2015-10-26

loweelloweel’s status on Monday, 26-Oct-2015 11:43:16 CET
loweel: Haproxy +SSL backends srv01-02


loweel’s status on Monday, 26-Oct-2015 11:36:47 CET
loweel: Saturno Butto’ !art saturno-butto


loweel’s status on Monday, 26-Oct-2015 11:31:32 CET
loweel: “haproxy: ssl backends” https://raymii.org/s/snippets/haproxy_ssl_backends.html backend example-backend balance roundrobin option httpchk GET /health_check server srv01 10.20.30.40:443 weight 1 maxconn 100 check ssl verify none server srv02 10.20.30.41:443 weight 1 maxconn 100 check ssl verify none #haproxy #ssl #backends


loweel’s status on Monday, 26-Oct-2015 11:27:14 CET
loweel:

 backend example-backend   balance roundrobin   option httpchk GET /health_check   server srv01 10.20.30.40:443 weight 1 maxconn 100 check ssl verify none   server srv02 10.20.30.41:443 weight 1 maxconn 100 check ssl verify none

loweel’s status on Monday, 26-Oct-2015 11:23:54 CET
loweel: Well, I upgraded the version of haproxy, and now it works a bit better. I also tried to use apache as frontend, but it resulted in the PHPSESSID in the URL, don’t ask me why. What I see is that the peers are often trying to contact the server in clear, regardless the fact the host-meta and the XRD are only describing the host in https. Now, I see that the new version of haproxy can balance also when the backend uses https, so I plan to remove the trick I did with the protocol and use https also in the backend, still having haproxy as a frontend. But I need some hours to do that, and I have a life too. I think this weekend maybe I will be able to test a new configuration. (and to update the Howto I wrote) 🙂 🙂


loweel’s status on Monday, 26-Oct-2015 11:18:09 CET
loweel: I had the same problem. I needed to sniff the traffic to understand. First, the requester it is doing a GET request to /.weell-known/host-meta, to see what the host is and where to reach it. Then, if you try to subscribe , i.e. john@doe.com, is it going to do a GET asking for /.well-known/xrd?acct:john@doe.com . Into the folder xrd you see a index.php file, which is just picking a file named yoursecretjohn@doe.com.xml, and returning it. After getting a description of the interfaces, then it starts POST ing your server with the real request of submission. You can see it setting GS in clear and using tcpdump.


loweel’s status on Monday, 26-Oct-2015 11:12:04 CET
loweel: When you do research, you always start from the null-hypothesis. The null-hypothesis means you assume there is no relationship between phenomena, and you see if data are falsifying the null-hypothesis. Now, the null-hypothesis is that there is no relationship between what you eat and intelligence. If you show me some data, without cherrypicking, I can “scientifically” listen at you. Is not enough to claim being intelligent to proof you are.


loweel’s status on Monday, 26-Oct-2015 10:05:56 CET
loweel: Minitube for Linux can do that, as far I know…


loweel’s status on Monday, 26-Oct-2015 10:01:41 CET
loweel: Could I apply for Zaxxon Motherbase 2000 in 1024×1280 with GL graphics ? 🙂 🙂 I spent my 14th year playing this arcade game. 🙂 🙂


  • PS: questo pezzo e le altre magnifiche elargizioni di saggezza di Uriel FanelliLowEel sono analizzate su un altro blog degli Untermenschen che curano questo specchio.
  • PPS: pezzo automagicamente caricato da Fornello!
Advertisements

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...