Re: Haproxy 2.2.3 source

Thank you Willy! A On Wed, Sep 9, 2020 at 1:31 PM Willy Tarreau wrote: > On Wed, Sep 09, 2020 at 07:20:17PM +0200, Willy Tarreau wrote: > > Feel free to pick this patch if that helps for your builds, I'm going > > to backport it to 2.2 once all platforms are happy. > > All builds are OK now,

Re: Haproxy 2.2.3 source

Correct.. this is arm based on my side as well. Sent from my Pixel 3XL On Tue, Sep 8, 2020, 5:47 PM Vincent Bernat wrote: > ❦ 8 septembre 2020 16:13 -04, Alex Evonosky: > > > Just compiling 2.2.3 and getting this reference: > > > > > > /haproxy-2.2.3/src/thr

Haproxy 2.2.3 source

Hello Haproxy group- Just compiling 2.2.3 and getting this reference: /haproxy-2.2.3/src/thread.c:212: undefined reference to `_Unwind_Find_FDE' Is there a new lib thats required? Thank you!

Re: CORS support

Thank you Willy. That did it! Great work! Sent from my Pixel 3XL On Mon, Dec 16, 2019, 11:50 PM Willy Tarreau wrote: > Hello Alex, > > On Mon, Dec 16, 2019 at 01:22:42PM -0500, Alex Evonosky wrote: > > Hello Haproxy group- > > > > migrating from haproxy

CORS support

Hello Haproxy group- migrating from haproxy 2.0 to 2.1 and noticed some directives changed: === 2.0.10 === capture request header origin len 128 http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m end aiqwest.com } http-response add-header

Re: [ANNOUNCE] haproxy-2.0.1

after compiling the new 2.0.1, it seems the HTTP2 issue *we were seeing* on 2.0 but not on 1.9.8 are fixed. Thank you. On Thu, Jun 27, 2019 at 7:19 AM Aleksandar Lazic wrote: > Am 26.06.2019 um 19:28 schrieb Christopher Faulet: > > Hi, > > > > HAProxy 2.0.1 was released on 2019/06/26. It added

Re: haproxy architecture

Jeff > > > On 20/05/2019 17:48, Alex Evonosky wrote: > > example: > > pod1: > > primary: 1.1.1.2 > secondary: 1.1.1.3 > virtual: 1.1.1.1 > > > pod2: > > primary: 1.1.1.5 > secondary: 1.1.1.6 > virtual: 1.1.1.4 > > > The mechanism to utiliz

Re: haproxy architecture

, 2019 at 11:37 AM Jeff Abrahamson wrote: > Thanks, Alex. > > I'd understood that, but not the mechanism. Each host has an A record. > Did I miss a DNS mapping type for virtual addresses? Or do the two hosts > run a protocol between them and some other party? (But if one of my &

Re: haproxy architecture

hich used to > have DNS resolutions from one name to multiple IP's, now resolve to a > single IP. > > Jeff Abrahamson > http://p27.eu/jeff/ > http://transport-nantes.com/ > > > On 20/05/2019 15:04, Alex Evonosky wrote: > > You could make it a bit more agile

Re: haproxy architecture

You could make it a bit more agile and scale it: you can run them in "pods", such as two haproxy instances running keepalived between them and use the ViP IP as the DNS record, so if an HAproxy instance was to die, the alternate HAproxy instance can take over. Set more pods up and use DNS round

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

the docs. On reflection I was not able to discern the distinction of the sample fetch keyword list and the ACL keyword list in payload.c. I hope that having added this to the sample fetch list only was correct, even though it does not match the example set by "req_ssl_sn

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

Hi Willy, Thanks for the generous review and pointers - that does sound much better and appears to work well for the ClientHellos I have tried. Sorry for not posting this as RFC. Alex - Original message - From: Willy Tarreau To: Alex Zorin Cc: haproxy@formilux.org Subject: Re

Re: [PATCH] MINOR: acl: add support for TLS ALPN matching

Unfortunately I attached the wrong patch file. Attaching in reply. Alex On Sun, Dec 30, 2018, at 2:20 PM, Alex Zorin wrote: > Hello, > > The attached patch adds acl support for the TLS ALPN extension > (RFC7301) extension via "req.ssl_alpn", in a similar v

[PATCH] MINOR: acl: add support for TLS ALPN matching

Hello, The attached patch adds acl support for the TLS ALPN extension (RFC7301) extension via "req.ssl_alpn", in a similar vein to "req.ssl_sni". It is useful for pass-thru of TLS connections in scenarios like ACME's tls-alpn-01. Thank you Alex>From 8008e5e8f23747741

