❦ 17 mai 2021 17:48 +02, Artur:
> When can we expect prebuilt packages for Debian on haproxy.debian.net
> ?
Hello,
Sometimes this week.
--
The secret source of humor is not joy but sorrow; there is no humor in Heaven.
-- Mark Twain
❦ 17 mai 2021 17:48 +02, Artur:
> When can we expect prebuilt packages for Debian on haproxy.debian.net
> ?
They have been published. Buster, Bionic and Focal are available.
--
He jests at scars who never felt a wound.
-- Shakespeare, "Romeo and Juliet, II. 2"
❦ 6 June 2021 11:54 +01, Ismail Azerty:
> Is there any official ubuntu 20 repository to install the latest
> version of haproxy ?
This is semi-official:
https://haproxy.debian.net/#?distribution=Ubuntu&release=focal
--
Don't comment bad code - rewrite it.
- The Elements of Pro
❦ 8 July 2021 17:47 +02, Willy Tarreau:
> I'm seeing that at least Vincent was fast enough to package 2.3.11 for
> debian 10, I hope nobody deployed it yet. I'm really sorry for the mess.
> For those who are wondering, 2.4 was not affected.
The new packages are available!
--
Let the data struc
❦ 23 July 2021 12:55 +02, Willy Tarreau:
> The list looks uncommonly quiet after having touched some
> anti-spam rules, just testing.
It's the holidays Willy! :)
--
Don't over-comment.
- The Elements of Programming Style (Kernighan & Plauger)
❦ 17 August 2021 17:13 +02, Willy Tarreau:
> HAProxy is affected by 4 vulnerabilities in its HTTP/2 implementation in
> recent versions (starting with 2.0). Three of them are considered as having
> a moderate impact as they only affect the interpretation of the authority
> (Host header field) in
❦ 7 September 2021 17:27 +02, Willy Tarreau:
> I'd like to thank the usual distro maintainers for having accepted to
> produce yet another version of their packages in a short time. Hopefully
> now we can all get back to development!
For Debian/Ubuntu, the fixed versions are:
2.4.3-2
2.4.3-2~b
ersion:
haproxy (2.4.3-2~bpo10+1) buster-backports; urgency=medium
* Rebuild for buster-backports.
-- Vincent Bernat Sat, 04 Sep 2021 15:19:43 +0200
haproxy (2.4.3-2) experimental; urgency=high
* d/patches: fix missing header name length check in HTX (CVE-2021-40346).
-- Vincent Bernat
❦ 3 October 2021 08:53 +02, Christopher Faulet:
> I will push a fix. As a workaround, you can temporarily disable the HTTP
> compression filter.
Will you release 2.4.6 or should we push packages for 2.4.5 with the
patch? For Debian/Ubuntu, I didn't push packages for 2.4.5 yet.
--
Don't sacrif
Some distributions (Debian) adds `-ffile-prefix-map=/current/pwd=` to
CFLAGS in an attempt to make the package more reproducible when source
code is using `__FILE__`. Unfortunately, this makes HAProxy build not
reproducible since CFLAGS is recorded to be displayed in `haproxy
--version`. To solve t
❦ 19 October 2021 09:22 +02, Vincent Bernat:
> This could be backported to 2.4. Older versions do not display CFLAGS.
Note that if you find this too ugly, I have no problem to maintain this
as an OOT patch.
--
Avoid unnecessary branches.
- The Elements of Programming St
❦ 22 October 2021 21:08 +02, Willy Tarreau:
>> ? 19 October 2021 09:22 +02, Vincent Bernat:
>>
>> > This could be backported to 2.4. Older versions do not display CFLAGS.
>>
>> Note that if you find this too ugly, I have no problem to maintain this
>> as
❦ 5 November 2021 17:05 -06, Jim Freeman:
> Might this (or something 2.4-ish) be heading towards bullseye-backports ?
> https://packages.debian.org/search?keywords=haproxy
> https://packages.debian.org/bullseye-backports/
2.4 will be in bullseye-backports.
