the Answer? Hi Alex, In fact, Willy asked me to take a look on this feature. I started to work on it and I was distracted by the stable

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Willy. any chance to look into the Answer? Regards Alex On 2024-08-15 (Do.) 10:55, Aleksandar Lazic wrote: Hi Willy. On 2024-08-12 (Mo.) 16:49, Willy Tarreau wrote: Hi Alex, On Mon, Aug 12, 2024 at 11:46:37AM +0200, Aleksandar Lazic wrote: On Thu, Jun 13, 2024 at 03:00:59AM +0200

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Willy. On 2024-08-12 (Mo.) 16:49, Willy Tarreau wrote: Hi Alex, On Mon, Aug 12, 2024 at 11:46:37AM +0200, Aleksandar Lazic wrote: On Thu, Jun 13, 2024 at 03:00:59AM +0200, Aleksandar Lazic wrote: The final idea is something like this. ``` tcp-request content upstream-proxy-header Host

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Willy. On 2024-08-12 (Mo.) 10:01, Willy Tarreau wrote: Hi Alex, I finally found time to have a look into this! Great :-) On Thu, Jun 13, 2024 at 03:00:59AM +0200, Aleksandar Lazic wrote: The final idea is something like this. ``` tcp-request content upstream-proxy-header Host

Re: Opinions desired on dropping support for duplicate names

Hi. On 2024-08-09 (Fr.) 17:24, Willy Tarreau wrote: Hi all, I'm continuing to find disgusting things in the code that are only here for historical reasons which, in my opinion, should no longer exist. [snipp] Now we're at an era where many configs are generated in ways that cannot even pro

Re: [ANNOUNCE] haproxy-3.1-dev2

On 2024-07-26 (Fr.) 10:49, Willy Tarreau wrote: On Fri, Jul 26, 2024 at 10:40:46AM +0200, ??? wrote: next point: 0-RTT Sorry for the stupid questions but as I don't maintain any QUIC based apps I'm curious if this really makes any differences compared to "normal" requests. How oft

Re: [ANNOUNCE] haproxy-3.1-dev2

Hi. On 2024-07-25 (Do.) 23:22, Илья Шипицин wrote: чт, 25 июл. 2024 г. в 22:00, Илья Шипицин >: чт, 25 июл. 2024 г. в 14:27, William Lallemand mailto:wlallem...@irq6.net>>: On Wed, Jul 03, 2024 at 11:51:21PM +0200, William Lallemand wrote:

Re: [ANNOUNCE] haproxy-3.1-dev4

On 2024-07-24 (Mi.) 18:50, Willy Tarreau wrote: Hi, HAProxy 3.1-dev4 was released on 2024/07/24. It added 113 new commits after version 3.1-dev3. Some nice goodies came in this version: [snipp] - SPOE: the old applet-based architecture was replaced with the new mux-based one whic

Re: [ANNOUNCE] haproxy-3.1-dev3

On 2024-07-10 (Mi.) 16:39, Willy Tarreau wrote: Hi, HAProxy 3.1-dev3 was released on 2024/07/10. It added 35 new commits after version 3.1-dev2. [snipp] And I'm still trying to free some time for the pending reviews (I have not forgotten you but stuff that depends on multiple persons cann

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi. Updated patch. Changes: Set the right 'X' for upstream-proxy-header removed the upstream-proxy.png from patch git-format against latest master Any feedback and help is really appreciated. Best regards Alex On 2024-06-13 (Do.) 03:00, Aleksandar Lazic wrote: Hi. New Version

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi. Thanks for testing and feedback. On 2024-06-12 (Mi.) 20:35, Dave Cottlehuber wrote: On Wed, 12 Jun 2024, at 13:04, Aleksandar Lazic wrote: Hi. Attached a new version with updated upstream-proxy.cfg. This Patch have also the feature `upstream-proxy-target` to get rid of the dependency

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

On 2024-06-12 (Mi.) 12:57, Aleksandar Lazic wrote: Hi Dave. On 2024-06-12 (Mi.) 12:45, Aleksandar Lazic wrote: On 2024-06-12 (Mi.) 12:26, Dave Cottlehuber wrote: On Tue, 11 Jun 2024, at 22:57, Aleksandar Lazic wrote: Hi Dave. Thank you for your test and feedback. When you put this line i

