Re: Haproxy, Logging more TCP details?

I missed a config line from Haproxy.conf in my previous reply: Frontend ldaps tcp-request content capture ssl_fc_sni len 25 On 11/23/21, 1:57 AM, "Jarno Huuskonen" wrote: Hi, On 11/22/21 16:33, Ben Hart wrote: > Hey there! I’ve got a handful of Haproxy ser

Re: Haproxy, Logging more TCP details?

ted header server name so that's a big bonus. But I wonder if I'm still not getting everything. Attached is a revised haproxy.cfg, I look forward to your advice and suggestions. Thanks! On 11/23/21, 1:57 AM, "Jarno Huuskonen" wrote: Hi, On 11/22/21 16:33, Ben Hart wr

Haproxy, Logging more TCP details?

appropriate log options or formats setup to determine that. Attached is my sanitized haproxy.cfg Please don’t hesitate to ask me for more info 😊 Thanks!! Ben global log /dev/loglocal0 log /dev/loglocal1 notice # log 127.0.0.1 local1 chroot /var/lib/haproxy

Re: Haproxy + LDAPS+ SNI

ht be misunderstanding how this part of Haproxy works fundamentally... On 11/3/21, 4:49 AM, "Lukas Tribus" wrote: Hello Ben, On Wed, 3 Nov 2021 at 03:54, Ben Hart wrote: > > I wonder, can I ask if the server directives are correct insofar as > making a s

Re: Haproxy + LDAPS+ SNI

Tribus" wrote: Hello, On Tue, 2 Nov 2021 at 21:24, Ben Hart wrote: > > In the config (pasted here > https://0bin.net/paste/1aOh1F4y#qStfT0m0mER3rhI3DonDbCsr0NRmVuH9XiwvagEkAiE) > My questions surround the syntax of the config file.. Most likely those

Haproxy + LDAPS+ SNI

can’t find a ton of info on Haproxy with SNI and LDAPS so I question if my config is correct. Thanks! [Jamf] Ben Hart IT Systems Administrator 100 Washington Ave S, Minneapolis, MN 55401 [Phone] +00 1 989 424 0187 [Email] ben.h...@jamf.com [Web] www.jamf.com<https://www.jamf.com> [Fa

HAProxy with Exchange 2016

Hello, I want to know if HAProxy works with MS Exchange 2016 and client Outlook Anywhere. The client Outlook Anywhere use MAPI over HTTPS protocol. I don't found any informations about this on the web. Regards, Issam BEN REJEB

51d.c HTX patch

o get the fix out there as soon as we can. Thanks, Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<mailto:b...@51degrees.com?subject=Your%20Email> [https://51degrees.com/portals/0/images/twitterbird.png] @51Degrees<http://twitt

RE: Possible optimization to 51d in multithread

the other change. Thanks, Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<mailto:b...@51degrees.com?subject=Your%20Email> [https://51degrees.com/portals/0/images/twitterbird.png] @51Degrees<http://twitter.com/51Degreesmobi> [htt

RE: [PATCH] wurfl device detection build fixes and dummy library

Hi Willy, Great, thanks. Yeah that makes total sense. Don't want warnings that can't be solved. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 13 June 2019 17:06 To: Be

RE: [PATCH] wurfl device detection build fixes and dummy library

uot;(dummy library)" to the output of REGISTER_BUILD_OPTS macro. I thought about pushing a warning when the dummy library is used just to be super obvious. Don't know what you think of that? Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Origin

RE: [PATCH] wurfl device detection build fixes and dummy library

Thanks both, Ilya, I will take a look at that now. Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<mailto:b...@51degrees.com?subject=Your%20Email> [https://51degrees.com/portals/0/images/twitterbird.png] @51Degrees<htt

RE: [PATCH] wurfl device detection build fixes and dummy library

Hi Willy, Yes, I agree the paths in the dummy library should match that of the actual library. And yes, that patch is good with me. Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent

RE: [PATCH] wurfl device detection build fixes and dummy library

in order to make use of the efficiency of Trie. Regards, Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<mailto:b...@51degrees.com?subject=Your%20Email> [https://51degrees.com/portals/0/images/twitterbird.png] @51Degrees<htt

