I had faced the same issue and have documented my solution at
https://www.mail-archive.com/haproxy@formilux.org/msg26387.html
Regards,
Vivek
On Sat, Jul 8, 2017 at 5:44 AM, Aaron West wrote:
> On 8 July 2017 at 11:25, Aaron West wrote:
>> for me at least, it would
>> boggle the mind that you ha
uldn't figure out if I
can force a CONNECT via lua to the backend before haproxy starts
forwarding the request to backend.
Regards,
Vivek
On Sun, Jun 11, 2017 at 11:22 PM, Vivek Malik wrote:
> Hi,
>
> I am using haproxy for path based routing and am trying to forward
> traf
Hi,
I am using haproxy for path based routing and am trying to forward
traffic to another datacenter under certain conditions. However, the
traffic must go via explicit proxy server (squid). The traffic is
getting forwarded to an https endpoint in AWS fronted by ELB.
Is there a way to define "via
Hi,
I am getting 500 Internal Server Error on the haproxy.org website.
Various websites like
http://downforeveryoneorjustme.com/www.haproxy.org
http://www.isitdownrightnow.com/haproxy.org.html
http://www.websitenotworking.com/haproxy.org
confirm that the website is down for them too.
Regards,
V
:
> Hi Vivek,
>
> On Sun, Mar 01, 2015 at 12:21:57AM -0600, Vivek Malik wrote:
>> Hi,
>>
>> I spent last few hours scratching my head and wondering where my
>> configuration was wrong and why was it acting weird. Sending this to
>> ML to see if this is a bug or
Hi,
I spent last few hours scratching my head and wondering where my
configuration was wrong and why was it acting weird. Sending this to
ML to see if this is a bug or expected behavior. I expected ACL to
evaluate its condition only once and store the true/false outcome,
however with rand(), I bel
BIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
On Sat, Feb 28, 2015 at 1:26 AM, Baptiste wrote:
> On Sat, Feb 28, 2015 at 3:22 AM, Vivek Malik wrote:
Please suggest if I have stumbled across a bug or I am missing
something in my configuration.
Regards,
Vivek
On Fri, Feb 27, 2015 at 8:20 PM, Vivek Malik wrote:
> Hi,
>
> I am trying to use http-request set-map with fixed strings which are
> defined in config file. Example lines
Hi,
I am trying to use http-request set-map with fixed strings which are
defined in config file. Example lines
http-request set-map(motion.map) monday %[date()] if acl_1
http-request set-map(motion.map) tuesday %[date()] if acl_2
Note that monday and tuesday are literal string and not log-format
Please see http://www.mail-archive.com/haproxy@formilux.org/msg06885.html
The summary being
iptables -I INPUT -p tcp --dport $PORT --syn -j DROP
sleep 1
service haproxy restart
iptables -D INPUT -p tcp --dport $PORT --syn -j DROP
Regards,
Vivek
On Tue, Jan 20, 2015 at 1:11 AM, hu.zhang wrote:
Hi,
I am trying to redirect a user to login page if not logged in and
redirect the user back to original page after login. The login page is
on a different domain than the primary domain where requests are
coming.
I have a few questions/feature requests related to http-request redirect
a) urlenc
I see roubdrobin working perfectly over here. Look at sessions total and
see how they are same for every server.
It seems that all your requests are not the same workload. Some servers or
some requests are taking longer to fulfill and increasing load on servers.
Have you tried using leastconn inst
Hi,
AFAIK, Haproxy doesn't have a subrequest feature.
However, there are other design solutions possible to make Haproxy as
SSO filter. I am using Haproxy is a similar fashion. I have coded my
SSO to notify Haproxy whenever a new SSO authentication session is
added. Haproxy adds that session id t
Hi Vincent,
Thanks for the patch. I was able to verify that the patch made the
distribution uniform over a large (300+) output from rand.
Regards,
Vivek
On Mon, Dec 8, 2014 at 4:45 PM, Vincent Bernat wrote:
> ❦ 8 décembre 2014 23:20 +0100, Vincent Bernat :
>
>> Assuming that RAND_MAX is alwa
Are you putting in DH parameters in mycert.pem?
PFS depends on using DH algorithm to exchange and create a secret for
the connection.
openssl dhparam 2048 >> mycert.pem should add the DH parameters to the
cert file.