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Dave. On 2024-06-12 (Mi.) 12:45, Aleksandar Lazic wrote: On 2024-06-12 (Mi.) 12:26, Dave Cottlehuber wrote: On Tue, 11 Jun 2024, at 22:57, Aleksandar Lazic wrote: Hi Dave. Thank you for your test and feedback. When you put this line into backend, will this be better? ``` tcp-request

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

On 2024-06-12 (Mi.) 12:26, Dave Cottlehuber wrote: On Tue, 11 Jun 2024, at 22:57, Aleksandar Lazic wrote: Hi Dave. Thank you for your test and feedback. When you put this line into backend, will this be better? ``` tcp-request connection upstream-proxy-header HOST www.httpbun.com

Re: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi Dave. Thank you for your test and feedback. When you put this line into backend, will this be better? ``` tcp-request connection upstream-proxy-header HOST www.httpbun.com ``` Regards Alex On 2024-06-11 (Di.) 23:52, Dave Cottlehuber wrote: On Mon, 10 Jun 2024, at 22:09, Aleksandar Lazic

[PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature

m 0b903fa0cfef0cefd0a1b819c9bd1b8e786e6aae Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Mon, 10 Jun 2024 23:58:18 +0200 Subject: [PATCH] FEATURE/MAJOR: Add upstream-proxy-tunnel feature This commit makes it possible for HAProxy to reach target server via a upstream http proxy. This patc

Re: Now a Working Patchset

x27;m quite open for discussion if the http-request set-header feature should be used. Any opinions on that? Regards Alex On 2024-06-07 (Fr.) 00:57, Aleksandar Lazic wrote: Hi. I was able to create a working setup with the attached patches, I'm pretty sure that the patch will need some

Re: Now a Working Patchset

Hallo Dave. On 2024-06-07 (Fr.) 16:12, Dave Cottlehuber wrote: On Thu, 6 Jun 2024, at 22:57, Aleksandar Lazic wrote: Hi. I was able to create a working setup with the attached patches, I'm pretty sure that the patch will need some adoptions until it' ready to commit to the dev b

Now a Working Patchset (was: Re: Patch proposal for FEATURE/MAJOR: Add upstream-proxy-tunnel feature)

uot;snprintf()", but without success just because I'm a little bit out of training with C, any help to fix this is very welcome. * My test setup is shown in examples/upstream-proxy.cfg. Best regards Alex [0]https://www.rfc-editor.org/rfc/rfc9110#name-connect On 2024-05-31 (Fr.) 12:08,

Re: Patch proposal for FEATURE/MAJOR: Add upstream-proxy-tunnel feature

Hi. Anyone who have some Ideas how to fix the return way? Regards Alex On 2024-05-27 (Mo.) 09:12, Aleksandar Lazic wrote: Hi. I have done some progress with the feature :-) The test setup runs in 4 shells. # shell1: curl -vk --connect-to www.test1.com:4433:127.0.0.1:8080 -H "

Patch proposal for FEATURE/MAJOR: Add upstream-proxy-tunnel feature (was: Re: Maybe stupid question but can HAProxy now use a upstream proxy)

ot; Have anyone an Idea what's wrong? Maybe it's too late for 3.0 but it would be nice to have this feature in 3.1 :-) Regards Alex On 2024-05-24 (Fr.) 00:08, Aleksandar Lazic wrote: Hi. I have seen https://github.com/haproxy/haproxy/issues/1542 which requests that feature. No

Re: Maybe stupid question but can HAProxy now use a upstream proxy

Regards Alex On 2024-05-23 (Do.) 22:32, Aleksandar Lazic wrote: Hi. I follow the development more or less closely and I must say I not always understand all changes :-). Just for my clarification is the following setup now possible with HAProxy with all the new shiny

Maybe stupid question but can HAProxy now use a upstream proxy

Hi. I follow the development more or less closely and I must say I not always understand all changes :-). Just for my clarification is the following setup now possible with HAProxy with all the new shiny features :-) client => frontend | \-> backend server dest1

Re: FCGI calls return 500 with "IH" Stream State

2024-05-16 (Do.) 17:05, Aleksandar Lazic wrote: Hi. I have a strange behavior with HAProxy and FCGI PHP App. When I call an admin URL returns HAProxy a 500, after a refresh of the same page returns the HAProxy 200. ``` 10.128.2.35:39684 [16/May/2024:14:54:26.229] craft-cms fcgi-servers/craftcms1

