Clik here to view.
HAProxy ignores 2nd Wordpress site
I have 2 wordpress servers ws1 & ws1, both running nginx ws. I’ve configured haproxy’s backend for both. if I type the ws1 or ws2 url it works perfectly. If I hit the url for haproxy haproxy sends...
View ArticleClik here to view.
Source balance Impairment
I’ve switched from roundrobin to source balance, but I got a very unbalanced allocation, I also tried to drain the most active backend but redistribution is odd. and I’ve traced more than 170 distinct...
View ArticleCounter issues on 1.8.29
Hi, We’re using some restrictions like this: stick-table type ip size 1m expire 30s store gpc0,conn_cur,conn_rate(3s),http_req_rate(10s),http_err_rate(30s) peers mypeers # Reject over 50 concurrent...
View ArticleHaproxy reusing wrong backend when using tcp mode
Hi, I have a weird problem with my Haproxy setup. I have several haproxies on top on each other (to manage routing through subdomain yyy.mydomain.com, and then sub-subdomain xxx.yyy.mydomain.com), and...
View ArticleWhy browser is always showing certificate of only one server even if multiple...
Hi, I am a beginner in HAProxy. I have four VMs, with HAProxy in one and Apache httpd in other three. What I am trying to achieve is, when user connect to HAProxy IP using https, the connection should...
View ArticleStop logging "X changed its IP from Y to Z"
I have haproxy configured with around 74 backends each using `server-template name ${FDQN}" for my backends. The haproxy nodes are containers in a small k8s cluster. I’m fine with the IP addresses...
View ArticleHAProxy does not log access logs
hi folks, I have a weird behavior with my Haproxy. It logs haproxy startup but no access log Here is the HAProxy configuration: defaults mode http log global option httplog timeout connect 5s timeout...
View ArticleClik here to view.
How to deliver certificate randomly to browser, according to the backend...
Hi, I am a beginner in HAProxy and I was trying to achieve this. I have 4 VMs, one having HAProxy server and Apache httpd server in other 3 VMs. I have test.html on all three servers. When user hit...
View ArticleNO-TLSV11 - Layer 4 timeout on backend
We are trying to remediate a security finding on one of our HAProxy endpoints. we currently have this line and everything works ok ssl-default-bind-options no-sslv3 no-tlsv10 we then add the no-tlsv11...
View ArticleHttp-request redirect and ACL
Hi, I would like to add conditional https rewrite to my configuration. Is there a way to “reconcile” these two things ? acl acl_tst hdr(host) test-site.domain.com http-request add-header...
View ArticleCPU recommendation
Hi all, would like to setup a new haproxy server for high performance. It will be bare metal, dedicated server. Few questions: Will CPU 1x Intel E5-2620v4 (2.1-3.0Ghz, 8C/16T) provide enough...
View ArticleSet whitelist for TLS interception
Hello, My current frontend is configured like this: bind *:443 ssl crt <cert file> ca-sign-file <ca-sign-file>. It intercepts https traffic and gives the client a self-signed certificate...
View ArticleI can't get the "http-request deny" function to work
Hello everybody, Unfortunately I have total difficulties in getting the desired function to work. Initially, I planned that all requests to test.domain.abc would be forwarded to...
View ArticleWhy I am getting Bad Request error?
(topic withdrawn by author, will be automatically deleted in 24 hours unless flagged) 1 post - 1 participant Read full topic
View ArticleClik here to view.
HaProxy SSL mutual authentication unable to load SSL certificate into SSL...
Hi all, I am new to HAProxy and today I run into an issue while trying to set HAProxy for mutual authentication. Everything is running fine without SSL. I have 2 Web Servers behind the HAProxy server...
View ArticlePer backend cipher suites
Hi, I think the answer to this is no, but don’t understand why this feature is not available, I’d like to configure a list of ciphers on a per backend basis i.e to be able to use...
View ArticleFeature request: retry-on/redispatch
Hello, we ran into a use case which i was unable to setup correctly in haproxy so maby this will result in a feature request. or maby i just did/understand it would like to hear ur thoughts. we have...
View ArticleHAProxy proxy protocol
Hi, I have the following HAProxy (v2.0.14) setup - Application A → HAProxy A → HAProxy B → Application B Application A & B are deployed on separate EC2 instances in AWS, with HAProxy A & B...
View ArticleAppending to the XFF header does not work as expected
Hi, I would like HAProxy to append to the X-Forwarded-For header. As HAProxy preferers to add duplicate headers instead of appending the existing list this does not seem to be so straight forward. I...
View ArticleHow to manage huge number of dynamic certificates with HAProxy?
Hi, I am using HAProxy and I have crt-list configured (bind :443 ssl crt-list /etc/haproxy/crt-list.txt) to load certificates from a directory (i handle certificates of multiple domains) and I route...
View Article