On Thu, May 22, 2014 at 6:06 PM, Kevin Maziere <[email protected]> wrote: > Hi > > I've haproxy that send a lots of "HTTP/1.1 408" error code when Chrome is > used > None with firefox. > > After few search on google and the mailing list I found some post regarding > haproxy and preconnect, but I don't find any solution. > > I'm using latest 1.5-dev haproxy release from the ppa: HA-Proxy version > 1.5-dev25-a339395 2014/05/10 > > I've tested to add option accept-invalid-http-request but still 408, and > I've quickly removed this option. > > Here is a part of my conf, I maybe have something wrong. > > # Configuration pour haproxy1.5 > global > log 127.0.0.1 local0 > log 127.0.0.1 local1 notice > maxconn 4096 > #debug > #quiet > user haproxy > group haproxy > > defaults > log global > mode http > option httplog > retries 3 > option redispatch > maxconn 2000 > timeout server 2h > timeout connect 15000 > timeout client 15000 > option http-keep-alive > > # Application Frontend > > frontend ipv4-ip1-80 > bind [ipv4]:80 > reqadd X-Forwarded-Proto:\ https > option http-server-close > timeout http-keep-alive 5000 > use_backend ipv4-80 > frontend ipv4-ip1-443 > bind [ipv4]:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > reqadd X-Forwarded-Proto:\ https > option http-server-close > timeout http-keep-alive 5000 > use_backend ipv4-80 > > frontend ipv6-ip1-80 > bind ip1:80 > reqadd X-Forwarded-Proto:\ https > option http-server-close > timeout http-keep-alive 5000 > use_backend ipv6-80 > frontend ipv6i-p1-443 > bind ip1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > reqadd X-Forwarded-Proto:\ https > option http-server-close > timeout http-keep-alive 5000 > use_backend ipv6-80 > > > > # Application Backend > backend ipv4-80 > balance roundrobin > server images-access ip2:80 weight 1 check inter 5000 rise 2 fall 5 > > backend ipv6-80 > balance roundrobin > server images-access ip2:80 weight 1 check inter 5000 rise 2 fall 5 > > > And here a some logs : > > 2014-05-22T15:38:44+00:00 access haproxy[7762]: clientipv6:59374 > [22/May/2014:15:38:29.146] ipv6-ip1-443~ ipv6-ip1-443/<NOSRV> > -1/-1/-1/-1/15014 408 212 - - cR-- 0/0/0/0/0 0/0 "<BADREQ>" > 2014-05-22T15:47:53+00:00 access haproxy[7762]: clientipv4:49611 > [22/May/2014:15:47:38.768] ipv4-ip1-80 ipv4-ip1-80/<NOSRV> -1/-1/-1/-1/15001 > 408 212 - - cR-- 2/2/0/0/0 0/0 "<BADREQ>" > > Thansk for your help > > Kévin
Hi Kevin, Maybe you could try setup a "timeout http-request" with a lower value than your timeout client. Baptiste
