How do i log the tcp request payload in HAproxy
When i try to log tcp request payload for a database connection using log-format %[capture.req.hdr(0)] it logs junk / unreadable characters. I need to see the payload to write acl accordingly. I also...
View ArticleBackend Weight Routing
I wand to config Weight Routing of backend but use_backend option is only one backend Example, frontend fe1 mode http use_backend [be1 - weight 10 / be2 - weight 20] if { ACL } default_backend be3...
View ArticleFrequent connection retries and timeouts with gRPC
Hi, We are attempting to use HAProxy to load balance gRPC requests (L7) across 6 app servers, which have nginx in front of the app. We are using TLS between nginx and HAProxy, and TLS with a...
View ArticleClient_ip in tcp mode
Hi, we have microservices running behind HAPROXY load balancer. One of the components(TCP component) is based on TCP connections. This component is unable to publish client_ip rather its publishing...
View ArticleHAProxy v2.2 change with %[url] variable including protocol
Since the commit here: http://git.haproxy.org/?p=haproxy.git;a=commit;h=30ee1efe676e8264af16bab833c621d60a72a4d7 …which added the protocol to the %[url] variable, the previous haproxy 1.8 configs I...
View ArticleHAProxy - Email - Preserve Client IP
So we are using HAProxy to replace Microsoft Network Load Balancer in our email environment. All functionality is working but I am seeing the LB IP as the source address for all incoming emails. I’ve...
View ArticleHAProxy full traffic inspection/logging
Hello HAProxy community, I’m trying to setup HAProxy for full traffic inspection (and logging). What I would like to achieve is to have access to full incoming request on frontend, full outgoing...
View ArticleHaproxy SSL old cert is visible
Hi, I spent all day with this issue, no luck. I have 10 containers on my server, haproxy is sitting in one of them. I redirected all the :80 and 443 traffic to this haproxy container, and all worked...
View ArticleWe have a question regarding L7 retries and redispatch feature of HAProxy, as...
We are using HAProxy v2.0.14 and have enabled the retries feature for a few backends and found it to be working absolutely fine. For a detailed analysis of traffic errors, each server’s web logs are...
View ArticleError 400 Unexpected error from sharepoint
We have an interesting problem. When we use a link to a site that goes through our HAProxy it gives us an error 400 unexpected error. If we then go to the adressbar of the browser and press enter...
View ArticleSSL client certificate not trusted
I have a rather simple setup where connection fails on the frontend with “SSL client certificate not trusted” and I’m really running out of ideas. I have checked everything multiple times and did not...
View ArticleRate limiting by host (domain)
Hi there, I’m wondering if there is a way to set per-host (that is: per domain) rate-limiting in HAProxy, using maps? My frontend setup is as follows (it’s essentially the example given on the HAProxy...
View ArticleIs there an equivalent for Nginx grpc_ssl_certificate directive?
Hi, I am trying to setup HAProxy to replace Nginx as a reverse proxy for a GRPC service. This service is secured by using mutual tls, and the Nginx configuration contains both a certificate and a key...
View ArticleClik here to view.
Free up 443 for another application
Hi, I’m a newbie to HAProxy We are running HA-Proxy version 1.5.18 We have an application that uses multiple backend services running on different ports; this app is configured with port 443 on the...
View ArticleStick Table / Entries addded then removed
stick-table type ip size 1m expire 24h store gpc0,gpc0_rate(30s) … http-request track-sc1 hdr(x-forwarded-for) table Abuse1 if METH_POST http-request sc-inc-gpc0(1) if METH_POST req_rate_api_abuse_1...
View ArticleClik here to view.
Problem with adding trailing slash conditionally
Hi @ all, I’ve got a problem with a conditional redirect with HA-Proxy version 2.0.17. I want to workaround a courtesy redirect made by IIS in the following case: The request goes to...
View ArticleChanging SSL configuration for a single domain / single certificate
Hi Everybody, Thank you very much for HAProxy and this forum ;-). I successfully configured multiple domains with multiple certs (requires SNI / Server Name Indication). frontend config looks like...
View ArticleOn a backend server restart, it always gives 503 error
Hi, I have set up where there are multiple back end servers. On restart of any backend server, on accessing the page , it gives 503 error as below:- =========== 503 Service Unavailable No server is...
View ArticleSUGGESTION - ssl-load-extra-files - private key name resolution
Hi, We recently switched to haproxy 2.2.2 and we encountered a problem with the flexibility of ssl-load-extra-files. The way we handle certs is as follows: Public key name is : fqdn.pem Private key...
View ArticleSSL requests pass through although check is off
Hi, I have following configuration which works good for http connections but have some issues for https. If client establishes keep-alive connection and I disable httpchk endpoint, https requests are...
View Article