Regards,
Vivek
On Mon, Dec 8, 2014 at 4:44 PM, Sander Rijken wrote:
> System i
Hi,
I am using rand(x) in configuration to make some routing decisions. I
am basically load balancing between backends and using the following
configuration
use_backend bk_1 { rand(100) le 50 }
default_backend bk_2
However, I am not seeing any traffic going to bk_2 and all traffic
goes to bk_1.
Hi,
I have a few questions around setting up a customized haproxy farm. I
am combining all my questions in single email.
1) Map peering
Is it possible to peer maps across haproxy running on multiple
machines? Or store key, value pairs inside stick table (which supports
peering).
2) Backend of b
Hi,
I would like to set up a configuration where users are required to
authenticate via a custom authentication web app before navigating to
the content backend.
I was thinking on lines of haproxy server sending the request to the
auth server when a map entry is missing. When the user authenticat
What features of Haproxy do you plan to use in this scenario?
Have you considered using Haproxy with Direct Server Return to work
around the routing issue?
Have you considered using LVS? I believe LVS supports Source based
hashing (http://www.linuxvirtualserver.org/docs/scheduling.html).
If you
plan to add stick table pattern extraction which includes
extraction values from path or header using regular expressions?
Thanks,
Vivek
On Fri, Mar 1, 2013 at 12:54 AM, Baptiste wrote:
> On Thu, Feb 28, 2013 at 7:28 PM, Vivek Malik
> wrote:
> > Hi,
> >
> > I see that i
Oct 14, 2012 at 4:05 PM, Milan Babuskov wrote:
> On Fri, Oct 12, 2012 at 4:51 PM, Vivek Malik
> wrote:
> > Yes, option http-server-close would make haproxy run acls for every
> request.
> > It will also enable keep-alive between client (or proxy) and haproxy.
>
> Thanks, t
the load
balancer all together. However, there might be better ways to do it which I
am not aware of.
Regards,
Vivek
On Sun, Oct 14, 2012 at 7:46 PM, Vivek Malik wrote:
> I am not sure of how mikrokit could be having problems with
> http-server-close. http-server-close only affects the hapro
Yes, option http-server-close would make haproxy run acls for every
request. It will also enable keep-alive between client (or proxy) and
haproxy.
Regards,
Vivek
On Fri, Oct 12, 2012 at 9:57 AM, Milan Babuskov wrote:
> On Fri, Oct 12, 2012 at 3:21 PM, Baptiste wrote:
> > because only 0.2% of us
You need to add option httpclose or option http-server-close so that
haproxy doesn't act in the tunnel mode (default behavior).
Regards,
Vivek
On Thu, Oct 11, 2012 at 5:33 PM, Milan Babuskov wrote:
> Hello,
>
> I'm using HAProxy 1.4.22. I have the following haproxy.conf file:
>
> ---
I did something similar for graphite using bash and socat to read from
haproxy socket.
Script at http://pastebin.com/ccenegXb
Regards,
Vivek
On Tue, Oct 2, 2012 at 4:08 PM, Joel Krauska wrote:
> I use something like this:
> (it has a few things that are specific to my implementation)
>
> #!/us
A recommended upgrade for all production users. While we are not
(generally) affected by the bugs fixed in haproxy stable version. I
recommend updating haproxy.
I can update haproxy bin in puppet and can check it in (we distribute
haproxy binary via puppetmaster).
Aiman,
Please update puppetmast
Haproxy 1.5 has src_conn_rate which can be used for that. I personally
haven't used it. I just remember reading about it.
Vivek
On Tue, Mar 13, 2012 at 8:30 AM, Jerry Champlin <
j...@absolute-performance.com> wrote:
> One way to do this is to find it in the logs with a script and then have
> tha
We have the same situation where we accept traffic for a long list of
domains. We solve the problem by adding the following for each domain
redirect prefix https://.domain.com if !is_https make_https {
hdr(host) .eqaldev.com }
The above solution only works if the list of the subdomains is finite
ink any special change is required in practice to handle burst of new
traffic from say a premium ad buy or email blast (along with using maxidle)
Vivek
Sent via BlackBerry from T-Mobile
-Original Message-
From: David Birdsong
Date: Mon, 7 Nov 2011 12:17:53
To: Erik Torlen
Cc: Vivek
You are running haproxy in a tcp mode since you are relaying SSL and
decrypting on the backend. Cookies can only be analyzed in HTTP mode. Not
sure how to do sticky sessions in tcp mode.
