Re: Reg: Invalid response received on specific page
Hi Lukas, Thanks for your reply. What you said is correct. It is not related to haproxy. It is related to our server implementation. We modified our server code to handle multipart data properly. Now it is working. Thanks again for your response. Regards, Ilan On Wed, Aug 19, 2015 at 7:48 PM, Lukas Tribus luky...@hotmail.com wrote: ilan@ilan-laptop$echo show errors | sudo socat /run/haproxy/admin.sock stdio Total events captured on [19/Aug/2015:15:36:43.378] : 3 [19/Aug/2015:15:36:18.452] backend nodes (#4): invalid response frontend localnodes (#2), server web01 (#1), event #2 src 127.0.0.1:40332http://127.0.0.1:40332, session #119, session flags 0x00ce HTTP msg state 26, msg flags 0x, tx flags 0x2800 HTTP chunk len 0 bytes, HTTP body len 0 bytes buffer flags 0x8002, out 0 bytes, total 1024 bytes pending 1024 bytes, wrapping at 16384, error at position 0: We need the complete output here, as it will show the error. It appears haproxy doesn't like what your backend responds. Therefor we need to understand how that response looks like. If you could share a tcpdump capture (-s 0) of the backend traffic, that could be useful as well. Regards, Lukas
Reg: Invalid response received on specific page
Hi, I am using haproxy to forward request to backend server. We have implemented own http backend server which runs in embedded system. Most of the pages are working fine. One page in which we do file transfer does not work. We receive following response from that page, +++ 502 Bad Gateway The server returned an invalid or incomplete response. +++ Doing wireshark shows that, the connection between haproxy and backend server is valid for around 10seconds. After that FIN or RST is sent by haproxy. I tried to play with some timeout options, but nothing helped. Could you please tell why 502 bad gateway response is received only for this specific page. See below the debug output of some commands, ilan@ilan-laptop$*echo show errors | sudo socat /run/haproxy/admin.sock stdio* *Total events captured on [19/Aug/2015:15:36:43.378] : 3* *[19/Aug/2015:15:36:18.452] backend nodes (#4): invalid response* * frontend localnodes (#2), server web01 (#1), event #2* * src 127.0.0.1:40332 http://127.0.0.1:40332, session #119, session flags 0x00ce* * HTTP msg state 26, msg flags 0x, tx flags 0x2800* * HTTP chunk len 0 bytes, HTTP body len 0 bytes* * buffer flags 0x8002, out 0 bytes, total 1024 bytes* * pending 1024 bytes, wrapping at 16384, error at position 0:* Also, here is the output of /var/log.haproxy.log file, *Aug 19 15:36:18 ilan-laptop haproxy[12760]: 127.0.0.1:40332 http://127.0.0.1:40332 [19/Aug/2015:15:36:08.349] localnodes nodes/web01 0/0/0/-1/10102 502 1229 - - PH-- 0/0/0/0/0 0/0 POST /iss/specific/remoterestore.html HTTP/1.1* Below is my haproxy configuration, global log /dev/loglocal0 log /dev/loglocal1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon tune.ssl.default-dh-param 1024 # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL ssl-default-bind-options no-sslv3 defaults log global modehttp option httplog option dontlognull timeout connect 5000 timeout client 5 timeout server 5 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend localnodes bind *:80 mode http default_backend nodes frontend https-in #bind *:443 ssl crt /etc/ssl/certs/ssl-cert-snakeoil.pem bind *:443 ssl crt /etc/ssl/xip.io/xip.io.pem #reqadd X-Forwarded-Proto:\ http default_backend nodes backend nodes mode http balance roundrobin option forwardfor redirect scheme https if !{ ssl_fc } #http-request set-header X-Forwarded-Port %[dst_port] #http-request add-header X-Forwarded-Proto https if { ssl_fc } #option httpchk HEAD / HTTP/1.1\r\nHost:localhost server web01 192.168.1.11:8001 Regards, Ilan
Re: REg: Connection field in HTTP header is set to close while sending to backend server
Hi Lukas, Thank you for the response. Yes, It is new deployment. I will check 1.5. Regards, Ilan On Fri, Aug 7, 2015 at 6:42 PM, Lukas Tribus luky...@hotmail.com wrote: Hi Baptiste, Thank you very much for the response.That was quick. I tired enabling but got following error, Looks like you're on haproxy 1.4. In your current configuration you are now using tunnel-mode. If this is a new deployment, I would recommend upgrading to haproxy 1.5. Regards, Lukas
