Should I reload or restart #HAProxy

You'd be surprise how few times a restart is actually necessary

A great article by Tyler Charboneau that I reviewed, so if there are errors, it's kinda my fault 😅 .

https://www.haproxy.com/blog/should-you-reload-or-restart-haproxy

Somehow I don't understand why #haproxy on #pfsense is showing the IPv4 ports as being down while the IPv6 ports are all up (see screenshot).

#HAProxy #tip

# direct PDF uploads up to 50MB to nackend light_pdf
use_backend light_pdf if { req.hdr(content-type) -m str application/pdf } { req.hdr(content-length) -m int le 52428800 }

# direct larger PDF upload to backend larg_pdf
use_backend light_pdf if { req.hdr(content-type) -m str application/pdf }
# we don't need to check content-length here because use_backend directives are processed in the order they are written

Hey #Debian #Linux crowd.

Does anyone know, why #HAProxy on debian doesn't include the config, like #EL does?

The unit only includes
ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS

Sure I could amend extraopts, but why hasn't this been adopted by Debian?

I've been having an issue with configuring #haproxy under #vyos for aaaages.

Yesterday I decided to spend some time to figure out why I wouldn't work and it turned out to be a pretty silly, annoying bug.

Vyos was writing the timeouts in seconds, whereas HAProxy defaults to milliseconds unless you specify the time unit.

https://vyos.dev/T5548

Yay j'ai été choisi pour faire la relecture d'un post du blog officiel de #HAProxy !

Du coup si ya des erreurs, ça sera un peu ma faute.

Vous affolez pas, on n'en est qu'à l'étape du "content brief"

#HAProxy seems to have gotten a better way to handle #LetsEncrypt #TLS certificates with #acme.sh. I missed this post during summer: https://www.haproxy.com/blog/haproxy-and-let-s-encrypt. Going to try this in my home lab one of the upcoming evenings.

@selea layer4 (syn flood, file descriptor exhaustion): mostly a non issue nowadays because ram is cheap enough.
tls: rate limiting works (eg with #haproxy ) or techniques along the #fail2ban idea : if an ip hits you too hard, filter it efficiently in the kernel
http: here my best recommendations are all based around #varnishcache because i work on it, but alternatives do exist. i will focus on what i know to be most helpful. 🧵

I don't know squat about #php.

But an update to the php used in #pfSense CE 2.7 (8.2.6) made variable definition more strict and crashed #HAProxy startup when pfSense is booted.

I hacked the code tonight, tested it and opened a pull request.

This didn't make me a php expert -- it was only a single line of code. But it works.

And it proves once again the value of open source -- that is, if the pfSense devs ever merge the branch.

Almost nothing beats the satisfaction of learning new code.

やった！ #HAProxy のおかげです🙏

やった！ #HAProxy のおかげです🙏

Apache Guacamole avec un reverse proxy basé sur pfSense, HAProxy et Let’s Encrypt https://www.it-connect.fr/apache-guacamole-reverse-proxy-pfsense-haproxy/ #SécuritéInformatique #ApacheGuacamole #Let'sEncrypt #reverseproxy #pfSense #Haproxy #PfSense

wait i need to redirect not proxy

is it possible to redirect by url hash with #haproxy? or #nginx? or something?

What can you learn from #logs?

By default, #HAProxy log formats is overwhelming, but it’s not that scary when you break things down a bit.

Find out how it can help you as a #DevOps engineer to gain more insight into what’s happening in your stack. 👇

https://sysb.ee/performanceanderrortracing

#HTTP #debugging #error

#askfedi Another security audit, another round of question and security concern about "X-Forwarded-For" ...
If i read this https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#security_and_privacy_concerns and this https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-option%20forwardfor correctly #haproxy overwrite any X-Forwarded-For header send by the client.
Any #security experts or #haproxy experts to confirm ?

ping @ScriptFanix (because i'm sure he know the answer).

I am a bit in love with #HAProxy today. I easily solved a scaling issue for a customer with it, that is using our system internally.

#HAProxy is a free and #open-source load balancer and reverse proxy.
HAProxy supports load balancing of #TCP (layer 4) and #HTTP (layer 7) traffic with various load balancing #algorithms – round-robin, static, by weight, cookie or header to name a few.
In addition to load balancing, HAProxy has some interesting “party tricks” that can help mitigate some types of HTTP-based denial-of-service attacks and ensure #server stability.
Read more about HAProxy’s functionalities 👉 https://sysb.ee/haproxy

Anyone know how feasible it would be to use #haproxy to access ilo3 on an older #proliant to get past the ancient #SSL ciphers that modern browsers no longer support?

Having #Yunohost behind #Pfsense #Haproxy is giving me trouble, not sure how to proxy_pass on it to avoid issues with double reverse proxy. I will try to run my instances directly from Docker and see if that goes better.

Cool. #Vyos has basic #haproxy configuration functionality now.