Re: haproxy.org, Suggestions to increase your business

Hi haproxy.org, Hope you are doing fantastic. I am Alex Sr. Web Analyzer having 9+ years of experience in Search Engine Marketing, Social media Marketing, Content Marketing, Pay-per-click, Video Marketing etc. While analyzing your website, we tracked some pitfalls for which your website doesn’t

Re: haproxy.com, Suggestions to increase your business

Hi haproxy.com, Hope you are doing fantastic. I am Alex Sr. Web Analyzer having 9+ years of experience in Search Engine Marketing, Social media Marketing, Content Marketing, Pay-per-click, Video Marketing etc. While analyzing your website, we tracked some pitfalls for which your website doesn’t

Re: What to look out for when going from 1.6 to 1.8?

Tim- I can speak from a production point of view that we had HAproxy on the 1.6 branch inside docker containers for mesos load balancing with pretty much the same requirements as you spoke of. After compiling Haproxy to the 1.8x branch the same config worked without issues. -Alex On Mon, Jul

Re: [ANNOUNCE] haproxy-1.8.0

Congratulations! On Mon, Nov 27, 2017 at 8:41 AM, Arnall wrote: > Le 26/11/2017 à 19:57, Willy Tarreau a écrit : > >> Hi all, >> >> After one year of intense development and almost one month of debugging, >> polishing, and cross-review work trying to prevent our respective

Re: Bestvpnrating is ready to donate (Sponsorship)

Hi, I have contacted you about sponsorship. Have you received the letter? Looking forward to your reply, Best regards, Alex Smith. On Пт, 13 окт 2017 10:37:50 + Alex Smith a...@bestvpnrating.com wrote Hello! My name is Alex and I represent the website

Sponsorship

Hello! My name is Alex and I represent the website bestvpnrating.com Our company is aimed at sponsoring your project. How can we be listed among your sponsors? Looking forward to your reply, Best regards, Alex Smith.

Sponsorship

Hello! My name is Alex and I represent the website bestvpnrating.com Our company is aimed at sponsoring your project. How can we be listed among your sponsors? Looking forward to your reply, Best regards, Alex Smith.

Linking on haproxy.org

Hello! Hope your day is going well! My name is Alex and I’m a representative of the site bestvpnrating.com. The aim of our site is to provide recent news about VPN services and cybersecurity at large. Actually, you may visit the site to ascertain. I would like to know is it possible to add

Missing LUA functionality

Hi there, Our company is using LUA scripting a lot, and I've discovered some missing functions in the code. We've made a patch to fill these gaps, but I don't know how to make a pull request. So, I've made a copy of the haproxy repository and pushed my changes there. It's based on latest

LUA - missing functionality

Hi there. I'm moving some code to HAProxy (LUA) and struggling with missing (or undocumented) functionality: 1. I'm modifying request headers in action context before passing it to web-servers, but can't access URL/query string (looks like it's only available with AppletHTTP class in service

Crash with kernel error

Haproxy 1.6.15 crashes with following error haproxy[24074]: segfault at 3dbed94000 ip 003dbea897fb sp 7fffc7278e68 error 4 in libc-2.12.so[3dbea0+18a000]

Re: vrrp stateful failover

Hi Ben Thanks for the great responses, a pair of haproxies isn't quite a pair of f5's yet!!! We really wanted to ensure we had tested the current capabilities as far as we could. Cheers Alex On 24 February 2016 at 02:34, Benjamin Lee <benjamin@realthought.net> wrote: > [.

vrrp stateful failover

as if i am missing something from the haproxy configuration that means the 2 instances are not sharing their state. configs are available, but its all pretty standard and follows the docs Thanks in advance for any help Alex

Re: Set State to DRAIN vs set weight 0

while "draining" with set weight 0 if using server-state-file feature. Is this correct ? Thank you, Alex On Thu, Jan 21, 2016 at 9:00 PM, Willy Tarreau <w...@1wt.eu> wrote: > Hi, > > On Wed, Jan 20, 2016 at 10:53:46AM +0200, Alex wrote: > > Hello, > &

Set State to DRAIN vs set weight 0

es, if any ? Also, the server line from stats should become blue for status change to DRAIN, or my test result is the expected behavior ? Thank you, -- Alex S

Re: [PATCH] MINOR: DeviceAtlas slight update

Hi Guys , how do unsubscribe :) Thanks Alex > On Dec 3, 2015, at 2:35 AM, Willy Tarreau <w...@1wt.eu> wrote: > > On Wed, Dec 02, 2015 at 11:28:28AM +, David Carlier wrote: >> Hi all, >> >> Here it is a slight change, the DeviceAtlas module logging is si

