c0baec68c Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Tue, 12 Jan 2021 20:19:38 +0100
Subject: [PATCH] BUG/MINOR: init: enforce strict-limits when using
master-worker
The strict-limits global option was introduced with commit 0fec3ab7b
("MINOR: init: always fail when setrlimit fai
Hi William,
On Wed, Jan 13, 2021 at 08:57:47AM +0100, William Dauchy wrote:
> On Tue, Jan 12, 2021 at 08:36:57PM +0100, Jerome Magnin wrote:
> > From ca260ac46cd441ed4108cdef7b304b6c0baec68c Mon Sep 17 00:00:00 2001
> > From: Jerome Magnin
> > Date: Tue, 12 Jan 2021 20:19
Hi William, list,
This is a patch for issue 1042.
I removed all tests for master-worker mode for everything related to
strict-limits.
regards,
--
Jérôme
>From ca260ac46cd441ed4108cdef7b304b6c0baec68c Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Tue, 12 Jan 2021 20:19:38 +0100
Subj
rom: Jerome Magnin
Date: Mon, 7 Sep 2020 11:55:57 +0200
Subject: [PATCH] DOC: ssl-load-extra-files only applies to certificates on
bind lines.
Be explicit about ssl-load-extra-files not applying to certificates
referenced with the crt keyword on server lines.
---
doc/configuration.txt | 3 ++-
1 f
Hi Frank,
On Wed, Aug 12, 2020 at 11:50:05AM +0200, Frank Wall wrote:
> Hi,
>
> this *feels* like a silly question and I may have missed something
> pretty obvious, but... I've tried to use the "source" keyword and
> it doesn't work. HAProxy does not use the specified IP address when
> connecting
ched to this email.
>From db0198a29ab493796414033b8fb11661e91d0bee Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Sun, 26 Jul 2020 12:13:12 +0200
Subject: [PATCH] BUG/MAJOR: dns: don't treat Authority records as an error
Support for DNS Service Discovery by means of SRV records was enhanc
Hi,
this is a patch for issue #775.
--
Jérôme
>From 68e8b71c50d0805faf5facba587f1c8c3f1760b7 Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Tue, 28 Jul 2020 13:38:22 +0200
Subject: [PATCH] BUG/MAJOR: dns: fix null pointer dereference in
snr_update_srv_status
Since commit 13a923
nks for your review.
--
Jérôme
>From 363ed1dd2f3ded7837bbb424eabb309803fc6292 Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Sun, 26 Jul 2020 12:13:12 +0200
Subject: [PATCH] BUG/MAJOR: dns: don't treat Authority records as an error
Support for DNS Service Discovery by means of SRV records was enhanced with
On Sun, Jul 26, 2020 at 01:21:45PM +0200, Jerome Magnin wrote:
> as I was trying to reproduce the issue with DNS Service Discovery with
> SRV records reported in issue #775 I encountered a different issue.
>
> I am using bind as a dns server, and its answers contain an Authority
&g
m earlier versions to 2.2 can have their
service break because of this.
--
Jérôme
>From 9637655e5ee0d4d51056cbdb948f4c2b1da272e4 Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Sun, 26 Jul 2020 12:13:12 +0200
Subject: [PATCH] BUG/MAJOR: dns: don't treat Authority records as an error
S
Hi Dmitry
On Sat, Jul 18, 2020 at 12:29:10PM +0300, Dmitry Sivachenko wrote:
>
> 1) new warnings:
>
> src/log.c:1692:10: warning: logical not is only applied to the left hand side
> of this comparison [-Wlogical-not-parentheses]
> while (HA_SPIN_TRYLOCK(LOGSRV_LOCK, &logsrv->loc
Hi Martin,
On Thu, Jul 16, 2020 at 10:05:40AM +0300, Martin Grigorov wrote:
>
> I am using such logging configuration (HAProxy built from master branch):
>
> global
> log stdout format raw local0 err
> ...
> defaults
> log global
> option dontlog-normal
> option httplog
> option dont
Hi Christian,
On Fri, Jul 03, 2020 at 11:02:48AM +0200, Christian Ruppert wrote:
> Hi List,
>
> we've just noticed and confirmed some strange change in behavior, depending
> on whether the request is made with HTTP 1.x or 2.x.
> [...]
> That also affects ACLs like url*/path* and probably others.
On Fri, Jun 12, 2020 at 03:09:18PM +0200, bjun...@gmail.com wrote:
> Hi,
>
> currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
>
> I'm trying to get TLSv1 working (we need this for some legacy clients), so
> far without success.
>
> I've read different things, on the one hand Ubuntu has rem
On Fri, Jun 12, 2020 at 11:10:08AM +0200, William Lallemand wrote:
> I pushed them in the 1.8 git. I couldn't reproduce the issue though,
> which compiler do you use?