FCGI calls return 500 with "IH" Stream State

Hi. I have a strange behavior with HAProxy and FCGI PHP App. When I call an admin URL returns HAProxy a 500, after a refresh of the same page returns the HAProxy 200. ``` 10.128.2.35:39684 [16/May/2024:14:54:26.229] craft-cms fcgi-servers/craftcms1 0/0/0/-1/1138 500 15416 - - IH-- 2/2/0/0/0

Re: Question on deleting cookies from an HTTP request

Hi Lokesh. On 2024-04-27 (Sa.) 01:41, Lokesh Jindal wrote: Hey folks I have found that there is no operator "del-cookie" in HAProxy to delete cookies from the request. (HAProxy does support the operator "del-header"). Can you explain why such an operator is not supported? Is it due to comple

Update for https://github.com/haproxy/wiki/wiki/SPOE:-Stream-Processing-Offloading-Engine

Hi. The "https://github.com/criteo/haproxy-spoe-go"; is archived since Nov 7, 2023 and there is a fork from that repo https://github.com/go-spop/spoe Can we add this info to the wiki page? There is also a rust implementation https://github.com/vkill/haproxy-spoa-example which could be added.

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. On 2024-03-18 (Mo.) 12:19, William Lallemand wrote: On Sun, Mar 17, 2024 at 07:53:17PM +0100, Aleksandar Lazic wrote: Hi. Looks like there was a similar question in the forum https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 Any idea how to fix this

Re: Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. Looks like there was a similar question in the forum https://discourse.haproxy.org/t/trouble-with-starting-the-data-plane-api/9200 Any idea how to fix this? Regards Alex On 2024-03-13 (Mi.) 00:11, Aleksandar Lazic wrote: Hi. I try to run dataplane as "random" user inside h

Re: About the SPOE

Hi. On 2024-03-15 (Fr.) 15:09, Christopher Faulet wrote: Hi all, It was evoked on the ML by Willy and mentioned in few issues on GH. It is now official. The SPOE was marked as deprecated for the 3.0. It is not a pleasant announce because it is always an admission of failure to remove a featur

Dataplane exits at haproxytech/haproxy-ubuntu:2.9 in Containers

Hi. I try to run dataplane as "random" user inside haproxy.cfg. That's the debug output of the start of the container. Even as I have set the --log-level=trace to the dataplane can't I see any reason why the api kills the process. ``` # Debug output with dataplane api alex@alex-tuxedoinfini

Re: http/3 flow control equivalent

Hi. On 2024-02-22 (Do.) 02:47, Miles Hampson wrote: Hi, I have noticed that transferring large files with http/2 to a backend server through HAProxy 2.9 (and earlier) over a network link with a bit of latency can be extremely slow unless the HTTP/2 Flow Control window size is increased quite

Re: Haproxy accross LDAPS

ind regards, Willy ---- *De :* Aleksandar Lazic *Envoyé :* jeudi 15 février 2024 15:20 *À :* TINK-LONG-KI Willy *Cc :* haproxy@formilux.org *Objet :* Re: Haproxy accross LDAPS Hi Willy. On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote: Hello All, I trying  to confi

Re: Haproxy accross LDAPS

Hi Willy. On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote: Hello All, I trying  to configure a backend on a HAPROXY (release 2.4.25) with LDAPS in order to authenticate user by the LDAPS. Any chance to use the latest 2.8 or 2.9? Below informations about my configuration : -Port use on

Re: unsubscribe

Hi. Here can you find the right way to Unsubscribe from the list https://www.haproxy.org/#tact Regards Alex On 2024-02-12 (Mo.) 23:02, Nicolas Grilly wrote: *Nicolas Grilly* Managing Partner +33 6 03 00 25 34 Recrutez plus rapidement avec VocationCity.com Hir

Re: [ANNOUNCE] haproxy-2.9-dev10

Hi Tristan. On 2023-11-20 (Mo.) 15:14, Tristan wrote: Hi Aleksandar, On 20 Nov 2023, at 17:18, Aleksandar Lazic wrote: at configuration Change the reload leaves the old processes alive until "hard-stop-after" value and after that is the connection terminated which does not

