Stick table has empty key
$ echo “show table nodes” | sudo -u haproxy socat stdio /var/run/haproxy/admin.sock | grep "key= " 0x56497a291f50: key= use=0 exp=299960 server_id=13 server_key=10.45.xx.xx:443 I have a weird...
View ArticleSpecify SSL Ciphers for Backend
Is it possible to specify to allow different ciphers on a ‘per backend’ basis? I don’t want this configured globally. I am trying to convert a f5 server-ssl profile: Example: serverserver1...
View ArticleVertical scaling of HAProxy instances
Hello, We are trying to vertically scale our HAProxy instances, and we are not getting the results that one would expect by upgrading the hardware (assuming that the software can take advantage of the...
View ArticleClik here to view.
Haproxy on PFSense
Hey guys I am new to HAProxy and it was recommended to me by a friend for my PFSense firewall. I currently now have more than one web server so port forwarding is no longer going to work,I did my best...
View ArticleTroubleshooting SSL Handshake Failure (backend)
I have my backend servers configured with a ssl-cert /path/ca.pem as this his how they were set up with our previous load balancer (server-ssl profile on bigip). They are giving a ‘ssl handshake...
View ArticleLua Script working on commenting chroot /var/lib/haproxy but not when I...
Hi folks, I’m running Lua script in integration with haproxy and it’s working fine when I comment chroot /var/lib/haproxy but it throws error when I uncomment the path in haproxy.cfg. Can anyone...
View ArticleConverter ungrpc intermittently fails to capture protobuf content
Hello, I’m setting up HAProxy in front of a gRPC service and am using consistent hashing based on a value extracted from the protobuf (this is a stateful service). The field is a string (32 bytes...
View ArticleClik here to view.
Mod_status healthchecks
I’m moving HAProxy from a RHEL host to pfSense, like I had before. I made peace with the features I’m going to lose and workarounds I may have to resort to, but it’s one less host to maintain, it’s...
View ArticleHAProxy URL rewrite question/issue …
HAProxy version: v2.6.6 URL Frontend: http://haproxyserver.domain.com/application1 URL Backend: https://appserver1.otherdomain.com/ What I’m trying to achieve is that when a user visits...
View ArticleRemove server info from haProxy headers
Hi Using Tenable.SC i’ve got reported issue with plugin ID 12224 and I need to remove from headers information about responding server from load balancing. How can I do it? 1 post - 1 participant Read...
View ArticleRecover from overlapping dns, backend unavailability
I’m using haproxy on kubernetes to reverse-proxy to multiple backend services. This works well under normal circumstances, but I noticed an edge case where haproxy loses a backend and is never able to...
View ArticleHAProxy rate limiting (X-Forwarder-For header)
Hi! We have mobile clients behind loadbalancer that all use the same IP address. The real IP address of the client is defined in client’s X-Forwarder-For header. We want to capture X-Forwarder-For...
View ArticleHAProxy httpcheck strange behavior
There is HAProxy server (version 1.8). Recently I configured http healthcheck to MS Exchange 2016 (configuration was taken from...
View ArticlePFSense or dedicated Linux server
I’m going to deploy HAProxy which will be used for internal testing. I have two options I can either deploy using PFSense or Redhat Enterprise Linux 9. My question is which method would you all...
View ArticleLua sending localhost as source IP
I have been trying to use crowdsec with my HAProxy configuration but am running into a problem where the source IP that is sent for source IP is always localhost. The reason for this is because I have...
View ArticleTracking new users
How can I track a user if he/she had access the site previously? 1 post - 1 participant Read full topic
View ArticleInsert 2nd Cookie
Is it possible to add and 2nd cookie on top of cookie JSESSIONID prefix nocache without being use for persistence JSESSIONID will be used for persistence load balancing but I need to add a 2nd Cookie...
View ArticleClik here to view.
Can't authenticate with http basic auth to website behind HAProxy
Hey all, I am using HAProxy 2.4.19 on OPNsense 22.7.9_3. Today, I have a small problem. I have a Mikrotik switch that can only be accessed via Port 80 and itself requires HTTP basic auth. I have setup...
View ArticleRoute HTTPS Traffic based acl
Hello, i am wondering if it’s possible to have FE/BK like as routing TCP/HTTP but i would like to choose FE based ACL.i explain: request to https://machine.dom.org/myapp FE1HTTPS bind *:443 ssl crt...
View ArticleJwt with kid field due key rotation, how to call jwt_verify against...
Dear community, my use case is that due key rotation on jwt issuer, jwt comprise the kid field, like: { "typ": "JWT", "alg": "RS256", "kid": "public:some-uuid-string" } Afaics in the docs (haproxy...
View Article