RE: [PATCH] wurfl device detection build fixes and dummy library

://51degrees.com/Support/Documentation/APIs/C-V32/Benchmarks If you need any more information, or help setting up, do let me know. Regards, Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<mailto:b...@51degrees.com?subject=Your%20Emai

RE: [PATCH] wurfl device detection build fixes and dummy library

if this gets you up and running. Regards, Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<mailto:b...@51degrees.com?subject=Your%20Email> [https://51degrees.com/portals/0/images/twitterbird.png] @51Degrees<http://twitter.co

RE: [PATCH] wurfl device detection build fixes and dummy library

Hi Willy, Great, thanks for those changes, and good spot. I agree that this is a significant step forward, and having the entire codebase testable in CI will certainly make everything that bit smoother. Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees

RE: [PATCH] wurfl device detection build fixes and dummy library

can I'll try to make sure you have everything you need for a weekend release. Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 12 June 2019 10:12 To: Ben Shillito Cc: Christop

RE: [PATCH] wurfl device detection build fixes and dummy library

Hi Willy, This unfortunately fell down our list of priorities in the last few weeks. However, as this is a bit more urgent now with your weekend release, I will get the change for HTX awareness to you either today or tomorrow if that is ok with you? Thanks, Ben Shillito Developer O: +44 1183

RE: [PATCH] wurfl device detection build fixes and dummy library

Hi Willy, Thanks for the update. We will take a look and get a patch over to you. Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 23 April 2019 10:11 To: Paul Stephen Borile Cc

RE: Does anyone *really* use 51d or WURFL ?

Hash Trie API. Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 21 January 2019 16:48 To: Ben Shillito Cc: haproxy@formilux.org Subject: Re: Does anyone *really* use 51d or WURFL ? On

RE: Does anyone *really* use 51d or WURFL ?

Hi Willy, Ah yes, thanks, I missed the S first time reading it. There are actually a couple of things I'd like to check over a bit more thoroughly like the caching used in 51d.c, so it will probably be more like tomorrow. Thanks, Ben Shillito Developer O: +44 1183 287152

RE: Does anyone *really* use 51d or WURFL ?

Hi Willy, I agree, setting the flag from the HAProxy USE_THREADS is probably the neatest solution. I will get a patch over to you later on today. Thanks, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w

RE: Does anyone *really* use 51d or WURFL ?

o the 51Degrees default, and give the option to disable threading for those who require that. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 21 January 2019 14:36 To: haproxy@formilux.org Su

RE: [PATCH] Buffer API changes for 51d.c

Hi Willy, Great, thanks for the quick turnaround. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 16 January 2019 16:27 To: Ben Shillito Cc: haproxy@formilux.org Subject: Re

[PATCH] Buffer API changes for 51d.c

Hi Willy, It appears that 51.d still uses some elements of the the now deprecated buffer API, so I have attached a patch which updates the usage to the new buffer API. This can also be backported to 1.9 where the new API was introduced. Thanks, Ben Shillito Developer [51Degrees]<ht

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

> Good catch, done. > Just fix this and you get my Ack :) > And thanks for your patience and your retransmits. > No problem, thanks for reviewing! Hopefully you guys get a break soon. Les vacances se rapprochent.. :) Ben 0001-MINOR-config-Implement-parse-resolv-conf-directive.patch Description: Binary data

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

ion of this > patch? > > Baptiste > > > On Thu, May 24, 2018 at 5:02 PM, Ben Draut wrote: > >> Willy, I think you've reviewed this one already. :) I fixed a few >> things after your review, then you said you just wanted to wait >> for Baptiste to ACK back on

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

add to the pile!) My understanding was that we're just waiting for him. Thanks, Ben On Thu, May 24, 2018 at 8:58 AM, Willy Tarreau wrote: > Hi Jim, > > On Thu, May 24, 2018 at 08:50:29AM -0600, Jim Freeman wrote: > > I'm not seeing any signs of this feature sliding into 1.