--
Don't patch bad code - rewrite it.
❦ 16 February 2022 16:27 +01, Willy Tarreau:
> Maybe that would even be a nice improvement for distros to provide these
> by default starting with 2.6 or maybe even 2.5.
Why not enabling them directly on your side then? Are there some numbers
on the performance impact of these options? I am a bi
❦ 16 February 2022 22:15 +01, Willy Tarreau:
> That's exactly the sense behind the word "maybe" above, to open the
> discussion :-) Those with large buffers can definitely see a
> difference. I've seen configs with WAF analysis using 1MB buffers,
> and there the extra CPU usage will be noticeabl
❦ 8 May 2022 10:57 +02, Willy Tarreau:
> After edition (still minimal and possibly inaccurate but the best I
> could do):
>
> On Linux the interval before starting to send TCP keep-alive packets
> is defined by TCP_KEEPIDLE. MacOS has an equivalent with TCP_KEEPIDLE,
> which also
❦ 31 May 2022 17:56 +02, Willy Tarreau:
> HAProxy 2.6.0 was released on 2022/05/31. It added 57 new commits
> after version 2.6-dev12, essentially small bug fixes, QUIC counters
> and doc updates.
It's available on haproxy.debian.net. No QUIC support as neither Debian
nor Ubuntu has the appropri
On 6/14/22 14:22, Artur wrote:
No plan to prepare 2.6 packages for Debian 10 ?
If you can, I'm interested. Thank you.
No particular reason, just nobody asked for it. It will land shortly.
On 7/6/22 00:37, Henning Svane wrote:
I get under load of haproxy the following problems for all frontends
What do you mean by "under load"?
Here are two of the errors
for frontend FrontEnd_Xmail_L7_IPv4: cannot bind socket (Permission
denied) for IPv4 number and port
and
for frontend GLO
le_load"
profile="unconfined" name="man_groff" pid=790 comm="apparmor_parser"
Jul 05 20:54:10 HAProxy02 kernel: audit: type=1400
audit(1657047250.756:8): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/u
created it haproxy/haproxy.service has been started
with sudo else it is missing
Regards
Henning
-Oprindelig meddelelse-
Fra: Henning Svane
Sendt: 8. juli 2022 23:32
Til: Vincent Bernat
Cc: haproxy@formilux.org
Emne: SV: SV: Config will not start on 2.6.1 on Ubuntu 22.04
Hi Vincent
I have
On 7/9/22 10:55, Willy Tarreau wrote:
On Sat, Jul 09, 2022 at 12:03:02AM +0200, Vincent Bernat wrote:
The error when not running as root is expected. However, the fact it does
not work on boot, then works after is odd. Can you share a minimal
configuration file which exhibits this issue
On 2022-08-04 10:35, William Edwards wrote:
However,
https://haproxy.debian.net/#distribution=Debian&release=buster&version=2.2 says:
"The Debian HAProxy packaging team provides various versions of HAProxy
packages for use on different Debian or Ubuntu systems. The following
wizard helps you
On 2022-08-19 22:16, Ionel GARDAIS wrote:
I had to rollback to 2.6.2 after having upgrade to 2.6.3 because systemd was
restarting the haproxy process every 1m30s (on an up-to-date Debian 11)
apt upgrade itself hung while doing the upgrade.
With Debian packages from haproxy.debian.net? Logs fr
On 2022-08-19 23:09, Ionel GARDAIS wrote:
Aug 19 22:09:09 haproxy-2 haproxy[1280]: [WARNING] (1280) : Failed to connect
to the old process socket '/run/haproxy/admin.sock'
Aug 19 22:09:09 haproxy-2 haproxy[1280]: [ALERT](1280) : Failed to get the
sockets from the old process!
There was a
On 2022-08-20 19:15, Ionel GARDAIS wrote:
Below is the systemctl cat haproxy output.
Yes, not responding backends was expected, sorry for not specified it.