Re: [ANNOUNCE] haproxy-2.9-dev10

Hi Willy. On 2023-11-18 (Sa.) 15:40, Willy Tarreau wrote: Hi, HAProxy 2.9-dev10 was released on 2023/11/18. It added 154 new commits after version 2.9-dev9. Wow what a release :-) [snipp] BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() BUG/MEDIUM: mux-h1: fail earlie

Re: Understanding haproxy's regex

Hi Christoph. On 2023-11-17 (Fr.) 10:26, Christoph Kukulies wrote: I have the following line in my config: backend website     http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ /opencms/\2     server www.mydomain.org 127.0.0.1:8080 Actually I'm used the

Re: AW: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with keeping the client IP

suggestions how to solve the issue? Best regards, Sören Hellwig Regards Alex -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Mittwoch, 1. November 2023 15:36 An: Hellwig, Sören ; haproxy@formilux.org Betreff: [EXT] Re: AW: Re: Question about syslog forwarding with HAProxy with

Re: AW: [EXT] Re: Question about syslog forwarding with HAProxy with keeping the client IP

mpression [FCGI] fcgi-app [SPOE] spoe [TRACE] trace Best regards, Sören Hellwig -Ursprüngliche Nachricht- Von: Aleksandar Lazic Gesendet: Montag, 30. Oktober 2023 17:58 An: Hellwig, Sören ; haproxy@formilux.org Betreff: [EXT] Re: Question about syslog forwarding with HAPr

Re: Question about syslog forwarding with HAProxy with keeping the client IP

Hi, On 2023-10-30 (Mo.) 15:55, Hellwig, Sören wrote: Hello Support-Team, we are using the HAProxy as load balancer for our Graylog servers. Which version of HAProxy? haproxy -vv The TCP based protocols works fine, but we have some trouble with the syslog forwarding. Our configuration fil

Re: How to limit client body/upload size?

Hi. On 2023-10-17 (Di.) 16:46, Gilles Van Vlasselaer wrote: Hi, we are currently migrating servers and decided to drop NGINX in favour of HAProxy, however we had issues in the past where people would bomb us with massive file uploads on some services. Is there an equivalent like nginx's 'clien

[PATCH] DOC: internal: filters: fix reference to entities.pdf

Hi. Here the patch to fix the filter.txt file. Regards AlexFrom 68bb30b6ad1b0ca5348a95219b09964aafe9ba36 Mon Sep 17 00:00:00 2001 From: Aleksandar Lazic Date: Sun, 22 Oct 2023 18:36:54 +0200 Subject: [PATCH] DOC: internal: filters: fix reference to entities.pdf In doc/internals/api

Re: Missing doc entities in doc/internals

Hi Willy. On 2023-10-20 (Fr.) 23:21, Willy Tarreau wrote: Hi Alex, On Fri, Oct 20, 2023 at 11:11:59PM +0200, Aleksandar Lazic wrote: I can't find any doc about entities in the current git alex@alex-tuxedoinfinitybooks1517gen7 on 20/10/2023 at 23:06:19 /datadisk/git-repos/haproxy $

Missing doc entities in doc/internals

Hi. As I go thru the filter.txt now is this statement written. https://github.com/haproxy/haproxy/blob/master/doc/internals/api/filters.txt#L50C15-L50C23 ``` First of all, to fully understand how filters work and how to create one, it is best to know, at least from a distance, what is a proxy

Re: Some filter discussion for the future

Hi. FYI: I have created a repo for the rs filter https://github.com/git001/hap-rs-filter feel free to participate/contribute :-) Regards Alex On 2023-10-19 (Do.) 22:53, Aleksandar Lazic wrote: Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow

Re: Some filter discussion for the future

Hi Tristan. On 2023-10-17 (Di.) 10:51, Tristan wrote: Hi Aleksandar, That is a welcome follow-up to the tangent we went on in the announce thread. Thanks :-) As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options. [..

