similar to: Running two clusters side by side

On Mon, Dec 22, 2014 at 9:30 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > Although the cryptography is now separated from the rest of the logic in > tinc, it is not really replaceable, since only OpenSSL is supported. > However, there is also a new protocol in tinc 1.1, which uses Ed25519 > and ChaCha-Poly1305. The code for those algorithms is included in tinc, > so the

We have been searching for a Rails deployment architecture which works for us for some time. We''ve recently moved from Apache 1.3 + FastCGI to Apache 2.2 + mod_proxy_balancer + mongrel_cluster, and it''s a significant improvement. But it still exhibits serious performance problems. We have the beginnings of a fix that we would like to share. To illustrate the problem, imagine a

> That said, there are significant advantages to using external > libraries for this: some of them use heavily optimized (assembly, > tuned for SSE etc.) code for ChaCha-Poly1305, which is a big win for > tinc because it dramatically lowers CPU usage and increases maximum > achievable throughput. See > http://bench.cr.yp.to/impl-stream/chacha20.html This is quite a nice point,

Gang- We are getting ready to launch our ROR application; the last item remaining is the deployment platform. For testing, we had used Apache + MOD_FastCGI. I am not that impressed with it; sometimes it has strange effects. For example, when we start the application, for about 5 minutes or so, the app is very unstable and it gets better over time. My questions is .. should I go with (1)

On some cpu's optimized chacha implementation in openssl (1.1.0+) is notably faster (and on others it is just faster) than generic C implementation in openssh. Sadly, openssl's chacha20-poly1305 (EVP_chacha20_poly1305) uses different scheme (with padding/etc - see rfc8439) and it looks it is not possible to use in openssh. OpenSSL 1.1.1+ also exports "raw" poly1305 primitive,

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

I'm testing on older OS X 10.8 with older SSE4 hardware from about 2010. I've got updated gear from MacPorts and it includes GCC and Clang. GCC is the compiler, and Clang is the assembler. We perform a compile/link on a test file to ensure an ISA is supported by the toolchain. If an ISA is available then we compile a source file to the ISA as needed. Then, we guard the higher ISAs at

Just a quick question to those of you using merb and sequel or datamapper. How do you setup your merb app? For example: merb -X off -c 5, then run mod_proxy_balancer or nginx to load balance between the 5 (or whatever #) of merb nodes? merb -X off -d, then simply use something like proxypass merb -c 5, keep the mutex lock and cluster it haproxy, swiftiply, evented mongrel...... What

On Fri, 2019-07-12 at 15:54 +1000, Damien Miller wrote: > On Thu, 17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305

I was wondering if there was something specific to the internal chacha20 cipher as opposed to OpenSSL implementation. I can't just change the block size because it breaks compatibility. I can do something like as a hack (though it would probably be better to do it with the compat function): if (strstr(enc->name, "chacha")) *max_blocks = (u_int64_t)1 << (16*2);

Last time I checked there was a number of new libraries implementing Ed25519 and ChaCha-Poly1305, but everything seemed quite immature - I think it would be wise to wait until things settle down (maybe when it gets into OpenSSL). That said, there are significant advantages to using external libraries for this: some of them use heavily optimized (assembly, tuned for SSE etc.) code for

I''ve been having a mess of a time using this module, which stinks because its behavior is EXACTLY what I am looking for... whenever I bootstrap new rabbitMQ nodes I want to add them to our HAProxy instance. Here''s my relevant site.pp entries: node /^rabbit.*/ inherits basenode { @@haproxy::balancermember { $fqdn: listening_service => ''messaging00'',

Hi, This morning, while checking for a correct deployment, we found out that the Unicorns we are using were sending 500 Internal errors very frequently to the HAProxy that sits in front of them. After some investigation, It turned out that HAProxy checks the backend by opening and closing a connection to the unicorn. Unfortunately the Unicorns we use ( v 0.990.0 ) will try to reply to this probe

Hi all, I'm load balancing 4 mysql databases using HAProxy. The setup seems to be working pretty well. Except I keep seeing these messages turning up in syslog: Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0

On 20/8/2015 10:35 ??, Tim Groeneveld wrote: > # This is a list of trusted networks... ips are seperated by ", " > # default, empty > haproxy_trusted_networks = 10.1.2.0/24, 10.2.1.0/24 > > # This is the timeout... in seconds. > # default, 3 > # haproxy_timeout = 3 > > # modify your inet listener's to include haproxy=yes > inet_listener { >

Hello, is it possible to configure configure haproxy to work with postfix sasl and dovecot auth like this: clients -> 25:postfix -> 20025:haproxy -> 20025:auth-backend-1, 20025:auth-backend-2 The configuration I have now gives me this error randomly: 535 5.7.8 Error: authentication failed: Connection lost to authentication server This is probably because haproxy change servers while

Even though it seems dovecot (using 2.2.33.1) supports haproxy's send-proxy-v2, it seems to lack send-proxy-v2-ssl (which also sends client's ssl state). It would be a nice feature for the backend server to identify clients so one wouldn't have to use disable_plaintext_auth on a production environment. --- haproxy.cfg frontend pop3 bind [::]:110 v4v6 bind

hello list, I am attempting to load balance SSL web servers using haproxy on centos 5.7. I am using HA-Proxy version 1.4.18 Here is the stanza in the config regarding SSL: listen https 192.168.1.200:443 mode tcp balance roundrobin option forwardfor except 192.168.1.200 option redispatch maxconn 10000 reqadd X-Forwarded-Proto:\ https

On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote: > I'm not Aki but hope you don't mind... > > On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: >> Hi, >> >> MariaDB documentation says it accepts OpenSSL cipher strings in its >> ssl_cipher parameters like ssl_cipher="TLSv1.2". >> This is also mentioned when creating or

I''m looking for the most reliable setup for Mongrel. Reliable meaning avoiding things like sending too many requests to a single mongrel process, or sending requests to a mongrel process that has hung for some reason. The handler will most likely be rails, but it might be a custom handler. SSL is also a requirement, which limits the options a bit but it can''t be done away