envoy LB is now an open source project

Hi, It is a very interesting project, https://lyft.github.io/envoy/ Here is a comparison with HAProxy https://lyft.github.io/envoy/docs/intro/comparison.html Cheers, Pavlos signature.asc Description: OpenPGP digital signature

Re: [PATCH] MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections

On 14/09/2016 06:26 μμ, Lukas Tribus wrote: > Hi Pavlos, > > > Am 14.09.2016 um 16:01 schrieb Pavlos Parissis: >> The commit on Linux kernel mentions: """ The port will be automatically >> chosen at connect() time, in a way that allows sharing a source por

Re: [PATCH] MINOR: enable IP_BIND_ADDRESS_NO_PORT on backend connections

On 13/09/2016 11:51 πμ, Lukas Tribus wrote: > Enable IP_BIND_ADDRESS_NO_PORT on backend connections when the source > address is specified without port or port ranges. This is supported > since Linux 4.2/libc 2.23. > > I am going to hijack this thread to ask something related to ephemeral port

Re: Capture entire HTTP request (all headers one shot)

On 13/09/2016 09:58 μμ, Manas Gupta wrote: > Hi, > I am familiar with capturing individual HTTP headers in HAProxy 1.6.x > (http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/). This requires > the > header to be explicitly stated in the cfg > > For example to capture the via header - >

Re: [PATCH] New DNS parser

On 08/09/2016 09:50 μμ, Baptiste wrote: > Hi all, > > Please find in attachment 10 patches to cover the following new topic in > HAProxy: > > 1. a new DNS parser, which stores the DNS response into a DNS structure, > instead > of manipulating a buffer. > => it doesn't add any feature by

Re: Getting JSON encoded data from the stats socket.

On 26/07/2016 06:56 μμ, Willy Tarreau wrote: > On Tue, Jul 26, 2016 at 05:51:08PM +0200, Pavlos Parissis wrote: >> In all my setups I have nbproc > 1 and after a lot of changes and on how I >> aggregate HAProxy >> stats and what most people want to see on graphs, I came up

Re: Getting JSON encoded data from the stats socket.

On 26/07/2016 03:30 μμ, Willy Tarreau wrote: > Hi Pavlos! > > On Tue, Jul 26, 2016 at 03:23:01PM +0200, Pavlos Parissis wrote: >> Here is a suggestion { "frontend": { "www.haproxy.org": { "bin": >> "", "lbtot":

Re: Getting JSON encoded data from the stats socket.

On 26/07/2016 03:08 μμ, Willy Tarreau wrote: > On Tue, Jul 26, 2016 at 02:05:56PM +0100, Mark Brookes wrote: >>> So for sure I definitely support this proposal :-) >> >> Thats great news. Do you have a JSON structure in mind? >> Or would you like me to come up with something? > > I'm probably the

Re: substring matching backend names...

On 10/07/2015 10:32 μμ, Phillip Decker wrote: > Hello again, > > I was migrating a setup from the older style acl-based host to backend > mapping, to the newer > map-based approach, e.g. > > use_backend %[req.hdr(host),lower,map_beg(mapping.conf,default)] > > and that works fine. But now

Re: Double Logging

On 22/07/2016 11:53 πμ, Willy Tarreau wrote: > Hi Cyrus, > > On Thu, Jul 21, 2016 at 11:22:06PM -0700, Cyrus Katrak wrote: >> Greetings from Slack Technologies, >> >> We are evaluating HAProxy as a load balancing solution and so far are quite >> pleased with >> it. One feature we require is the

Re: Problem w/ connection reuse for haproxy backends

On 22/07/2016 11:44 πμ, Willy Tarreau wrote: > Hi Pavlos, > > On Fri, Jul 22, 2016 at 12:33:07AM +0200, Pavlos Parissis wrote: >> On 21/07/2016 10:30 , Willy Tarreau wrote: >>> Hi, >>> >>> On Thu, Jul 21, 2016 at 02:33:05PM -0400, CJ Ess wrote: >

Re: Problem w/ connection reuse for haproxy backends

On 21/07/2016 10:30 μμ, Willy Tarreau wrote: > Hi, > > On Thu, Jul 21, 2016 at 02:33:05PM -0400, CJ Ess wrote: >> I think I'm overlooking something simple, could someone spot check me? >> >> What I want to do is to pool connections on my http backend - keep HAProxy >> from opening a new