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 20:12, Lukas Tribus wrote: On Mon, 16 Oct 2023 at 19:41, Aleksandar Lazic wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. Actually haproxy 1.8 supports H2 (without implementing HTX), as per the documentation and announcements

Re: CVE-2023-44487 and haproxy-1.8

Proxy.com blog quite accurate why 1.8 is not affected with that CVE. Ryan Regards Alex On Mon, Oct 16, 2023 at 12:41 PM Aleksandar Lazic <mailto:al-hapr...@none.at>> wrote: On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: > Does 1.8 support http/2? No. > On

Re: CVE-2023-44487 and haproxy-1.8

On 2023-10-16 (Mo.) 19:29, Илья Шипицин wrote: Does 1.8 support http/2? No. On Mon, Oct 16, 2023, 18:58 Ryan O'Hara > wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Re

Re: CVE-2023-44487 and haproxy-1.8

Hi Ryan. On 2023-10-16 (Mo.) 17:49, Ryan O'Hara wrote: Hi all. I read the most recently HAProxy Newsletter, specifically the article "HAProxy is Not Affected by the HTTP/2 Rapid Reset Attack" by Nick Ramirez [1]. A This article states that HAProxy versions 1.9 and later are *not* affetced, w

Some filter discussion for the future

Hi. As there was the discussion about the future of the SPOE filter, let me start a discussion about some possible filter options. As far as I know have we this filters. Available filters : [SPOE] spoe [CACHE] cache [FCGI] fcgi-app [COMP] compression [TRACE] trace There is also the httpclien

Re: HA Proxy

Hi Mohammed. Yes HAProxy supports all of the requested capacity and features from below. For a nice example what HAProxy is able to handle can you read this Blog post. https://www.haproxy.com/blog/haproxy-forwards-over-2-million-http-requests-per-second-on-a-single-aws-arm-instance The very

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi. On 2023-10-10 (Di.) 09:08, Willy Tarreau wrote: Hi Tristan, On Sun, Oct 08, 2023 at 12:15:00PM +, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: [...] Maybe this will then bring up SPOE to a level where the body of a request can be scanned

Re: [ANNOUNCE] haproxy-2.9-dev7

On 2023-10-08 (So.) 14:15, Tristan wrote: Since this was brought up, On 7 Oct 2023, at 14:34, Willy Tarreau wrote: […] Maybe this will then bring up SPOE to a level where the body of a request can be scanned and bring it to a full WAF level or as WASM filter. Any thoughts on the feasib

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 14:45, Willy Tarreau wrote: Hi Alex, On Sat, Oct 07, 2023 at 01:51:43PM +0200, Aleksandar Lazic wrote: Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6

Re: [ANNOUNCE] haproxy-2.9-dev7

Hi Willy. On 2023-10-07 (Sa.) 10:26, Willy Tarreau wrote: Hi, HAProxy 2.9-dev7 was released on 2023/10/06. It added 75 new commits after version 2.9-dev6. This version fixes a number of issues in previous development releases and prepares the work for subsequent patch series: [snip] - t

Re: Patch sample_conv_json_query in sample.c to return array values

Dear Jens. Please can you create a patch as mentioned in https://github.com/haproxy/haproxy/blob/master/CONTRIBUTING as suggested in https://github.com/haproxy/haproxy/issues/2281#issuecomment-1721014384 Regards Alex On 2023-09-15 (Fr.) 14:57, Jens Popp wrote: Hi, currently the method samp

Re: HAProxy and musl (was: Re: HAproxy Error)

Hi. Resuscitate this old thread with a musl lib update. https://musl.libc.org/releases.html ``` musl-1.2.4.tar.gz (sig) - May 1, 2023 This release adds TCP fallback to the DNS stub resolver, fixing the longstanding inability to query large DNS records and incompatibility with recursive n

Re: HaProxy does not updating DNS cache

Hi. On 2023-09-13 (Mi.) 14:39, Henning Svane wrote: Hi I have tried using a DNS with a TTL of 600 sec. and the DNS changes once in a while, but every time I have to restart Haproxy to get the updated DNS to work. Even if I wait for hours. I can see with nslookup that the server can see the

Re: how to upgrade haproxy

=8492a4f37208a6099629101466fec3378a28e73c;hb=HEAD Regards Alex On Thu, 24 Aug 2023 at 4:00 PM, Aleksandar Lazic <mailto:al-hapr...@none.at>> wrote: Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: > Hi, > > On Thu, Aug 24, 2023 at 03:23:59PM +053

Re: [ANNOUNCE] haproxy-2.9-dev4

Hi. On 2023-08-25 (Fr.) 19:35, Willy Tarreau wrote: Hi, HAProxy 2.9-dev4 was released on 2023/08/25. It added 59 new commits after version 2.9-dev3. Some interesting new stuff continues to arrive in this version: [snipp] - reverse HTTP: see below for a complete description. I hope it w

Please what is 'new protocol named "reverse_connect"' for?

