Websockets transition during graceful reload
My problem is that I use websockets with stick-tables and need to periodically update the configuration using external tool. As I understand this process, I will have several PIDs while connections...
View ArticleDisable-on-404 seems not work
can haproxy ensure every call to backend server is successful when one of backend server is down ? i tried to use disable-on-404 parameter. … mode http option httpchk http-check expect status 200...
View ArticleOutgoing SMTP Traffic from AntiSpam Appliance
Dear HAProxy Community, we have the following problem: I am using an AntiSpam Mail Appliance from Barracuda (Mail Security Gateway). We use pfSense as a firewall. I am now supposed to send out over 10...
View ArticleHaproxy doesn't retry to another backend on 503 error
Hi, Could you help me on below issue? I have haproxy-2.0.17-1.el7.x86_64 under RHEL7_7. Here is config: defaults mode http log global option httplog option dontlognull option http-server-close option...
View ArticleInstalling Letsencrypt SSL?
So, my network is running LXD Containers. I have an Ubuntu 20.4 host running LXD 3.0. My apps are installed in individual containers. I have one container running HAproxy 1.8.8. My host forwards ports...
View ArticleNfs load balanding
I have two nfs servers in my environment exporting out same content. I want to load balance between them using a tcp reverse proxy (haproxy/nginx). Please advise if this is possible since nfs requires...
View ArticleClik here to view.
Haproxy "miss calculate" total current session
Hello, It seems that haproxy don’t calculate current session properly, as you can see the on screenshot below. Annotation 2020-08-31 113544784×140 43.1 KB I’m running : HA-Proxy version...
View ArticleLua fetcher broken in HAproxy 2.2
Hi, I’m upgrading my HAproxy setup from 2.1 right now and I noticed that a Lua function that works fine in 2.1 is now broken. Inside a sample fetcher, I’m trying to access the common name of the TLS...
View ArticleDoes hard-stop-after apply to old processes?
I added hard-stop-after to my configuration global hard-stop-after 200s but after 10 minutes since reload there is still 3 old processes running. /system.slice/haproxy.service ├─ 1731...
View ArticleAny way to get peers working with server-template
Has anyone found a way to get peers working with server-template? It seems that server-template just fills in ip addresses in the order it gets them from DNS, which means if the DNS server responds in...
View ArticleStick table storing url hits
Hello I would like to setup haproxy to do the following: Haproxy records visited urls and counts hits for every visited url. Depending on hit count, if the visited url is above arbitrary threshold of...
View ArticleSSL Deployments
Hi, I am new in HAProxy and I have in our quality environment a scenario that works great without ssl. Now, I want to test with SSL. My scenario is: OS: Alpine Linux 3.12 (Linux Kernel 5.4.43-1-lts)....
View ArticlePrepend to path conditionally
I am trying to conditionally prepend a subdomain to the path. Incoming https://<subdomain>.mysite.com/<path> This should become...
View ArticleCPU Affinity - nbproc>1 and nbthread>1
When running HAProxy with more than one CPU socket, it is [recommended](https://www.haproxy.com/documentation/hapee/2-1r1/configuration/system-tuning/#pin-network-interrupts-to-cores} that HAProxy...
View ArticleClik here to view.
Mutual-authentication in distroless container
I’m trying to use Google Distroless to tighten the security of my HAProxy container workload. Almost everything is working. Meaning general SSL termination, redirects, acl’s and what not. The only...
View ArticleMultiple log files
Hello! I use the haproxy to serve 5 instances of Wordpress multi sites with 2 webservers as backend. Each instance has its own IP. In haproxy configuration, I have defined each instance in one...
View ArticleGeneral advice for trouble shooting / logging
HI. I’m new to haproxy however I have everything working as needed. During testing I did a stupid mistake and specified the wrong CA certificate within “server ca-file”. Finding the root cause of this...
View ArticleNot working - configuring haproxy, keepavlied, to proxy incoming requests to...
I am new to HAproxy. I am trying to implement below but its not working, I want to use 3 ips, each for HAproxy servers and one for VIP. Configure /etc/hosts file so that test.com will point to VIP....
View ArticleClarification on ownership of .pem files
Hi, Since Haproxy starts as root but drops its workers to the haproxy user, I was wondering who needs to own the crt, crl-file and so on? does it need to be the haproxy user or can the subprocesses...
View ArticleTrying to use "acl authorized http_auth(AuthUsers)"
So researching authentication, I came across : https://blog.taragana.com/guide-haproxy-http-basic-authentication-for-specific-sites-ssl-termination-15813 I am running haproxy within an LXD container....
View Article