Hi, I'm at my wits end and was hoping you had any ideas.
We've setup a test environment with haproxy-1.5dev22, with varnish as a backend (and varnish using a webserver as it's backend). I have the same issue with haproxy-1.5dev19. randomly around the website (if I f.ex. reload /user/login url (it's a drupal website)) - the browser requests fails and the browser says 408. the VIP on haproxy is 10.27.121.134 a wireshark of the reponse shows, that the browser suddenly gets a RST - in the middle of a receiving the response. I did a tcpdump on the haproxy, and on the varnish - and the RST was originating from haproxy. The stats counters shows some ereq - which I think is these RSTs: # pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp, example.dk,FRONTEND,,,0,6,8000,132,129135,357937,0,0,9,,,,,OPEN,,,,,,,,,1,2,0,,,,0,0,0,17,,,,0,35,168,10,0,0,,0,27,213,,,0,0,0,0, example.dk-prod,FRONTEND,,,0,0,8000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,4,0,,,,0,0,0,0,,,,0,0,0,0,0,0,,0,0,0,,,0,0,0,0, example.dk-prod,web-p02,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,0,0,890,0,,1,4,1,,0,,2,0,,0,L4OK,,2000,0,0,0,0,0,0,0,,,,0,0,,,,, example.dk-prod,web-p03,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,0,0,890,0,,1,4,2,,0,,2,0,,0,L4OK,,2001,0,0,0,0,0,0,0,,,,0,0,,,,, example.dk-prod,web-p04,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,0,0,890,0,,1,4,3,,0,,2,0,,0,L4OK,,2001,0,0,0,0,0,0,0,,,,0,0,,,,, example.dk-prod,BACKEND,0,0,0,0,800,0,0,0,0,0,,0,0,0,0,UP,3,3,0,,0,890,0,,1,4,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0, varnish-dmz,varnish01,0,0,0,3,,102,64617,177379,,0,,0,0,0,0,UP,1,1,0,0,0,890,0,,1,5,1,,102,,2,0,,14,L4OK,,2002,0,17,85,0,0,0,0,,,,0,0,,,,, varnish-dmz,varnish02,0,0,0,3,,102,64518,178650,,0,,0,0,0,0,UP,1,1,0,0,0,890,0,,1,5,2,,102,,2,0,,13,L4OK,,2001,0,18,83,1,0,0,0,,,,0,0,,,,, varnish-dmz,BACKEND,0,0,0,6,800,204,129135,356029,0,0,,0,0,0,0,UP,2,2,0,,0,890,0,,1,5,0,,204,,1,0,,27,,,,0,35,168,1,0,0,,,,,0,0,0,0,0,0, I've tried setting option http-server-close and tried option httpclose - and tried without any of them. My config is: global chroot /var/lib/haproxy daemon group haproxy log 127.0.0.1 local0 maxconn 4000 pidfile /var/run/haproxy.pid stats socket /var/lib/haproxy/stats level admin user haproxy defaults log global maxconn 8000 option redispatch retries 3 stats enable option httpclose option http-server-close timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout check 10s frontend example.dk bind 10.27.121.134:80 bind 10.27.121.134:443 ssl crt /etc/haproxy/star2.pem ciphers RC4-SHA:AES128-SHA:AES256-SHA mode http balance roundrobin default_backend varnish-dmz option tcplog option accept-invalid-http-request timeout client 30 listen example.dk-prod bind 10.27.121.135:80 bind 10.27.121.135:443 ssl crt /etc/haproxy/wildcard.example.dk.combined.pem ciphers RC4-SHA:AES128-SHA:AES256-SHA mode http balance roundrobin option tcplog server web-p02 10.27.121.245:80 check server web-p03 10.27.121.246:80 check server web-p04 10.27.121.247:80 check backend varnish-dmz balance roundrobin mode http option tcplog server varnish01 10.27.121.240:80 check server varnish02 10.27.121.241:80 check -- Regards, Klavs Klavsen, GSEC - [email protected] - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer
