On 6 April 2010 19:43, Willy Tarreau <w...@1wt.eu> wrote: > On Tue, Apr 06, 2010 at 11:42:53AM +0100, Matt wrote: > > Hi all, > > > > Using HA-Proxy version 1.3.19 2009/07/27. Set-up is HA-Proxy balancing a > > pool of Jetty servers. > > > > We had a tomcat application using keep-alive that was having issues (kept > on > > opening many connections), so to stop that and other clients getting the > > same problem we used the option httpclose which fixed the problem. > > > > This though has added another issue when using digest authentication with > > curl. When sending to the HA-Proxy IP:- > > > > **request** > > > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 > OpenSSL/0.9.8g > > zlib/1.2.3.3 libidn/1.15 > > > Host: ........... > > > Accept: */* > > > content-type:application/xml > > > Content-Length: 0 > > > Expect: 100-continue > > > > **response** > > < HTTP/1.1 100 Continue > > < Connection: close > > * Empty reply from server > > * Closing connection #0 > > curl: (52) Empty reply from server > > > > It looks like HA-Proxy is sending 100-continue and not 401 and adding the > > connection closed header. If I use curl with the --http1.0 option, then > it > > works as expected, but I guess this is forcing Jetty to work in http 1.0 > > mode. > > This was fixed in 1.3.23 and 1.3.24. The issue is not what you describe > above. > What happens is that the client sends the "Expect: 100-continue" header, > which > is forwarded to the server. The server then replies with "HTTP/1.1 100 > Continue" > and haproxy adds the "Connection: close" response there. Strictly speaking, > both > curl and haproxy are incorrect here : > - haproxy should not add any header on a 100-continue response > - libcurl should ignore any header in a 100-continue response. > > But the reality is that both do probably not consider the 100-continue > response as a special case, which it is. > > There is nothing you can do with the configuration to fix this, you should > really update your version (also other annoying issues have been fixed > since > 1.3.19). Either you install 1.3.24 (or 1.3.23 if you don't find 1.3.24 yet > for > your distro), or you can switch to 1.4.3. > > Well, maybe if you remove "option httpclose" and replace it with > "reqadd Connection:\ close", without the corresponding "rspadd", it could > work, > if you don't have anything else touching the response (no cookie insertion, > ...). > This would rely on the server to correctly close the response. But it would > be > an awful hack. > > > When using apache in front of HA-Proxy with both force-proxy-request-1.0 > and > > proxy-nokeepalive the request is successful. > > This is because the Expect header appeared in 1.1, so the client cannot use > it > if you force the request as 1.0. > > Thanks, i'll test 1.3.23/24 in our lab
Matt