Thank you, Lukas. I would investigate it a bit more.
Simon
20160821
Hi Lukas,
Hi Simon,
Am 19.08.2016 um 12:41 schrieb k simon:
Hi,List:
Haproxy's throughput is much less than nginx or squid on FreeBSD and
it's high cpu usage often. When I investigate it a bit more, I found
haproxy does not correctly handle MSS on FreeBSD.
Your kernel decides
Hi,List:
Haproxy's throughput is much less than nginx or squid on FreeBSD and
it's high cpu usage often. When I investigate it a bit more, I found
haproxy does not correctly handle MSS on FreeBSD.
1. When haproxy bind to a physical interface and change
net.inet.tcp.mssdflt to a large value.
Hi,List:
Haproxy's throughput is much less than nginx or squid on FreeBSD and
it's high cpu usage often. When I investigate it a bit more, I found
haproxy does not correctly handle MSS on FreeBSD.
1. When haproxy bind to a physical interface and change
net.inet.tcp.mssdflt to a large value.
Hi, lists,
I noticed that haproxy 1.6.5 hog the cpu periodiclly on FreeBSD 10
with 800K-1M syscalls. I change the balance algo to "uri" and delete all
the regular expressions can work around it. There maybe some bug with
PCRE on FreeBSD or some bug in haproxy, but I can't confirm it.
And
Hi,Lists,
I found haproxy 1.4.25 can not set mss on FreeBSD 10-stable as below:
# /usr/local/sbin/haproxy -f /opt/etc/haproxy.conf
[WARNING] 132/170407 (71806) : Starting frontend http-in: cannot set MSS
# haproxy -vv
HA-Proxy version 1.4.25 2014/03/27
Copyright 2000-2014 Willy Tarreau
Hi,Willy,
Oh and BTW, are you running with PF ? I have some old memories of PF
abusively randomizing sequence numbers and preventing new connections
from being initiated using a same source port from the came client. It
was so odd that I had to disable it on my home reverse-proxy running
Thank you, Lukas. Maybe I can workaround it on the front router.
Regards
Simon
于 14-5-13 23:29, Lukas Tribus 写道:
Hi Simon,
Hi,Lists,
I found haproxy 1.4.25 can not set mss on FreeBSD 10-stable as below:
# /usr/local/sbin/haproxy -f /opt/etc/haproxy.conf
[WARNING] 132/170407 (71806) :
Hi,Lists,
I found I can not share the same regex txt for haproxy and squid. And
I noticed that haproxy use OS libc's regex by default, and can change it
with compile parameters REGEX=pcre.
Should I recompile haproxy and share the same regex txt?
Regards
Simon
于 14-4-16 21:35, Willy Tarreau 写道:
On Wed, Apr 16, 2014 at 02:32:03PM +0100, Simon Dick wrote:
On 16 April 2014 13:41, Ghislain gad...@aqueos.com wrote:
Le 16/04/2014 08:39, Willy Tarreau a écrit :
On a personal note, I'd say that I consider the support for strace and
tcpdump as absolute
Hi,List,
I got a 1.5 dev22 issue on freebsd 10-stable. It reported like below,
it's generate about 2-3 errors per minute when using http-keep-alive
,it's about 5-8 errors per minute with http-server-close. I tried use
source ip:port1-port2 in server section, but nothing helped. Then I
stop
really a problem ? I have set the portrange from
12000 to 6.
Simon
于 14-4-15 18:15, Willy Tarreau 写道:
Hi Simon,
On Tue, Apr 15, 2014 at 04:22:35PM +0800, k simon wrote:
Hi,List,
I got a 1.5 dev22 issue on freebsd 10-stable. It reported like below,
it's generate about 2-3 errors per
Hi,Willy,
You must never have timewaits on a client, only on a server. So if
on your haproxy box you're seeing timewaits for connections going
to the backend servers, there's something wrong. Haproxy deploys
great efforts at avoiding them by doing a setsockopt(SO_LINGER) to
force the system
Tarreau 写道:
Hi Simon,
On Wed, Apr 16, 2014 at 10:25:46AM +0800, k simon wrote:
Hi,Willy,
You must never have timewaits on a client, only on a server. So if
on your haproxy box you're seeing timewaits for connections going
to the backend servers, there's something wrong. Haproxy deploys
great
Hi,lists,
I tested dev22 on FreeBSD 10-stable recently, and found:
1. ipfw fwd works well with dev22+tproxy. It's have a nice guide in
the /usr/local/share/examples.
But pf's divert-to and divert-reply can't work with haproxy. Maybe
haproxy does not use getsockname(2) and setsockopt(2).
2.
Is it possible add X-Foward-For for each request in http-tunnel mode ?
Simon
于 14-3-11 11:53, k simon 写道:
Hi,List,
I am puzzled with set a header for each request in tunnel mode.
As I know, tunnel mode only analyze the first transaction. But the
tcp-request content documented it can
Hi,List,
I am puzzled with set a header for each request in tunnel mode.
As I know, tunnel mode only analyze the first transaction. But the
tcp-request content documented it can be evaluated again by the rules
being evaluated again for the next request.
As tcp-request content only can
We got the simlar problem, then capture the traffic and found it's
result in websocket. So we had to kill the old process manually when
finished graceful restart.
于 28/1/14 下午2:37, Willy Tarreau 写道:
On Mon, Jan 27, 2014 at 11:24:46PM +, Wei Kong wrote:
We use
/usr/sbin/haproxy -f
man ip on the freebsd box:
If the IP_RECVTTL option is enabled on a SOCK_DGRAM socket, the
recvmsg(2) call will return the IP TTL (time to live) field for a UDP
datagram. The msg_control field in the msghdr structure points to a
buffer that contains a cmsghdr structure followed by the TTL. The
-haproxy is a good tcp proxy ,now it can classify http traffic, and it's
cool to classify other type traffic such as telnet\ssh\ftp etc.
? 17/12/13 ??4:14, Annika Wickert ??:
Hi all,
we did some thinking about how to improve haproxy and which features
we’d like to see in next versions.
Hi, All:
In the past day, I want use pf’s “reply-to” on freebsd to solve ip address
overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply”
cannot work with haproxy on the same machine. Does haproxy in transparent mode
support FreeBSD’s divert mechanism ?
Regards
Hi, All:
In the past day, I want use pf’s “reply-to” on freebsd to solve ip address
overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply”
cannot work with haproxy on the same machine. Does haproxy in transparent mode
support FreeBSD’s divert mechanism ?
Regards
1
backend Direct
mode tcp
log global
option tcplog
no option httpclose
no option http-server-close
no option accept-invalid-http-response
option transparent
option abortonclose
Regards
Simon
在 2013-7-21,下午6:32, k simon
Hi all,
We changed the http-server-close to http-close, and found we resolved
the problem. Now haproxy can accurate distinguished the http and non http
traffic. Obviously content inspection works well with short connection, but not
long connection. And now, 20k+ fin_wait_2 and close wait
25 matches
Mail list logo