Sendmsg()/writev() failed in logger after system restart
I have noticed that sometimes HAProxy stops writing the HTTP access log entries to the logger after an OS reboot and reports this error: sendmsg()/writev() failed in logger #1: Permission denied...
View ArticleSPOA configuration with Agent written in Go Lang
Hello, I am trying to authorize the host for each request sent to Haproxy. I have a Haproxy running inside k8s cluster. While each request landed at Haproxy I want to call a REST service to authorize...
View ArticleGetting information about protocol used for the backend (like %HV)
Hello, I’d like to extract information about the request sent from haproxy to the backend, I am interested with the used HTTP protocol. If I understand correctly the %HV is haproxy frontend protocol,...
View ArticleError 503 showing up even with backend servers up
Hello everyone, im having a hard time trying to figure out what is causing this behavior, so far i got nothing, i’ll describe the scenario below: All services we control have haproxy acting as a...
View ArticleE-mail sent in errorneous format to haproxy@formilux.org
Good morning, I have sent an e-mail to haproxy@formilux.org ( http-reuse and idle connections ) but only after I sent it I noticed that it was sent in HTML format and it make it uneasy to read. Can...
View ArticleAH03507: RemoteIPProxyProtocol: unsupported command 20
I have an HAProxy server on one machine that’s forwarding requests to Apache on 3 other machines using the Proxy Protocol 2. On the Apache machine the log is being spammed with the following: [Sun Dec...
View ArticleOnce In A Blue Moon Bug? HAProxy Routing Phantom Connections To Redis...
Twice in the past couple of years I’ve encountered an unusual issue whereby after a failover in a Redis Sentinel cluster, HAProxy has seemed to continue to route phantom connections to a node that is...
View Article3.2 vs 2.8 throughput issue
Using the same load test and Haproxy configuration, I have noticed quite a bit of drop in upload/download speeds with version 3.2 vs 2.8. I see about a 30% drop in throughput with 3.2. Am I missing...
View ArticleHow prepare map in runtime API works?
I want to use transaction to update the map file via socket as there are multiple command need to be in the same transaction. But, Is prepare map only creates new version of the map and doesnt have...
View ArticleHTTP/2 single-connection DoS attack
Hello, haproxy users! yesterday one of my webservers using haproxy as a frontend was subject to an unusual (D)DoS attack: According to the logs, the attack was from not so many remote clients (maybe...
View ArticleHow could I correctly fetch the request domain in Lua?
I need to fetch the HTTP request’s domain to perform domain whitelist verification, but sometimes I cannot retrieve the host value—it returns nil. My HAProxy version is 3.1.5, and I’m using the...
View ArticleHaproxy not presenting intermediate certificate
Hi I am having a problem with one haproxy 3.2 instance. It is presenting only the leaf certificate to clients, rather than the leaf + intermediate certificate. I am getting ‘incomplete chain’...
View ArticleClik here to view.
Gateway API Support with HAProxy Unified Gateway
Hi, Can you Please help me answer the following questions? This is regarding HA Proxy Unified Gateway, Does this new product support BackendTLS Policy? HAProxy Technologies Announcing HAProxy Unified...
View ArticleMonitor-uri conflicting with default_backend
Haproxy is running v3.0.11 behind an Azure Application Gateway I have a monitor-uri currently configured with the root path “/”. When a request comes in with a bogus/non-existent URL (e.g....
View ArticleHaproxy Header Security
Hi, According to the recent third-party penetration test report, we received findings regarding some missing security headers. Is this something we need to fix at the load balancer level, and if so,...
View ArticleInconsistent IP source persistence on first two packets
Hi, I’m using HAProxy 3.0.3 : HAProxy version 3.0.3-95a607c 2024/07/11 - ``https://haproxy.org/ Status: long-term supported branch - will stop receiving fixes around Q2 2029. Known bugs:...
View ArticleNeed to append a query string to a URL path
Running Haproxy v3.0.11 I have a URL https://santosh.haproxy.com/config My need is that whenever this URL is called, a query string should be appended so it should look like:...
View ArticleOcsp stapling with non public trust CA (2 intermediates)
Currently debugging ocsp stapling problems. Version: 3.0.14-1 Certificate: SwissSign Preprod: /etc/haproxy/certs/domain.pem, containing: leaf issuer 1 issuer 2 (signing issuer 1) key The root was...
View ArticleMany (tcp-retransmissions) when using http mode & ssl-offloading
Hello HAProxy community, We are experiencing a high number of TCP retransmissions in an environment where HAProxy is used, and we are trying to understand the root cause. Traffic Flow: Client →...
View ArticleServer/backend DOWN log messages
Hello All, We have a few instances of HA Proxy running that we noticed weren’t logging server/backend up/down messages, e.g. Jan 13 15:15:47 RULE-NB-014 systemd[1]: Started HAProxy Load Balancer. Jan...
View ArticleDrop requests in queue when rate limiting
Hi, I am currently implementing some rate limiting on my loadbalancers. I also have queues due to the connections limits that I set on my backend servers. I was wondering if dropping requests with...
View ArticleWdt_handler crash
In our RHEL/AlmaLinux 9 haproxy instances I experienced ocasional crashes. Distro ships haporxy 2.8.14, I know it’s very outdated… It seems related to crash in 3.2.4: wdt_handler · Issue #3101 ·...
View ArticleTransition HA Proxy from mode TCP with SNI only to passthrough TLS encryption
Hello HAProxy Community, I have 2 X HA Proxies running on RHEL8 VMs. They are in our DMZ. I use keepalived to cluster them together. They are working well.They ultimately direct internet traffic to...
View ArticleTrouble of interconnecting haproxy via https
Hello, I have two haproxys, with configuration like: frontend-haproxy: global master-worker log stderr local1 defaults mode http log global option httpslog frontend http-frontend bind...
View ArticleDefault cert file for automatic ACME
Following a new automatic ACME tutorial here Client-side encryption | HAProxy config tutorials , can I have one default certificate file for all the dynamically added domains through Data Plane API?...
View ArticleLdap-check for LDAPS (636) doesn't work
We load balance LDAP / LDAPS connections (OpenLDAP 2.5.16) and have a mix for legacy reasons of LDAP 389 and much more used LDAPS 636 in our environment. These two protocols use separate frontend...
View ArticleFirst https connection fails, second works
I have HAPROXY on pfsense and have the following issue: I load balance 443 over 2 web servers using round robin. but i have the following issue: when the guys doing API calls, the first call ALWAYS...
View ArticleHow many stick counters are currently supported?
In Haproxy opensource version, How many stick counters are supported? One AI said currently sc0-sc9 are supported, but I can’t see the doc anywhere 1 post - 1 participant Read full topic
View ArticleConnection reset, but connection to frontend is logged
I am trying to create an IPv4 to IPv6 proxy of sorts. I have a VPS that has both IPv4 and IPv6 connectivity, and a backend that has IPv6 only. Hosts replaced with example.org because I don’t feel like...
View ArticleUnderstanding "show sess show-uri" output
Hello, haproxy users, I am occasionally having problems with backend servers being busy up to their maxconn, with further requests waiting in the backend queue. But when I reload haproxy, everything...
View Article