On Thu, Apr 14, 2022 at 07:29:20AM -0600, Shawn Heisey wrote:
> On 4/14/22 03:27, Amaury Denoyelle wrote:
> > So to summary, this option should be activated if you only have browsers
> > as client and the traffic is big enough to saturate haproxy queues.
> > I hope this will clarify your thoughts,
> Thanks for that detail. For these setups, I really doubt that there will
> ever be that many requests. Unless I get hit by a DDOS attack. :)
> I am having further problems with http/3. Randomly in the webmail it will
> get a 403 error when accessing a URL for the site. Checking the log
> history, looks like it's on POST requests, which were already problematic.
> I guess removing abortonclose doesn't completely fix POST requests.
> Apr 14 07:11:15 - haproxy[2357875] 199.192.164.74:54388
> [14/Apr/2022:07:11:15.227] web~ be-apache-81/bilbo 2/0/76/-1/85 403 1371 - -
> LHVN 1/1/0/0/0 0/0 {webmail.elyograg.org} "POST
> /mail/?_task=mail&_action=refresh HTTP/3.0"
Hum this is strange. Do you have a way to reproduce it easily ?
Otherwise, please know that as QUIC is still in an experimental status,
we did not have the time to test various config options with it. Indeed,
most of the time we use extra simple config files with only timeout
configuration provided. If you encounter a recurring bug, I advise you
to switch to a simple config file and inspect if the issue is still
there. This will allows us to more precisely understand the nature of
the problem.
> And something that has occasionally happened with anything I've enabled
> http/3 on ... firefox will get into a mode where accessing an http/3 enabled
> site will completely hang, and the only way to get that website working
> again is to close the browser, reopen it, and try again. I've also seen
> this in Chrome, so it doesn't seem to be browser-specific. I do most of my
> testing in Firefox, because on the work machine Chrome has a proxy, which
> won't do http/3.
Hum we already have encounter this issue because we did not send a
CONNECTION_CLOSE on connection closing. Now most cases seems to be fixed
but maybe there is still cases where the connection dies without a
notification to the client. Do you observe this frequently ?
> So for now I've only enabled http3 on a select subset of websites. These
> problems make the webmail not work right. I hope any information I gather
> will speed up development on QUIC so it can move out of experimental status.
> Ah, git pull has revealed a lot of changes, some of which are on quic code.
> I will get that built and installed.
As I already said, QUIC in haproxy is still experimental and we expect a
lot of issues to appear :) so please use it with care and always have a
backup solution. We commit frequently changes related to QUIC but the
todo-list is still big and I do not think the latest changes will have
an improvement on your reported issues. But still, it is always useful
to have users ready to test it and report bugs, in fact we already have
fix some thanks to you. Just know that some bugs may take some time
before being addressed on our side.
Thanks,
--
Amaury Denoyelle