Re: the site needs some love

On 20/07/2016 08:57 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Sat, Jul 16, 2016 at 09:43:24PM +0200, Pavlos Parissis wrote: >> Hi, >> >> www.haproxy.org needs some love as the last update on 'Quick news' section >> was on April 13th and mentions older rele

Re: Segmentation fault in 1.6.6

On 18/07/2016 04:59 μμ, Michał Łowicki wrote: > Will do but SSL is terminated before reaching HAProxy. Still possible it could > affect us? > I don't think so, but you should use 1.6.7 anyway in order to avoid surprises when you enable SSL. Cheers, Pavlos signature.asc Description: OpenPGP

Re: Segmentation fault in 1.6.6

On 18/07/2016 04:17 μμ, Michał Łowicki wrote: > Hi, > > I'm using: > > HA-Proxy version 1.6.6 2016/06/26 > Copyright 2000-2016 Willy Tarreau > > > > on: > > cat /proc/version > Linux version 4.5.0-0.bpo.1-amd64

the site needs some love

Hi, www.haproxy.org needs some love as the last update on 'Quick news' section was on April 13th and mentions older releases. Cheers, Pavlos signature.asc Description: OpenPGP digital signature

Re: TLS HAProxy Scalability

On 06/07/2016 10:32 πμ, Federico Iezzi wrote: > Hi there, > > Recently I didn't have time to follow up the HAProxy 1.7 development and I > would > like to understand if you have find a way for the TLS handshakes performance > sort of issue. > > Some month ago someone started a discussion on the

Riptide: Jump-Starting Back-Office Connections

Hi, Very nice read: http://networks.cs.northwestern.edu/publications/riptide/icdcs2016-flores.pdf Cheers, Pavlos signature.asc Description: OpenPGP digital signature

Re: HTML documentation : work in progress

On 04/07/2016 12:34 πμ, Cyril Bonté wrote: > Hi all, > > this was a productive week-end and the new documentation is nearly ready. To > celebrate this, I've already decided to make it official, despite there is > stille some work to do. > > The links provided in my previous mail are still

Re: [PATCH] Allow setting server port via admin socket.

On 29/06/2016 01:08 πμ, Conrad Hoffmann wrote: > Hi, > > Attached patch allows setting a server's port in addition to the address > via the admin socket, e.g.: > > set server mybackend/server-1 addr 127.0.0.1:8080 > > I find this already useful by itself, and furthermore this can be used (one

Re: HTML documentation : work in progress

On 27/06/2016 11:40 μμ, Cyril Bonté wrote: > Hi all, > > It's been monthes since haproxy has introduced new documentation files in 1.6 > and 1.7-dev (ie. intro.txt, management.txt, ...). Until now, I hardly found > time > to include them in the HTML documentation. It's time to seriously work on

1.7 current master doesn't compile

Hi, compilation fails with: In file included from /tmp/staticlibssl/include/openssl/ssl.h:152:0, from src/ssl_sock.c:42: src/ssl_sock.c: In function ‘ssl_sock_load_crt_file_into_ckch’: /tmp/staticlibssl/include/openssl/bio.h:587:34: warning: value computed is not used

Re: Healthchecks with many nbprocs

On 20/06/2016 04:44 πμ, Daniel Ylitalo wrote: > Hi! > > I haven't found anything about this topic anywhere so I was hoping someone in > the mailinglist has done this in the past :) > > We are at the size where we need to round-robin tcp balance our incoming web > traffic with pf to two haproxy

Re: From 1.5.x to 1.6.x

On 20/06/2016 10:12 πμ, Michel Blanc wrote: > Hi list, > > Since I prefer to use distribution packages, I will have to move to > 1.6.x series soon. I've been using 1.5.x since the dev series. > > Is there anything specific to keep in mind when switching from 1.5.x to > 1.6.x ? Gotchas, different

Re: [PATCH] MINOR: systemd: Perform sanity check on config before reload

On 20/06/2016 12:50 πμ, Jason Harvey wrote: > Is it valid to have multiple ExecReload statements? > > The way I've achieved this in my setup is as follows: > > |ExecReload=/bin/bash -c '*@SBINDIR@/haproxy*-c -f $CONFIG&&/bin/kill -USR2 > $MAINPID'| > > Yes, it is valid configuration which has

Re: [PATCH] MINOR: systemd: Perform sanity check on config before reload

On 15/06/2016 03:18 μμ, Pavlos Parissis wrote: > Hi, > > Please consider merging the attached patch which instructs systemd to run a > sanity check > on the configuration before the reload. If you accept the patch then you have > to apply it on > top the '[PATCH] MINOR:

Re: [PATCH] MINOR: systemd: Use variable for config and pidfile paths

On 14/06/2016 01:39 μμ, Pavlos Parissis wrote: > Hi, > > Please consider merging the attached patch which allows users to set the > location of > haproxy.cfg and pidfile files by providing a systemd overwrite file > /etc/systemd/system/haproxy.service.d/overwrite.conf

Re: HTTP Keep Alive : Limit number of sessions in a connection

Joining the party a bit late... On 08/06/2016 10:37 μμ, Willy Tarreau wrote: > On Wed, Jun 08, 2016 at 04:17:58PM -0400, CJ Ess wrote: >> I personally don't have a need to limit requests the haproxy side at the >> moment, I'm just thought I'd try to help Manas make his case. Hes basically >>

[PATCH] MINOR: systemd: Perform sanity check on config before reload

1296d3489d6b7503e357118b3ffefdd437640ea6 Mon Sep 17 00:00:00 2001 From: Pavlos Parissis <pavlos.paris...@booking.com> Date: Wed, 15 Jun 2016 10:20:31 +0200 Subject: [PATCH] MINOR: systemd: Perform sanity check on config before reload --- contrib/systemd/haproxy.service.in | 1 + 1 file changed, 1 ins

[PATCH] MINOR: systemd: Use variable for config and pidfile paths

/haproxy.cfg Cheers, Pavlos From 9ddd9e802cbd86d30acb56053b513b18253c4892 Mon Sep 17 00:00:00 2001 From: Pavlos Parissis <pavlos.paris...@booking.com> Date: Tue, 14 Jun 2016 13:28:20 +0200 Subject: [PATCH] MINOR: systemd: Use variable for config and pidfile paths Users can set the location of hapro

Re: problems with req.ssl_ec_ext

On 01/06/2016 03:19 μμ, Willy Tarreau wrote: > Hi Pavlos, > > On Tue, May 31, 2016 at 12:06:14PM +0200, Pavlos Parissis wrote: >> >> On 30/05/2016 05:24 , Nenad Merdanovic wrote: >>> Hello Bjorn, >>> >>> On 5/30/2016 4:29 PM, Björn Zetter

Re: problems with req.ssl_ec_ext

On 30/05/2016 05:24 μμ, Nenad Merdanovic wrote: > Hello Bjorn, > > On 5/30/2016 4:29 PM, Björn Zettergren wrote: >> Hi, >> >> I've been playing around with the ECC+RSA certificate on same IP as >> described in the haproxy blog at >>

Re: Haproxy dont Work

On 22/05/2016 01:01 μμ, Marc Iglesias Hernandez wrote: > Thanks, I've fixed. > > How I can set to my web pages in haproxy not appear to me like that? > https://gyazo.com/ffce7bf22d2321d5579eee417c1bf425 > *Please keep it on the list.* Could you please be more specific ? I don't quite

Re: Haproxy dont Work

On 21/05/2016 08:56 μμ, Sander Klein wrote: > > >> On 21 mei 2016, at 20:19, Pavlos Parissis <pavlos.paris...@gmail.com> wrote: >> >>> On 21/05/2016 05:29 μμ, Sander Klein wrote: >>> >>>> On 21 mei 2016, at 17:01, PiBa-NL <piba.nl@

Re: Haproxy dont Work

On 21/05/2016 05:29 μμ, Sander Klein wrote: > >> On 21 mei 2016, at 17:01, PiBa-NL wrote: >> >> Op 21-5-2016 om 15:44 schreef Sander Klein: >>> On 2016-05-21 14:53, Marc Iglesias Hernandez wrote: I need to know how to set haproxy for users when they have gone

Re: Compilation problem: haproxy 1.6.5 (latest) on Solaris 11

On 18/05/2016 10:42 μμ, Jonathan Fisher wrote: > Also, where is the bugtracker for haproxy? I can file a report if you want to > save time. > As far as I know there isn't any bugtracker. Posting problems in this ML is enough to kick the investigation. So far this model works quite well

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On 13/05/2016 04:41 μμ, Arthur Țițeică wrote: > Hi, > > With the 1.6.5 upgrade I see that a configuration like this > > listen tcp-imap > bind 1.2.3.4:143 name imap-v4 > > will make haproxy listen on all ipv4 addresses instead. > > # ss -ltnp | column -t| grep

