Haproxy 1.8 offerint TLS 1 and 1.1
Hi, I’ve been reading several forums and making several tests with a HAProxy 1.8 and add the suggested configuration from mozilla builder, to avoid TLS 1 and 1.1, but still the server is offering the...
View ArticleAccess Proxy, Authentication, Encryption, Questions…
Hello, I’m a CE user which currently use HAProxy as HTTPS Router. HAProxy is in front and re-route TLS requests based on SNI field. In this situation TLS stream is end to end between client and final...
View ArticleReverse proxy redirect to servers based on url root path
I am new to HAProxy and struggling to understand how things to configure. I have found just one example for Grafana, though I am not able to expand this to other applications. This is my setup: I have...
View ArticleServer-template and swarm's "tasks."
Hi ! I’m trying to implement load balacing on a swarm service the same way it is implemented in the following article : HAProxy on Docker Swarm: Load Balancing and DNS Service Discovery - HAProxy...
View ArticleACL against CVE-2021-44228?
Hello, Does anyone have a fine tested acl to setup against CVE-2021-44228? Taking the info from this good explanation, a match against any header or body content looking for the pattern “jndi” seems...
View ArticleCan I proxy resources from the filesystem?
I spent a few days making beautiful error pages; informative and with options besides a get out of here message. I took care to use relative-coordinated non-rasterized SVGs...
View ArticleResponse time in log file is Zero(0) for static files
HI, Haproxy log file showing %TR/%Tw/%Tc/%Tr/%Ta as Zero(0) for static files kashu.akashrp.me BYPASS 122.171.195.14 [14/Dec/2021:05:30:17.242] nocache "GET...
View ArticleReturn IP address of connecting client
Hi All, I am releatively new to HAProxy but trying to do some new things. I am looking for a way to use the monitor-uri or another way which I can do a URL check from the remote client to the server,...
View ArticleHaproxy 1.8.30 start failure
I’m trying to start haproxy on an Ubuntu 18.04 server. Getting the following at start: root@myserver:~# service haproxy start Job for haproxy.service failed because the control process exited with...
View ArticleCannot create pidfile /var/run/haproxy
Ubuntu 18.04.6 LTS (32bit) The following occurs when starting haproxy: [WARNING] 349/103025 (11368) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set...
View ArticleTimeout for Websocket connections
Hi! I am writing to ask whether it is possible to set a timeout for WebSocket connections irrelevant if they are active or not. So, I am looking for something which is able to close any connections...
View ArticleUse backend server based on past response status codes
Hello, It is possible to use backend server based on response status codd in the past. For example domain example.com get error 403,503 on backend server 1.1.1.1 how can i tell haproxy to not use this...
View ArticleMap backend server by domain name
Hello, My port is 127.0.0.1:5454 i can map backend server by domain name using acl only for http sites, backend server has ssl cert, do i have put ssl cert to my localhost. server —>...
View ArticleRedirects stuck to default backend
Dear All, the acl below works and forwards the request to acl profile_uri however the following requests issued by the first page of the profile app goes to other backends because the app does not...
View ArticleHaproxy map backend by domain name not working on https
My config file: defaults mode http maxconn 1024 option httplog option dontlognull retries 3 timeout connect 10s timeout client 60s timeout server 60s listen stats bind *:4443 stats enable stats...
View ArticleWay to simulate round robin backend selection
Hi Everyone, I’m trying to find a clever way to round-robin backend selection, or close to round-robin… Could anyone make a suggestion on how I can improve this (or do it much better): http-request...
View ArticleWebsocket apps disconnecting when going through HAProxy
Hello people, i got some trouble with websocket applications behind haproxy. I can connect to the applications without any problems but after a shot periode of time (4-5 seconds) the applications says...
View ArticleNo free ports error & nbthreads
Hello everyone, We recently hit that “no free port” limitation: Connect() failed for backend backend_mysql_master: no free ports And worked around it by using the following on a one server backend:...
View ArticleDo not have access to variables once http-request lua.jwtverify is run in...
According to the limited sources out there. Once http-request lua.jwtverify is used to verify the jwt. I should be able to access vairables like txn.oauth.scope or another source calls the variable...
View ArticleRedirect best practice with same URI
When doing a frontend redirect where the path and parms (aka URI) remain the same, is there a best practice to use redirect prefix vs redirect location? Example - Redirect prefix vs redirect location...
View Article