Tue, 2023-11-28 at 16:29 +0100, Christoph Kukulies wrote:
>> I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04):
>>
>> Excerpt from haproxy.cfg:
>>
>> frontend http-in
>> #bind *:80
>> bind :::80 v4v6
>> #bind *:443 ssl crt
I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04):
Excerpt from haproxy.cfg:
frontend http-in
#bind *:80
bind :::80 v4v6
#bind *:443 ssl crt /etc/haproxy/certs/xx.pem
bind :::443 v4v6 ssl crt /etc/haproxy/certs/xx.pem
bind quic4@0.0.0.0:443 name quic443
The idea came to me that my haproxy server could possibly not ipv6 capable and
Ichange the config to thais here:
frontend http-in
#bind *:80
bind :::80 v4v6
#bind *:443 ssl crt /etc/haproxy/certs/www.mydomain.org.pem
bind :::443 v4v6 ssl crt
https request?
--
Christoph
> Am 20.11.2023 um 09:22 schrieb Christopher Faulet :
>
> Le 18/11/2023 à 16:19, Christoph Kukulies a écrit :
>> I added a log-format and did a haproxy-reload.
>> No change in log detail:
>> defaults
>> log global
>>
n/xml font/opentype image/bmp image/svg+xml
image/x-icon text/cache-manifest
balance roundrobin
option dontlog-normal
option dontlognull
option httpclose
option forwardfor
> Am 18.11.2023 um 16:07 schrieb Christoph Kukulies :
>
> Thanks. That's the tomca
balance roundrobin
option dontlog-normal
option dontlognull
option httpclose
option forwardfor
> Am 18.11.2023 um 15:45 schrieb Willy Tarreau :
>
> On Sat, Nov 18, 2023 at 03:20:51PM +0100, Christoph Kukulies wrote:
>> I would like to see more precisely what
I would like to see more precisely what requests arrive at haproxy at which
port and how they are routed to the backend server (port).
At the moment I don't see any connects in /var/log/haproxy/haproxy.log
and at the backend server (tomcat9) I see the following (I extended the
logformat by the
I have the following line in my config:
backend website
http-request replace-header Destination ^([^\ :]*)\ /(.*) \1\ /opencms/\2
server www.mydomain.org 127.0.0.1:8080
Actually I'm used the write multiple patterns as \(pattern1\)\(pattern2\). So
is it a different regex syntax?
The
14 02:07:26 PM CET 2023] Reload successful
[Tue Nov 14 02:07:26 PM CET 2023] Success
acme@mail:~/.acme.sh$ ls -l /etc/haproxy/certs
total 12
-rw-rw-r-- 1 acme acme 8489 Nov 14 14:07 www.mydomain.org.pem
Christoph Kukulies
k...@kukulies.org
This file seems to be assembled by the deploy script
> Am 13.11.2023 um 10:09 schrieb William Lallemand :
>
> On Sat, Nov 11, 2023 at 10:26:33AM +0100, Christoph Kukulies wrote:
>> I'm using haproxy2.8 and I have configured the acme.sh challenge to fetch
>> the certificate, following this wiki here:
>> https://g
in that direction, I'd be grateful.
> Am 11.11.2023 um 23:14 schrieb Shawn Heisey :
>
> On 11/11/2023 02:26, Christoph Kukulies wrote:
>> The file is definitely there and the command works an a different file, when
>> I apply it to the previously used certificate fullchain.p
I'm using haproxy2.8 and I have configured the acme.sh challenge to fetch the
certificate, following this wiki here:
https://github.com/haproxy/wiki/wiki/Letsencrypt-integration-with-HAProxy-and-acme.sh
Once I get to the point to test the certificate, I'm getting:
acme@mail:~$ echo "show ssl
> Am 08.11.2023 um 21:29 schrieb Shawn Heisey :
>
> On 11/8/23 10:11, Christoph Kukulies wrote:
>> frontend web80
>> bind 0.0.0.0:80 name web80
>> default_backend be-local-81
>
> Normally you definitely would not want this in your production c
the new one and the
config file works.
Excuses for the confusion I have caused.
--
Christoph
> Am 08.11.2023 um 17:52 schrieb Amaury Denoyelle :
>
> On Wed, Nov 08, 2023 at 04:42:00PM +0100, Christoph Kukulies wrote:
>> Christoph Kukulies
>> k...@kukulies.org
>>
>>
stats refresh 15
backend be-local-81
option httpchk
server localhost 127.0.0.1:81
> Am 08.11.2023 um 17:39 schrieb William Lallemand :
>
> On Wed, Nov 08, 2023 at 04:42:00PM +0100, Christoph Kukulies wrote:
>>
>> I posted the output of haproxy -vv (on
Christoph Kukulies
k...@kukulies.org
> Am 08.11.2023 um 14:04 schrieb Frederic Lecaille :
>
> On 11/8/23 13:37, Frederic Lecaille wrote:
>> On 11/8/23 11:27, Christoph Kukulies wrote:
>>> parsing [/etc/haproxy/haproxy.cfg:60] : 'bind' : unsupported protocol
>>
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
root@mail:~/haproxy-scripts#
> Am 08.11.2023 um 11:43 schrieb William Lallemand :
>
> On Wed, Nov 08, 2023 at 11:27:49AM +0100, Christoph Kukulies wrote:
>> parsing [/etc/haproxy/haproxy.cfg:60] : 'bind' : unsupported protocol fam
parsing [/etc/haproxy/haproxy.cfg:60] : 'bind' : unsupported protocol family 2
for address 'quic4@0.0.0.0:4>
Nov 08 11:16:54 mail.