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

> > > I also fixed the memory leaks that you pointed out. (I think) But I did > > notice that > > valgrind reports that the 'newnameserver' allocation is being leaked > > anyway, both > > when using parse-resolv-conf as well as the regular nameserver > > directive...Let > > me know if I should do s

Re: [PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

e you don't need to run this check on a read-only file, as it > cannot fail, and if it really did, the user couldn't do anything about > it anyway. > Great, removed. I also fixed the memory leaks that you pointed out. (I think) But I did notice that valgrind reports that the 

[PATCH][MINOR] config: Implement 'parse-resolv-conf' directive for resolvers

r's address as its name in the resolvers section, as I thought that would have the highest probability of avoiding name conflicts with other configured nameservers. Again I'm open to feedback though. Thanks! Ben From 98129271f32e6b9bc00880c967f9acf1233fed9b Mon Sep 17 00:00:00 2001 From: Be

Re: resolvers - resolv.conf fallback

Yep, will do. On Tue, Apr 17, 2018 at 8:04 AM, Baptiste wrote: > > On Sat, Apr 14, 2018 at 5:39 AM, Jonathan Matthews < > cont...@jpluscplusm.com> wrote: > >> On 14 April 2018 at 05:13, Willy Tarreau wrote: >> > On Fri, Apr 13, 2018 at 03:48:19PM -0600, Ben Dr

[PATCH][MINOR]: config: Warn if resolvers section has no namerservers configured

This implements a simple warning for 'resolvers' sections that have no nameservers. Previously discussed here: https://www.mail-archive.com/haproxy@formilux.org/msg29600.html Thanks, Ben From fc6a36dabec89eef0eba13146cecbf157f0675b9 Mon Sep 17 00:00:00 2001 From: Ben Draut Date: F

Re: resolvers - resolv.conf fallback

ews wrote: > > On Fri, 13 Apr 2018 at 15:09, Willy Tarreau wrote: > > > > > On Fri, Apr 13, 2018 at 08:01:13AM -0600, Ben Draut wrote: > > > > How about this: > > > > > > > > * New directive: 'use_system_nameservers' > > &

Re: resolvers - resolv.conf fallback

2018 at 3:12 PM, Ben Draut wrote: > I agree. > > On Mon, Apr 9, 2018 at 1:35 AM, Baptiste wrote: > >> >> >> On Fri, Apr 6, 2018 at 4:54 PM, Willy Tarreau wrote: >> >>> On Fri, Apr 06, 2018 at 04:50:54PM +0200, Lukas Tribus wrote: >>> > &g

Re: [PATCH][REORG/MINOR]: config: Run postparser once per section instance

On Thu, Apr 12, 2018 at 3:06 PM, Willy Tarreau wrote: > Hi Ben, > > On Thu, Apr 12, 2018 at 02:25:58PM -0600, Ben Draut wrote: > > This changes the parser to run section postparsers once per section > > instance, rather than only when the section type changes. > > &

[PATCH][REORG/MINOR]: config: Run postparser once per section instance

summary at most once per section. Thanks, Ben 0001-REORG-MINOR-config-Run-postparser-once-per-section-i.patch Description: Binary data

Re: DNS resolver and mixed case responses

xy/search?q=unspecified+dns+error > > We're expecting/testing to see if bind9's "no-case-compress { any; }" > directive > addresses this, but many folks do not control their DNS services (and as > requisite > AWS/Route53 capabilities mature, neither will we). > &

Re: resolvers - resolv.conf fallback

I agree. On Mon, Apr 9, 2018 at 1:35 AM, Baptiste wrote: > > > On Fri, Apr 6, 2018 at 4:54 PM, Willy Tarreau wrote: > >> On Fri, Apr 06, 2018 at 04:50:54PM +0200, Lukas Tribus wrote: >> > > Well, sometimes when you're debugging a configuration, it's nice to be >> > > able to disable some elemen

Re: DNS resolver and mixed case responses

It's interesting that the default behavior of HAProxy resolvers can conflict with the default behavior of bind. (If you're unlucky with whatever bind has cached) By default, bind uses case-insensitive compression, which can cause it to use a different case in the ANSWER than in the QUESTION. (See

resolvers - resolv.conf fallback

ified in the section. As Jim pointed out previously, libresolv could be used to parse the file. If that's undesirable for some reason, we could parse it ourselves. I'm new to the codebase, so I'm open to any suggestions or guidance anyone may have. Thanks, Ben

