non-working backends from the pool…
Rainer
> Am 07.03.2023 um 18:26 schrieb Marc West :
>
> On 2023-03-07 08:09:04, Rainer Duffner wrote:
>> I admit I only toyed with TP, so I really don???t know what I???m doing
>> there, but:
>>
>> Have you tried to just use pfSense for this? The developer of th
> Am 07.03.2023 um 08:46 schrieb Marc West :
>
>
>
> Any other thoughts to look at or data that would be helpful to collect?
>
I admit I only toyed with TP, so I really don’t know what I’m doing there, but:
Have you tried to just use pfSense for this? The developer of the package
(https:
an't use that address for sending (which it obviously can't, when it's
not MASTER)?
Rainer
> Am 21.06.2021 um 18:25 schrieb Shawn Heisey :
>
> On 2021-06-20 06:03, Shawn Heisey wrote:
>> Unrelated, and off topic because it's mostly about Apache, but strange:
>> I've been doing some tests with webpagetest.org, and seeing REALLY
>> long load times for some resources in their waterfall
Am 2019-06-25 19:44, schrieb Lukas Tribus:
Hello Rainer,
[...]
I suggest your try a HEAD request for the haproxy health check instead:
option httpchk HEAD /swagger/ui/index HTTP/1.1\r\nHost:\
app-api.dom.intern\r\nUser-agent:\ LB-Check-API\r\nConnection:\ close
There is no need for the
Am 2019-06-25 18:26, schrieb Lukas Tribus:
Hell Rainer,
On Tue, 25 Jun 2019 at 18:01, wrote:
Ah, OK.
Thanks.
However, I still get L7TOUT on the healthchecks.
I don't follow.
Are health checks working or not? You started this thread saying:
Healthchecks are OK.
But running a curl
Am 2019-06-25 16:54, schrieb Lukas Tribus:
Hello Rainer,
On Tue, 25 Jun 2019 at 16:18, wrote:
The requests from the healthchecks *do* arrive at the right vhosts on
the backend, there's a code 200 in the logs.
So, I wonder what exactly is timing out for haproxy.
The server on the othe
Am 2019-06-25 14:44, schrieb Lukas Tribus:
Hello Rainer,
On Tue, 25 Jun 2019 at 12:53, wrote:
Hi,
I tried to read up on this but there are many examples and not all of
them seem "correct".
It's simple: do not content-switch based on SNI. Use the host header
instead. That
timeout on the backend-servers.
curl-ing the URLs works without problems.
Because it's all encrypted, I have a hard time figuring out what haproxy
is actually sending to the backend.
Is there a way to enable some sort of logging on what requests are
actually made to the backend?
Best Regards
Rainer
Am 2019-06-20 13:18, schrieb Lukas Tribus:
Hello,
you only enabled SNI for health checks (check-sni). You need to enable
SNI for the actual traffic with the sni keyword.
sni str(intern3.local)
or
sni hdr(host)
lukas
Ah, ok.
Thanks a lot!
I now used
ssl_fc_sni_reg -i host3.intern
I hope
else built
this).
On of my configs, the stick-table config is a bit larger, like this:
stick-table type string len 52 size 100k expire 60m
stick store-response res.cook(JSESSIONID)
stick on req.cook(JSESSIONID)
But it should not be relevant to the error, right?
Anyone got any ideas?
Regards
Rainer
> Am 22.05.2018 um 06:46 schrieb TomK :
>
> Trying to mount an NFS share vi an Haproxy / Keepalived configuration. When I
> mount the NFS share directly from the host, bypassing Haproxy / Keepalived,
> it works fine. However, when I try via the Haproxy / Keepalived combination,
> it freezes.
Hi,
I have lines like these:
Apr 19 09:32:03 lb-prod haproxy[16717]: 127.0.0.1:50898
[19/Apr/2018:09:32:03.174] srv-pub-front-ssl srv-pub-back-ssl/WINSRV
0/0/0/36/290 500 284 - - --VN 3/1/0/1/0 0/0 "POST /SaveStatistics
HTTP/1.1"
Does that mean that the backend-server (WINSRV) replied wit
link, I've responded there so that the response can be
found for future readers.
Willy
Thank you!
Best Regards
Rainer
ackoverflow.com/questions/29248144/working-configuration-for-haproxy-with-the-force-persist-setting
This pretty much how I would end up doing it and I'm curious to know if
there are any errors in my thinking.
(haproxy 1.7.9)
Regards
Rainer
Am 2017-07-20 14:18, schrieb Jarno Huuskonen:
Can you share how you've configured health checks in haproxy.cfg ?
backend site-back
balance roundrobin
mode http
option httpchk GET /healthcheck.htm HTTP/1.1\r\nHost:\
site.com\r\nConnection:\ close
http-check expect string server_up
ke on these files
and hang - I had to kill -9 it.
After replacing the file with its previous, ASCII-only copy, everything
started to work again.
Can anyone reproduce this?
Maybe it's fixed in later versions?
Regards
Rainer
Am 2017-03-06 10:05, schrieb Matthias Fechner:
Dear Rainer,
I opened a bug report here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217576
I have only one server already upgraded to FreeBSD 11. The 10.3
installation are running fine with haproxy 1.7.3.
Thanks!
Hi,
it would be cool if somebody could open a PR at
https://bugs.freebsd.org/
I personally don't use FreeBSD 11 for any of my HAProxy-installations
(yet), so I'm not really affected (yet) - but thanks for the heads-up.
