Recent searches

No recent searches

Search options

Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

techhub.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#haproxy

0 posts0 participants0 posts today
LunaticStrayDog<p>Bon, ça fait plusieurs jours que j'essaie de faire marcher let's encrypt avec haproxy et j'y arrive pas <br>Je suis le tuto dédié : <a href="https://www.haproxy.com/blog/haproxy-and-let-s-encrypt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">haproxy.com/blog/haproxy-and-l</span><span class="invisible">et-s-encrypt</span></a><br>J'ai donc la config attachée au post (qui ne fait rien d'autre que renvoyer mon thumbprint acme si le chemin demandé contient '/.well-known/acme-challenge')<br>En http classique ça fonctionne nickel : si je curl sur http://domaine/.well-known/acme-challenge/aeiou il me renvoie aeiou.thumbprint ce qui est ce qu'il faut<br>Par contre dès que je curl en https j'ai droit à OpenSSL/3.0.13: error:0A000458:SSL routines::tlsv1 unrecognized name<br>Aidez moi s'il vous plait il fait trop chaud :wtf:<br><a href="https://piaille.fr/tags/haproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>haproxy</span></a> <a href="https://piaille.fr/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a></p>
Diego Córdoba 🇦🇷<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@dalohuer2004" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dalohuer2004</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.online/@lzambrana" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lzambrana</span></a></span> Muy bueno! No estoy muy al tanto de docker compose, pero se ve bien.</p><p>No conocía <a href="https://mstdn.io/tags/traefik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>traefik</span></a>, es un load balancer / reverse proxy? Algo similar a <a href="https://mstdn.io/tags/haproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>haproxy</span></a> ?</p><p>También veo a <a href="https://mstdn.io/tags/passbolt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passbolt</span></a> más para entornos colaborativos, en lo personal sigo con <a href="https://mstdn.io/tags/keepass" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keepass</span></a>, que además lo tengo como proveedor de 2FA.</p><p>Igual, algunas passwords de mi DB las he tenido que compartir usando keepass (copy paste), pero son poquitas, ya si fueran más algo como passbolt vendría muy bien.</p>
Marud :mastodont_v2:

Bon comme y avait pas d'agent #HAProxy récent pour tourner sur du windows, j'en ai refait un en utilisant #powershell qui va créer une écoute sur un port TCP pour renvoyer les infos de charge CPU / RAM et définir un score de charge qu'il renverra au HAProxy pour faire du poids dynamique.

Maintenant, je veux créer un service Windows qui fera appel à ce script. Je vois plein de trucs utilisant des modules externes, mais y a pas un moyen tout clair et simple de faire un service avec des outils intégrés ?

Replied in thread
Nils Goroll 🕊️:varnishcache:

@jorijn @monospace i did also use nginx and have no hard arguments against it besides "project governance" maybe. but a relevant benefit of using #haproxy in tcp mode is to avoid any double processing of http, which otherwise is prone to desync bugs. tcp mode simply adds/removes the tls pipe, nothing more, nothing less. all the http processing remains in #varnishcache only.

Replied in thread
Nils Goroll 🕊️:varnishcache:

@jorijn yes, as of today, the recommended way is to use #haproxy as a combined tls onloader/offloader with the PROXY2 protocol such that haproxy has "zero" configuration: see varnish-cache.org/docs/trunk/u and .via in varnish-cache.org/docs/trunk/r
this also works with dns: github.com/nigoroll/libvmod-dy

that said, we will do something about this eventually #varnishcache

varnish-cache.orgBackend servers — Varnish version trunk documentation
Replied in thread
✰ 𝔽𝕣𝕖𝕕 ✰
Thank you for all the effort you are putting into this awesome software.

I ran into some weird behaviour of the combination #snac with the official Mastodon app on #iPhone. See attached pic.

The log of my #HAproxy shows

May 12 09:50:20 localhost haproxy[56626]: 46.23.94.142:65241 [12/May/2025:09:50:20.039] FE-https~ BE-social.freebsd.amsterdam/social.freebsd.amsterdam 0/0/0/366/367 200 658007 - - ---- 2/2/0/0/0 0/0 "GET https://social.freebsd.amsterdam/api/v1/timelines/home?limit=100 HTTP/2.0"


CC: @stefano@bsd.cafe @cheeaun@mastodon.social
Vitex

Neskutečná haluz: Na ssl terminaci používám #haproxy s konfigurací:

frontend https
bind *:443 ssl crt /etc/haproxy/ssl/__fallback.pem crt /etc/haproxy/ssl

kam prostřednictvím skriptu github.com/VitexSoftware/certb

hrnu výslednou kombinaci privkey + fullchain .pem

A co se nestalo, jedna doména jako na potvoru ať jsem dělal co jsem dělal měla sice na disku čerstvý certifikát, ale v #https byl expirovaný ....