"expose-fd listeners" was present in the configuration file. Update fails even
after I removed the two keywords.
I have
EXTRAOPTS="-x /
On 2022-08-20 21:36, Ionel GARDAIS wrote:
That was it :
- remove the EXTRAOPTS from /etc/default/haproxy
- stop the running process referencing -x /run/haproxy/admin.sock on the CLI
- upgrade
All is OK.
First processes do not list -x on the CLI and a reload spawn a process with -x
sockpair@
S
On 2022-08-20 22:35, Bren wrote:
EnvironmentFile=-/etc/default/haproxy
Do you have something here too?
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid"
This does not match the file shipped by HAProxy, but this may explain
why you also run into this bug.
On 2022-09-01 18:53, Илья Шипицин wrote:
that website provides some non confidential documentation.
neither it asks you for login/password or payment details.
there's nothing wrong with http on such websites.
There are download links without an obvious way to check for their
integrity. HTTPS
On 2022-12-14 15:15, Willy Tarreau wrote:
Possibly, yes. It's more efficient in every way from what we can see.
For users who build themselves (and with QUIC right now you don't have
a better choice), it should not change anything and will keep robustness.
For those relying on the distro's packag
On 2022-12-16 05:49, Willy Tarreau wrote:
There's currently a great momentum around WolfSSL that was already
adopted by Apache, Curl, and Ngtcp2 (which is the QUIC stack that
powers most HTTP/3-compatible agents). Its support on haproxy is
making fast progress thanks to the efforts on the two sid
On 2023-01-05 18:23, Henning Svane wrote:
TimeoutError: [Errno 110] Connection timed out
Either your system does not have a connection to Internet or there was a
transient error with Launchpad. Not much to do except retry a bit later.
the Valentine's bug.
I think we're mostly good as it is now, but I'm still having some
backports to finish for now.
Do you know if Vincent Bernat will be publishing his PPA quickly
afterwards ?
Yes, I'll be ready.
On 2023-02-13 19:34, Vincent Bernat wrote:
That's a pretty sneaky way to ruin one's Valentine dinner. :-D
Sure, but we have to compose between disclosing too early, ruining
the west coast's morning and too late, ruining eastern dinners :-)
Maybe this one will be remembered as
On 2023-02-14 18:08, Ionel GARDAIS wrote:
Hi Marc,
I guess Vincent choose to use a -2 tag so that users who hold their package on
minor version will still get the update.
That's because the uploads were prepared in advance, before the 2.4.22
release. Willy sent us the patch in advance to be
For Debian stable, usually only a critical vulnerability. In theory,
this could also be major bugs, but maintaining an hybrid patched version
is something we prefer not to do, to not have people running in the wild
an additional unsupported (by upstream) branch.
For Debian backports, they shou
On 2023-11-22 09:13, William Lallemand wrote:
Hello Vincent,
[HAProxy list in cc]
We backported the USE_QUIC_OPENSSL_COMPAT build option in HAProxy 2.8.4,
so we can build with USE_QUIC using OpenSSL without a patched version
of OpenSSL.
Unfortunately we can't activate this option in the defaul
❦ 3 mars 2020 15:34 -07, Sean Reifschneider :
> We've been running haproxy 1.8 series for quite a while. We're currently
> in the process of updating to 2.1, and have installed from the vbernat PPA
> on Ubuntu 18.04 using the same old config file.
>
> Now we are seeing segfaults a few times a d
❦ 4 mars 2020 13:19 -07, Sean Reifschneider :
> I've upgraded back to 2.1, and installed the systemd-coredump, I'll update
> when I have additional information. I wasn't able to find a -dbgsym
> package, I even looked in the debian pool directory for the PPA. We're
> talking like a haproxy-dbg
❦ 16 mars 2020 16:02 -06, Sean Reifschneider:
> I reverted back to haproxy 2.0.13 from the PPA last Wednesday and have
> verified that we get no segfaults on that. If there's anything else I can
> provide for you, let me know. Otherwise I'm just gonna close this ticket
> in our bugtracker. :-)
❦ 8 mai 2020 14:25 +02, Willy Tarreau:
>> > Let's increase the timeout to see if it has a chance to finish, no ?