Re: HAProxy with multiple CRL's

ting hideously dirty hack :)\n",depth); ERR_clear_error(); return 1; } If the depth is greater than 0 you're verifying the revocation status of a CA certificate. If the error code is 3 it corresponds to X509_V_ERR_UNABLE_TO_GET_CRL as per the OpenSSL x509_vfy.h Alex T From: &quo

Re: AW: Delete response headers unless condition give me a warning

Ricardo F writes: > > Hello, > Thanks for the responses, At least i found that my tought are correct. > > If you have enought time, Willy, i will read the explanation gladly but if someone are in the same situation as me, this is other workaroung: > >         rspidel

unsuscribe

[SPAM] RE:VOCE E CONVIDADO

Seu cliente de e-mail não pode ler este e-mail. Para visualizá-lo on-line, por favor, clique aqui: http://comprasnoparaguay23.net/display.php?M=426C=0756d1e8cdaf638b4892e93319565405S=6L=1N=1 Para parar de receber nossos

[SPAM] RE:VOCE E CONVIDADO

Seu cliente de e-mail não pode ler este e-mail. Para visualizá-lo on-line, por favor, clique aqui: http://comprasnoparaguay23.net/display.php?M=426C=0756d1e8cdaf638b4892e93319565405S=2L=1N=1 Para parar de receber nossos

Connection refuse on client after configuring haproy

We have HAProxy running on GlusterFS and geting “connection refuse , port map failure “ any ideas ? Alex

haproxy config question

Do I need rpcbind runing on haproxy , ? we are trying to use the haproxy to load balance across GlusterFS for NFS using mode tcp but i get connection refused port 111 .

connection refused on port111

using haproxy getting connection refused on portmaper any suggestion thanks Alex

Re: connection refused on port111

17.199.146.184:80 modehttp stats enable stats uri /stats On May 19, 2015, at 12:14 PM, Tim t...@bastelfreak.de wrote: maybe you want to share your configs? On 19.05.2015 21:00, Alex wrote: using

subscribe me

connection is rejected when using ipad with send-proxy option

should we debug further? Alex

what is the proper configuration for using send-proxy with SSL

the option of send-proxy to send client src ip to the backend server. Is this possible? Alex

RE: what is the proper configuration for using send-proxy with SSL

Thanks. It seems that haproxy needs to terminate ssl connection and start another ssl connecion to the backend to get it work. (HAProxy in HTTP mode?) Using tcp mode of haproxy, it seems that SSL connction negotiation can not be started. Alex From: luky...@hotmail.com To: alex_wu2

la séduction n'aura plus aucun secret pour vous

Title: Alex coach sduction Cliquez ici pour lire cet e-mail dans votre navigateur. Elle est Inaccessible? Raison de plus pour l’Aborder

[no subject]

unsubscribe

Re: haproxy website rollback

Same for me now. It was fixed shortly after I sent the email. Cheers, Alex On 19-Dec-13 5:07 PM, Mark Janssen wrote: Not for me... Quick News Dec 17th, 2013 : 1.5-dev21 Several early testers reported a few annoying bugs yesterday, so I preferred to fix them quickly and issue another release

Re: Consistent hashing based on cookie - across multiple HAProxy boxes

table webservers | socat /var/lib/haproxy/stats - | fgrep 4start_of_session From my config, it was also important to store text not binary data in the table. -Alex On Sat, Mar 2, 2013 at 5:32 PM, Alex Davies a...@davz.net wrote: I was trying to troubleshoot this with a packet dump on the peer

[PATCH] DOCS: Add explanation of intermediate certs to crt paramater

This change makes the crt block of the documentation easier to use for those not clear on what needs to go in what file, specifically for those using CAs that require intermediate certificates. --- doc/configuration.txt | 44 +--- 1 files changed, 29

Re: Experience with HAProxy SSL intermediate certificates - Godaddy and others

not quite sure where to put this, so i've left it out; if you think this would be helpful i'd be very happy to add it. Thanks, Alex On Sun, Feb 10, 2013 at 10:23 PM, Willy Tarreau w...@1wt.eu wrote: Hi Alex, On Sun, Feb 10, 2013 at 08:46:46PM +, Alex Davies wrote: Hi All, I saw some

