Hi All,
I recently upgraded to HAProxy dev-14 (and since this morning dev-15)
from dev11-ss-20120604. But, now we are experiencing uploads that are
'hanging'.
When uploading a file over HTTP the upload suddenly stalls. I cant get
my finger on it why. Sometimes it is right after the upload starts,
sometimes somewhere in the middle and (surprise, surprise!) sometimes
almost at the end. After a while the upload continues again and finishes
or stalls again. Uploads usually go with higher speeds 200-300mbit/s so
HAProxy CPU usage goes up a bit (10-15% cpu usage).
Is this a bug in HAProxy or is it my config? Downgrading to
dev11-ss-20120604 fixes the issue.
Greets,
Sander Klein
My config:
###
# Global Settings
###
global
log 127.0.0.1 local0
# log 127.0.0.1 local0 notice
# log 127.0.0.1 local0 err
# log 127.0.0.1 local1 debug
daemon
user haproxy
group haproxy
maxconn 32768
spread-checks 3
stats socket /var/run/haproxy.stat mode 666 level admin
#debug
#quiet
###
# Defaults
###
defaults
log global
timeout check 2s
timeout client 60s
timeout connect 10s
timeout http-keep-alive 30s
timeout http-request 30s
timeout queue 30s
timeout server 60s
timeout tarpit 120s
errorfile 400 /etc/haproxy/errors.loc/400.http
errorfile 403 /etc/haproxy/errors.loc/403.http
errorfile 500 /etc/haproxy/errors.loc/500.http
errorfile 502 /etc/haproxy/errors.loc/502.http
errorfile 503 /etc/haproxy/errors.loc/503.http
errorfile 504 /etc/haproxy/errors.loc/504.http
###
# Define the admin section
###
listen admin
bind xxx.xxx.xxx.xxx:8080
# bind xxxx:xxxx:xxxx:xxxx::xx:8080
mode http
stats enable
stats uri /haproxy?stats
stats auth admin:passwordhere!
stats admin if TRUE
stats refresh 5s
###
# Mass hosting frontend
###
frontend cluster1-in
# Mass hosting VIP
bind x.x.x.x:80
bind xxxx:xxxx:xxxx:xxxx::xx:80
... more bind stuff...
mode http
maxconn 4096
option httplog
option dontlog-normal
option dontlognull
option forwardfor
option http-server-close
option splice-auto
option tcp-smart-accept
capture request header Host len 64
capture request header User-Agent len 16
capture request header Content-Length len 10
capture request header Referer len 256
capture response header Content-Length len 10
#
# Some security stuff starts here
#
# block annoying worms that fill the logs...
# deny NULL character, <script tag and #removed
xmlrpc.php#removed in URL's
acl forbidden_uris url_sub -i %00 <script
# /../../ attacks
acl forbidden_uris url_reg -i
(%2f|%5c|/|\\\\)(\.|%2e)(\.|%2e)(%2f|%5c|/|\\\\)
# Deny requests for following files:
acl forbidden_uris path_end -i /root.exe /cmd.exe /default.ida
/awstats.pl .dll
# Deny script kiddy stuff eating our connections
acl forbidden_uris url_sub -f
/etc/haproxy/filters/phpmyadmin.txt
block if forbidden_uris
# HTTP content smugling
acl forbidden_hdrs hdr_cnt(host) gt 1
acl forbidden_hdrs hdr_cnt(content-length) gt 1
acl forbidden_hdrs hdr_cnt(proxy-authorization) gt 0
block if forbidden_hdrs
# Block offensive User-Agents
acl offender hdr_sub(User-Agent) -i msnbot
acl offender hdr_sub(User-Agent) -i baiduspider
block if offender
# Remove bogus X-Forwarded-For headers
# We don't care about RFC1918
reqidel ^X-Forwarded-For:\ xxx\.xxx\.xxx
... more reqidel's like the above...
# Add X-Forwarded-Proto headers
acl no-ssl dst_port 80
reqadd X-Forwarded-Proto:\ http if no-ssl
# Web cluster
acl iscluster1-1 hdr(host) -f /etc/haproxy/cluster1-1.txt
acl iscluster1-2 hdr(host) -f /etc/haproxy/cluster1-2.txt
acl iscluster1-2 hdr_sub(host) -i some.domain
acl iscluster1-2 hdr_sub(host) -i other.domain
acl iscluster1-2 hdr_sub(host) -i another.domain
use_backend cluster1-1 if iscluster1-1
use_backend cluster1-2 if iscluster1-2
default_backend cluster1-1
###
# 1 backend
###
backend cluster1-1
fullconn 4096
mode http
balance roundrobin
option abortonclose
option tcp-smart-connect
option redispatch
option httpchk GET /db.php HTTP/1.0
server name001 xxx.xxx.xxx.xxx:80 cookie name001 weight 100
minconn 40 maxconn 70 check inter 2000 rise 3 fall 2 slowstart 5m
server name002 xxx.xxx.xxx.xxx:80 cookie name002 weight 100
minconn 40 maxconn 70 check inter 2000 rise 3 fall 2 slowstart 5m
server name003 xxx.xxx.xxx.xxx:80 cookie name003 weight 100
minconn 40 maxconn 70 check inter 2000 rise 3 fall 2 slowstart 5m
server name004 xxx.xxx.xxx.xxx:80 cookie name004 weight 100
minconn 40 maxconn 70 check inter 2000 rise 3 fall 2 slowstart 5m
# Sorry Server
server outage 127.0.0.1:80 backup check inter 2000 rise 3 fall
2
retries 3
###
# 2 backend
###
backend cluster1-2
fullconn 4096
mode http
balance roundrobin
option abortonclose
option tcp-smart-connect
option redispatch
option httpchk GET /php-fpm-ping HTTP/1.0
http-check expect status 200
server name007 xxx.xxx.xxx.xxx:80 cookie name007 weight 100
minconn 50 maxconn 70 check inter 2000 rise 3 fall 2 slowstart 5m
server name008 xxx.xxx.xxx.xxx:80 cookie name008 weight 100
minconn 50 maxconn 70 check inter 2000 rise 3 fall 2 slowstart 5m
# Sorry Server
server outage 127.0.0.1:80 backup track cluster1-1/outage
retries 3