>> >
>>
>> yes
>
> OK now pushed. It's really annoying to work blindly like this. The
> build model Travis uses is broken by design. Requiring to commit
> something for testing is ut
❦ 28 mai 2020 12:48 +02, Tim Düsterhus:
>> Okay, I've done what I really wanted to avoid and built my own HAProxy.
>> I'm now running HAProxy 2.1.5-1~~~timwolla+1 and I hope that it will
>> smoothly upgrade to Vincent's build once it is released.
>>
>
> While researching how to build a 2.1.5 .de
❦ 9 juillet 2020 13:12 +05, Илья Шипицин:
> do you think does it make sense to use scripted brew instead of travis
> plugin ?
>
> if so, we can try to "brew instal blah-blah-blah || ok, we failed, lets'
> update and install one more time"
I have also hit the problem several time. Brew upstream
❦ 11 juillet 2020 00:48 +05, Илья Шипицин:
> he-he, brew bundle is deprecated (does not work)
>
> https://apple.stackexchange.com/questions/148454/brew-bundle-reporting-error-unknown-command-bundle
It's very old. It has been added back at some point. Here is upstream
recommending its use: https:
❦ 11 juillet 2020 12:45 +05, Илья Шипицин:
>> > he-he, brew bundle is deprecated (does not work)
>> >
>> >
>> https://apple.stackexchange.com/questions/148454/brew-bundle-reporting-error-unknown-command-bundle
>>
>> It's very old. It has been added back at some point. Here is upstream
>> recommen
❦ 3 août 2020 22:29 +02, Artur:
> It would be nice to have a Debian Stretch package for the current LTS
> 2.2 branch in backports. It seems it's not available for now.
Well, you are the second person asking this in a short time, so I will
provide one. My rationale is that 2.2 is quite new and S
❦ 4 août 2020 14:10 +02, Bram Gillemon:
> Running debian stretch with 1.8.25-1~bpo9+1, this morning the package
> upgraded to 1.8.26-1~bpo9+1 and i started noticing some strange
> behaviour.
For reference:
HA-Proxy version 1.8.26-1~bpo9+1 2020/08/03
Copyright 2000-2020 Willy Tarreau
Build op
❦ 5 août 2020 22:48 +02, Christopher Faulet:
>> i was just setting up the 2.2 version again and i think i did
>> something wrong this morning because i can't reproduce it anymore.
>>
>> Sorry for the extra work i caused.
>>
> No problem. I always prefer a false bug report than a long fix session
❦ 4 août 2020 14:10 +02, Bram Gillemon:
> Running debian stretch with 1.8.25-1~bpo9+1, this morning the package
> upgraded to 1.8.26-1~bpo9+1 and i started noticing some strange
> behaviour.
I have uploaded 1.8.26-2 with the upstream fix included (for all
supported distros). If you can check it
❦ 24 août 2020 21:59 +03, Milen Simeonov:
> frontend fe_main
> bind 127.0.0.1:443 ssl crt-list /etc/haproxy/certs/websites.crt_list
I am not able to reproduce. The configuration is missing a path to a
certificate. Does it also crash if you don't provide a crt-list?
--
Don't comment bad
❦ 8 septembre 2020 16:13 -04, Alex Evonosky:
> Just compiling 2.2.3 and getting this reference:
>
>
> /haproxy-2.2.3/src/thread.c:212: undefined reference to
> `_Unwind_Find_FDE'
I am getting the same issue on armhf only. Other platforms don't get
this issue. On this platform, we only get:
000
❦ 9 septembre 2020 16:58 +02, Willy Tarreau:
> Ah I'm really angry because I tested on many platforms, *including* armhf,
> but now I'm not seeing it, so either I failed on one test or it depends
> on the compiler combination :-(
I am getting it on Debian Unstable (gcc 10.2.0, glibc 2.31), Ubun
o help the reader understand it.
