Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - manus

#1
17.1 Legacy Series / HAProxy stability
June 07, 2017, 09:39:52 PM
Since 4 or 5 minor release, we have a 100% CPU on HAProxy after some time (1-2 months).
Only a reboot solve the problem.
Anybody with this problem too?

When HAProxy will be updated to 1.7.x? or at minima to last 1.6 (1.6.12)?
#2
- In Global Parameters, Custom options have no effect (nothing in /usr/local/etc/haproxy.conf).
- Add Custom options in Default Parameters and Statistics Configuration.
- Add default-server entry for backend and server must be after default-server in final file (server is recommended to be last entry in all case):
default-server port 21 inter 10s downinter 15s rise 3 fall 2 slowstart 60s weight 100
- Unable to create server without port (to use frontend port):
server MyServerName 10.10.5.1: check
- Unable to create frontend with port range:
bind 31.9.36.15:20-21
bind 31.9.36.15:49000-49500

- If you add a frontend without ssl&certificate after one with ssl&certificate, the frontend without ssl&certificate got a certificate and ssl option:
bind 31.9.36.15:2222 name 31.9.36.15:2222 ssl   crt /var/etc/haproxy/ssl/5752ccd0803c0.pem

instead of:
bind 31.9.36.15:2222 name 31.9.36.15:2222
- Service unable to run with this in global ("Some configuration options require full privileges, so global.uid cannot be changed."):
uid                         80
#3
16.1 Legacy Series / Add option to enable IPFW
February 18, 2016, 12:10:10 PM
Could you add an option in interface or through a config file to enable IPFW.
Currently we can't use default rc file because /usr/local/opnsense/service/templates/OPNsense/IPFW/rc.conf.d rewrite the firewall_enable.
So to use IPFW, I need to add a traffic shaper rules&co to use IPFW or modify previous file.
The best will be to get :
- an option in interface to enable IPFW (firewall_enable)
- an option to add ipfw_load="YES" in /boot/loader.conf or other way to load kernel module at boot
- a field to give a full path to a file with rules to execute after:
# reload ipfw rules
/sbin/ipfw -f /usr/local/etc/ipfw.rules

Why? because I use a compiled HAProxy in transparent mode. But some can use it for others things.