RE: [PATCHES] 51d: fix warning when building with 51Degrees release version 3.2.12.12

grees/device-detection should be used for the new Hash Trie source. Apologies for any confusion. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy TARREAU [mailto:wtarr...@haproxy.com] Sent: 05 October 2017 17:39 To

RE: [PATCHES] 51d: fix warning when building with 51Degrees release version 3.2.12.12

proven stable but frozen 3.2.10 version which supports the Pattern algorithm". Or, if it makes things easier for you, I can backport the trie/51Degrees.c/h files to 3.2.10, meaning Trie can be used in that version (the Hash Trie files we now distribute will be needed instead of the d

RE: [PATCHES] 51d: fix warning when building with 51Degrees release version 3.2.12.12

Hi Willy, Yes of course. I have attached a patch which has the correct branch and updated instructions about where to get the free Hash Trie file now that it is no longer part of the git repository. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees

RE: [PATCHES] 51d: fix warning when building with 51Degrees release version 3.2.12.12

ttps://51degrees.com/products/store/on-premise-device-detection. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Dragan Dosen [mailto:ddo...@haproxy.com] Sent: 02 October 2017 10:14 To: haproxy@formilux.org Cc: Willy Tarreau ; B

RE: Build error with 51degrees library

Hi Willy, Thanks for the additional change. And that's quite alright, if there is a problem with our API that is affecting users live builds like this, then it will always be our top priority. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51De

RE: Build error with 51degrees library

URL which is referenced in the instructions, and 1.7/dev now reference the 3.2.10 stable branch. Regards, Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarreau [mailto:w...@1wt.eu] Sent: 19 July 2017 10:59 To: Ben Shillito

RE: Build error with 51degrees library

nious way forward if we’ve made an innocent mistake? Thanks, Ben Ben Shillito Developer O: +44 1183 287152 E: b...@51degrees.com T: @51Degrees -Original Message- From: Florian Tham [mailto:fgt...@gmail.com] Sent: 19 July 2017 09:20 To: Willy Tarreau Cc: James Rosewell ; Ben Shillito

[PATCH] 51Degrees Docs

I have attached a patch which adds definitions for the 51Degrees converter and fetch functions to docs/configuration.txt so the they will appear in the online documentation. This should also be backported. Thanks, Ben. Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +4

RE: 51Degrees Trie Update Patch

Hi Willy, Yes I agree, this is a problem. I have attached a patch with a change to the readme which explains that that the correct version must be pulled if using <=1.6. Regards, Ben. Ben Shillito Developer E: b...@51degrees.com T: @51Degrees -Original Message- From: Willy Tarr

Re: Problems with SNI + TLS passthrough

. So I’ll have to find a way to route properly without relying on SNI. Really appreciate your input. - Ben On Fri, Jul 8, 2016 at 2:28 PM, Lukas Tribus wrote: > Hi Ben, > > > > Am 08.07.2016 um 18:51 schrieb Ben Whaley: > >> Greetings, >> >> I have a scena

Problems with SNI + TLS passthrough

str()” together in a config? Why does HAP set the SNI value if “ssl” is in the config, but does NOT set the SNI value if ssl is not in the config? Thanks in advance for any help & insights. - Ben

51Degrees Trie Update Patch

Attached is a patch submission which makes changes to the 51Degrees Trie implementation to work with recent changes to github.com/51Degrees/Device-Detection/src/trie/51Degrees.c. Ben Shillito Developer [51Degrees]<https://51degrees.com/> O: +44 1183 287152 E: b...@51degrees.com<

Re: Bug when loading multiple configuration files

Hi Willy, Bryan, Thanks for looking at this and getting it fixed quickly. Thanks, Ben On 26 May 2016 at 17:01, Willy Tarreau wrote: > Hi Ben, > > On Wed, May 25, 2016 at 08:41:53AM +0100, Ben Cabot wrote: >> Sorry I forgot include the build details. The configuration its self &