Hi. I just seen some commits about protocol for active reverse connect and ask me, what's the main use case for that protocol could be? As far as I have seen is it for now for H2 Settings but I'm not sure if I understood the commits right. Regards Alex

Re: how to upgrade haproxy

Hi Atharva Shripad Dudwadkar. On 2023-08-24 (Do.) 12:08, Willy Tarreau wrote: Hi, On Thu, Aug 24, 2023 at 03:23:59PM +0530, Atharva Shripad Dudwadkar wrote: Hi haproxy Team, Can you please help me with the upgrading process regarding haproxy from 2.0.7 to 2.5. in RHEL. Could you please share

Re: WebTransport support/roadmap

Hi. On 2023-08-17 (Do.) 10:14, Artur wrote: Feature request submitted: https://github.com/haproxy/haproxy/issues/2256 Thank you. I have added a simple picture based on your E-Mails, hope I have understood your request properly. Regards Alex

Re: WebTransport support/roadmap

Hi. On 2023-08-16 (Mi.) 17:29, Artur wrote: Hello ! I wonder if there is a roadmap to support WebTransport protocol in haproxy. There are some explanations/references (if needed) from socket.io dev team that started to support it : https://socket.io/get-started/webtransport Looks like tha

Re: Problems using custom error files with HTTP/2

ut window sizes was addressed by having a setting for each side (front vs back). ``` That the doc link to the alpn keyword. http://docs.haproxy.org/2.8/configuration.html#5.1-alpn Thanks, Nick Regards Alex On 17/04/2023 15:09, Aleksandar Lazic wrote: On 17.04.23 15:08, Willy Tarreau

libcrypt may be removed completely in future Glibc releases

Hi. I have seen this lines in the current glibc release notes https://sourceware.org/glibc/wiki/Release/2.38 ``` 2.1. Building libcrypt is disabled by default If you still need Glibc libcrypt, pass --enable-crypt to the configure script. Note that libcrypt may be removed completely in future

Re: QUIC with a fcgi backend

Yaacov. On 2023-07-24 (Mo.) 15:08, Christopher Faulet wrote: Le 7/24/23 à 12:24, Yaacov Akiba Slama a écrit : Hi Christopher, Thanks for report. It is not a known issue, but I can confirm it. When H3 HEADERS frames are converted to the internal HTTP representation (HTX), a flag is missing to s

Re: QUIC with a fcgi backend

Hi. On 2023-07-22 (Sa.) 21:48, Yaacov Akiba Slama wrote: Hi, It seems that there is a bug in QUIC when using a fastcgi backend: As soon as the size of the uploaded data is more than bufsize, the server returns 400 Bad request and shows PH-- in the logs. The problem occurs with both haproxy

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

are handled by AWS-LC? [1] https://github.com/aws/s2n-quic [2] https://github.com/aws/s2n-quic/pull/1840 [3] https://github.com/aws/aws-lc-rs [4] https://github.com/aws/aws-lc/issues/804 Thanks, Andrew -------- *From:* Aleksandar Lazi

Re: [PATCH] BUILD: ssl: Build with new cryptographic library AWS-LC

Hi Andrew. On 2023-07-12 (Mi.) 02:26, Hopkins, Andrew wrote: Hello HAProxy maintainers, I work on the AWS libcrypto (AWS-LC) project [1]. Our goal is to improve the cryptography we use internally at AWS and help our customers externally. In the spirit of helping people use good crypto we know it

Re: QUIC (mostly) working on top of unpatched OpenSSL

Hi. Just a addendum below to my last mail. On 2023-07-07 (Fr.) 00:33, Aleksandar Lazic wrote: Hi Willy On 2023-07-06 (Do.) 22:05, Willy Tarreau wrote: Hi all, as the subject says it, Fred managed to make QUIC mostly work on top of a regular OpenSSL. Credit goes to the NGINX team who found a

Re: QUIC (mostly) working on top of unpatched OpenSSL

Hi Willy On 2023-07-06 (Do.) 22:05, Willy Tarreau wrote: Hi all, as the subject says it, Fred managed to make QUIC mostly work on top of a regular OpenSSL. Credit goes to the NGINX team who found a clever and absolutely ugly way to abuse OpenSSL callbacks to intercept and inject data from/to th