Re: [PATCH] MEDIUM: init: allow directory as argument of -f

On 10/05/2016 12:07 πμ, Maxime de Roucy wrote: > Hi Willy and Cyril, > > I just send a new version of the patch. > I made some changes following the remarks of Willy. > >>> I'm not sure to like this feature in its current implementation. >>> I fear it will also create some new issues depending

Re: Stale UNIX sockets after reload

On 09/05/2016 02:26 μμ, Christian Ruppert wrote: > Hi, > > it seems that HAProxy does not remove the UNIX sockets after reloading > (also restarting?) even though they have been removed from the > configuration and thus are stale afterwards. > At least 1.6.4 seems to be affected. Can anybody else

Re: [PATCH] BUG/MINOR: frontend: fix frontend start status

On 25/04/2016 01:47 μμ, Ondrej Stumpf wrote: > That is not the issue. I'm talking about the "disabled" keyword in > HAProxy configuration file. That can be used in the "frontend" section > (among others) to start the frontend without actually binding to a port. > To quote the docs: > "The

Re: [PATCH] BUG/MINOR: frontend: fix frontend start status

On 25/04/2016 01:38 μμ, Pavlos Parissis wrote: > > > On 25/04/2016 12:05 μμ, Ondrej Stumpf wrote: >> Hi, >> I ran into a bug when using the 'disabled' keyword for frontends - > > If I remember correctly you can enable a frontend after it has disabled, > b

Re: [PATCH] BUG/MINOR: frontend: fix frontend start status

On 25/04/2016 12:05 μμ, Ondrej Stumpf wrote: > Hi, > I ran into a bug when using the 'disabled' keyword for frontends - If I remember correctly you can enable a frontend after it has disabled, but if you send to stats socket: 'shutdown frontend ' then it can't be enabled. Cheers,

Re: haproxy 1.6.4 segfault in logging (I think)

On 22/04/2016 08:26 πμ, David Torgerson wrote: > Attempting to upgrade from 1.5 to 1.6.4. Haproxy will run for a few > seconds to minutes and then will segfault. > > dmesg > [9010697.311045] haproxy[31405]: segfault at b8 ip 004131c7 sp > 7ffde49436c0 error 4 in

Re: HTTP 2

On 22/04/2016 07:46 πμ, Anil Yachareni (ayachare) wrote: > Hi, > > Does HAProxy support HTTP2 yet? Pl. let me know. > > Thanks, > Anil. No, yet. It may come with 1.7. Search the archives of this ML and see the response from Willy Tarreau. Cheers, Pavlos signature.asc Description: OpenPGP

Re: nbproc 1 vs >1 performance

On 15/04/2016 11:44 πμ, Willy Tarreau wrote: > Hi Christian, > > On Fri, Apr 15, 2016 at 11:26:18AM +0200, Christian Ruppert wrote: >> Just in case someone is interested in this setup: >> Don't put the two SSL binds into the frontend. Add a second listener for the >> two SSL binds and from

Re: nbproc 1 vs >1 performance

On 15/04/2016 11:26 πμ, Christian Ruppert wrote: > On 2016-04-14 11:06, Christian Ruppert wrote: >> Hi Willy, >> >> On 2016-04-14 10:17, Willy Tarreau wrote: >>> On Thu, Apr 14, 2016 at 08:55:47AM +0200, Lukas Tribus wrote: Le me put it this way: frontend haproxy_test

Re: [PATCH] use SSL_CTX_set_ecdh_auto() for ecdh curve selection

On 15/04/2016 10:58 πμ, Janusz Dziemidowicz wrote: > 2016-04-15 6:55 GMT+02:00 Willy Tarreau : >>> Switching ECDHE curves can have performance impact, for example result >>> of openssl speed on my laptop: >>> 256 bit ecdh (nistp256) 0.0003s 2935.3 >>> 384 bit ecdh (nistp384)

Re: CIDR Notation in ACL -- silent failure

On 09/04/2016 02:59 μμ, Daniel Schneller wrote: > Hi Pavlos! > >> On 09.04.2016, at 11:39, Pavlos Parissis >> <pavlos.paris...@gmail.com> wrote: >> >> On 08/04/2016 11:59 πμ, Daniel Schneller wrote: >>> Hi! >>> >>> I noticed

