Quantcast
Channel: HAProxy community - Latest topics
Browsing all 4741 articles
Browse latest View live

Backend down: Layer6 invalid response, info: "SSL handshake failure"

Hello Guys, I have tried so many different things from different available solutions but for some reason backend failed to show up as available. My backend server is running on https with an internal...

View Article


Process large headers ranging from 8Kb to 1Mb on haproxy using tune.bufsize...

I am currently doing a POC on haproxy. Haproxy gives the TR time which is time required to receive the first byte of header to last byte of header. I want to use this TR time for my purpose. Currently...

View Article


Send TR time in response of request

I am currently doing a POC on haproxy. Haproxy gives the TR time which is time required to receive the first byte of header to last byte of header. I want to use this TR time for my purpose. I want...

View Article

Transfer real IP from HAProxy to Apache2

Hi, I would like to transfer the real IP from HAProxy to Apache2 in TCP mode. I have read topics for the method to use in HTTP mode, but I have not seen anything in TCP mode. On this forum some time...

View Article

Compile Haproxy with a Different Version of Openssl

I am working to replace all the CentOS 7 servers and upgrade to Oracle 9 where possible. One snag is that the openssl library that ships with 9 (3.0.7) does not support any TLS version below 1.2....

View Article


ForwardFor or ProxyPassReverse to externally resolve internal domain

So I have a set minio servers behind a firewall load balanced by an HAProxy. I’ve been testing traffic flow on a system “outside” the firewall - referred to here as “end user”. There’s an ACL that...

View Article

Limits on field names in headers?

I am chasing an issue where an upgrade from a very old version of haproxy broke some of our tests. By trial and error, I have reduced the problem down to the length of the header field name going over...

View Article

Cannot DELETE document from DELL ECS via HAproxy

Hello, I am running HAProxy version 2.7.2 I have access to DELL ECS via HAproxy. I am using IBM Filenet application to connect to the ECS. When I connect to the ECS directly, there is no issue. When I...

View Article


Setup stick-table to protect from DDOS attacks

Hi, I’m trying to setup a stick-table to prevent DDOS attacks on a couple of specific urls. My setup is as such, in the frontend: acl is_some_path path /my/path/ acl is_some_other_path path...

View Article


Debug CD termination code

Hello Since a few days some customers have reported that their no response was arriving to their request Tracing back the requests they have done, we can a CD termination state on each of them. How...

View Article

Use MAP with ACL Runtime API not with use_backend

Hello I want to setup ACL with using the Maps, but I’m not sure if we can setup similar settings. This is the current config. frontend master use_backend slow if { be_conn(master_backend) gt 100 }...

View Article

Use global variable in condition

Hi, I’m trying to set up this type of a check: global ... set-var proc.max_conn_cur int(300) frontend lb-useast ... tcp-request connection track-sc0 src stick-table type ip size 500k expire 30s store...

View Article

Image may be NSFW.
Clik here to view.

Passing requests to other backend server on 5xx http response code

Hello. Is there anything similiar in haproxy configuration like proxy_next_upstream http_500 in nginx. I want to send request to the next server if haproxy gets 5xx from first one. I know about using...

View Article


Image may be NSFW.
Clik here to view.

Traffic Shaping issue

Hello I try to setup shared bandwidth limitation. My objective is to setup a limit per IP. I started with this blog post as example and here is my configuration: frontend <> [...] filter...

View Article

Basic auth for /metrics endpoint in stats

Hi, Based on this article it’s possible to set /metrics to enable prometheus fetch, but it’s not possible to secure it with an auth. Is there a way to do it ? With stats auth ... the stats page is...

View Article


Mutual TLS/Client Certificates with QUIC/H3

Hey. I’ve been trying to get client authentication working with QUIC/H3. I compiled HAProxy 1.8.3 with LibreSSL but also tried it with QuicTLS. HTTP/1.1 and H2 works just like I expect, certs are...

View Article

Choose backend based on api call responce

I currently have a single docker host with traefik running behind an haproxy instance that routes HTTPS SNI and HTTP hostnames to various destinations, mostly docker. I’m currently building out a 3...

View Article


Mutual authentication without TLS termination?

Hi, mutual authentication is finished in the unencrypted handshake. Can haproxy authenticate the client WITHOUT offloading (patch server hello to request client certificate, examine the reply for a...

View Article

Issue with sni routing

i am connecting from website test.com and using fetch to make query to api.test.com. but for some weird reason req.ssl_sni -i https://test.com doesnt seem to be respected therefore the connection...

View Article

Choose backend with path_beg

Hi, I need something like this: test.example.com/blog → will be served by 192.168.10.1:8080 test.example.com/shop → will be served by 192.168.10.2:8080 So I got this: acl blog_pathbeg path_beg -i...

View Article
Browsing all 4741 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>