Re: [PATCH 1/1] MEDIUM: ssl: new sample fetch method to get curve name

Hi. On 2023-06-20 (Di.) 18:50, Mariam John wrote: Adds a new sample fetch method to get the curve name used in the key agreement to enable better observability. In OpenSSLv3, the function `SSL_get_negotiated_group` returns the NID of the curve and from the NID, we get the curve name by passing t

Re: OCSP renewal with 2.8

Hi. On 2023-06-02 (Fr.) 22:42, Lukas Tribus wrote: On Fri, 2 Jun 2023 at 21:55, Willy Tarreau wrote: Initially during the design phase we thought about having 3 states: "off", "on", "auto", with the last one only enabling updates for certs that already had a .ocsp file. But along discussions w

@Wolfssl: any plans to add "ECH (Encrypted client hello) support" and question about Roadmap

Hi, As we have now a shiny new LTS let's take a look into the future :-) As the Wolfssl looks like a good future alternative for OpenSSL is there any plan to add ECH (Encrypted client hello) ( https://github.com/haproxy/haproxy/issues/1924 ) into Wolfssl? Is there any Idea which feature is p

Re: Followup on openssl 3.0 note seen in another thread

Hi Shawn. On 2023-05-28 (So.) 05:30, Shawn Heisey wrote: On 5/27/23 18:03, Shawn Heisey wrote: On 5/27/23 14:56, Shawn Heisey wrote: Yup.  It was using keepalive.  I turned keepalive off and repeated the tests. I did the tests again with 200 threads.  The system running the tests has 12 hyp

Re: unsubscribe

Hi. On 14.05.23 22:07, Roman Gelfand wrote: Here is the unsubscribe address. https://www.haproxy.org/#tact Regards Alex

Re: equivalent of url32+src for hdr_ip(x-forwarded-for)?

mode=TCP        side=FE|BE     mux=PASS     flags=NO_UPG Available services : prometheus-exporter Available filters :         [SPOE] spoe         [CACHE] cache         [FCGI] fcgi-app         [COMP] compression         [TRACE] trace Hope that helps Regards Alex On Thu, May 11, 2023 at 11:21 PM Al

Re: equivalent of url32+src for hdr_ip(x-forwarded-for)?

Dear Nathan. On 11.05.23 23:59, Nathan Rixham wrote: Hi All, I've run into an issue I can't figure out, essentially need to use url32+src in stick tables, but where src is the x-forwarded-for address rather than the connecting source - any advice would be appreciated. As this is a quite gen

Re: Drain L4 host that fronts a L7 cluster

Isn't is a similar request to https://github.com/haproxy/haproxy/issues/969 as I mentioned in the issue https://github.com/haproxy/haproxy/issues/2149 On 06.05.23 01:18, Abhijeet Rastogi wrote: Thanks for the response Tristan. For the future reader of this thread, a feature request was create

Any Roadmap for "Server weight modulation based on smoothed average measurement" ( https://github.com/haproxy/haproxy/issues/1977 )

Hi. Is there any Plan when the work on this part will start or will be this a smooth forward :-) Regards Alex

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Willy. On 28.04.23 11:14, Aleksandar Lazic wrote: Hi Will. On 28.04.23 11:07, Willy Tarreau wrote: [snipp] So from what I'm reading above, the regtest is fake and doesn't test the presence of digits in the returned value. Could you please correct it so that it properly ver

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Will. On 28.04.23 11:07, Willy Tarreau wrote: Hi Alex, On Fri, Apr 28, 2023 at 10:59:46AM +0200, Aleksandar Lazic wrote: Hi Willy. On 30.03.23 06:23, Willy Tarreau wrote: On Thu, Mar 30, 2023 at 06:16:34AM +0200, Willy Tarreau wrote: Hi Alex, On Wed, Mar 29, 2023 at 04:06:10PM +0200

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi Willy. On 30.03.23 06:23, Willy Tarreau wrote: On Thu, Mar 30, 2023 at 06:16:34AM +0200, Willy Tarreau wrote: Hi Alex, On Wed, Mar 29, 2023 at 04:06:10PM +0200, Aleksandar Lazic wrote: Ping? thanks for the ping, I missed it a few times when being busy with some painful bugs in the past