Re: Consistent hashing based on cookie - across multiple HAProxy boxes

persistence based on a cookie that I could test, by chance? Thanks, -Alex

Re: Consistent hashing based on cookie - across multiple HAProxy boxes

:80 weight 6 check observe layer4 inter 1 server ww3 10.99.99.203:80 weight 10 check observe layer4 inter 1 ... Thanks, Alex On Sun, Feb 10, 2013 at 9:47 PM, Baptiste bed...@gmail.com wrote: Hi, It's weird you don't need the store-response. Test it as best as you can

Re: Consistent hashing based on cookie - across multiple HAProxy boxes

anything in the logs about the peers, nor anything in the haproxy status URL. Obviously if the peering were to silently break down, this would be bad for me! Thanks, -Alex On Fri, Feb 8, 2013 at 4:22 AM, Baptiste bed...@gmail.com wrote: ahah, you can call me Baptiste :) You miss a stick

Experience with HAProxy SSL intermediate certificates - Godaddy and others

is fantastic. Thanks guys! Thanks, -Alex [1] Godaddy ask you to choose your type of SSL provider. I selected nginx as I have used that before, but for some reason it does not provide the intermediate certificate in this case. Select Apache Tomcat to get a zip file with both gd_bundle

Re: Consistent hashing based on cookie - across multiple HAProxy boxes

that this will only mean that sessions become persistant once PHPSESSID is set. So, to translate into practicality, as long as the login page creates the relevant cooke (and it does not subsequently change once logged in), this should work nicely. Thanks, -Alex On Sun, Feb 3, 2013 at 7:59 AM

Consistent hashing based on cookie - across multiple HAProxy boxes

end up with a Thanks, -Alex

Haproxy F5 usage question

client. I do have haproxy sending out the X-Forwarded-For. But the f5 does not see it. Anyone have an example of how scenario like this would work? Do I need to modify haproxy or is this an f5 issue? Thank you again in advance.. [circle]http://www.suny.edu/ Alex DeMarco Manager

RE: Haproxy F5 usage question

Right now it is just a proof of concept idea. Part of the problem is that F5 the we own does not do reverse proxying,. At least not without running an iRule that no one on their support department will support you on. Unless I am completely missing something. - Alex From: Jeffrey

stats question

123.456.789.99 for example. thanks! [circle]http://www.suny.edu/ Alex DeMarco Manager of Technical Services The State University of New York State University Plaza - Albany, New York 12246 Tel: 518.320.1398Fax: 518.320.1550 Be a part of Generation SUNY: Facebookhttp://www.facebook.com

RE: stats question

Thank you.. However, I a have a followup.. What does it mean when I get this: 'stats' ignored because frontend 'myfrontend-80' has no backend capability? Even though I have a default backend defined? Thanks again. - Alex From: Baptiste [mailto:bed...@gmail.com] Sent: Thursday

Re: Rate limiting- queueing requests

Hi Willy, I never replied to this mail, my apologies! Thank you for your suggestions. Sadly, in our case, neither approach works - but it was worth asking you first. I solved our problem with something that executes right at the start of our application, Thank you! Alex On Wed, Nov 28, 2012

Passing host head to the backend

- Alex

RE: Passing host head to the backend

it working for other parts. - Alex -Original Message- From: Baptiste [mailto:bed...@gmail.com] Sent: Tuesday, December 18, 2012 2:43 PM To: DeMarco, Alex Cc: haproxy@formilux.org Subject: Re: Passing host head to the backend Hi, Nothing to do, it will pas it straight away, unless you tell

Re: Re-encrypt to the backend

Thank you, I have this working.. - Alex Original message From: Willy Tarreau w...@1wt.eu Date: 12/14/2012 2:48 AM (GMT-05:00) To: DeMarco, Alex alex.dema...@suny.edu Cc: haproxy@formilux.org Subject: Re: Re-encrypt to the backend Hi Alex, On Fri, Dec 14, 2012 at 12:58

Re-encrypt to the backend

them and send them to the backend because the backend http server is expecting an ssl connection. Can I do this in haproxy? If so, could you give me some pointers? Thanks! Alex

HAProxy statistics report page

Question, on demo.1wt.eu what was used to create this? Is it a function in HAProxy? I've been looking thru the doc and cannot seem to find it. Thank you. - Alex

Stats error

I am trying to get stats enable to work. However, every time I try to start haproxy I get the following error: 'stats' ignored because frontend has no backend capability. I have backend rules in place so I am not sure what else I am missing.. Any ideas? Thank you.. Alex