Regards,
Rainer
> Am 03.03.2017 um 15:07 schrieb David King :
>
> Hi All
>
> Hoping someone will be able to help, we're running a bit of an interesting
> setup
>
> we have 3 HAProxy nodes running freebsd 11.0 , each host runs 4 jails, each
> running haproxy, but only one of the jails is under any real load
>
As haproxy doesn't (seem to) use github, the authors might think about
installing gitlab.
Best Regards
Rainer
> Am 06.05.2016 um 00:15 schrieb Thierry FOURNIER
> :
>
> Hi,
>
> You can look here:
>
> http://discourse.haproxy.org/t/ironbee-in-haproxy/92
>
> Thierry
>
>
Is that project actually alive?
The last (and what looks like only) commit this year was to adjust the year for
the copyright.
> Am 01.10.2015 um 01:22 schrieb Willy Tarreau :
>
>>
>
> I'd be tempted to place my judgement between yours and Jeff's. I'd say
> that if the company is already using the target OS on any other place,
> the cost of switching is low. If the load balancer is the opportunity
> to introduce a new
> Am 30.09.2015 um 16:25 schrieb Jeff Palmer :
>
> Arnall,
>
>
> This advice is less of an haproxy specific response, and more of
> general information.
>
> As someone who's tried to manage mixed infrastructure, I would push
> back if possible, unles syour organization has decided to move to
>
>
> I consider openssh for sftp pretty much unusable for clients/customers.
I wouldn’t say that.
Certainly true if they don’t actually know what they’re doing.
As for the setup: yes, the first directory users can write to in a chroot-setup
is a subdirectory of the home directory (because $HOM
Hi,
Port 143 will actually be inline-TLS (STARTTLS).
SSL is on port 993.
The above answer should be correct, according to this:
http://comments.gmane.org/gmane.comp.web.haproxy/19274
<http://comments.gmane.org/gmane.comp.web.haproxy/19274>
But only for SSL. Don’t know about inline-TLS.
Rainer
all my haproxy-VMs are actually provisioned with chef and are pretty
similar and I’ve got this issue nowhere else.
I build the package myself on my own poudriere-server and the same package
works elsewhere on much busier servers without problems.
We’ve got an icinga event-handler that restarts it…
Rainer
> Am 18.10.2014 um 22:32 schrieb Jason J. W. Williams
> :
>
>> With incoming mail, I can make use of HAProxy’s send-proxy feature to make
>> the source-IP known to the backend SMTP-servers.
>> (Works in the lab, I just need to move a few hundred customers off port 25
>> for authenticated SMTP,
Hi,
we use HAPROXY for incoming mail, outgoing mail (authenticated), POP3, IMAP.
With incoming mail, I can make use of HAProxy’s send-proxy feature to make the
source-IP known to the backend SMTP-servers.
(Works in the lab, I just need to move a few hundred customers off port 25 for
authenticat
gh.
I'll write yet another post about that.
Best Regards,
Rainer
Hi,
I’ve configured nginx+haproxy in front of a couple of IIS servers.
NGINX terminates SSL.
configuration is as following:
global
log /var/run/log local5
log /var/run/log local1 notice
#log loghostlocal0 info
maxconn 4096
#debug
#quiet
user www
group www
daemon
defaul
Hi,
I want to take the status of a server of a given backend and use it in
another backend or in the frontend.
If that possible?
I though there might be something simular to
"nbsrv()" - but I haven't found anything.
Best Regards
Rainer
Am 28.08.2014 um 23:21 schrieb Baptiste :
> Ok,
> I would create a monitoring backend, such as below:
Hey, thanks a lot!
I will try this and report back.
Best Regards,
Rainer
Am 28.08.2014 um 22:41 schrieb Baptiste :
>
>
> Hi,
>
> maybe you could share your HAProxy configuration :)
> By default, HAProxy tests a service every 3s, which is fine. It just
> does a tcp connect, so nothing complicated for your server to handle.
>
Since we switched to haproxy-1.5, I cha
Hi,
we will put haproxy in front of a Zimbra infrastructure (which we have
split-up, so that there is a „front end“, with pop, imap, smtp and a „back
end“, where the mail sits).
I have too haproxy-servers (active/standby via CARP) that are checking the
front-ends.
I check:
- smtp
- smtps
-
> hdr(host) ACL only applies to HTTP.
> Furthermore, I'm not sure there is a notion of Host header in FTP ;)
Last time I looked (admittedly with 1.4) into FTP+HAProxy, the
end-result was that it was just not possible.
AFAIK, you can use LVS for that on Linux.
Am 30.07.2013 um 21:40 schrieb Lukas Tribus :
> Hi Rainer!
>
>
>> I'm using haproxy on FreeBSD 9.1-amd64 inside a VMware VM.
>>
>> I realized that when I have a situation where all servers in a backend
>> are down, haproxy crashes:
>> Jul 30 08:03
Am Tue, 30 Jul 2013 21:40:34 +0200
schrieb Lukas Tribus :
> Hi Rainer!
>
>
> > I'm using haproxy on FreeBSD 9.1-amd64 inside a VMware VM.
> >
> > I realized that when I have a situation where all servers in a
> > backend are down, haproxy crashes:
> &g
backend servers-old-p-stage
fullconn 8000
#option httpchk GET /ip_monitor_mysql.php HTTP/1.1\r\nHost:
p-stage.1st.domain\r\nConnection:\ close server app2 first.ip:80
weight 1 check server input1 second.ip:80 weight 1 check
listen admin 0.0.0.0:22002
mode http
stats uri /
Regards,
Rainer
t; but many times the IP field appears empty. I've read on this mailling list
> that it has something to do with KeepAliveTimeout on Apache. I rised up it
> from 6 to 15, but no luck.
>
> How could I fix this?
You probably need "option httpclose".
-Rainer
41 matches
Mail list logo