Backend down: Layer6 invalid response, info: "SSL handshake failure"
Hello Guys, I have tried so many different things from different available solutions but for some reason backend failed to show up as available. My backend server is running on https with an internal...
View ArticleProcess large headers ranging from 8Kb to 1Mb on haproxy using tune.bufsize...
I am currently doing a POC on haproxy. Haproxy gives the TR time which is time required to receive the first byte of header to last byte of header. I want to use this TR time for my purpose. Currently...
View ArticleSend TR time in response of request
I am currently doing a POC on haproxy. Haproxy gives the TR time which is time required to receive the first byte of header to last byte of header. I want to use this TR time for my purpose. I want...
View ArticleTransfer real IP from HAProxy to Apache2
Hi, I would like to transfer the real IP from HAProxy to Apache2 in TCP mode. I have read topics for the method to use in HTTP mode, but I have not seen anything in TCP mode. On this forum some time...
View ArticleCompile Haproxy with a Different Version of Openssl
I am working to replace all the CentOS 7 servers and upgrade to Oracle 9 where possible. One snag is that the openssl library that ships with 9 (3.0.7) does not support any TLS version below 1.2....
View ArticleForwardFor or ProxyPassReverse to externally resolve internal domain
So I have a set minio servers behind a firewall load balanced by an HAProxy. I’ve been testing traffic flow on a system “outside” the firewall - referred to here as “end user”. There’s an ACL that...
View ArticleLimits on field names in headers?
I am chasing an issue where an upgrade from a very old version of haproxy broke some of our tests. By trial and error, I have reduced the problem down to the length of the header field name going over...
View ArticleCannot DELETE document from DELL ECS via HAproxy
Hello, I am running HAProxy version 2.7.2 I have access to DELL ECS via HAproxy. I am using IBM Filenet application to connect to the ECS. When I connect to the ECS directly, there is no issue. When I...
View ArticleSetup stick-table to protect from DDOS attacks
Hi, I’m trying to setup a stick-table to prevent DDOS attacks on a couple of specific urls. My setup is as such, in the frontend: acl is_some_path path /my/path/ acl is_some_other_path path...
View ArticleDebug CD termination code
Hello Since a few days some customers have reported that their no response was arriving to their request Tracing back the requests they have done, we can a CD termination state on each of them. How...
View ArticleUse MAP with ACL Runtime API not with use_backend
Hello I want to setup ACL with using the Maps, but I’m not sure if we can setup similar settings. This is the current config. frontend master use_backend slow if { be_conn(master_backend) gt 100 }...
View ArticleUse global variable in condition
Hi, I’m trying to set up this type of a check: global ... set-var proc.max_conn_cur int(300) frontend lb-useast ... tcp-request connection track-sc0 src stick-table type ip size 500k expire 30s store...
View ArticleClik here to view.
Passing requests to other backend server on 5xx http response code
Hello. Is there anything similiar in haproxy configuration like proxy_next_upstream http_500 in nginx. I want to send request to the next server if haproxy gets 5xx from first one. I know about using...
View ArticleClik here to view.
Traffic Shaping issue
Hello I try to setup shared bandwidth limitation. My objective is to setup a limit per IP. I started with this blog post as example and here is my configuration: frontend <> [...] filter...
View ArticleBasic auth for /metrics endpoint in stats
Hi, Based on this article it’s possible to set /metrics to enable prometheus fetch, but it’s not possible to secure it with an auth. Is there a way to do it ? With stats auth ... the stats page is...
View ArticleMutual TLS/Client Certificates with QUIC/H3
Hey. I’ve been trying to get client authentication working with QUIC/H3. I compiled HAProxy 1.8.3 with LibreSSL but also tried it with QuicTLS. HTTP/1.1 and H2 works just like I expect, certs are...
View ArticleChoose backend based on api call responce
I currently have a single docker host with traefik running behind an haproxy instance that routes HTTPS SNI and HTTP hostnames to various destinations, mostly docker. I’m currently building out a 3...
View ArticleMutual authentication without TLS termination?
Hi, mutual authentication is finished in the unencrypted handshake. Can haproxy authenticate the client WITHOUT offloading (patch server hello to request client certificate, examine the reply for a...
View ArticleIssue with sni routing
i am connecting from website test.com and using fetch to make query to api.test.com. but for some weird reason req.ssl_sni -i https://test.com doesnt seem to be respected therefore the connection...
View ArticleChoose backend with path_beg
Hi, I need something like this: test.example.com/blog → will be served by 192.168.10.1:8080 test.example.com/shop → will be served by 192.168.10.2:8080 So I got this: acl blog_pathbeg path_beg -i...
View Article