Re: CIDR Notation in ACL -- silent failure

On 08/04/2016 11:59 πμ, Daniel Schneller wrote: > Hi! > > I noticed that while this ACL matches my source IP of 192.168.42.123: > > acl src_internal_net src 192.168.42.0/24 > > this one does _not_: > > acl src_internal_net src 192.168.42/24 > > While not strictly part of RFC 4632

Re: Q: about HTTP/2

On 07/04/2016 06:01 μμ, Willy Tarreau wrote: > Hi Aleks, > > On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote: >> Hi Willy & other core devs/pms. >> >> I know that HTTP/2 is on the road-map but not ready yet. >> >> Would you be so kind and share some of your thoughts, stats and

Re: Haproxy running on 100% CPU and slow downloads

On 04/04/2016 05:23 μμ, Sachin Shetty wrote: > Hi, > > I am chasing some weird capacity issues in our setup. > > Haproxy which also does SSL is forwarding request to various other > servers upstream. I am seeing a simple 100MB file download from our > upstream components starts to slow down

Re: ssl offloading

On 01/04/2016 04:20 μμ, Andrew Hayworth wrote: > Hi there - > > Have you considered HAProxy in multiprocess mode? You could have a > frontend spread across multiple threads that terminates SSL. We're > experimenting with such a design here. > It has been mentioned before that you can increase

Re: Q: about HTTP/2

On 01/04/2016 12:25 μμ, Baptiste wrote: > On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazic wrote: >> Hi Willy & other core devs/pms. >> >> I know that HTTP/2 is on the road-map but not ready yet. >> >> Would you be so kind and share some of your thoughts, stats and plans for

Re: General SSL vs. non-SSL Performance

On 17/03/2016 12:26 μμ, Nenad Merdanovic wrote: > Hello Gary, > > On 3/17/2016 11:51 AM, Gary Barrueto wrote: >> >> While that would help a single server, how about when dealing with multi >> servers + anycast: Has there been any thoughts about sharing ssl/tls >> session cache between servers?

A HAProxy statistics collection program

Hi all, I would like to announce a statistics collector program for HAProxy. Key features: - Support of multiprocess mode of HAProxy (nbproc > 1) - Ability to pull statistics at very low intervals even when there are thousands for servers/backends. It has been already used in production

Re: General SSL vs. non-SSL Performance

On 17/03/2016 04:49 μμ, Nenad Merdanovic wrote: > Hello Pavlos, > > On 3/17/2016 4:45 PM, Pavlos Parissis wrote: >> I am working(not very actively) on a solution which utilizes this. >> It will use www.vaultproject.io as central store, a generating engine >> and a p

SO_INCOMING_CPU

Hi, Do you guys think that this new socket option[1] will improve HAProxy performance? It could play very well with tcp-lockless-listener[2]. It needs support from the application, so I was wondering if you are planning to support it. These 2 new features are available in Kernel 4.4 version

Re: haproxy reloads, stale listeners, SIGKILL required

On 28/01/2016 10:35 μμ, David Birdsong wrote: > I've been running into a problem for a few weeks that I was hoping to > see disappear w/ a simple upgrade to 1.6.3. > > I'm using consul and it's templating to dynamically expand a backend > list which then runs an haproxy reload using the init

Re: Config file compatibility between 1.5 and 1.6

On 06/01/2016 08:49 πμ, Baptiste wrote: > On Tue, Jan 5, 2016 at 7:46 PM, Ryan O'Hara wrote: >> >> Are there any known incompatibilities between a config file for >> haproxy version 1.5 and 1.6? Specifically, is there anything that is >> valid in 1.5 that is no longer valid

Re: Will the last config file overwrite the first?

On 18/12/2015 10:06 μμ, Cyril Bonté wrote: > Hi all, > > Le 18/12/2015 21:51, Pavlos Parissis a écrit : >> On 18/12/2015 08:05 μμ, Edward Hart (c) wrote: >>> In haproxy.cfg we have a defaults section. Assume that >>> the global section is prop

Re: Will the last config file overwrite the first?