- The Elements of Programming Style (Kernighan & Plauger)
――― Original Message ―――
From: Илья Шипицин
Sent: 9 septembre 2020 20:38 +05
Subject: Re: Haproxy 2.2.3 source
To: Willy Tarreau
Cc: Vincent Bernat; Alex Evonosky; haprox
❦ 9 septembre 2020 19:31 +02, Willy Tarreau:
>> Feel free to pick this patch if that helps for your builds, I'm going
>> to backport it to 2.2 once all platforms are happy.
>
> All builds are OK now, the commit was backported to 2.2 and the patch
> can be retrieved here:
>
> http://git.haproxy
❦ 14 janvier 2021 07:39 +01, ghislain:
> So, should i use basic debian backports or debian.haproxy.net
> because having both seems to collide with a boom ;p !
It's not really a conflict, but yes, you have an unecessary "downgrade"
to the same version as currently backports has 2.2.x. You can s
❦ 14 janvier 2021 19:24 +01, Tim Düsterhus:
> I just checked haproxy.debian.net and noticed that the information
> regarding the backports is not up to date:
>
> For Debian Buster the backport should be moved from 2.0 to 2.2.
>
> I'd also like to note that you have a typo in haproxy.js. It says
>
❦ 3 février 2021 10:23 GMT, Louis Charreau:
> we use hatop daily to monitor in real time haproxy.
> This tool is no longer packaged in ubuntu 20.04 (LTS), which is a pity for
> such a useful tool.
>
> It's true that the initial project doesn't seem to be maintained
> anymore (last commit 5 year
❦ 19 mars 2021 17:34 +01, Christopher Faulet:
> HAProxy 1.6.16 was released on 2021/03/19. It added 71 new commits
> after version 1.6.15.
1.6 was EOL last year, I don't understand why there is a last release.
Both 1.6 and 1.7 are marked for critical fixes but many fixes are pushed
in it. The ri
❦ 30 mars 2021 11:21 +02, Thomas SIMON:
> And I confirm you than when rolling back with source compilation and
> 2.3.7 version (can't do this with repository as only last version is
> available) , counters decrements well.
The old debs are still here, so you can still download them manually if
❦ 31 mars 2021 10:35 +02, Willy Tarreau:
>> Thanks Willy for the quick update. That's a good example to avoid
>> pushing stable versions at the same time, so we have opportunities to
>> find those regressions.
>
> I know and we're trying to separate them but it considerably increases the
> requir
❦ 31 mars 2021 12:46 +02, Willy Tarreau:
> On the kernel Greg solved all this by issuing all versions very
> frequently: as long as you produce updates faster than users are
> willing to deploy them, they can choose what to do. It just requires
> a bandwidth that we don't have :-/ Some weeks seve
❦ 21 avril 2021 08:04 +02, Willy Tarreau:
> William suggested that I was needlessly seeking for trouble and that it
> was pointless to keep compatibility for *both* an external version and
> an internal one. While I initially wanted to demonstrate him he was wrong,
> I realized that I was the one
From: Vincent Bernat
In case `pool_alloc2()` returns NULL, propagate the condition to the
caller. This could happen when limiting the amount of memory available
for HAProxy with `-m`.
---
src/stick_table.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/stick_table.c
From: Vincent Bernat
In case `pool_alloc2()` returns NULL, propagate the condition to the
caller. This could happen when limiting the amount of memory available
for HAProxy with `-m`.
---
src/stick_table.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/stick_table.c b
>data_size;
>> if (ts) {
> ^
> will always be true.
Wow, dunno how I missed that!
>> t->current++;
>> stksess_init(t, ts);
>
> Or another way to fix it is to simply move the addition inside the if.
>
> I can modify your patch if you don't have the time, just let me know.
Updated patch sent.