Re: Bug when loading multiple configuration files

select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available filters : [TRACE] trace [COMP] compression Ben On 24 May 2016 at 23:59, Bryan Talbot wrote: > The OP didn’t provide many details, but I am able to reproduce this too using > 1.7-dev and the config files

Bug when loading multiple configuration files

(10937) : register section 'listen': already registered. [ALERT] 144/113841 (10937) : Could not open configuration file /etc/haproxy/haproxy_manual.cfg : Success It looks to be introduced in 5e4261b0 but I'm unsure how to fix it. Please can someone take a look. Thanks, Ben

TTL-based DNS resolution ?

to consider using a different reverse proxy solution between the two ELB tiers instead of HA proxy. I apologize for any inconvenience. I hope the above information was helpful. Please let us know if you have any other questions or concerns and we will be happy to assist you. " Regards, --

[PATCH] BUG/MINOR: Adding validation to stick-table expire value.

stop any undesired behaviour. Attached is a suggested fix. Regards, Ben From c4100ffc1bb530bbf1601bc92154d0e498eea111 Mon Sep 17 00:00:00 2001 From: Ben Cabot Date: Wed, 20 Jan 2016 09:44:39 + Subject: [PATCH] BUG/MINOR: Adding validation to stick-table expire value. If the expire value exc

DNS resolution and 1.4

nging to the upstream and stick with that one until reload? Thanks! -- Ben

DOC: Edited 51Degrees section of README.

Hi, Attached is a patch with an edit to the information in the README regarding 51Degrees installation and configuration. Ben. This email and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not

Re: Howto masquerade real server in a two armed transparent setup

Hi Steffen, If I understand the question right to give your real servers internet access you should be able to enable ip forwarding then use a masquerade rule. You can use "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE " then "echo “1” > /proc/sys/net/ipv4/ip_forwar

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

Just noticed the changes have been backported to 1.6, that's great going. Thanks Baptiste & Willy! On 30 October 2015 at 14:52, Ben Tisdall wrote: > On Fri, Oct 30, 2015 at 2:48 PM, Baptiste wrote: >> On Fri, Oct 30, 2015 at 2:10 PM, Lukas Tribus wrote: >>>> I s

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

he upstream and debian changelogs he seems pretty close behind you folks though :) -- Ben

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Thu, Oct 29, 2015 at 1:43 PM, Ben Tisdall wrote: > Sorry, I'm misinterpreting the test results, please ignore that. One > ELB address has remained the same today so it's likely HAProxy has > been using that and has not needed to update. Ok, finally observed some more ELB

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Thu, Oct 29, 2015 at 1:40 PM, Ben Tisdall wrote: > Ok, testing with the latest > 0001-BUG-MAJOR-dns-first-DNS-response-packet-not-matching.patch > appears to work from the proxy POV but I'm not seeing the update > counter incrementing on address changes. Sorry, I'm mi

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

Ok, testing with the latest 0001-BUG-MAJOR-dns-first-DNS-response-packet-not-matching.patch appears to work from the proxy POV but I'm not seeing the update counter incrementing on address changes.

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Wed, Oct 28, 2015 at 6:28 PM, Ben Tisdall wrote: > On Wed, Oct 28, 2015 at 6:00 PM, Baptiste wrote: >> >> Ben, could you apply the patch below instead of 0001: >> >> [snip] That patch is proving problematic to apply, to save me guessing can you provide it as an attachment please.

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Wed, Oct 28, 2015 at 6:00 PM, Baptiste wrote: > > Ben, could you apply the patch below instead of 0001: > > [snip] Sure, will report back in the morning. Thanks Jesse and Baptiste :) Ben

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Wed, Oct 28, 2015 at 4:29 PM, Baptiste wrote: > Great, thanks for confirming! > Thanks for getting this sorted out Baptiste! Any idea of when the fixes would be likely to be released and make it into the ppa? -- Ben

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

pdate" counter incremented by 1 and the proxy continued to function. -- Ben

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Wed, Oct 28, 2015 at 1:55 PM, Baptiste wrote: > > Have you forced resolution to ipv4 only? > if not, could you give it a try? > Right, with "resolver-prefer ipv4": Resolvers section aws nameserver aws_0: sent: 11 valid: 11 update: 0 cname: 0 cname_error: 0 any_err: 0 nx: 0 t