On 18/12/2015 08:05 μμ, Edward Hart (c) wrote: > I am new to HAProxy, and am responsible for analyzing the security of > our instance. > > > > Q. Will the last config file overwrite the first config file? > > > > In our environment, we have multiple config files. Different teams > manage

Re: DNS resolution and 1.4

On 17/12/2015 04:48 μμ, Ben Tisdall wrote: > Hi, > > parts of our infrastructure that use an ELB as an upstream still use > 1.4. Leaving aside the question of what happens when an upstream address > is retired (there's a hack in place to detect and reload when that > happens) what is the

Re: Multiproc balance

ons, although I haven't fully tested the difference, Willy has mentioned here few times if I am not mistaken. > frontend frontend-HTTP >bind X.X.X.X:80 >bind-process 1 2 3 >mode http >option forwardfor >option httpclose >default_backend webfarm >

Re: Multiproc balance

On 30/11/2015 06:03 μμ, Stefan Johansson wrote: > Hello, > > > > I’ve started to switch to a multiproc setup for a high traffic site and > I was pondering a potential stupid question; What is actually balancing > the balancers so to speak? Is it Linux itself that balances the number > of

Re: haproxy management web service ?

On 18/11/2015 04:41 μμ, Ed Young wrote: > Pavlos, > > I did mean a web service, but basically what I need is a programmatic > way to manage haproxy, and if it isn't a web service, I can always wrap > it with a web service. > > My apologies for my python inexperience, so I need some

Re: haproxy management web service ?

On 17/11/2015 10:37 μμ, Ed Young wrote: > I'm aware of the stats application and have it configured to manually > enable, disable and soft stop/start nodes. > > The UI is nice, but what I'm asking about is whether there is an web > service or API to enable/disable/soft stop/start nodes

Re: [ANNOUNCE] haproxy-1.6.2

On 03/11/2015 11:32 πμ, Willy TARREAU wrote: > Hi, > > some extra bugs were found and fixed since 1.6.1, and since they can > cause trouble, here comes 1.6.2. In short, a bug in the DNS parser could > lead to an endless loop, and another bug in the HTTP connection reuse code > could cause a

Re: Multiple nameservers with the same ID is allowed

On 02/11/2015 09:34 πμ, Baptiste wrote: > On Fri, Oct 30, 2015 at 3:22 PM, Pavlos Parissis > <pavlos.paris...@gmail.com> wrote: >> Hi, >> >> Following resolver section passes configuration check >> resolvers mydns1 >> nameserver ns1 8.8.8

Multiple nameservers with the same ID is allowed

Hi, Following resolver section passes configuration check resolvers mydns1 nameserver ns1 8.8.8.8:53 nameserver ns1 8.8.4.4:53 resolve_retries 3 timeout retry 1s hold valid 10s IMHO: allowing same ID for 2 different objects, which

Re: New 1.6 features overview?

On 20/10/2015 12:49 μμ, SL wrote: > Hi, > > New 1.6 features look interesting from the news item. Is there a > comprehensive description of the new features anywhere? > > Thanks > > S There is this: http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/ Cheers, Pavlos

Re: [blog] What's new in HAProxy 1.6

On 14/10/2015 12:40 μμ, Baptiste wrote: > Hey, > > I summarized what's new in HAProxy 1.6 with some configuration > examples in a blog post to help quick adoption of new features: > http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/ > > Baptiste > 1.6.0 comes with excellent

Re: Proposed patch to allow for /etc/sysconfig/haproxy settings in RHEL pre systemd versions

On 07/10/2015 11:35 πμ, Joakim Fallsjö wrote: > Hi, > > please consider this modifications to the rc.d/init.d script used by the > RPM-spec file for Redhat/Centos versions prior to systemd. > > The patch modifies the init script to allow for out of RPM package > modifications that can persist

Re: [ANNOUNCE] haproxy-1.6-dev7

On 06/10/2015 12:25 μμ, Willy Tarreau wrote: > Hi ladies and gentlemen! > > Things are calming down when I'm away from the keyboard, I'll start to > think I'm really the only one who introduces bugs! > > Some issues were fixed since dev6 : > - segfault recent regression in logs from lua >

Re: Cannot enable a config "disabled" server via socket command

On 15/09/2015 08:45 πμ, Cyril Bonté wrote: > Hi, > > > Le 14/09/2015 14:23, Ayush Goyal a écrit : >> Hi, >> >> We are testing haproxy-1.6dev4, we have added a server in backend as >> disabled, but we are not able >> to bring it up using socket command. >> >> Our backend conf looks like this: >>

Re: [ANNOUNCE] haproxy-1.6-dev5

On 14/09/2015 01:37 μμ, Willy Tarreau wrote: > Hi all, > > we've fixed several bugs since -dev4 so in order to encourage people to > safely test the code, here comes -dev5. > > This has been running few days now and I haven't noticed any problems. I am going to push it *slowly( to other