--
Vincent Bernat — vincent.ber...@exoscale.ch
❬❱ https://www.exoscale.ch
❦ 25 décembre 2016 09:54 +0100, Willy Tarreau :
> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
> after version 1.5.18.
Would it be possible to queue this patch as well for the next 1.5 (if
any)?
commit c6ca1aa34dd0e343c9a8754f447730b7563d
Author: Willy Tarreau
Date:
❦ 28 décembre 2016 09:31 +0100, Vincent Bernat :
>> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
>> after version 1.5.18.
>
> Would it be possible to queue this patch as well for the next 1.5 (if
> any)?
>
> commit c6ca1aa34dd0e343c9a8754f4
❦ 28 décembre 2016 10:56 +0100, Willy Tarreau :
>> >> HAProxy 1.5.19 was released on 2016/12/25. It added 47 new commits
>> >> after version 1.5.18.
>> >
>> > Would it be possible to queue this patch as well for the next 1.5 (if
>> > any)?
>> >
>> > commit c6ca1aa34dd0e343c9a8754f447730b7563
❦ 27 janvier 2017 20:54 -0600, David Morton :
> I have a pretty default Ubuntu 16.04 image on AWS set up with the
> haproxy 1.7 ppa package. I'm not seeing a /var/log/haproxy log file.
>
>
> haproxy config is:
>
> log /dev/loglocal0
> log /dev/loglocal1 notice
> chroot /v
❦ 19 mai 2017 07:04 +0200, Willy Tarreau :
>> I saw many similar issues posted earlier by others, but could not
>> find a thread where this is resolved or fixed in a newer release. We
>> are using Ubuntu 16.04 with distro HAProxy (1.6.3), and see that
>> HAProxy spins at 100% with 1-10 TCP conne
❦ 19 mai 2017 08:28 +0200, Willy Tarreau :
> The problem is that it's what was being attempted during the days of 1.3,
> resulting in still highly bogus versions being deployed in field and
> users being very confident in them because they were recently updated.
> These days, every patch going i
❦ 21 juin 2017 11:48 +0200, William Lallemand :
>> > This bug was fixed in 1.8 (see commit
>> > 9f724edbd8d1cf595d4177c3612607f395b4380e "BUG/MEDIUM: http: Drop the
>> > connection establishment when a redirect is performed"). I attached
>> > the patch. Could you quickly check if it fixes your b
❦ 28 juillet 2017 12:09 +0200, "Arnaud B." :
> I'm having an issue on debian 9's stable version of HAProxy :
>
> https://dooby.fr/y/j9qgknb
>
> I have to regularly reload haproxy to fetch new configurations, and it
> now always result on a set of undying pids.
>
> If I strace pid 2677 on this sc
❦ 31 juillet 2017 13:58 +0200, "Arnaud B." :
> I changed my haproxy.cfg to use only the haproxy user instead of
> www-data, but it haven't fixed my undying pid issue, I have the exact
> same stale processes, with a UDP UNCON socket open, no trafic and the
> epoll_wait() on strace.
Unfortunately
❦ 1 août 2017 10:49 +0200, "Arnaud B." :
> thank's Vincent.
>
> Unfortunately, I already am on the latest upstream (not backport though) :
>
> $ apt-get update -qq; apt-cache madison haproxy; dpkg -l|grep -i haproxy
>haproxy | 1.7.8-1~bpo9+1 | http://debian.mirrors.ovh.net/debian
> stretch-
❦ 1 août 2017 12:00 +0200, "Arnaud B." :
> I'm not using peers, it's a feature that I've discovered as you
> mentionned it, seems worth the try.
>
> I'll upgrade to the latest bpo package from Vincent's repository and see
> if it fixes my issue, I'll get back to you if it succeeds or not.
