Hi Thanks for your reply. After reading the doc of the option this option is usefull but I'm not sur for my case. I fact the 408 are received immediatly, with no delay or timeout when browsing the website. I indeed with the option still 408 errors
Maybe any other ideas ? 2014-05-22 19:29 GMT+02:00 Baptiste <[email protected]>: > On Thu, May 22, 2014 at 6:06 PM, Kevin Maziere <[email protected]> > wrote: > > Hi > > > > I've haproxy that send a lots of "HTTP/1.1 408" error code when Chrome is > > used > > None with firefox. > > > > After few search on google and the mailing list I found some post > regarding > > haproxy and preconnect, but I don't find any solution. > > > > I'm using latest 1.5-dev haproxy release from the ppa: HA-Proxy version > > 1.5-dev25-a339395 2014/05/10 > > > > I've tested to add option accept-invalid-http-request but still 408, and > > I've quickly removed this option. > > > > Here is a part of my conf, I maybe have something wrong. > > > > # Configuration pour haproxy1.5 > > global > > log 127.0.0.1 local0 > > log 127.0.0.1 local1 notice > > maxconn 4096 > > #debug > > #quiet > > user haproxy > > group haproxy > > > > defaults > > log global > > mode http > > option httplog > > retries 3 > > option redispatch > > maxconn 2000 > > timeout server 2h > > timeout connect 15000 > > timeout client 15000 > > option http-keep-alive > > > > # Application Frontend > > > > frontend ipv4-ip1-80 > > bind [ipv4]:80 > > reqadd X-Forwarded-Proto:\ https > > option http-server-close > > timeout http-keep-alive 5000 > > use_backend ipv4-80 > > frontend ipv4-ip1-443 > > bind [ipv4]:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > > reqadd X-Forwarded-Proto:\ https > > option http-server-close > > timeout http-keep-alive 5000 > > use_backend ipv4-80 > > > > frontend ipv6-ip1-80 > > bind ip1:80 > > reqadd X-Forwarded-Proto:\ https > > option http-server-close > > timeout http-keep-alive 5000 > > use_backend ipv6-80 > > frontend ipv6i-p1-443 > > bind ip1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > > reqadd X-Forwarded-Proto:\ https > > option http-server-close > > timeout http-keep-alive 5000 > > use_backend ipv6-80 > > > > > > > > # Application Backend > > backend ipv4-80 > > balance roundrobin > > server images-access ip2:80 weight 1 check inter 5000 rise 2 fall 5 > > > > backend ipv6-80 > > balance roundrobin > > server images-access ip2:80 weight 1 check inter 5000 rise 2 fall 5 > > > > > > And here a some logs : > > > > 2014-05-22T15:38:44+00:00 access haproxy[7762]: clientipv6:59374 > > [22/May/2014:15:38:29.146] ipv6-ip1-443~ ipv6-ip1-443/<NOSRV> > > -1/-1/-1/-1/15014 408 212 - - cR-- 0/0/0/0/0 0/0 "<BADREQ>" > > 2014-05-22T15:47:53+00:00 access haproxy[7762]: clientipv4:49611 > > [22/May/2014:15:47:38.768] ipv4-ip1-80 ipv4-ip1-80/<NOSRV> > -1/-1/-1/-1/15001 > > 408 212 - - cR-- 2/2/0/0/0 0/0 "<BADREQ>" > > > > Thansk for your help > > > > Kévin > > > Hi Kevin, > > Maybe you could try setup a "timeout http-request" with a lower value > than your timeout client. > > Baptiste >