Po X hodinách zoufalého laborování, reloadování a restartování a vzniku skriptu github.com/VitexSoftware/certb jsem se nasral a celé to rebootnul ...

A server nejenže potom nabootoval, ale dokonce začal posílat správný certifikát ...

Kde to sakra mohlo být zastydlé, že nepomohl ani stop a start haproxy démona ? To mi hlava nebere :(

filesystém je normální /dev/sda2 on / type ext4 (rw,noatime) - m2 terová karta přes JMS583Gen 2 to PCIe Gen3x2 Bridge do USB a zbytek HW je #RPi5 s 8Gb ram

před rebootem jsem koukal i na výpis dmesg a žádné problémy s filesystémem nebo usb jsem tam neviděl

HAProxy plugin for Let's Encrypt's Certbot. Contribute to VitexSoftware/certbot-haproxy development by creating an account on GitHub.
GitHubcertbot-haproxy/certbot-haproxy-deploy at develop · VitexSoftware/certbot-haproxyHAProxy plugin for Let's Encrypt's Certbot. Contribute to VitexSoftware/certbot-haproxy development by creating an account on GitHub.
#Linux#Haluz
Thomas (aka Papa Dragon)
J'ai trop de VPS. Et ça coût des sous. Trop.

Et j'ai plusieurs petits ordis qui ne servent à rien à la maison. Ça va du Raspberry Pi 2 à des petits NUC plus ou moins puissants. Donc transférer une partie de ce que j'ai sur les VPS vers des serveurs à la maison, ça ferait sens.

J'avais essayé HAProxy il y a quelques temps, mais je m'étais mal débrouillé, et ça ne marchait pas top, top. Ce n'était pas pour faire du load balancing, mais bien pour avoir plusieurs serveurs HTTP sur différentes machines. Du reverse proxy, quoi.

Il faudrait que je me replonge dans des tutos ou de la doc, mais pfff. Flemme.

Alors je vais commencer par une questions adressée à celleux capables d'y répondre: HAProxy, c'est la meilleure solution, ou il y a en a d'autres?

#ReverseProxy #HAProxy #Auto-Hébergement #Self-Hosting #AdminEnCarton
#autohebergement#adminencarton#selfhosting
Jérémy Lecour

Dans ce (long et très détaillé) article sur l’état des stacks SSL, l’équipe de #haproxy (confirmée par d’autres équipes telles que Curl, Akamai, Microsoft…) tacle lourdement #OpenSSL sur la qualité du code et surtout sur la gouvernance du projet. Ça pique.
haproxy.com/blog/state-of-ssl-

HAProxy TechnologiesThe State of SSL StacksThe SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.
*
.:. brainsik

Long, but great read from #HAProxy on the state of #TLS libraries. Includes some scathing remarks about the #OpenSSL project.

“The development team has degraded their project’s quality, failed to address ongoing issues, and consistently dismissed widespread community requests for even minor improvements.”

“This unfortunate situation considerably hurts QUIC protocol adoption. It even makes it difficult to develop or build test tools to monitor a QUIC server.”

“When some of the project members considered a 32% performance regression ‘pretty near’ the original performance, it signaled to our development team that any meaningful improvement was unlikely.”

“In blunt terms: running OpenSSL 3.0.2 as shipped with Ubuntu 22.04 results in 1/100 of #WolfSSL’s performance on identical hardware! To put this into perspective, you would have to deploy 100 times the number of machines to handle the same traffic, solely because of the underlying SSL library.”

infosec.exchange/@0xabad1dea/1

Infosec Exchangeabadidea (@0xabad1dea@infosec.exchange)After heartbleed in 2014, there were a lot of calls to abandon OpenSSL and support alternative libraries because it had written itself into a corner full of holes. I didn’t anticipate that 11 years later, there’d be a call to abandon OpenSSL because it’s written itself into a corner of running at 1% the performance of those very same alternative libraries https://www.haproxy.com/blog/state-of-ssl-stacks
Matt "msw" Wilson

“AWS-LC looks like a very active project with a strong community. […] Even the recently reported performance issue was quickly fixed and released with the next version. […] This is definitely a library that anyone interested in the topic should monitor.”

#OpenSSL #BoringSSL #WolfSSL #AWSLC #HAProxy #OpenSource #FreeSoftware #FOSS #OSS #TLS #QUIC
haproxy.com/blog/state-of-ssl-

HAProxy TechnologiesThe State of SSL StacksThe SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.
TrendingLive feeds
About