Hi All, We have a virtual desktop deployment under VMWare Horizon View that uses PCoIP Zero clients that stopped working after upgrading the load balancers in front of the internal Connection Servers (the virtual desktop broker) from 1.8.12 to 2.0.7.
After putting in "no option http-use-htx" these clients work fine. This is not a problem overall with HAProxy as other devices using a different client (mobile, PC etc) are fine, so it is obviously an edge case that affects this particular device, but I thought it important to report as it is still a regression between 1.8 and 2.0. Ive got logs, version info and config in this email, but understand that more info is likely to be required in order to get to the bottom of this...and fully understand this may be a client/device specific bug, rather than a HAProxy one. More logs and traces can be gathered as required. This is running on Alpine Linux 3.10, so its a musl based build: HA-Proxy version 2.0.7 2019/09/27 - https://haproxy.org/ Build options : TARGET = linux-glibc CPU = generic CC = gcc CFLAGS = -Os -fomit-frame-pointer OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_NS=1 Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS Default settings : bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with multi-threading support (MAX_THREADS=64, default=2). Built with OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019 Running on OpenSSL version : OpenSSL 1.1.1d 10 Sep 2019 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with network namespace support. Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.11 Running on zlib version : 1.2.11 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.43 2019-02-23 Running on PCRE version : 8.43 2019-02-23 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE mux=H2 h2 : mode=HTTP side=FE mux=H2 <default> : mode=HTX side=FE|BE mux=H1 <default> : mode=TCP|HTTP side=FE|BE mux=PASS Available services : none Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace Here is the config in question (with the option to disable HTX still in place): # VMware View Connection Server Defaults defaults # Default to HTTP mode mode http no option http-use-htx # Retry another server on connection failure option redispatch # Timeouts timeout connect 5s timeout http-keep-alive 1s timeout http-request 15s timeout queue 30s timeout tarpit 1m timeout client 300s timeout server 300s # Logging options option httplog option dontlognull log global # Set default balancing algorithm balance leastconn # Default server check options default-server inter 5s rise 2 fall 3 # Maximum connections maxconn 20000 # VMware View Connection Server Front-End frontend fe_viewcs # Listen on HTTP (80) and HTTPS (443) bind 172.16.0.134:80 bind 172.16.0.134:443 ssl crt viewcs.pem # Redirect HTTP -> HTTPS redirect scheme https code 301 if !{ ssl_fc } # Remove Origin header to resolve https://kb.vmware.com/kb/2144768 as per https://support.f5.com/csp/article/K65620682 http-request del-header Origin # Use View Connection Server Back-End use_backend be_viewcs # View Connection Server Back-End backend be_viewcs # Maintain affinity based on JSESSIONID cookie stick match req.cook(JSESSIONID) stick store-response res.cook(JSESSIONID) stick-table type string size 2k expire 1h peers peers_global # Health check option httpchk GET /broker/xml/ HTTP/1.1\r\nHost:\ viewfqdn\r\nConnection:\ Close\r\n\r\n option log-health-checks http-check expect string clientlaunch-default # View Connection servers server viewcs01 172.16.0.55:443 ssl check ca-file RootCA.pem server viewcs02 172.16.0.56:443 ssl check ca-file RootCA.pem Logs from a unsuccessful connection: Oct 14 10:31:13 lb-01 local2.info haproxy[3142]: 172.19.4.80:50835 [14/Oct/2019:10:31:13.348] fe_viewcs~ be_viewcs/viewcs01 0/0/80/24/104 200 1108 - - ---- 2884/1/0/0/0 0/0 "POST /broker/xml HTTP/1.1" Oct 14 10:31:13 lb-01 local2.info haproxy[3142]: 172.19.4.80:62416 [14/Oct/2019:10:31:13.504] fe_viewcs~ be_viewcs/viewcs02 0/0/4/8/12 200 574 - - ---- 2884/1/0/0/0 0/0 "POST /broker/xml HTTP/1.1" And a successful one: Oct 14 10:59:44 lb-01 local2.info haproxy[7100]: 172.19.4.80:59025 [14/Oct/2019:10:59:44.294] fe_viewcs~ be_viewcs/viewcs02 0/0/4/13/17 200 1120 - - ---- 55/1/0/1/0 0/0 "POST /broker/xml HTTP/1.1" Oct 14 10:59:44 lb-01 local2.info haproxy[7100]: 172.19.4.80:57390 [14/Oct/2019:10:59:44.828] fe_viewcs~ be_viewcs/viewcs01 0/0/3/49/52 200 1120 - - ---- 55/1/0/1/0 0/0 "POST /broker/xml HTTP/1.1" Oct 14 10:59:45 lb-01 local2.info haproxy[7100]: 172.19.4.80:53001 [14/Oct/2019:10:59:44.977] fe_viewcs~ be_viewcs/viewcs01 0/0/9/57/66 200 905 - - ---- 47/1/0/1/0 0/0 "POST /broker/xml HTTP/1.1" Oct 14 10:59:45 lb-01 local2.info haproxy[7100]: 172.19.4.80:61455 [14/Oct/2019:10:59:45.065] fe_viewcs~ be_viewcs/viewcs01 0/0/1/7/8 200 446 - - ---- 47/1/0/1/0 0/0 "POST /broker/xml HTTP/1.1" Oct 14 10:59:45 lb-01 local2.info haproxy[7100]: 172.19.4.80:49178 [14/Oct/2019:10:59:45.127] fe_viewcs~ be_viewcs/viewcs01 0/0/2/52/54 200 964 - - ---- 48/1/0/1/0 0/0 "POST /broker/xml HTTP/1.1" Oct 14 10:59:46 lb-01 local2.info haproxy[7100]: 172.19.4.80:49434 [14/Oct/2019:10:59:45.251] fe_viewcs~ be_viewcs/viewcs01 0/0/75/1550/1625 200 1570 - - ---- 41/1/0/1/0 0/0 "POST /broker/xml HTTP/1.1" -- Andrew Heberle
