Re: Reg: Invalid response received on specific page

2015-08-21 Thread ilan 
Hi Lukas,

Thanks for your reply. What you said is correct. It is not related to
haproxy.
It is related to our server implementation. We modified our server code
to handle multipart data properly. Now it is working.

Thanks again for your response.

Regards,
Ilan




On Wed, Aug 19, 2015 at 7:48 PM, Lukas Tribus luky...@hotmail.com wrote:

  ilan@ilan-laptop$echo show errors | sudo socat
  /run/haproxy/admin.sock stdio
 
  Total events captured on [19/Aug/2015:15:36:43.378] : 3
 
  [19/Aug/2015:15:36:18.452] backend nodes (#4): invalid response
  frontend localnodes (#2), server web01 (#1), event #2
  src 127.0.0.1:40332http://127.0.0.1:40332, session #119, session
  flags 0x00ce
  HTTP msg state 26, msg flags 0x, tx flags 0x2800
  HTTP chunk len 0 bytes, HTTP body len 0 bytes
  buffer flags 0x8002, out 0 bytes, total 1024 bytes
  pending 1024 bytes, wrapping at 16384, error at position 0:

 We need the complete output here, as it will show the error.

 It appears haproxy doesn't like what your backend responds.
 Therefor we need to understand how that response looks like.

 If you could share a tcpdump capture (-s 0) of the backend
 traffic, that could be useful as well.


 Regards,

 Lukas

Reg: Invalid response received on specific page

2015-08-19 Thread ilan 
Hi,

I am using haproxy to forward request to backend server.
We have implemented own http backend server which runs
in embedded system. Most of the pages are working fine.
One page in which we do file transfer does not work.
We receive following response from that page,

+++
502 Bad Gateway
The server returned an invalid or incomplete response.
+++

Doing wireshark shows that, the connection between haproxy and backend
server is valid for around 10seconds. After that FIN or RST is sent by
haproxy.
I tried to play with some timeout options, but nothing helped.
Could you please tell why 502 bad gateway response is received only for
this specific page.

See below the debug output of some commands,

ilan@ilan-laptop$*echo show errors | sudo socat /run/haproxy/admin.sock
stdio*

*Total events captured on [19/Aug/2015:15:36:43.378] : 3*

*[19/Aug/2015:15:36:18.452] backend nodes (#4): invalid response*
*  frontend localnodes (#2), server web01 (#1), event #2*
*  src 127.0.0.1:40332 http://127.0.0.1:40332, session #119, session
flags 0x00ce*
*  HTTP msg state 26, msg flags 0x, tx flags 0x2800*
*  HTTP chunk len 0 bytes, HTTP body len 0 bytes*
*  buffer flags 0x8002, out 0 bytes, total 1024 bytes*
*  pending 1024 bytes, wrapping at 16384, error at position 0:*


Also, here is the output of /var/log.haproxy.log file,


*Aug 19 15:36:18 ilan-laptop haproxy[12760]: 127.0.0.1:40332
http://127.0.0.1:40332 [19/Aug/2015:15:36:08.349] localnodes nodes/web01
0/0/0/-1/10102 502 1229 - - PH-- 0/0/0/0/0 0/0 POST
/iss/specific/remoterestore.html HTTP/1.1*

Below is my haproxy configuration,

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

tune.ssl.default-dh-param 1024
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL
ssl-default-bind-options no-sslv3

defaults
log global
modehttp
option  httplog
option  dontlognull
timeout connect 5000
timeout client  5
timeout server  5
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend localnodes
bind *:80
mode http
default_backend nodes


frontend https-in
#bind *:443 ssl crt /etc/ssl/certs/ssl-cert-snakeoil.pem
bind *:443 ssl crt /etc/ssl/xip.io/xip.io.pem
#reqadd X-Forwarded-Proto:\ http
default_backend nodes

backend nodes
mode http
balance roundrobin
option forwardfor
redirect scheme https if !{ ssl_fc }
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }
#option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server web01 192.168.1.11:8001



Regards,
Ilan

Re: REg: Connection field in HTTP header is set to close while sending to backend server

2015-08-07 Thread ilan 
Hi Lukas,

Thank you for the response.
Yes, It is new deployment.
I will check 1.5.

Regards,
Ilan

On Fri, Aug 7, 2015 at 6:42 PM, Lukas Tribus luky...@hotmail.com wrote:

  Hi Baptiste,
 
  Thank you very much for the response.That was quick.
 
