Thanks Cyril for this elements.

Here the modules available on apache2:

actions alias auth_basic auth_mysql auth_pam authn_file authz_default 
authz_groupfile authz_host authz_user autoindex cache cgi deflate dir env 
expires headers include mime mod-evasive negotiation php5 python rewrite rpaf 
setenvif ssl status

Maybe one of them have troubles.. I will search about Content-Length header


Benoît Georgelin
Web 4 all Hébergeur associatif
+33 977 218 005
+1 514 463 7255
benoit.georgelin@web 4

Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail 
qu'en cas de nécessité

----- Mail original -----

De: "Cyril Bonté" <>
À: "Benoit GEORGELIN (web4all)" <>
Envoyé: Jeudi 3 Novembre 2011 10:32:06
Objet: Re: Haproxy 502 errors, all the time on specific sites or backend

Hi Benoit,

Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit :
> Hi !
> My name is Benoît and i'm in a associative project who provide web hosting.
> We are using Haproxy and we have a lot of problems with 502 errors :(
> So, i would like to know how to really debug this and find solutions :)
> There is some cases on mailling list archives but i will appreciate if
> someone can drive me with a real case on our infrastructure.

My first observations, it it can help someone to target the issue :
In your servers responses, there is no Content-Length header, this can make
some troubles.

502 errors occurs when asking for compressed data :
- curl -si -H "Accept-Encoding: gzip,deflate" 
HTTP/1.0 502 Bad Gateway
- curl -si
=> results in a truncated page without Content-Length Header

We'll have to find why your backends doesn't provide a Content-Length header
(and what happens with compression, which should be sent in chunks).

> Details:
> Haproxy Stable 1.4.18
> OS: Debian Lenny
> Configuration File:
> ######################################################################
> global
> log local0 notice #debug
> maxconn 20000 # count about 1 GB per 20000 connections
> ulimit-n 40046
> tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :(
> tune.maxrewrite 1024
> #chroot /usr/share/haproxy
> user haproxy
> group haproxy
> daemon
> #nbproc 4
> #debug
> #quiet
> defaults
> log global
> mode http
> retries 3 ##### 2 -> 3 le 06102011 #####
> maxconn 19500 # Should be slightly smaller than global.maxconn.
> ######## OPTIONS ##########
> option dontlognull
> option abortonclose
> #option redispatch ##### Désactive le 06102011 car balance en mode source et
> non RR ##### option tcpka
> #option log-separate-errors
> #option logasap
> ######## TIMeOUT ##########
> timeout client 30s #1m 40s Client and server timeout must match the longest
> timeout server 30s #1m 40s time we may wait for a response from the server.
> timeout queue 30s #1m 40s Don't queue requests too long if saturated.
> timeout connect 5s #10s 5s There's no reason to change this one.
> timeout http-request 5s #10s 5s A complete request may never take that long
> timeout http-keep-alive 10s
> timeout check 10s #10s
> #######################################################
> # F R O N T E N D P U B L I C B E G I N
> #
> frontend public
> bind 123.456.789.123:80
> default_backend webserver
> ######## OPTIONS ##########
> option dontlognull
> #option httpclose
> option httplog
> option http-server-close
> # option dontlog-normal
> ##### Gestion sur URL # Tout commenter le 21/10/2011
> # log the name of the virtual server
> capture request header Host len 60
> #
> # F R O N T E N D P U B L I C E N D
> #######################################################
> #######################################################
> # B A C K E N D W E B S E R V E R B E G I N
> #
> backend webserver
> balance source ##### Reactive le 06102011 #####
> #balance roundrobin ##### Désactive le 06102011 #####
> ######## OPTIONS ##########
> option httpchk
> option httplog
> option forwardfor
> #option httpclose ##### Désactive le 06102011 #####
> option http-server-close
> option http-pretend-keepalive
> retries 5
> cookie SERVERID insert indirect
> # Detect an ApacheKiller-like Attack
> acl killerapache hdr_cnt(Range) gt 10
> # Clean up the request
> reqidel ^Range if killerapache
> server http-A cookie http-A check inter 5000
> server http-B cookie http-B check inter 5000
> server http-C cookie http-C check inter 5000
> server http-D cookie http-D check inter 5000
> server http-E cookie http-E check inter 5000
> # Every header should end with a colon followed by one space.
> reqideny ^[^:\ ]*[\ ]*$
> # block Apache chunk exploit
> reqideny ^Transfer-Encoding:[\ ]*chunked
> reqideny ^Host:\ apache-
> # block annoying worms that fill the logs...
> reqideny ^[^:\ ]*\ .*(\.|%2e)(\.|%2e)(%2f|%5c|/| \\\\ )
> reqideny ^[^:\ ]*\ ([^\ ]*\ [^\ ]*\ |.*%00)
> reqideny ^[^:\ ]*\ .*<script
> reqideny ^[^:\ ]*\ .*/(root\.exe\?|cmd\.exe\?|default\.ida\?)
> # allow other syntactically valid requests, and block any other method
> reqipass ^(GET|POST|HEAD|OPTIONS)\ /.*\ HTTP/1\.[01]$
> reqipass ^OPTIONS\ \\*\ HTTP/1\.[01]$
> errorfile 400 /etc/haproxy/errors/400.http
> errorfile 403 /etc/haproxy/errors/403.http
> errorfile 408 /etc/haproxy/errors/408.http
> errorfile 500 /etc/haproxy/errors/500.http
> errorfile 502 /etc/haproxy/errors/502.http
> errorfile 503 /etc/haproxy/errors/503.http
> errorfile 504 /etc/haproxy/errors/504.http
> Error 502 example (all the time)
> Log:
> Nov 3 13:52:15 haproxy[27813]:
> [03/Nov/2011:13:52:14.584] public webserver/http-B 11/0/0/-1/985 502 280 -
> - SHVN 121/121/19/3/0 0/0 {} "GET /portfolio/ HTTP/1.1" Nov 3 
> 13:52:15 haproxy[27813]:
> [03/Nov/2011:13:52:14.583] public webserver/http-B 1153/0/0/10/1163 404 849
> - - --VN 123/123/16/4/0 0/0 {} "GET /favicon.ico HTTP/1.1"
> This is a ZenPhotos CMS ( )
> With more than one picture on it, 502 errors.
> I try to comment all reqideny and reqipass, but it still not working
> We use NFS protocol to share content on WebServer Side.Almost use php/mysql
> I can give you tcpdump but i'm not shure about te good syntaxe who can help
> in this case.
> Many thanks for your help and your time
> Best Regards
> Cordialement,
> Benoît Georgelin
> Web 4 all Hébergeur associatif
> Afin de contribuer au respect de l'environnement, merci de n'imprimer ce 
> mail qu'en cas de nécessité

Cyril Bonté

Reply via email to