Last active
December 20, 2018 18:39
-
-
Save haproxytechblog/7eba7f9786fafaf0e895c7c1d1dedab4 to your computer and use it in GitHub Desktop.
HAProxy 1.9 Has Landed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
option http-use-htx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# alpn requires that the server is using openssl 1.0.2 or above | |
server server1 192.168.1.16:443 ssl verify none alpn h2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fe_main | |
mode http | |
# Enable HTX, the new native http representation | |
option http-use-htx | |
bind *:80 | |
bind *:443 ssl crt /etc/hapee-1.8/certs/www.example.com.pem alpn h2,http/1.1 | |
default_backend be_main | |
backend be_main | |
mode http | |
option http-use-htx | |
server server1 192.168.1.13:443 ssl verify none alpn h2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server server1 192.168.1.13:80 proto h2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http-request early-hint Link "</style.css>; rel=preload; as=style" | |
http-request early-hint Link "</script.js>; rel=preload; as=script" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ haproxy -W -S /var/run/haproxy-master-socket -f /etc/haproxy/haproxy.cfg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ socat /tmp/master-socket readline | |
master> help | |
help : this message | |
prompt : toggle interactive mode with prompt | |
quit : disconnect | |
@<relative pid> : send a command to the <relative pid> process | |
@!<pid> : send a command to the <pid> process | |
@master : send a command to the master process | |
show cli sockets : dump list of cli sockets | |
show proc : show processes status | |
reload : reload haproxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
master> show proc | |
#<PID> <type> <relative PID> <reloads> <uptime> | |
910 master 0 0 0d 00h04m49s | |
# workers | |
911 worker 1 0 0d 00h04m49s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
master> @1 show info | |
Name: HAProxy | |
Version: 1.9-dev9 | |
Release_date: 2018/12/02 | |
Nbthread: 1 | |
Nbproc: 1 | |
Process_num: 1 | |
Pid: 911 | |
... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show map" | socat /var/run/haproxy.sock stdio | |
# id (file) description | |
-1 (/etc/haproxy/maps/hosts.map) pattern loaded from file '/etc/haproxy/maps/hosts.map' used by map at file '/etc/hapee-1.8/hapee-lb.cfg' line 94 | |
$ echo -e "add map #-1 <<\ntest1 be_one\ntest2 be_two\n" | socat /var/run/haproxy.sock stdio | |
$ echo "show map #-1" | socat /var/run/haproxy.sock stdio | |
0x217aa80 test1 be_one | |
0x2190010 test2 be_two |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo -e "add map #-1 <<\n$(cat data.map)\n" | socat /var/run/haproxy.sock stdio |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo -e "set ssl ocsp-response <<\n$(base64 /etc/haproxy/certs/haproxy.com.pem.ocsp)\n" |socat /var/run/haproxy.sock stdio |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Certificates path and names | |
DIR="/etc/haproxy/certs" | |
CERT="haproxy.com.pem" | |
RUNTIME_API=/var/run/haproxy.sock | |
# Get the issuer URI, download it's certificate and convert into PEM format | |
ISSUER_URI=$(openssl x509 -in ${DIR}/${CERT} -text -noout | grep 'CA Issuers' | cut -d: -f2,3) | |
ISSUER_NAME=$(echo ${ISSUER_URI##*/} | while read -r fname; do echo ${fname%.*}; done) | |
wget -q -O- $ISSUER_URI | openssl x509 -inform DER -outform PEM -out ${DIR}/${ISSUER_NAME}.pem | |
# Get the OCSP URL from the certificate | |
ocsp_url=$(openssl x509 -noout -ocsp_uri -in ${DIR}/${CERT}) | |
# Extract the hostname from the OCSP URL | |
ocsp_host=$(echo $ocsp_url | cut -d/ -f3) | |
# Create/update the ocsp response file and update HAProxy | |
openssl ocsp -noverify -no_nonce -issuer ${DIR}/${ISSUER_NAME}.pem -cert ${DIR}/${CERT} -url $ocsp_url -header Host $ocsp_host -respout ${DIR}/${CERT}.ocsp | |
echo -e "set ssl ocsp-response <<\n$(base64 ${DIR}/${CERT}.ocsp)\n" |socat $RUNTIME_API stdio | |
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show activity" |socat /var/run/haproxy.sock stdio | |
thread_id: 0 | |
date_now: 1544214246.727292 | |
loops: 3174 | |
wake_cache: 1660 | |
wake_tasks: 89 | |
wake_signal: 0 | |
poll_exp: 1749 | |
poll_drop: 168 | |
poll_dead: 0 | |
poll_skip: 0 | |
fd_skip: 0 | |
fd_lock: 0 | |
fd_del: 0 | |
conn_dead: 0 | |
stream: 695 | |
empty_rq: 1901 | |
long_rq: 0 | |
cpust_ms_tot: 0 | |
cpust_ms_1s: 0 | |
cpust_ms_15s: 0 | |
avg_loop_us: 145 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
profiling.tasks on |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "set profiling tasks on" |socat /var/run/haproxy.sock - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ echo "show profiling" |socat /var/run/haproxy.sock - | |
Per-task CPU profiling : on # set profiling tasks {on|off} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r cpu_calls:%[cpu_calls] cpu_ns_tot:%[cpu_ns_tot] cpu_ns_avg:%[cpu_ns_avg] lat_ns_tot:%[lat_ns_tot] lat_ns_avg:%[lat_ns_avg]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log-format "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq cpu_calls:%[cpu_calls] cpu_ns_tot:%[cpu_ns_tot] cpu_ns_avg:%[cpu_ns_avg] lat_ns_tot:%[lat_ns_tot] lat_ns_avg:%[lat_ns_avg]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acl is_jscss path_end .js .css | |
acl is_image path_end .png .jpg .jpeg | |
http-request set-priority-class int(1) if is_jscss | |
http-request set-priority-class int(10) if is_image | |
http-request set-priority-class int(100) if !is_jscss !is_image |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
balance random |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log stdout local0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log fd@1 local0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
log stdout format raw local0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Shipped with the commit fixing the bug. | |
varnishtest "Stick Table: Crash when accessing unknown key." | |
feature ignore_unknown_macro | |
server s0 { | |
rxreq | |
txresp | |
} -start | |
haproxy h0 -conf { | |
defaults | |
timeout connect 5000ms | |
timeout client 50000ms | |
timeout server 50000ms | |
frontend test | |
mode http | |
bind "fd@${fe1}" | |
stick-table type ip size 1m expire 1h store gpc0 | |
http-request deny if { src,table_trackers(test) eq 1 } | |
http-request deny if { src,in_table(test) } | |
http-request deny deny_status 200 | |
} -start | |
client c0 -connect ${h0_fe1_sock} { | |
txreq -url "/" | |
rxresp | |
expect resp.status == 200 | |
} -run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export HAPROXY_PROGRAM=$PWD/haproxy | |
varnishtest /home/user/haproxy/reg-tests/stick-table/b00000.vtc | |
# top TEST /home/user/haproxy/reg-tests/stick-table/b00000.vtc passed (0.112) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment