Re: HAProxy responding with NOSRV SC

Wed, 03 Jun 2015 23:39:13 -0700 

On Thu, Jun 4, 2015 at 12:21 PM, RAKESH P B <pb.rakes...@gmail.com> wrote:

> Hi All,
>
> I have a strange situation where requests to my HAProxy are returning with
> a 503 error. HAProxy logs shows that a NOSRV error: for POST requests from
> application RSET service.
>
> api-https-in~ api-https-in/<NOSRV> -1/-1/-1/-1/40 503 1237 - - SC--
> 15/0/0/0/0 0/0 "POST /<PATH> HTTP/1.1"
>

According to the docs the SC connection termination flags mean:

     SC   The server or an equipment between it and haproxy explicitly
refused
          the TCP connection (the proxy received a TCP RST or an ICMP
message
          in return). Under some circumstances, it can also be the network
          stack telling the proxy that the server is unreachable (eg: no
route,
          or no ARP response on local network). When this happens in HTTP
mode,
          the status code is likely a 502 or 503 here.

So if you are confident that you are looking at the same type of requests
and in the same time period for both cases you are showing (with and
without HAP), then you should turn your attention to the networking side of
the things. Make sure nothing is blocking the connections between HAP and
the backends (ie can you at least telnet to port 80 from HAP to the
backend), confirm that your health check "HEAD /test.jsp HTTP/1.0" really
works, confirm your backend understands and actually uses X-Forwarded-Proto
header, confirm that your backend has a capacity for 8096 simultaneous
connections etc. etc. etc.


>
> During this time, the backend server was confirmed up and was receiving
> traffic for GET requests from web browser and also POST request from REST
> client  POSTMAN rest client.
>
>
>  api-https-in~ <name1>/<name> 669/0/2/4/675 200 513 - - ---- 2/2/0/1/0 0/0
> "GET /<PATH> HTTP/1.1"
>
>  api-https-in~ <name1>/<name> 336/0/1/4/341 415 95 - - ---- 2/2/0/1/0 0/0
> "POST /<PATH> HTTP/1.1"
>
>
> Here is my configuration file
>
> frontend http-in
> bind *:80
> redirect scheme https code 301 if !{ ssl_fc }
> maxconn 8096
>
>
> frontend api-https-in
> bind X.X.X.X:443 ssl crt <PATH1>
> reqadd X-Forwarded-Proto:\ https
> acl host_soap hdr_end(host) -i example.com
> use_backend <name1> if host_soap
> acl secure dst_port eq 44
>
>
>
> backend <name1>
>
>     mode http
>     option httpchk  HEAD /test.jsp HTTP/1.0
>     appsession JSESSIONID len 32 timeout 1800s
>     server  <name> X.X.X.X:80
>



-- 
Igor Cicimov | DevOps


p. +61 (0) 433 078 728
e. ig...@encompasscorporation.com <http://encompasscorporation.com/>
w*.* encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000

Reply via email to