UPDATE RE: Stats error

I got it working.. thank you - Alex From: DeMarco, Alex [mailto:alex.dema...@suny.edu] Sent: Friday, December 07, 2012 7:18 PM To: haproxy@formilux.org Subject: Stats error I am trying to get stats enable to work. However, every time I try to start haproxy I get the following error

Re: ssl for ver 1.5 question

Thanks I have it working.. Alex Baptiste wrote: Hi Alex, by default, IIS will export the cert in a PKCS12 format, you have to translate it into PEM format. When exporting, don't forget to export the private key as well. openssl pkcs12 -in key_and_cert.pfx -out key_andcert.pem -nodes cheers

Rate limiting- queueing requests

! -Alex

Proxied connections via SSH tunnel are up/down based on state of ssh tunnel not service

-one-the-front/ but I'd prefer to not do that because it just adds further complexity to the setup (more ssh tunnels). Thanks, Alex

Source IP rate limiting

is blocked by (from the example post there are 2) * Is it possible to 'hash' on a specific cookie value (i'm thinking PHPSESSID) as well as IP, i.e. if connections for any given PHPSESSID value reaches x per minute block? Many thanks, Alex -- Alex Davies This email and any files transmitted

Re: Source IP rate limiting

if cookie_conn_rate_abuse mark_as_abuser Many thanks, Alex On Thu, Nov 10, 2011 at 12:56 PM, Baptiste bed...@gmail.com wrote: On Thu, Nov 10, 2011 at 12:48 PM, Alex Davies a...@davz.net wrote: Hi, I am interested in rate limiting connections from users to stop small DOS 'attacks' from individual

Re: haproxy - kernel socket and # files limits

Hi Willy, Thank you for your detailed explanation; you are entirely right and the limit that was screwing me was the limit of fds/process which I have now fixed. Can you explain which parameter should be set to 2 to prevent malloc() fails when there is no more memory left? Many thanks, Alex

haproxy - kernel socket and # files limits

to as close to infinite as possible - and allow them to use all the system RAM. Would anybody with more knowledge in this area be able to shed any light? - Alex

Re: haproxy / Python 'tornado' framework - digging into 502/504 errors

? (the configuration is the same as in my email - i.e. server timeout 2hrs). I will investigate the 502 errors with more benchmarking directly against the backends. Thank you for confirming that this is the source of the problem. Many thanks, Alex On Tue, Sep 13, 2011 at 11:41 PM, Willy Tarreau w...@1wt.eu

haproxy / Python 'tornado' framework - digging into 502/504 errors

connection before returning a 502 - I thought that the option redispatch and retries 10 would ensure another go. If anybody is able to shed some thoughts on my two questions I would be very grateful! Many thanks, Alex # haproxy.conf global log 127.0.0.1 local4 debug chroot /var

Re: haproxy / Python 'tornado' framework - digging into 502/504 errors

any at all in the first minute of a new process). Cheers, Alex On Tue, Sep 13, 2011 at 1:46 PM, Cyril Bonté cyril.bo...@free.fr wrote: clitimeout

haproxy / Python 'tornado' framework - digging into 502/504 errors

any at all in the first minute of a new process). Cheers, Alex On Tue, Sep 13, 2011 at 1:46 PM, Cyril Bonté cyril.bo...@free.fr wrote: clitimeout

RE: sock-raw.org

is being tracked, it will start appearing in our search results as soon as enough information is gathered, typically 24 hours. Please let me know how it works out or if you need my help. Thanks, Alex Prikhodko Lead Developer expo-MAX Inc. 10520 Yonge St., Unit 35B Suite 138 Richmond

Hardware recommendations

Hi, We're looking to upgrade our HAProxy hardware soon. Does anyone have any recommendations on the things we should be looking for? e.g. Are there any NICs we should use/avoid? Our site primarily serves lots of small objects. Kind regards, Alex

Re: Apache CLOSING state

experienced similar issues. I am using Apache from the CentOS 5 repository (Apache 2.2.3), mpm prefork (StartServers: 200, MinSpareServers: 50, MaxSpareServers: 400, ServerLimit: 1024, MaxClients: 1024) Alex 2010/1/20 Emmanuel Bailleul emmanuel.baill...@telindus.fr Hi Alex, The 'lingering close

Selective logging

to have HAProxy selectively log requests, either based on an acl, or ideally, backend? Cheers, Alex

Re: New HAProxy user keeps loosing connection

on this. If this is the problem, you can fix it using 'option httpclose' in you HAProxy configuration, or by disabling keep-alives on your backend web servers. - Alex Tom Potwin wrote: Hi I hope I'm doing this correctly. I just joined, and I haven't used a mailing list in a long time. I'm