You
❦ 2 octobre 2017 10:31 +0200, Marcus Ulbrich :
> I am running haproxy 1.7.9-1~bpo9+1 on debian 9.1. And after running a
> while with production data haproxy stops working wiith segmentation
> fault:
>
> haproxy[26291]: segfault at 5562af80e000 ip 7f5985e48149 sp
> 7ffe1d613488 error 4 i
; Plauger)
――― Original Message ―――
From: Marcus Ulbrich
Sent: 2 octobre 2017 12:49 +0200
Subject: Re: Haproxy segfault error 4 in libc-2.24
To: Vincent Bernat
Cc: haproxy@formilux.org
> Hello Vincent,
>
> thanks for your reply. I have done what you said... but there ist nore
❦ 2 octobre 2017 15:58 +0200, Marcus Ulbrich :
> Yes there is no core dump...
>
> i've ched it and ist was both unlimited...
And "ls -l /proc/xxx/root" is "/" (where xxx is the PID of one of the
HAProxy processes)?
--
What good is an obscenity trial except to popularize literature?
❦ 2 octobre 2017 16:05 +0200, Marcus Ulbrich :
> this is linked to /proc/20313/root -> /var/lib/haproxy
>
> and there is dev/log as empty file..
Then, create /var/lib/haproxy/tmp:
mkdir /var/lib/haproxy/tmp
chmod 1777 /var/lib/haproxy/tmp
You should get the core files in this directory (keep
: Re: Haproxy segfault error 4 in libc-2.24
To: Vincent Bernat
Cc: haproxy@formilux.org
> nope... /var/lib/haproxy/tmp/ directory is left empty after crash...
>
>
> Am 02.10.2017 um 16:09 schrieb Vincent Bernat:
>> ❦ 2 octobre 2017 16:05 +0200, Marcus Ulbrich
>> :
>>
❦ 2 octobre 2017 16:29 +0200, Marcus Ulbrich :
> sorry, but it is commented out... :(
Humm, I don't see how HAProxy would chroot itself without this
directive. Let's try to get the core inside the chroot.
Could you confirm the output of:
sysctl kernel.core_pattern
ls -ld /var/lib/haproxy/t
-- Shakespeare, "Merchant of Venice"
――― Original Message ―――
From: Marcus Ulbrich
Sent: 2 octobre 2017 16:39 +0200
Subject: Re: Haproxy segfault error 4 in libc-2.24
To: Vincent Bernat
Cc: haproxy@formilux.org
> okay...
>
> $# sysctl kernel.core_pattern
❦ 2 octobre 2017 17:06 +0200, Marcus Ulbrich :
> I even get no core dump with the python oneliner either with chroot
> nor without...
So, kernel.core_pattern seems to be problematic (unrelated, but my
python one-liner wasn't totally correct either). Try again with just
"core", the core file sh
❦ 2 octobre 2017 18:38 +0200, Marcus Ulbrich :
> yes... core of python script is there than... but i can't get one of
> haproxy segfault :-/
Not even in /var/lib/haproxy then?
If it works with the Python script, try set kernel.core_pattern to just
"/tmp/core". Do you get it? If yes, do you ge
How many haproxy process do you have? Can you reduce nbprocs to 1 if you set it
to another value? In this case, attach directly to haproxy with gdb -p pid,
type continue to unblock it and wait for the segfault. Then bt full.
On October 2, 2017 6:59:47 PM GMT+02:00, Marcus Ulbrich
wrote:
>no ch
ch
Sent: 2 octobre 2017 19:57 +0200
Subject: Re: Haproxy segfault error 4 in libc-2.24
To: Vincent Bernat
Cc: haproxy@formilux.org
> Okay... I've got a core dump... Thanks a lot!!!
>
> But what this means?
>
>
>
> Program received signal SIGSEGV, Segmentation fault
❦ 3 octobre 2017 11:15 +0200, lu...@gmx.net :
>> Could you get another one with libssl1.1-dbgsym installed?
>
> Mmmh there is no libssl1.1-dbgsym in stretch, only in sid?
>
> I do think we need those stack traces from libssl.
