Lua Cors policy url rewrite
Hello, I have in my conf the lua module for the CORS policy it look like this. I use this Enabling CORS in HAProxy - HAProxy Technologies global lua-load /etc/haproxy/cors.lua ... defaults log global...
View ArticleVMware Identity Manager (vIDM) Cluster with HAProxy
Hello, I am trying to get HAProxy configured to balance client connections between my 3 vIDM nodes. I am using vIDM version 3.3.5 and HAProxy version 2.4.9-1ppa1~bionic. Has anyone managed to get this...
View ArticleHttp backend checks failing with http/400; but curl to same url gives...
I am trying to enable http checks to my backend servers and I am a bit stuck. My haproxy.cfg is: global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket...
View ArticleSend-proxy-equivalent functionality within log-forward?
Hello, I recently stood up a haproxy 2.4.8 instance in order to take advantage of the log forward functionality. Currently, logs forwarded along via this instance are landing at our back-end SIEM, but...
View ArticleClik here to view.
Possible bug? incorrect retries count when termination status is CR--
Hello! We recently updated our config and are now seeing some weird logs; first, we upgraded from 1.8 to 2.0, and second, we tightened up TLS algorithms and used a snippet from...
View ArticleIt is possible use mode tcp and http together?
Hi, I have to set up a TCP transparent SSL proxy in 443 port, but I have to use a reverse proxy in 80 and 443 ports. How I can use both methods? I have to understand you can only choose one mode,...
View ArticleCan I redirect a domain url from within a listen section of a configuration
Hello, I am pretty new to HaProxy & still get stuck on proper cfg files. I wish I had a good place to configure a demo site. I feel like I would be better if I just experimented more. I am trying...
View ArticleHttps multiple domain routing
Hello haproxy knowledged people, I am setting up a gateway that is supposed to route traffic from different domains (2 tld and multiple subs) to different backends. I am using certbot with cloudflare...
View ArticleReverse proxy with slash
Hello everyone , I’m sorry to post my question here but I did a lot of research on the internet and I can’t find the solution. I am an intern in a company and I am a beginner in computer science and...
View ArticleHttp-request replace-value Host
Dear all, I’ using a system which, in the case the user has forgotten the password he gets an email after filling like this https://wiki.mydomain.com:80/bin/view/XWiki/ResetPasswordComplete?u= … The...
View ArticleClik here to view.
%Tu timings seems to include idle timing but %Ti is logged as -1
Hej, we see some discrepancies in our logs for the timings. The request itself takes about 500ms but in the haproxy logs we see higher times. This happens for http/2.0 requests and not for http/1.1....
View ArticleSSL Pass-Through Process Flow?
So recently I built new Haproxy servers to replace ones on EOL versions of Ubuntu. I copied over the original config file and modifies it to handle SNI one one frontend. I’m very confident that these...
View ArticleRetry-on all-retryable-errors
I need only repeat request on haproxy if all-retryable-errors have only 504 error ocurred How can i do this retry-on all-retryable-errors retries 3 http-request disable-l7-retry if error=504 In order...
View ArticleSQL Server connection not working
I am trying to connect Azure SQL server using HAProxy with below configuration. listen test bind *:1433 mode tcp option tcplog timeout connect 10s timeout client 20m timeout server 20m maxconn 10000...
View ArticleHAProxy 2.5 server add results in Segmentation fault
Hi HAProxy folks, I am excited to experiment with the server add features that are more fully supported in HAProxy 2.5 in the runtime API, and have found a segfault when attempting to specify the ‘id’...
View ArticleLogging server name on failed SSL handshakes
Hello, I’m interested in logging failed SSL handshakes, and require knowing which server name was sent in the SNI request (we occasionally get requests for domains which still don’t have a certificate...
View ArticleAcl regex problem with "?" in URL
Hi, I have a problem with a regex to verify an URL. I use this acl : acl sign path_reg /signature/state?status=[a-zA-Z0-9]*$ I have a problem with the caracter “?” when I try...
View ArticleToo many checks and ssl check?
Do I have too many checks? checkscript runs a ldapsearch with ldaps:// (cluster dns). external-check path "/bin:/usr/bin:/usr/local/bin" external-check command /var/lib/haproxy/checkscript.sh server...
View ArticleMulti threads and stick tables - is this safe to use?
We are moving to run HAPROXY v2.2.18 using opnSense firewall. We currently run pfSense with HAPROXY 1.8.30 and as I understand there are (were?) issues with threads and especially stick tables. We are...
View ArticleHaProxy Ingress Controller (DaemonSet Vs.StatefulSet)
I have a Kubernetes Cluster with HaProxy Load Balancer and Ingress Controller. On Servers I could just add/remove a configs to the haproxy.cfg then reload/restart the haproxy service However, in...
View Article