Re: Cannot enable a config "disabled" server via socket command

On 17/09/2015 09:53 μμ, Baptiste wrote: > On Thu, Sep 17, 2015 at 9:42 PM, Pavlos Parissis > <pavlos.paris...@gmail.com> wrote: >> On 15/09/2015 08:45 πμ, Cyril Bonté wrote: >>> Hi, >>> >>> >>> Le 14/09/2015 14:23, Ayush Goyal a écrit : >

Re: CPU user level increased a bit with 1.6dev5

On 15/09/2015 01:09 μμ, Pavlos Parissis wrote: > Hi, > > Today I pushed 1.6-dev5 on server and noticed that CPU user level for > the haproxy was increased a bit without a change in the traffic. > > See attached image. > > Few things I need to explain about the set

Re: Can HAProxy loadbalance multiple requests send through single TCP connection

On 04/09/2015 09:34 πμ, Prabu rajan wrote: > Hi Team, > > Thanks for the prompt reply, understood it is not possible with out of > the box HAProxy configurations. Interested to know, is there any > options/plugins available in HAProxy or any tools available to load > balance those messages. To

Re: Next dev version?

On 25/08/2015 11:52 πμ, Willy Tarreau wrote: Hi Pavlos, On Mon, Aug 24, 2015 at 02:00:18PM +0200, Pavlos Parissis wrote: Do you think the next release will be *ready* to be used in production environment which can *afford* some level of outages/breakages ? Over the years developing

Re: [PATCH] DOC: mention support for RFC 5077 TLS Ticket extension in starter guide

On 25/08/2015 11:21 πμ, Willy Tarreau wrote: On Mon, Aug 24, 2015 at 01:43:54PM +0200, Pavlos Parissis wrote: Hi, Please consider applying the attached patch. Applied, thank you Pavlos. Willy Thanks for this awesome(missing) document. BTW, will it be available in HTML format

Re: Next dev version?

On 24/08/2015 07:37 πμ, Willy Tarreau wrote: Hi Phillip, On Fri, Aug 21, 2015 at 01:28:06PM -0400, Phillip Decker wrote: Hi guys, I know we're all busy, but I just had a quick question - do we have a ballpark idea when the next dev tag will be set? (ie. v1.6dev4 ?) Or even further,

Re: can I get the uptime per server in csv stats

On 17/07/2015 06:02 πμ, Ruoshan Huang wrote: hi, I found that the html stats page has a column of status which comes with the uptime of a server or backend, but in the csv stats I couldn’t find the uptime accordingly. Can I get the uptime of servers without parsing the html? Thanks.

Re: Timeouts issues

On 16/07/2015 05:56 μμ, Łukasz Tasz wrote: Hi Guys, I need some help with handling timeouts. I'm using haproxy in tcp mode. What is the issue? client connects proxy, client is trying to sent something, it is reaching client timeout on haproxy, but connection on client side is still in

Re: How to disable backend servers without health check

On 16/07/2015 04:02 μμ, Krishna Kumar (Engineering) wrote: Hi John, Your suggestion works very well, and exactly what I was looking for. Thank you very much. You could also try https://github.com/unixsurfer/haproxytool Cheers, Pavlos signature.asc Description: OpenPGP digital

Re: [ANNOUNCE] haproxy-1.5.13

On 26/06/2015 03:57 μμ, Willy Tarreau wrote: Hi, as promise, here comes 1.5.13. It's been 1.5 months already since 1.5.12 and my misleading announce of the backport of peers support for nbproc :-) You forgot to paste this to the site:-) BTW: runs smoothly on production since the release

Re: stot stats field for backend/servers

On 22/06/2015 05:58 μμ, Willy Tarreau wrote: Hi Pavlos, On Mon, Jun 22, 2015 at 02:17:06PM +0200, Pavlos Parissis wrote: Hoi, From the doc: stot [LFBS]: cumulative number of connections From the above I understand that this counts TCP connections and not HTTP requests. But, I found

stot stats field for backend/servers

Hoi, From the doc: stot [LFBS]: cumulative number of connections From the above I understand that this counts TCP connections and not HTTP requests. But, I found out that for backend/servers counts HTTP requests I fire up 500 HTTP requests over 100 TCP connections ./httpress -q -n 500 -k -t

Re: Spam

On 19/06/2015 11:08 πμ, Andrei Marinescu wrote: Same here, only 1-2 messages per week, and generally correctly tagged as [SPAM]. Way less than the last discussion on this topic produced J +1 This has been discussed before and Willy expressed the reasons why there isn't any smap filter