Re: Reproducible ERR_QUIC_PROTOCOL_ERROR with all QUIC-enabled versions (2.6 to latest 2.8-dev)

Hi Bob. On 18.04.23 17:07, Zakharychev, Bob wrote: While experimenting with enabling QUIC in HAProxy sitting in front of our closed-source application I stumbled upon a reproducible QUIC protocol failure/malfunction while accessing specific CSS resource, which is served via internal applicatio

Re: Puzzlement : empty field vs. ,field() -m

Hi. On 18.04.23 00:55, Jim Freeman wrote: In splitting out fields from req.cook, populated fields work well, but detecting an unset field has me befuddled: acl COOK_META_MISSING req.cook(cook2hdr),field(3,\#) ! -m found -m str '' does not detect that a cookie/field is empty ? Running the

Re: Problems using custom error files with HTTP/2

On 17.04.23 15:08, Willy Tarreau wrote: On Mon, Apr 17, 2023 at 03:04:05PM +0200, Lukas Tribus wrote: On Sat, 15 Apr 2023 at 23:08, Willy Tarreau wrote: On Sat, Apr 15, 2023 at 10:59:42PM +0200, Willy Tarreau wrote: Hi Nick, On Sat, Apr 15, 2023 at 09:44:32PM +0100, Nick Wood wrote: And

Re: Opinions desired on HTTP/2 config simplification

Hi. On 15.04.23 11:32, Willy Tarreau wrote: Hi everyone, I was discussing with Tristan a few hours ago about the widespread deployment of H2 and H3, with Cloudflare showing that H1 only accounts for less than 7% of their traffic and H3 getting close to 30% [1], and the fact that on the opposite

Re: Problems using custom error files with HTTP/2

Hi Nic, On 15.04.23 19:35, Nick Wood wrote: Hello all, I have recently enabled HTTP/2 on our HAProxy server by adding the following to the bind line: alpn h2,http/1.1 Everything appears to be working fine, apart from our custom error pages. Rather than serving the custom page as before,

Re: Interest in HA Proxy from Sonicwall

Hi Kenny. On 05.04.23 20:04, Kenny Lederman wrote: Hi team, Do you have an account rep assigned to Sonicwall that could help me with getting a POC set up? This is the Open Source Mailing list, if you want to get in touch with the Company behind HAProxy please use this. https://www.haproxy

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Ping? On 10.01.23 21:27, Aleksandar Lazic wrote: On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" decision to which server should the reque

Re: RFQ HAPROXY SERVER for CTBC Bank

HI. On 29.03.23 05:02, Procurement - TTSolution wrote: Hi Sir/Madam, Please help to provide quotation below for: 1. *HAPROXY SERVER – QTY: 1* As willy already written is this list mainly for the OpenSource HAProxy. You can get in touch for the Enterprise Version on this page. https://www.h

Re: HAProxy CE Docker Debian and Ubuntu images with QUIC

Hi Dinko. On 19.03.23 19:54, Dinko Korunic wrote: Dear community, As previously requested, we have also started building HAProxy CE  for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) built on top of Debian 11 Bullseye and Ubuntu 22.04 Jammy Jellyfish base image

Re: HAProxy CE Docker Alpine image with QUIC

Hi Dinko. On 17.03.23 20:59, Dinko Korunic wrote: Dear community, Upon many requests, we have started building HAProxy CE for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) as Docker Alpine 3.17 images. That's great news :-). What should keep in mind is that A

Re: [PATCH] MINOR: sample: Add bc_rtt and bc_rttvar

Hi. Any chance to add this Patch? Regards Alex On 10.01.23 21:27, Aleksandar Lazic wrote: On 09.12.22 13:17, Aleksandar Lazic wrote: Hi. As I still think that the Balancing algorithm (Peak) EWMA ( https://github.com/haproxy/haproxy/issues/1570 ) could help to make a "better" d

Re: proxy

Hi Adam. On 12.01.23 01:30, Adam wrote: Dear Friend I have a service to broadcast channels and movies over the Internet by panel iptv And I have servers that I want to hide the real IP of in order to protect them from attacks It is on the other hand a complaint of abuse How do you help me with

  1   2   3   4   5   6   7   8   9   10   >