>
I ran into the issue with gcc 10.1.0. Thanks for the backports!
Jérôme
On Thu, Jun 11, 2020 at 07:27:26PM +0200, William Lallemand wrote:
> On Thu, Jun 11, 2020 at 12:41:51PM +0200, Jerome Magnin wrote:
> > 72d9f3351 BUILD: chunk: properly declare pool_head_trash as extern
> > 2231b6388 BUILD: cache: avoid a build warning with some compilers/linkers
Hi list,
haproxy-1.8 is missing two backports, and can't be built with recent gcc
as a result.
72d9f3351 BUILD: chunk: properly declare pool_head_trash as extern
2231b6388 BUILD: cache: avoid a build warning with some compilers/linkers
regards,
Jérôme
>From e030ea97758cc8b6af5f655637137230e9a1791f Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Wed, 13 May 2020 20:09:57 +0200
Subject: [PATCH] DOC: retry-on can only be used with mode http
The documentation for retry-on hints at it being meant to be used
in conjuction with mode http, but since we've a had bug report
i
Hi Willy,
On Wed, May 13, 2020 at 03:52:54PM +0200, Willy Tarreau wrote:
> Hi Jérôme,
> [...]
> Ah crap! I didn't notice this part which didn't appear in the context
> of the patch. I didn't notice we still had a few such labels in very
> old files. Do you mind if instead I edit your patch to com
e breaks clang builds because it removes the fail_revt label but it is
still declared as a local label, and clang errors on it.
Please find a patch attached.
Jérôme
>From 7549f1648f4e32ded652eabc07cd1dd7f0e7f38f Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Wed, 13 May 2020 15:11:
r(host)' which has no meaning in the context of checks. I don't think
there are ways around this.
- the "alpn" setting of a server line is also not used for checks, one must
define it with check-alpn. This will probably change soon now that haproxy
can do h
Hi,
here's a documentation patch for the check keyword.
regards,
Jérôme
>From 10e90939d9fd1bd4f1e651d679d0b99e8da91afb Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Sun, 26 Apr 2020 14:23:04 +0200
Subject: [PATCH] DOC: give a more accurate description of what check does
The docum
Hi,
this patch is to disambiguate option logasap.
regards,
Jérôme
>From b7feb6d24341c15320ec961ebf1f8fc39342c0da Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Thu, 23 Apr 2020 19:01:17 +0200
Subject: [PATCH] DOC: option logasap does not depend on mode
The documentation for option loga
On Thu, Apr 23, 2020 at 03:59:59AM +, Branitsky, Norman wrote:
> Jerome,
>
> Thanks for the clarification.
>
> This string:
>
> CHACHA20:AESGCM:AESCCM:!RSA
> resulted in an F grade from SSL Labs due to the inclusion of TLS_DH_anon
> ciphers:
>
> [cid:image001.jpg@01D61902.1FDF86A0]
>
> Af
On Wed, Apr 22, 2020 at 06:20:14PM +, Branitsky, Norman wrote:
> As you can see from my pasted configuration, I was specifying exactly 4
> ciphers.
> The 2 weak CBC ciphers were magically appearing in the SSL Labs report.
> I tried to explicitly delete them - but the delete request is ignored.
Hi Norman,
On Wed, Apr 22, 2020 at 03:29:28PM +, Branitsky, Norman wrote:
> HA-Proxy version 1.7.10-a7dcc3b 2018/01/02
> SSL Labs reports the CBC ciphers are "weak":
>
> [cid:image002.jpg@01D6117D.1C8AC910]
>
> I've tried to explicitly negate these ciphers with an "!" in haproxy.cfg to
> no
On Wed, Apr 22, 2020 at 12:06:15PM +0200, Jerome Magnin wrote:
> Hi,
> [...]
> The other patch adds a new keyword in global section to set default bind
> curves.
>
I updated the second patch to remove the ability to set the default curves at
build time because I did it wrong a
on to set default bind curves.
Jérôme
>From d86993cbd4476e1901eafdc7fbe88d31ca6f8e90 Mon Sep 17 00:00:00 2001
From: Jerome Magnin
Date: Wed, 22 Apr 2020 11:40:18 +0200
Subject: [PATCH] BUG/MINOR: ssl: default settings for ssl server options are
not used
Documentation states that default sett
On Tue, Jul 23, 2019 at 08:37:37PM +0200, Jerome Magnin wrote:
> On Tue, Jul 23, 2019 at 07:09:57PM +0200, Tim Düsterhus wrote:
> > Jérôme,
> > Ilya,
> >
> > I noticed that FreeBSD CI fails since
> > https://github.com/haproxy/haproxy/commit/885f64f
On Tue, Jul 23, 2019 at 07:09:57PM +0200, Tim Düsterhus wrote:
> Jérôme,
> Ilya,
>
> I noticed that FreeBSD CI fails since
> https://github.com/haproxy/haproxy/commit/885f64fb6da0a349dd3182d21d337b528225c517.
