Hello,
I upgraded to dev17 from dev15. I am running Tornado servers behind HAProxy
with SockJS support. Comparing to before the upgrade, I've noticed two
problematic behaviors:
1. When a client is using IE with xhr-streaming protocol to connect to
servers, such connections are closed (seeing 'Connection get reset by peer'
error on the Python side) more often than before. Sometimes disconnection
happened soon after connection (half a minute). I guess it might be related
to timeout, but since I haven't changed any configuration on HAProxy, I
wonder if this behavior is related to the upgrade of HAProxy itself.
2. From time to time, Chrome failed to finish the websocket handshake with
the server, and instead used xhr-streaming. This didn't happen before the
upgrade, but I've noticed at least 5+ such cases during the testing with
dev17.
I can confirm that both client-side library (sockjs-client) and server-side
library (sockjs-tornado) have stayed the same since their last respective
upgrade (months before dev17 came out). So the only variable which might
have produced the observations above could be HAProxy.
I attach below my HAProxy config (excluding most of the acls), and I'd much
appreciate that if someone could take a quick look and let me know if some
setting(s) may not play well with dev17 which might have caused the
behavior above, or some new setting(s) should be added. Notice that
backends sockjs_1 and sockjs_2 are the ones experiencing the problems.
global
log 127.0.0.1 local1 info
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/share/haproxy
uid 99
gid 99
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 500
timeout connect 6s
frontend public
mode http
bind 0.0.0.0:80
bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl_wc/mysite.pem ciphers
HIGH:!aNULL:!MD5 no-tlsv10
timeout client 300s
option http-server-close
option forwardfor except 127.0.0.1
reqadd X-Forwarded-Proto:\ https if { ssl_fc }
reqadd X-Forwarded-Proto:\ http if !{ ssl_fc }
#option http-pretend-keepalive
# define ACLs and use them below
acl is_https ssl_fc
redirect scheme https if !is_https
# other acls omitted here
backend sockjs_1
timeout server 60s
server sock_1 127.0.0.1:8000
backend sockjs_2
timeout server 60s
server sock_2 127.0.0.1:8060
backend nginx
timeout server 20s
server nginx 127.0.0.1:8484
backend stats
stats enable
stats uri /haproxy/stats
stats realm Haproxy\ Statistics
backend www
timeout server 300s
#option forwardfor header X-Client-IP
#no option httpclose
#option http-server-close
server content 127.0.0.1:8080
Thanks very much!
Best,
Chris
