Should I reload or restart #HAProxy
You'd be surprise how few times a restart is actually necessary
A great article by Tyler Charboneau that I reviewed, so if there are errors, it's kinda my fault 😅 .
https://www.haproxy.com/blog/should-you-reload-or-restart-haproxy
# direct PDF uploads up to 50MB to nackend light_pdf
use_backend light_pdf if { req.hdr(content-type) -m str application/pdf } { req.hdr(content-length) -m int le 52428800 }
# direct larger PDF upload to backend larg_pdf
use_backend light_pdf if { req.hdr(content-type) -m str application/pdf }
# we don't need to check content-length here because use_backend directives are processed in the order they are written
I've been having an issue with configuring #haproxy under #vyos for aaaages.
Yesterday I decided to spend some time to figure out why I wouldn't work and it turned out to be a pretty silly, annoying bug.
Vyos was writing the timeouts in seconds, whereas HAProxy defaults to milliseconds unless you specify the time unit.
Yay j'ai été choisi pour faire la relecture d'un post du blog officiel de #HAProxy !
Du coup si ya des erreurs, ça sera un peu ma faute.
Vous affolez pas, on n'en est qu'à l'étape du "content brief"
#HAProxy seems to have gotten a better way to handle #LetsEncrypt #TLS certificates with #acme.sh. I missed this post during summer: https://www.haproxy.com/blog/haproxy-and-let-s-encrypt. Going to try this in my home lab one of the upcoming evenings.
#haproxy #letsencrypt #tls #acme
@selea layer4 (syn flood, file descriptor exhaustion): mostly a non issue nowadays because ram is cheap enough.
tls: rate limiting works (eg with #haproxy ) or techniques along the #fail2ban idea : if an ip hits you too hard, filter it efficiently in the kernel
http: here my best recommendations are all based around #varnishcache because i work on it, but alternatives do exist. i will focus on what i know to be most helpful. 🧵
#haproxy #fail2ban #varnishcache
I don't know squat about #php.
But an update to the php used in #pfSense CE 2.7 (8.2.6) made variable definition more strict and crashed #HAProxy startup when pfSense is booted.
I hacked the code tonight, tested it and opened a pull request.
This didn't make me a php expert -- it was only a single line of code. But it works.
And it proves once again the value of open source -- that is, if the pfSense devs ever merge the branch.
Almost nothing beats the satisfaction of learning new code.
Apache Guacamole avec un reverse proxy basé sur pfSense, HAProxy et Let’s Encrypt https://www.it-connect.fr/apache-guacamole-reverse-proxy-pfsense-haproxy/ #SécuritéInformatique #ApacheGuacamole #Let'sEncrypt #reverseproxy #pfSense #Haproxy #PfSense
#securiteinformatique #ApacheGuacamole #let #reverseproxy #pfsense #haproxy
What can you learn from #logs?
By default, #HAProxy log formats is overwhelming, but it’s not that scary when you break things down a bit.
Find out how it can help you as a #DevOps engineer to gain more insight into what’s happening in your stack. 👇
#logs #haproxy #devops #http #debugging #error
#askfedi Another security audit, another round of question and security concern about "X-Forwarded-For" ...
If i read this https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#security_and_privacy_concerns and this https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-option%20forwardfor correctly #haproxy overwrite any X-Forwarded-For header send by the client.
Any #security experts or #haproxy experts to confirm ?
ping @ScriptFanix (because i'm sure he know the answer).
I am a bit in love with #HAProxy today. I easily solved a scaling issue for a customer with it, that is using our system internally.
#HAProxy is a free and #open-source load balancer and reverse proxy.
HAProxy supports load balancing of #TCP (layer 4) and #HTTP (layer 7) traffic with various load balancing #algorithms – round-robin, static, by weight, cookie or header to name a few.
In addition to load balancing, HAProxy has some interesting “party tricks” that can help mitigate some types of HTTP-based denial-of-service attacks and ensure #server stability.
Read more about HAProxy’s functionalities 👉 https://sysb.ee/haproxy
#haproxy #open #tcp #http #algorithms #server