REg: Connection field in HTTP header is set to close while sending to backend server
Hi Support, I configured haproxy to forward request to backend server. I did packet capture between browser and haproxy and noticed that connection field in HTTP header is set to keep-alive. Then I did packet capture between haproxy and backend server, I noticed that connection field in HTTP header is set to close. Could you please tell why haproxy is changing connection field to close when sending request to backend server. I am new to web programming. Please apologize if i did not provide enough information. Thanks for you help in advance. Here is my haproxy configuration, global log /dev/loglocal0 log /dev/loglocal1 notice chroot /var/lib/haproxy user haproxy group haproxy daemon defaults log global modehttp option httplog option dontlognull contimeout 5000 clitimeout 5 srvtimeout 5 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen appname 0.0.0.0:8002 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth root:admin123 stats auth root:admin123 balance roundrobin option httpclose option forwardfor server lamp1 127.0.0.1:8001 Regards, Ilan
Re: REg: Connection field in HTTP header is set to close while sending to backend server
Hi Baptiste, Thank you very much for the response.That was quick. I tired enabling but got following error, [ALERT] 218/182924 (17467) : parsing [/etc/haproxy/haproxy.cfg:13] : unknown option 'http-keep-alive'. [ALERT] 218/182924 (17467) : parsing [/etc/haproxy/haproxy.cfg:14] : unknown option 'prefer-last-server'. [ALERT] 218/182924 (17467) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 218/182924 (17467) : Fatal errors found in configuration. [fail] Looks like the default is keep-alive, so i just removed option httpclose and things are working fine for me. See below the config that produced above error, global log /dev/loglocal0 log /dev/loglocal1 notice chroot /var/lib/haproxy user haproxy group haproxy daemon defaults log global modehttp option httplog *option http-keep-aliveoption prefer-last-server* option dontlognull contimeout 5000 clitimeout 5 srvtimeout 5 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen appname 0.0.0.0:8002 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth root:admin123 balance roundrobin option forwardfor server lamp1 127.0.0.1:8001 Thanks again for your quick help. Regards, Ilan On Fri, Aug 7, 2015 at 5:52 PM, Baptiste bed...@gmail.com wrote: On Fri, Aug 7, 2015 at 1:25 PM, ilan ilan@gmail.com wrote: Hi Support, I configured haproxy to forward request to backend server. I did packet capture between browser and haproxy and noticed that connection field in HTTP header is set to keep-alive. Then I did packet capture between haproxy and backend server, I noticed that connection field in HTTP header is set to close. Could you please tell why haproxy is changing connection field to close when sending request to backend server. I am new to web programming. Please apologize if i did not provide enough information. Thanks for you help in advance. Here is my haproxy configuration, global log /dev/loglocal0 log /dev/loglocal1 notice chroot /var/lib/haproxy user haproxy group haproxy daemon defaults log global modehttp option httplog option dontlognull contimeout 5000 clitimeout 5 srvtimeout 5 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http listen appname 0.0.0.0:8002 mode http stats enable stats uri /haproxy?stats stats realm Strictly\ Private stats auth root:admin123 stats auth root:admin123 balance roundrobin option httpclose option forwardfor server lamp1 127.0.0.1:8001 Regards, Ilan Hi Ilian You have this behavior because of option httpclose. Remove it and you'll have connection keep-alive. To make it clear, I would add a option http-keep-alive in the defaults section. And why not adding a option prefer-last-server' which may help keeping the connection alive despite the load-balancing algorithm. Baptiste