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Wed, Oct 28, 2015 at 10:15 AM, Ben Tisdall wrote: > > Thanks Baptiste, will get on this today. > Ok this in the test environment now and the "other" counter now increments in step with "valid", eg: Resolvers section aws nameserver aws_0: sent: 208 vali

Re: DNS resolution problem on 1.6.1-1ppa1~trusty

On Wed, Oct 28, 2015 at 2:18 AM, Baptiste wrote: > Ben, > > I found a couple of bugs: > #1 an incomplete end of processing when the queried hostname can't be > found in the response. This lead to the query loop you may have > observed. > #2 an error in the way we parse C

DNS resolution problem on 1.6.1-1ppa1~trusty

th Lua version : Lua 5.3.1 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Regards, -- Ben

Re: [PATCH] BUG: config: external-check command validation is checking for incorrect arguments.

Sorry I'd not noticed that. Everything looks good now thank you Willy. Ben On 4 October 2015 at 09:41, Willy Tarreau wrote: > Resending after some mails were lost du to low space on device... > > On Fri, Oct 02, 2015 at 11:15:35PM +0200, Willy Tarreau wrote: > > On Fri, O

[PATCH] BUG: config: external-check command validation is checking for incorrect arguments.

Alert("Proxy '%s': '%s' does not have a leading '/' and 'external-check path' is not set.\n", curproxy->id, "external-check command"); cfgerr++; } Thanks, Ben -- LOADBALANCER.ORG LTD. www.loadbalancer.org supp...@loadbalancer.org

Re: External-check command problem

Hi All, Has anyone been able to confirm this bug and the patch? I wanted to confirm I had not missed any potential issues elsewhere? Thank you, Ben On 4 September 2015 at 13:50, Ben Cabot wrote: > We have been seeing the following error when trying to use the > external-check command

External-check command problem

option httplog server RIP_Name 192.168.63.100 weight 100 cookie RIP_Name check inter 4000 rise 2 fall 2 minconn 0 maxconn 0 on-marked-down shutdown-sessions thanks, Ben -- LOADBALANCER.ORG LTD. www.loadbalancer.org supp...@loadbalancer.org

Re: VM Power Control/Elasticity

On Mon, May 11, 2015 at 3:47 PM, Nick Couchman wrote: > Thanks for the hints, Ben. I'll defer to those who are experts about > whether or not something like that should be part of the core > functionality; however, it seems that even though this case might not be a > great on

Re: VM Power Control/Elasticity

Nick, Here is some information on using socat to interact with the stats socket. This might be useful for shell scripting. http://www.mgoff.in/2010/07/14/haproxy-gathering-stats-using-socat/

Re: VM Power Control/Elasticity

Nick, HAProxy provides statistics via socket or HTTP interface. You can easily monitor these stats and run scripts. Some cron jobs and regex should suffice. Specific cases like this are usually not something I would imagine belongs in HAProxy core, since it is not directly related to load balancin

Re: Is FTP through haproxy at all viable?

With some iptables rules you can use FTP active and passive mode via haproxy. The key is to assign unique passive port ranges to each backend then port forward those ranges. You must be able to configure each FTP server daemon with it's own range. You must also be able to configure your FTP daemo

Re: email alerts

Hello Andrey, As Maik has previously mentioned that patch will only work on the older version. We have someone working on an updated patch but cannot supply an ETA at the moment as there are a couple of other things in the queue before it. On 24 October 2014 12:59, Andrey Zakabluk wrote: > Hi

Re: RE: [PATCH] MEDIUM: enable low latency polling on systems which support it

orrect that epoll does not currently support busy polling, I will add that to the documentation in the patch. I was thinking something along the lines of: As of now (Linux <= 3.16), epoll does not support busy polling. See also "noepoll". Thoughts? -Ben [1]: http://docs.aws.amazon.com/AW

Re: [PATCH] MEDIUM: enable low latency polling on systems which support it

the busy_read sysctl value. In that case, should it set ERR_ALERT? Or is there a more appropriate error flag? > Are there some applications or poc's already using busy polling where we > could take a look? Unfortunately, I have not found any other projects that support busy polling expl