It should be there. But you need to enable the right repository:
htt
❦ 3 octobre 2017 11:29 +0200, Marcus Ulbrich :
> and here is the coredump with libssl and haproxy... I can not get
> clear about this:
Not the same one as previously. But this one is entirely in HAProxy. For
this one, I think an excerpt of your configuration would help. It seems
that one HTTP
❦ 3 octobre 2017 16:34 +0200, Marcus Ulbrich :
> acl badbots hdr_reg(User-Agent) -i -f /etc/haproxy/badbots.lst
> http-request deny if badbots !whitelistips_agents
Try removing this one and check if it still crashes (hoping there is
only one crash).
--
By trying we can easily learn to
❦ 3 octobre 2017 17:54 +0200, Marcus Ulbrich :
> yes... it crashed after 5mins also without this acl.
I was suspecting this ACL as this is the only one with a
case-insensitive match. But maybe the same codepath is used when
matching header names.
> I should test commenting all acl for testing
❦ 4 octobre 2017 23:49 +0500, Илья Шипицин :
> while some Makefiles allow to use CC, other just stick to gcc.
> I think we should change to
>
> CC ?= gcc
This doesn't change much. You can already override gcc with "make
TARGET=... CC=clang". The only thing "?=" is that you can do "env
CC=clang
❦ 8 octobre 2017 15:46 +0500, Илья Шипицин :
>> > while some Makefiles allow to use CC, other just stick to gcc.
>> > I think we should change to
>> >
>> > CC ?= gcc
>>
>> This doesn't change much. You can already override gcc with "make
>> TARGET=... CC=clang". The only thing "?=" is that you
❦ 9 octobre 2017 08:49 +0500, Илья Шипицин :
>> > any particular reason for mixing "CC=gcc" with "CC?=gcc" ?
>>
>> I don't see any use of ?=, except for stuff that are expected to be in
>> environment variables (like HOME, DISPLAY, LANG, PATH).
>>
>
> # find . -name Makefile -exec grep -E '^CC'
❦ 2 décembre 2017 10:47 GMT, "Aleksandar Lazic" :
> You can use the following line to full fill your request, untested.
>
> bind :443 ssl ca-file "${PATH_TO_CAFILE}" crl-file
> "${PATH_TO_CRLFILE}" verify "${VERIFY_MODE}"
If verify mode is set to optional, on browsers, this will still trigge
❦ 4 décembre 2017 12:34 GMT, Gregory Storme :
> haproxy -vv
> HA-Proxy version 1.8.0-2~bpo8+1 2017/12/02
If you want to try with 1.8.1, it has just been uploaded.
--
Lord, what fools these mortals be!
-- William Shakespeare, "A Midsummer-Night's Dream"
❦ 20 décembre 2018 17:14 +01, Willy Tarreau :
>> this is indeed a regression in haproxy. thanks for reporting it.
>> attached patch should fix it.
>> CC'ing Remi as the original author, and Baptiste, as DNS maintainer.
>
> Good catch, the patch looks obviously good, I've just merged it.
> Thanks
❦ 12 février 2019 21:44 +01, Mildis :
> I'm struggling with Stretch/systemd to generate the coredump on crash.
> Even running haproxy by hand with ulimit -c unlimited does not
> generate a coredump.
Also install haproxy-dbgsym. You need to comment the chroot directive in
your HAProxy configurati
❦ 29 avril 2019 11:04 +02, Christopher Faulet :
> HAProxy 1.8.20 was released on 2019/04/25. It added 48 new commits
> after version 1.8.19.
Hey!
Debian Buster will soon be released (nobody knows exactly when, but we
are in full freeze since 2 months). It currently contains HAProxy
1.8.19. I do
❦ 5 mai 2019 09:14 +02, Willy Tarreau :
> So I'd suggest to insist on having the up to date version (even 1.8.21 if
> we have a reason to have this one released by then). In the worst case,
> if this is rejected for whatever reason, it's better to leave a well known
> version there and continue
1 - 100 of 313 matches
Mail list logo
