Re: Termination state IR--

Wed, 29 Jan 2020 17:57:22 -0800 

Hi Christopher,

On Wed, Jan 29, 2020 at 7:58 PM Christopher Faulet <cfau...@haproxy.com>
wrote:

> Le 29/01/2020 à 05:14, Igor Cicimov a écrit :
> > Hi all,
> >
> > I'm asking this question here since I read in the docs that if I see
> "Ixxx" in
> > the session "termination_state" log I should do so :-)
> >
> > The error I got while experimenting with the HAP config is as follows:
> >
> > Jan 29 03:33:44 ip-172-31-45-201 haproxy[124024]: <CLIENT_IP>:44296
> > [29/Jan/2020:03:33:44.952] fe_https~ host.mydomain.com/
> > <http://host.mydomain.com/><NOSRV> -1/-1/-1/-1/0 500 0 - - IR--
> 1/1/5/0/3 0/0
> > "GET /api/search HTTP/1.1"
> >
> > The command that produced it:
> >
> > $ curl -vsSNiL -H "Host: host.mydomain.com <http://host.mydomain.com>"
> > https://haproxy.example.com:8443/api/search
> >
> > And the relevant haproxy-2.0.12 configuration (it's in AWS):
> >
> > resolvers vpc
> >      nameserver dns1 172.31.0.2:53 <http://172.31.0.2:53>
> >      accepted_payload_size 8192
> >      resolve_retries       30
> >      timeout resolve       1s
> >      timeout retry         2s
> >      hold valid            30s
> >      hold other            30s
> >      hold refused          30s
> >      hold nx               30s
> >      hold timeout          30s
> >      hold obsolete         30s
> >
> > frontend fe_https
> >      bind *:8443 ssl crt /etc/haproxy/ssl.d/ alpn h2,http/1.1
> >      mode http
> >      option httplog
> >      use_backend %[req.hdr(host),word(1,:),lower]
> >
> > backend host.mydomain.com <http://host.mydomain.com>
> >      mode tcp
> >      option tcp-check
> >      tcp-check connect port 443 ssl
> >      balance source
> >      default-server inter 60s downinter 30s rise 2 fall 2 slowstart 10s
> weight
> > 100 ca-file /etc/ssl/certs/ca-certificates.crt on-marked-down
> shutdown-sessions
> >      server myhost host.mydomain.com:443 <http://host.mydomain.com:443>
> verify
> > none check resolvers vpc resolve-prefer ipv4
> >
>
> Hi Igor,
>
> You cannot plug an HTTP frontend to a TCP backend. There are some checks
> during
> the configuration parsing to prevent this mistake. Unfortunately, you are
> using
> a dynamic expression to choose your backend. So it is not possible to warn
> you
> at startup. Use the http mode for your backend. It should solve your issue.
>
> --
> Christopher Faulet
>

Ofcourse, we can't mix HTTP frontend with a TCP backend, it escaped my eyes
after testing multiple changes to the config  :-/ Thanks for stating the
obvious and sorry for wasting your time.

Cheers,
Igor

Reply via email to