>
>
> One example is here: https://github.com/haproxy/haproxy/runs/169980019
>
> It sh
Hi Patrick,
On Tue, Jul 16, 2019 at 09:40:31AM -0400, Patrick Hemmer wrote:
>
>
>
> *From:* Pavlos Parissis [mailto:pavlos.paris...@gmail.com]
> *Sent:* Tuesday, July 16, 2019, 09:32 EDT
> *To:* haproxy@formilux.org
> *Cc:*
Hi
On Thu, Jul 11, 2019 at 12:15:19PM -0400, Shaun Tarves wrote:
> Hi -
>
> I am trying to determine why my servers' IP address is not being preserved
> through a reload when written to the server state file. I'm using version
> 1.9.8 on alpine linux.
>
> CONFIGURATION:
> global
> server-state
On Tue, Feb 26, 2019 at 11:19:12AM +0100, Tom wrote:
> Hi list
>
> When I enable health-checks on the backend, then the backend comes not up,
> because of "Layer7 invalid response". The backend is a simple nginx with
> http2 enabled. As I mentioned: When I directly talk to the backend with
> http2
On Tue, Feb 26, 2019 at 11:19:12AM +0100, Tom wrote:
> Hi list
>
> I'm using haproxy-1.9.4 and trying to enable http2 in frontend and on one
> backend server (nginx with http2 enabled). I'm always receiving a http/502
> from haproxy. I'm successfully able to directly talk to the backend with
> htt
Hi Vincent,
On Thu, Dec 20, 2018 at 10:22:25PM +0100, Vincent Bernat wrote:
> ❦ 20 décembre 2018 17:14 +01, Willy Tarreau :
>
> >> this is indeed a regression in haproxy. thanks for reporting it.
> >> attached patch should fix it.
> >> CC'ing Remi as the original author, and Baptiste, as DNS ma
Hi,
On Thu, Dec 20, 2018 at 03:42:40PM +0100, Leonhard Wimmer wrote:
> Hello,
>
> We are running HAProxy in our Docker (18.09.0) swarm and we are relying on
> the Docker embedded DNS server for service discovery.
>
> The backend servers are configured to resolve the IP addresses via a
> "resolve
Hi Aleks,
On Fri, Dec 07, 2018 at 01:46:53PM +0100, Aleksandar Lazic wrote:
> Hi Jerome.
> [...]
> I suggest to use a dedicated function for that, jm2c.
>
> { "bc_http_major", smp_fetch_bc_http_major, 0, NULL, SMP_T_SINT,
> SMP_USE_L4SRV },
>
If you look at src/ssl_sock.c there are several fe
Hi,
the attached patch adds bc_http_major. It returns the HTTP major encoding of the
backend connection, based on the the on-wire encoding.
Jérôme
>From e0a28394ea2da5757c1e72773ab4c9fb97565a35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Magnin?=
Date: Fri, 7 Dec 2018 09:03:11 +
Hi,
On Thu, Nov 15, 2018 at 02:01:18PM +, Ricardo Fraile wrote:
> Hello,
>
>
> What is the difference between using one of the following rules instead
> of the other?
>
> I think that rspdel is the historic way to do, but maybe it have other
> implications.
>
>
> rspdel ^Server.*
>
> or
Hello,
On Fri, Oct 05, 2018 at 10:46:20AM +0200, Ricardo Fraile wrote:
> Hello,
>
>
> I have tested that some types of acls can't be combined, as example:
>
> Server 192.138.1.1, acl with combined rules:
>
> acl rule1 hdr_dom(host) -i test.com
> acl rule1 src 192.168.1.2/24
>
Hi Brent,
On Tue, Jun 05, 2018 at 01:18:36PM +0200, Brent Clark wrote:
> Good day Guys
>
> I am at a total loss, and Im hoping someone on this list, would be so kind
> to review my setup.
>
> I am trying to get haproxy to monitor redis / sentinel. But I keep getting.
>
> [WARNING] 155/110602 (3
Hi Vincent,
On Mon, Apr 23, 2018 at 02:38:32PM +, GALLISSOT VINCENT wrote:
> Hi all,
>
>
> I want to use SNI with httpchk on HAProxy 1.7.10 to connect to CloudFront
> distributions as backend servers.
>
> I saw in this mailing-list archives that SNI is not used by default even when
> usi
Hi Igor,
On Thu, Jan 25, 2018 at 11:26:14PM +1100, Igor Cicimov wrote:
> Hi,
>
> I was testing haproxy 1.8 from the ppa repository and noticed it is not
> build with alpn support so just wonder why?
what's the output of haproxy -vv ?
Jérôme
43 matches
Mail list logo
