Hi All.
After having an outage for our websockets (doesn't take the site down, just
some functionallity) due to hitting max conn I realized I need to be
monitoring the current connections as a percentage of max connections. I
already gather stats from the stats csv page, but it doesn't seem there
I just noticed slim (session limit) - this seems like it might be what I'm
looking for - can anyone confirm that this is all I need to monitor to make
sure I don't hit this limit?
On Wed, Sep 24, 2014 at 12:46 PM, Kyle Brandt k...@stackexchange.com
wrote:
Hi All.
After having an outage
I had read that there are issues with health checks and stats when using
nbproc, but I'm having trouble finding any details.
1. What are the issues to watch out for?
2. Do these issues still exist with ssl if the HTTP part of the processing
is only bound to what process? For example:
listen
Hi All,
I am trying to experiment with increasing the size of the initial
congestion window to speed up higher latency connections. I tried setting
this via route on one of my load balancers with Kernel version 2.6.32 (It
seems the ability to adjust the initial receive window is in later
Is it possible to balance different source IPs differently in the same
backend? I know I can redirect to different backends based on the source IP
and then balance there, but this invalidates a lot of the counters (i.e.
SrvConn) since the same server is shared in multiple backends.
I tried an acl
Does anyone know which point of a web request or session the timestamp in
the weblogs represent? In my particular case, I am wondering about
http-server-close.
Four possibilities come to mind when I think about what it could be:
The Start of the http session from the client to the lb
The Close
When capturing headers from Logs, as I understand it you will get the header
for every request if option httpclose is set.
1) Is this correct?
2) Is this true for both captured response and request headers?
3) How does this behave with option http-server-close ?
Thank you,
Kyle
If a response header is removed before being sent to the client by using the
resdel or residel keywords, are those headers logged before deletion happens
if they captured with capture response header?
Hi Bradford,
To send to violators to a different backend, based of the example I used in
that post you want something like:
In Frontend:
use_backend go-away if source_is_abuser
Then a backend like:
backend go-away
mode http
errorfile 503 /etc/haproxy/errors/503rate.http
Not
From what I can tell using rspidel prevents the header from being sent to
the client but it will still be logged first (Unless there are some caveats
I am missing).
On Tue, Apr 19, 2011 at 8:33 AM, Kyle Brandt k...@stackoverflow.com wrote:
If a response header is removed before being sent
Can I increase the length of syslog messages sent out by HAProxy?
Would it be as simple as changing:
#define MAX_SYSLOG_LEN 1024
In
include/types/log.h
Or is there more to it than that?
I am sending the logs to rsyslogd which does support increasing the log size
in its configuration.
Hi all,
With round robin load balancing and the http-server-close option, do
connections that were part of the same keep alive session on the client side
all hit the same web server, or do those requests end up being round robin
as well?
Thanks!
Kyle
Hi All,
Can I have an ACL that doesn't perform an action on a specific IP but will
perform the action on the subnet that the IP is part of?
For example:
acl bad_subnet src 10.0.0.0/8
acl okay_ip src 10.0.1.5
use_backend blocked if bad_subnet !okay_ip
So the target result would be to use the
When I restart SNMP with:
disablePerl false
perl do '/etc/snmp/haproxy.pl';
SNMP fails to start with:
netsnmp_assert !registration != duplicate failed agent_registry.c:536
netsnmp_subtree_load()
Anyone run into this issue or now what that means? This is on Ubuntu Server
10.04
Thank you,
Kyle
(there is a such thing a
stateless NAT but I couldn't find a working version in recent kernels) and
no stateful rules as Willy pointed out.
-Kyle Brandt
On Tue, Nov 16, 2010 at 6:21 AM, Willy Tarreau w...@1wt.eu wrote:
On Tue, Nov 09, 2010 at 09:51:28AM -0500, Ariel wrote:
I've seen a few times
One option that I am using is to pass the SSL traffic to your SSL processor
and then pass it back to haproxy. This way haproxy sees the decrypted
traffic in this second front-end and you can use HTTP layer ACL rules
against the traffic.
I very handy feature could be if 443 traffic is on the
check_command check_haproxy!
http://haproxy.exemple.org/haproxy?stats;csv
}
=head1 AUTHOR
Stéphane Urbanovskistephane.urbanov...@ac-nancy-metz.fr
=cut
On Sep 29, 2010, at 1:00 PM, Kyle Brandt wrote:
Hi All,
Before I go and reinvent the wheel, does
Hi Fabien,
There are new rate liming features that have been introduced into the 1.5
dev builds. I am using them in production and it has been stable for me. I
wrote a introduction to some of the features at
anyone ever plugged HAProxy logs into any analysis software before that
they might recommend?
Thank you,
Kyle Brandt
19 matches
Mail list logo