Hi Simon,
Le 07/06/2013 18:53, Simon Green a écrit :
Hi List,
We are having a problem that’s been making us scratch our heads all
week, and really need some advice on.
I’ll start with some relevant background info:
We’re running We are running HAProxy 1.5-dev17 2012/12/28.
Here is our HAProxy config: http://paste.wirehive.net/view/aa72de09
Here is a capture of the debug logs showing a 502 happening:
http://paste.wirehive.net/view/21750804
These are the relevant parts of the documentation I can find for this
error: http://paste.wirehive.net/view/d0fcf3ca
Here is an example of a response that comes back from the server when
bypassing the HAProxy install: http://paste.wirehive.net/view/3e6e7297
We’ve found that a number of different pages give this error, all using
different bits of code, however possibly noteworthy is the application
is Magento Enterprise.
I’d really appreciate some guidance on how I can get some more detailed
error/debug logging out of HAProxy. For example if one of the headers is
invalid, how can I find out which header?
From the response you provided, it is quite normal. Is this really the
whole response ?
Some issues in it :
1. The response is not HTTP compliant, a lot of lines misses a
"Set-Cookie:" at the beginning, this explain one kind of 502 returned by
haproxy.
This is not a valid line :
CUSTOMER_SEGMENT_IDS=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT;
path=/; domain=wwrd.wearefolk.com; httponly
2. "Transfer-Encoding: chunked" without any chunk delimiter ? I hope you
just truncated the response body for the bug report.
3. your response exceeds some limits :
- more than the default 8192 bytes limit, please see tune.bufsize
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#3-tune.bufsize
- too many headers, please see tune.http.maxhdr
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#3-tune.http.maxhdr
As a side note, you should avoid using haproxy in tunnel mode with layer
7 headers manipulation (such as reqadd), try to re-enable "option
httpclose" or better "option http-server-close" (don't forget also to
add a "timeout http-keep-alve").
But honestly, you should really fix the application to prevent those
many headers duplications. You'll always have trouble with such responses.
Thanks in advance,
Simon
--
Cyril Bonté