Vivek
On Mon, Nov 7, 2011 at 2:03 PM, Mir Islam wrote:
> Is it possible to utilize some sort of sticky sessi
I personally find it easier to use cookie instead of appsession. We use a
similar pattern of adding a new server. Keeping a low maxidle (like 10
minutes) helps us send traffic to new servers. Keeping maxidle helps us
maintain session affinity where required (like progress bars for uploads)
Vivek
May I ask what some of the acronyms in this email thread stand for
RHI -
AS -
GSLB -
Thanks,
Vivek
On Tue, Nov 1, 2011 at 2:26 PM, Baptiste wrote:
> True :)
> Despite short TTLs, some client would take a long time to failover.
> But it's the only option unless you own your AS and you are able
DNS propagation can take a long time based on my experience. We have a similar
problem where we host multiple identical setups in different EC2 availability
zones. We have been thinking of having DNS entry with multiple A records for
load distribution and failover. However, that doesn't solve th
geuse du jeudi 27 octobre 2011, vers 00:02, Vivek
> Malik disait :
>
> > We have been using haproxy in production for around 6 months while
> > using httpclose. We use functions like reqidel, reqadd to manipulate
> > request headers and use_backend to route a request to a sp
We have been using haproxy in production for around 6 months while using
httpclose. We use functions like reqidel, reqadd to manipulate request
headers and use_backend to route a request to a specific backend.
We run websites which often have ajax calls and load javascripts and css
files from the
haproxy -f /etc/haproxy.cfg -sf $(cat $PIDFILE) would do it
>haproxy -h
HA-Proxy version 1.4.18 2011/09/16
Copyright 2000-2011 Willy Tarreau
Usage : haproxy [-f ]* [ -vdVD ] [ -n ] [ -N ]
[ -p ] [ -m ]
-v displays version ; -vv shows known build options.
-d enters deb
il looking for a solution.
Thanks,
Vivek
On Wed, Apr 20, 2011 at 10:43 PM, Vivek Malik wrote:
> I found a hacky way to do it from mailing list archives
>
> http://www.mail-archive.com/haproxy@formilux.org/msg03323.html
>
> Regards,
> Vivek
>
> On Wed, Apr 20, 2011 at 10:09
I found a hacky way to do it from mailing list archives
http://www.mail-archive.com/haproxy@formilux.org/msg03323.html
Regards,
Vivek
On Wed, Apr 20, 2011 at 10:09 PM, Vivek Malik wrote:
> Hi,
>
> I am trying to issue a redirect via haproxy and want to reuse the host
> variable.
Hi,
I am trying to issue a redirect via haproxy and want to reuse the host
variable. Here is the configuration
stunnel running on port 443 accepting connections for
*.domain.com(unlimited subdomain cert) forwarding to haproxy on port
81
haproxy running on port 80 (for http for *.domain.com) and p
om my iPhone
>
> On Apr 10, 2011, at 8:20 AM, "German Gutierrez" wrote:
>
> > BTW, will this patch ever go upstream? Why stunnel does not have this
> already?
> >
> > On Sat, Apr 9, 2011 at 11:43 PM, Vivek Malik
> wrote:
> >> Joe,
> >>
Joe,
You need to run as many stunnel instances as number of SSL certificates. If
the sites share SSL certificate, then one stunnel instance will do.
I run stunnel 4.32 with patch from
http://haproxy.1wt.eu/download/patches/on port 443 and forward it to
port 81 on the same machine which is bound t
gt; Le lundi 04 avril 2011 11:21:55, Vivek Malik a écrit :
>
> > Hi,
>
> >
>
> > I have been struggling with this bug for a little while and wanted to
> report
>
> > it and see if you can either help me or fix this bug. Here is a sample
>
> > conf
Hi,
I have been struggling with this bug for a little while and wanted to report
it and see if you can either help me or fix this bug. Here is a sample
config file which shows the bug
*global*
*log 127.0.0.1 local0*
*user nobody*
*group nogroup*
*daemon*
*p
43 matches
Mail list logo