Re: Is SO_REUSEPORT available in HAPROXY?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 27/05/2015 09:59 πμ, Igor wrote: Hi, nginx 1.9.1 introduces a new feature that enables use of the SO_REUSEPORT socket option, is this available in HAPROXY now or maybe later :)? http://nginx.com/blog/socket-sharding-nginx-release-1-9-1/

Re: Configure Haproxy to dynamically set backend server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 22/05/2015 09:06 μμ, Mrunmayi Dhume wrote: Hello, I am using haproxy-1.6 with Lua. I have a use-case where I want to set the destination (backend server) very dynamically, based on certain layer 7 information (I am trying to avoid

Re: [PATCH] DOC: Update doc about act and bck fields in the statistics

On 16/05/2015 11:22 πμ, Willy Tarreau wrote: Hi Pavlos, On Sat, May 02, 2015 at 08:39:36PM +0200, Pavlos Parissis wrote: Please see attached. Reorder description for act and bck in order to be aligned with the types --- doc/configuration.txt | 4 ++-- 1 file changed, 2 insertions

haproxytool which supports HAProxy in nbproc 1 mode

Hi all, I have pushed to github a tool which I call haproxytool that can be used to perform the most frequent operations on frontends/pools/servers. You can find it here https://github.com/unixsurfer/haproxytool. It uses haproxyadmin Python library which supports HAProxy in multi-process

Re: SSL handshake failure when setting up no-tlsv10

On 11/05/2015 10:46 μμ, Amol wrote: Hi I am using Haproxy (1.5.9) and trying to resolve a PCI compliance issue with TLS v1.0, but when i set the following options in global section of the haproxy.cfg i am getting an error in my haproxy.log and the webpage does not showup.

Re: [ANNOUNCE] haproxy-1.5.12

On 10/05/2015 11:58 πμ, Pepe Charli wrote: Hi, Willy, thank you for your work Now it is possible to use peers provided that the whole section is only used by tables belonging to the same process. This makes it easier to run SSL offloading in multiple processes now Please, someone could

Re: [PATCH 0/3] Add support for TLS ticket key socket updates

On 09/05/2015 08:45 πμ, Nenad Merdanovic wrote: This patchset adds support for updating TLS ticket keys using the admin socket. Nenad Merdanovic (3): MINOR: Add TLS ticket keys reference and use it in the listener struct MEDIUM: Add support for updating TLS ticket keys via socket

Re: [haproxy]: Performance of haproxy-to-4-nginx vs direct-to-nginx

On 06/05/2015 12:03 μμ, Baptiste wrote: On Wed, May 6, 2015 at 7:15 AM, Krishna Kumar (Engineering) krishna...@flipkart.com wrote: Hi Baptiste, On Wed, May 6, 2015 at 1:24 AM, Baptiste bed...@gmail.com wrote: Also, during the test, the status of various backend's change often between OK

Re: HA proxy configuration

On 05/05/2015 07:11 πμ, ANISH S IYER wrote: HI i need to configure HAproxy with apache server as loadbalancer It sounds a bit strange to have a 2-tier load balancing setup using software load balancer at both tiers, unless you do SSL offloading on 1-tier. You can configure your Apache load

Re: [haproxy]: Performance of haproxy-to-4-nginx vs direct-to-nginx

On 05/05/2015 02:06 μμ, Krishna Kumar (Engineering) wrote: Hi Willy, Pavlos, Thank you once again for your advice. Requests per second:19071.55 [#/sec] (mean) Transfer rate: 9461.28 [Kbytes/sec] received These numbers are extremely low and very likely

[PATCH] DOC: Update doc about act and bck fields in the statistics

Please see attached. Thanks, Pavlos From 2fd6a3f14ad96e3f4f73ab01dfbe030ed70f3ed3 Mon Sep 17 00:00:00 2001 From: Pavlos Parissis pavlos.paris...@gmail.com Date: Sat, 2 May 2015 20:30:44 +0200 Subject: [PATCH] DOC: Update doc about act and bck fields in the statistics Reorder description for act

Re: Show outgoing headers when full debug enabled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 28/04/2015 12:56 ??, CJ Ess wrote: When you run HAProxy in full debugging mode there is a debug_hdrs() call that displays all of the http headers read from the frontend, I'd also like to be able to see the headers being sent to the backend.

<    1   2   3   >