[PATCH] MEDIUM: enable low latency polling on systems which support it

y benchmarks at this time. :-/ I look forward to everyones feedback on these changes. Cheers, -Ben 0001-MEDIUM-enable-low-latency-polling-on-systems-which-s.patch Description: Binary data

Re: Busy Poll Support

OK, thanks for the pointers Willy. On Thu, Aug 28, 2014 at 3:13 AM, Willy Tarreau wrote: > Hi Ben, > > On Wed, Aug 27, 2014 at 06:03:54PM -0700, Ben Burkert wrote: >> Hello, >> >> The 3.11 release of the Linux kernel added a new feature for low >> latency networ

Busy Poll Support

on a listener socket. I was thinking the socket option could be enabled by setting a "busy_poll" keyword in the listen section. Is there any interest in accepting patches for such a feature? Cheers, -Ben

Re: HAproxy and Mysql

My only feedback is that haproxy has a lot of features that make it useful as a MySQL frontend. The stats are great for sizing and monitoring purposes. Timeouts and queuing are also great for managing load etc. I used to run haproxy in front of a single MySQL instance for those features alone ala:

Re: check works on one backend but not another

Baptiste gave you the proper answer already. The SSL backend is using TCP mode, so the check is a TCP check without the `option httpchk` defined on the backend, which just checks that the port is open. Add the httpchk option without check-ssl and you will be all set. Or you can use track to skip th

Re: check works on one backend but not another

While this does not answer your question per se you can use the track option to eliminate the duplicate check. In other words, the SSL backend can track the checks done by the non-SSL backend. backend nginx-ssl modetcp balance leastconn server app1

Re: speeding up failover

Read the manual about `rise` and `fall` parameters. These allow you to control how many successive checks must pass or fail before the server transitions up or down (rises / falls). The check interval is used as the check timeout unless you specify a check timeout. See "timeout check" in the manual

Re: HAProxy Question

TCP mode load balancing would treat each TCP quad (source ip/source port, dest ip/dest port), stream, or flow as a "session" or in other words, the TCP stream is the basic unit of TCP load balancing. You can enable the stats http interface and monitor that in your browser for some useful metrics s

Email alerts

Hi All, I've been looking into sending email alerts from HAProxy and have written a short blog on what I found with a few a few simple examples : http://blog.loadbalancer.org/3-ways-to-send-haproxy-health-check-email-alerts/ If anyone has any thoughts ,suggestions or improvements please let me kn

Re: HA Proxy FTP Load Balancing Timeout

Alok, Sorry have been out of the office for a while. You could try increasing the clitimeout and srctimeout values in your defaults section. These values are ninety and one hundred and twenty seconds respectively. My guess is that tcpka has no effect on "activity" from haproxy's point of view as

Re: HA Proxy FTP Load Balancing Timeout

On Thu, Apr 18, 2013 at 3:38 PM, Alok Kumar wrote: > Hi Ben, > In my case we are load balancing across FTP servers. > > FTP uses two data channel and command channel port for data transfer. > I use haproxy for the same purpose. Closing the command channel will not affect a tran

Re: HA Proxy FTP Load Balancing Timeout

Alok, On Tue, Apr 16, 2013 at 8:26 PM, Alok Kumar wrote: > I have a HA Proxy server(1.4), thzt is load balacing FTP traffic to Six > FTP > servers. > > I noticed that Load Balancer is dropping traffic after 50 sec, where as > there > was a valid ftp control port and Large file transfer was in

Layer4 connection problem: Resource temporarily unavailable

I run about 50 FTP server clusters. Each cluster consists of 3 backend FTP servers. I am using haproxy to load balance each of these clusters to three backends. I am using smtpchk to verify the FTP banner. I run the HTTP admin interface, which shows the status of all the front/backends. Running ha

Re: CSS not displayed

On Tue, Jan 22, 2013 at 9:57 AM, Olivier Desport wrote: > I use Haproxy with two web servers. The CSS are not well displayed (images, > fonts...). The look of the page is different every time I refresh ! It works > correctly when Haproxy is not used. Is there something to set up in haproxy > or Ap

  1   2   >