Hi I've just applied the first patch, here are the debug log :
In the logs : 2014-05-23T12:03:20+00:00 images-access haproxy[13409]: 127.0.0.1:56596[23/May/2014:12:03:17.972] ipv4-yyy-443~ ipv4-yyy-443/<NOSRV> -1/-1/-1/-1/2041 408 212 - - cR-- 9/3/0/0/0 0/0 "<BADREQ>" 2014-05-23T12:03:20+00:00 images-access haproxy[13409]: 127.0.0.1:56593[23/May/2014:12:03:17.977] ipv4-yyy-443~ ipv4-yyy-443/<NOSRV> -1/-1/-1/-1/2036 408 212 - - cR-- 8/2/0/0/0 0/0 "<BADREQ>" 2014-05-23T12:03:20+00:00 images-access haproxy[13409]: 127.0.0.1:56594[23/May/2014:12:03:17.972] ipv4-yyy-443~ ipv4-yyy-443/<NOSRV> -1/-1/-1/-1/2041 408 212 - - cR-- 7/1/0/0/0 0/0 "<BADREQ>" 2014-05-23T12:03:20+00:00 images-access haproxy[13409]: 127.0.0.1:56595[23/May/2014:12:03:17.972] ipv4-yyy-443~ ipv4-yyy-443/<NOSRV> -1/-1/-1/-1/2043 408 212 - - cR-- 7/1/0/0/0 0/0 "<BADREQ>" In the debug log, correspond lines: 2014-05-23T12:03:20+00:00 servername haproxy[13409]: Timeout detected: fe=ipv4-yyy-443 s->flags=00000080 txn->flags=00000000 req->flags=00c88000 msg->flags=00000000 now_ms=687261517 req->analyse_exp=687261515 (-2) 2014-05-23T12:03:20+00:00 servername haproxy[13409]: Timeout detected: fe=ipv4-yyy-443 s->flags=00000080 txn->flags=00000000 req->flags=00c88000 msg->flags=00000000 now_ms=687261517 req->analyse_exp=687261515 (-2) 2014-05-23T12:03:20+00:00 servername haproxy[13409]: Timeout detected: fe=ipv4-yyy-443 s->flags=00000080 txn->flags=00000000 req->flags=00c88000 msg->flags=00000000 now_ms=687261517 req->analyse_exp=687261516 (-1) 2014-05-23T12:03:20+00:00 servername haproxy[13409]: Timeout detected: fe=ipv4-yyy-443 s->flags=00000080 txn->flags=00000000 req->flags=00c88000 msg->flags=00000000 now_ms=687261519 req->analyse_exp=687261519 (0) I will test the second patch asap 2014-05-23 11:50 GMT+02:00 Baptiste <[email protected]>: > Well, your log lines says that the response was generated because the > timeout client has expired... > Last suggestion for now would to apply the patch porposed by Willy and > reported by Lukas. > > Bapitste > > On Fri, May 23, 2014 at 9:47 AM, Kevin Maziere <[email protected]> > wrote: > > Hi > > > > Thanks for your reply. > > After reading the doc of the option this option is usefull but I'm not > sur > > for my case. > > I fact the 408 are received immediatly, with no delay or timeout when > > browsing the website. > > I indeed with the option still 408 errors > > > > Maybe any other ideas ? > > > > > > 2014-05-22 19:29 GMT+02:00 Baptiste <[email protected]>: > > > >> On Thu, May 22, 2014 at 6:06 PM, Kevin Maziere <[email protected] > > > >> wrote: > >> > Hi > >> > > >> > I've haproxy that send a lots of "HTTP/1.1 408" error code when Chrome > >> > is > >> > used > >> > None with firefox. > >> > > >> > After few search on google and the mailing list I found some post > >> > regarding > >> > haproxy and preconnect, but I don't find any solution. > >> > > >> > I'm using latest 1.5-dev haproxy release from the ppa: HA-Proxy > version > >> > 1.5-dev25-a339395 2014/05/10 > >> > > >> > I've tested to add option accept-invalid-http-request but still 408, > and > >> > I've quickly removed this option. > >> > > >> > Here is a part of my conf, I maybe have something wrong. > >> > > >> > # Configuration pour haproxy1.5 > >> > global > >> > log 127.0.0.1 local0 > >> > log 127.0.0.1 local1 notice > >> > maxconn 4096 > >> > #debug > >> > #quiet > >> > user haproxy > >> > group haproxy > >> > > >> > defaults > >> > log global > >> > mode http > >> > option httplog > >> > retries 3 > >> > option redispatch > >> > maxconn 2000 > >> > timeout server 2h > >> > timeout connect 15000 > >> > timeout client 15000 > >> > option http-keep-alive > >> > > >> > # Application Frontend > >> > > >> > frontend ipv4-ip1-80 > >> > bind [ipv4]:80 > >> > reqadd X-Forwarded-Proto:\ https > >> > option http-server-close > >> > timeout http-keep-alive 5000 > >> > use_backend ipv4-80 > >> > frontend ipv4-ip1-443 > >> > bind [ipv4]:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > >> > > >> > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > >> > reqadd X-Forwarded-Proto:\ https > >> > option http-server-close > >> > timeout http-keep-alive 5000 > >> > use_backend ipv4-80 > >> > > >> > frontend ipv6-ip1-80 > >> > bind ip1:80 > >> > reqadd X-Forwarded-Proto:\ https > >> > option http-server-close > >> > timeout http-keep-alive 5000 > >> > use_backend ipv6-80 > >> > frontend ipv6i-p1-443 > >> > bind ip1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > >> > > >> > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > >> > reqadd X-Forwarded-Proto:\ https > >> > option http-server-close > >> > timeout http-keep-alive 5000 > >> > use_backend ipv6-80 > >> > > >> > > >> > > >> > # Application Backend > >> > backend ipv4-80 > >> > balance roundrobin > >> > server images-access ip2:80 weight 1 check inter 5000 rise 2 > fall > >> > 5 > >> > > >> > backend ipv6-80 > >> > balance roundrobin > >> > server images-access ip2:80 weight 1 check inter 5000 rise 2 > fall > >> > 5 > >> > > >> > > >> > And here a some logs : > >> > > >> > 2014-05-22T15:38:44+00:00 access haproxy[7762]: clientipv6:59374 > >> > [22/May/2014:15:38:29.146] ipv6-ip1-443~ ipv6-ip1-443/<NOSRV> > >> > -1/-1/-1/-1/15014 408 212 - - cR-- 0/0/0/0/0 0/0 "<BADREQ>" > >> > 2014-05-22T15:47:53+00:00 access haproxy[7762]: clientipv4:49611 > >> > [22/May/2014:15:47:38.768] ipv4-ip1-80 ipv4-ip1-80/<NOSRV> > >> > -1/-1/-1/-1/15001 > >> > 408 212 - - cR-- 2/2/0/0/0 0/0 "<BADREQ>" > >> > > >> > Thansk for your help > >> > > >> > Kévin > >> > >> > >> Hi Kevin, > >> > >> Maybe you could try setup a "timeout http-request" with a lower value > >> than your timeout client. > >> > >> Baptiste > > > > >
