NTLM an server-close are mutually incompatible. As Willy stated, best solution for you is to use http-keep-alive mode and upgrade to haproxy 1.5.
Baptiste On Sat, May 10, 2014 at 1:38 PM, Willy Tarreau <w...@1wt.eu> wrote: > Hi, > > On Thu, May 08, 2014 at 06:22:11PM +0200, Lukas Tribus wrote: >> Hi, >> >> >> > Hello, >> > I have few backends which are routed to regarding of URL path. Also one >> > of servers uses NTLM. >> > As it was written on many places NTLM can only function with tunnel >> > mode enabled. I understand that, but have some other backends that does >> > not work good unless there is option http-server-close enabled. >> > >> > So without http-server-close i get following problems in logs,as well >> > as page not being rendered properly in browser: >> > May 7 16:15:05 66.129.115.238:41881 [07/May/2014:16:12:08.885] >> > http_in 30_26/30_26 0/0/0/3/177114 200 785093 - - cD-- 3/3/3/3/0 0/0 >> > "GET /scripts/jquery.prettyPhoto.j >> > s HTTP/1.1" >> > May 7 16:15:06 66.129.115.238:41883 [07/May/2014:16:12:08.892] >> > http_in 30_26/30_26 0/0/0/2/177113 200 341923 - - cD-- 2/2/2/2/0 0/0 >> > "GET /scripts/tt-script.js HTTP/1. >> > 1" >> > May 7 16:15:06 66.129.115.238:41880 [07/May/2014:16:12:08.885] >> > http_in 30_26/30_26 0/0/0/1/177729 200 870078 - - cD-- 1/1/1/1/0 0/0 >> > "GET /css/prettyPhoto.css HTTP/1.1 >> > " >> > May 7 16:15:13 66.129.115.238:41882 [07/May/2014:16:12:08.892] >> > http_in 30_26/30_26 0/0/0/2/184680 200 616817 - - cD-- 0/0/0/0/0 0/0 >> > "GET /scripts/loopedslider.js HTTP >> > /1.1" >> > >> > >> > and on other hand, there is problem with NTLM authentication when >> > http-server-close is enabled? >> > >> > Any thoughts on this and experiences would be helpful. >> >> Can you post the complete configuration? >> >> My suggestion is to enable http-server-close only on the non-NTLM >> backend, and leave the NTLM backend as is (in tunnel mode). >> >> That means do not specify the mode in frontend, default or global >> sections. >> >> Not sure about the problem with tunnel mode. I would suggest to >> upgrade to 1.4.25, before troubleshooting any further. > > I'd go further, if both NTLM and server-close are needed, then you > really need keep-alive and will have to switch to 1.5. Don't forget > that getting rid of this mess that is NTLM was the primary motivation > for server-side keep-alive, so you won't easily get out of it with > 1.4. > > Regards, > Willy > >
