On 4/15/2022 1:20 AM, Amaury Denoyelle wrote:
Hum this is strange. Do you have a way to reproduce it easily ?
The 403 is random. While clicking around in my webmail, going to
different folders, I occasionally see a red box that has an error
message pop up, an error message I can't recall at the moment. That's
when the 403 is logged. This is the matching Apache log entr for the
haproxy log entry I sent earlier:
127.0.0.1 - - [14/Apr/2022:07:11:15 -0600] "POST
/mail/?_task=mail&_action=refresh HTTP/2.0" 403 363
"https://webmail.elyograg.org/mail/?_task=mail&_mbox=Sent"; "Mozilla/5.0
(X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/100.0.4896.75 Safari/537.36"
The 403 is not being generated by haproxy. It is coming from Apache.
But this does not happen when the connection from the user to haproxy
uses http/2, only when it is http/3. When I am more rested, I can grab
a packet capture of the traffic between haproxy and apache. This is
simple because that connection is h2c.
Otherwise, please know that as QUIC is still in an experimental status,
we did not have the time to test various config options with it.
Yes, I saw that designation. I am hoping that my experiences and
assistance can help make it more stable.
If you encounter a recurring bug, I advise you
to switch to a simple config file and inspect if the issue is still
there.
What parts of my config would you suggest taking out? Can you give me
an example of such a simple config? Although my config is a little
long, most of that is due to long ACLs. I have never really thought of
that config as complex. :)
Hum we already have encounter this issue because we did not send a
CONNECTION_CLOSE on connection closing. Now most cases seems to be fixed
but maybe there is still cases where the connection dies without a
notification to the client. Do you observe this frequently ?
Quite frequently. The browser will stop loading a page that is using
http3 and I have to completely close the browser to get it working
again, which makes testing more difficult. I have not been able to
determine what circumstances trigger the problem.
The list of domains that I am serving over http3 has shrunk because POST
requests don't always work.
On the system where haproxy 2.4.15 is listening on TCP ports and
2.6-dev5 is listening on UDP/443, this is the list of domains:
acl http3 var(txn.host) -m end unknown.elyograg.org
acl http3 var(txn.host) -m end raspi.elyograg.org
acl http3 var(txn.host) -m end raspi1.elyograg.org
acl http3 var(txn.host) -m end raspi2.elyograg.org
acl http3 var(txn.host) -m end shawnheisey.com
On the system where the from-git build is the only instance running, it
only advertises http3 for http3test.elyograg.org, a simple PHP script.
None of the sites where I have currently enabled http3 use POST
requests. The webmail is on the same system as the http3test site. It
is not widely used by anyone but me, so it is a perfect testing ground
of a complex webapp over http3. I can create a mailbox on that system
so you can try things yourself.
Please let me know how I can be helpful with further testing.
Thanks,
Shawn