I'm using sample.haproxy.cfg from Shawns haproxy-scripts and there the line:
bind quic4@0.0.0.0:443 name quic443 ssl crt crt /etc/haproxy/fullchain.pemproto
quic
toph
> Am 07.11.2023 um 14:38 schrieb Cyril Bonté :
>
> Hi,
>
> Le 07/11/2023 à 12:54, Christoph Kukulies a écrit :
>> (...) Now haproxy fails on my config (which the former version 2.4 I was
>> running before, didn't)
>> This is the line in question:
>> bind
ine in question:
bind *:443 ssl crt /etc/haproxy/fullchain.pem crt ssl-skip-self-issued-ca
How do I fix this?
Put crt ssl-skip-self-issued-ca
in a separate line?
Where?
> Am 07.11.2023 um 12:27 schrieb Christoph Kukulies :
>
> I found that a missing psutil module (python3) breaks
rm -f libcrypto.so.81.3
rm -f libcrypto.so
rm -f libssl.so.81.3
rm -f libssl.so
root@mail:~/haproxy-scripts#
> Am 07.11.2023 um 11:53 schrieb Christoph Kukulies :
>
> Thanks, Shawn.
> I git-cloned all links. I now have directories:
>
> /root/haproxy-2.8
> /root/haproxy
Thanks, Shawn.
I git-cloned all links. I now have directories:
/root/haproxy-2.8
/root/haproxy-scripts
/root/openssl
I don't have a separate docker server available. Must do this in my production
site (although it can tolerate short outages :)
I started the script new-haproxy (Ubuntu 22.04.3
on: Linux 5.15.0-88-generic #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC 2023
x86_64
Usage : haproxy [-f ]* [ -vdVD ] [ -n ] [ -N
]
Probably this is not what I want? Better 2.8 stable?
I compiled with
make TARGET=linux-glibc
--
Christoph
> Am 04.11.2023 um 08:42 schrieb Christoph Kukulies :
>
Ubuntu, also to be more up to date?
--
Christoph
> Am 03.11.2023 um 09:49 schrieb Christoph Kukulies :
>
> Thanks, Shawn,
>
> I always have my problems with the open form of the configuration file syntax
> (lua ?).
> The docs say it is a keyword under "crt" whi
d *:443 ssl crt /etc/haproxy/fullchain.pem crt ssl-skip-self-issued-ca
> Am 03.11.2023 um 03:50 schrieb Shawn Heisey :
>
> On 11/2/2023 02:35, Christoph Kukulies wrote:
>> In /etc/letsencrypt/live/www.mydomain.org I have:
>> lrwxrwxrwx 1 root root 41 Oct 23 17:22 *cert.pem*-&g
William, Shawn,
excuses for responding with delay. I've been offline for the past 24 hours.
Here more infomation:
root@mail:/etc/haproxy# /usr/sbin/haproxy --version
HAProxy version 2.4.22-0ubuntu0.22.04.2 2023/08/14 - https://haproxy.org/
Status: long-term supported branch - will stop
'bind *:443' : No Private Key found in
'/etc/letsencrypt/live/www.mydomain.org/fullchain.pem.key'.
I have the following in my
/etc/letsencrypt/live/www.mydomain.org:
lrwxrwxrwx 1 root root 41 Oct 23 17:22 cert.pem ->
../../archive/www.mydomain.org/cert12.pem
lrwxrwxrwx 1 root root 42 Oct 23
During migration from an older site to a newer one with newer haproxy I find
that I have syntax errors in
haproxy.cfg:
The 'reqirep' directive is not supported anymore since HAProxy 2.1. Use
'http-request replace-header' instead.
The directive to replace is:
reqirep ^([^\ :]*)\ /(.*) \1\
Due to some recent action I did from some may outdated instructions for haproxy
1.6 under Ubuntu
I have a left off broken haproxy repo which comes up everytim I’m doing
apt-updates:
Ign:3 http://ppa.launchpad.net/vbernat/haproxy-1.6/ubuntu bionic InRelease
subscribe k...@kukulies.org
smime.p7s
Description: S/MIME cryptographic signature
30 matches
Mail list logo