Reload closes partially connected proxies
We are using HAProxy to perform SNI proxying for TCP connections. The frontend matches the SNI hostname to a backend matching that host. The problem we are seeing is that if a connection to the front...
View ArticleDebug TLS session resumption & high CPU usage
Hi, Our HAProxy instance was under heavy load (32 threads and CPU usage was 3000+ for most of the time) and we suspected that it could be due to our clients not using TLS session resumption. After...
View ArticleRetry and redispatch to specific backend based on a header
Hi, In HAProxy HTTP mode, is it possible to retry and redispatch a request to a specific backend based on a HTTP header? For example, if the request has a HTTP header (say x-trybackup: yes) and the...
View ArticleCertificate not trusted/unknown once CRL is configured
I am using HAProxy version 1.8.10 currently and a self-signed CA. My CA cert file consists of the intermediate and root certificate. Now I want to use a CRL so HAProxy blocks access for revoked client...
View ArticlePFsense custom acl whitelist IP alias backend specific block reject others
I am looking for a way to allow access to certain backends only to certain IP addresses or networks, I am trying to find information that shows/tells how to do this more info: I have 10+ backends...
View ArticleError : Some tasks resisted to hard-stop, exiting now
Hello, I have the following message which often appears in the HaProxy logs: Some tasks resisted to hard-stop, exiting now Is this message problematic? HaProxy is installed as a PfSense package. Thank...
View ArticleHow to configure proxy protocol backend over ssl?
I’m having challenges configuring haproxy for SSL passthrough when the backend is proxy-protocol enabled with SSL. For HTTP config, this works (mentioning here to show what works without SSL to...
View ArticleHaproxy Load Balancer problem tes concurrent user jmeter
Hi, i have some problem with haproxy. I was find solution for long time, but not solved. My Haproxy is run well so far. But, when tes using jmeter that stuck on about 80% success, but other is error....
View ArticleOrder of actions?
In the documentation for http-request, it mentions that: It is important to know that http-request rules are processed very early in the HTTP processing, just after “block” rules and before “reqdel”...
View ArticleMode TCP and Mode HTTP coexistance
Hello, I’m having an hard time with a mixed configuration. I’m running HAProxy v. 1.5.18 on a CentOS7 vm as reverse proxy for our onsite applications with SSL Termination for HTTPS connections. Few...
View ArticleOne frontend, logs with and without logasap
Hello everyone, I am using haproxy for TCP workload and am looking into improving my logging setup. The connection duration of clients is very diverse. In the usual case, connections are kept open for...
View ArticleLimit total response time of an HTTP backend
Hi I’m using HAProxy as an HTTP frontend to a backend S3-like service that provides large-ish downloads. Usually those downloads finish in less than an hour, but sometimes, due to bad network...
View ArticleMoving from 1.8 to 2.2 what changes need doing on the config file?
Hi guys, I’ve been running the same configuration for almost 2 years now. I am now moving to HAP 2.2 and was wondering if any of my old settings would not be compatible anymore… This is the default...
View ArticleName resolution not working with docker containers
I have installed HAproxy on two vagrant VM in virtualbox (both debian buster, on bridged network connection) and has setup (installed on the VM) keepalived to manage a single VIP. I am running two...
View ArticleClik here to view.
Need help with better understanding CR---- termination state in http mode
Hello, Thanks again for such great software I am using haproxy 2.0.17 with such configuration: global pidfile haproxy.pid master-worker log rsyslogd.sck local0 defaults log global mode http option...
View ArticleStick on prefix of URL parameter
Hello everyone, I have a backend with two servers and need to balance requests based on a URL parameter. I successfully tried this configuration: stick-table type string size 10k expire 30m peers...
View ArticleExternal check with generated path in url
Hello guys, it’s possible to make an script based on the path of the URL given by client like : www.website.com/path01 i didn’t find a way to use the url with generated path in external script check ....
View ArticleHttp request drop with hitless reload
Hi, whenever “systemctl reload haproxy” is executed, one or two http requests are dropped. The load was light it was about 2 requests per second. Please help me to fix this problem. I attached...
View ArticleHTTP deny conditions
Hey, I’m trying to add a configuration in my Hap conf for a client, who is using a special header. What I would like to do is to deny http requests if this header Is present and if the query do not...
View ArticleHaproxy from 1.8.X to 2.3.1
Hi to everyone … I upgrade to 2.3.1 latest haproxy stable… and without change ssl config… starting to getting error tunnel with windows 7… i’m pretty sure is about tls.1.0 issue so i had 1 link to try...
View Article