  I tired enabling but got following error,

 Looks like you're on haproxy 1.4. In your current configuration you are
 now using tunnel-mode.

 If this is a new deployment, I would recommend upgrading to haproxy
 1.5.


 Regards,

 Lukas

REg: Connection field in HTTP header is set to close while sending to backend server

2015-08-07 Thread ilan 
Hi Support,

I configured haproxy to forward request to backend server.
I did packet capture between browser and haproxy and noticed that
connection field in HTTP header is set to keep-alive.

Then I did packet capture between haproxy and backend server,
I noticed that connection field in HTTP header is set to close.

Could you please tell why haproxy is changing connection field
to close when sending request to backend server.

I am new to web programming. Please apologize if i did not provide
enough information. Thanks for you help in advance.

Here is my haproxy configuration,

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon

defaults
log global
modehttp
option  httplog
option  dontlognull
contimeout 5000
clitimeout 5
srvtimeout 5
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http


listen appname 0.0.0.0:8002
mode http
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth root:admin123
stats auth root:admin123
balance roundrobin
option httpclose
option forwardfor
server lamp1 127.0.0.1:8001

Regards,
Ilan

Re: REg: Connection field in HTTP header is set to close while sending to backend server

2015-08-07 Thread ilan 
Hi Baptiste,

Thank you very much for the response.That was quick.

I tired enabling but got following error,

[ALERT] 218/182924 (17467) : parsing [/etc/haproxy/haproxy.cfg:13] :
unknown option 'http-keep-alive'.
[ALERT] 218/182924 (17467) : parsing [/etc/haproxy/haproxy.cfg:14] :
unknown option 'prefer-last-server'.
[ALERT] 218/182924 (17467) : Error(s) found in configuration file :
/etc/haproxy/haproxy.cfg
[ALERT] 218/182924 (17467) : Fatal errors found in configuration.

  [fail]


Looks like the default is keep-alive, so i just removed option httpclose
and things are working fine for me.

See below the config that produced above error,

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon

defaults
log global
modehttp
option  httplog

*option  http-keep-aliveoption  prefer-last-server*
option  dontlognull
contimeout 5000
clitimeout 5
srvtimeout 5
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http


listen appname 0.0.0.0:8002
mode http
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth root:admin123
balance roundrobin
option forwardfor
server lamp1 127.0.0.1:8001

Thanks again for your quick help.

Regards,
Ilan

On Fri, Aug 7, 2015 at 5:52 PM, Baptiste bed...@gmail.com wrote:

 On Fri, Aug 7, 2015 at 1:25 PM, ilan ilan@gmail.com wrote:
  Hi Support,
 
  I configured haproxy to forward request to backend server.
  I did packet capture between browser and haproxy and noticed that
  connection field in HTTP header is set to keep-alive.
 
  Then I did packet capture between haproxy and backend server,
  I noticed that connection field in HTTP header is set to close.
 
  Could you please tell why haproxy is changing connection field
  to close when sending request to backend server.
 
  I am new to web programming. Please apologize if i did not provide
  enough information. Thanks for you help in advance.
 
  Here is my haproxy configuration,
 
  global
  log /dev/loglocal0
  log /dev/loglocal1 notice
  chroot /var/lib/haproxy
  user haproxy
  group haproxy
  daemon
 
  defaults
  log global
  modehttp
  option  httplog
  option  dontlognull
  contimeout 5000
  clitimeout 5
  srvtimeout 5
  errorfile 400 /etc/haproxy/errors/400.http
  errorfile 403 /etc/haproxy/errors/403.http
  errorfile 408 /etc/haproxy/errors/408.http
  errorfile 500 /etc/haproxy/errors/500.http
  errorfile 502 /etc/haproxy/errors/502.http
  errorfile 503 /etc/haproxy/errors/503.http
  errorfile 504 /etc/haproxy/errors/504.http
 
 
  listen appname 0.0.0.0:8002
  mode http
  stats enable
  stats uri /haproxy?stats
  stats realm Strictly\ Private
  stats auth root:admin123
  stats auth root:admin123
  balance roundrobin
  option httpclose
  option forwardfor
  server lamp1 127.0.0.1:8001
 
  Regards,
  Ilan
 


 Hi Ilian

 You have this behavior because of option httpclose.
 Remove it and you'll have connection keep-alive.

 To make it clear, I would add a option http-keep-alive in the
 defaults section.
 And why not adding a option prefer-last-server' which may help
 keeping the connection alive despite the load-balancing algorithm.

 Baptiste