On Wed, Jun 4, 2014 at 6:05 PM, Kevin Maziere <ke...@kbrwadventure.com> wrote: > > > > 2014-06-04 17:10 GMT+02:00 Nenad Merdanovic <ni...@nimzo.info>: >> >> Hello Kevin, >> >> On 06/04/2014 05:05 PM, Willy Tarreau wrote: >> > On Wed, Jun 04, 2014 at 04:49:53PM +0200, Kevin Maziere wrote: >> >>> Anyway, from the various reports we get, it seems like sending an >> >>> empty >> >>> 408 message is enough to workaround this abnormal Chrome behaviour. >> >>> For >> >>> this you can proceed like this : >> >>> >> >>> errorfile 408 /dev/null >> >>> >> >>> After days of tests it appears that 408 error page are still appening, >> >>> but >> >> less frequently. >> >> I don't know how but I can see them on my logs and on my browser. >> > >> > In the logs it's perfectly normal as haproxy reports what has been done, >> > but in the browser, it's really not possible since the error message was >> > replaced with the contents of /dev/null. What might happen is either >> > that >> > some requests go to another haproxy or another server which still emits >> > the error, or that such errors were abusively cached by the client which >> > reports them on closed connection. >> > >> > Regards, >> > Willy >> > >> > >> >> Can you post your latest configuration? >> Here is my conf : > > > # Configuration for haproxy1.5 > > global > log 127.0.0.1 local0 > log 127.0.0.1 local1 notice > maxconn 15000 > > #debug > #quiet > user haproxy > group haproxy > > defaults > log global > mode http > option httplog > #option dontlognull > retries 5 > option redispatch > maxconn 15000 > option forwardfor > timeout server 30m > timeout connect 5s > timeout client 10s > timeout http-keep-alive 5s > timeout http-request 8s > > # Application Frontend > > frontend ipv4-127.0.0.1-80 > bind 172.16.0.1:80 > redirect scheme https code 301 if !{ ssl_fc } > > frontend ipv4-127.0.0.1-443 > bind 172.16.0.1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains > > reqadd X-Forwarded-Proto:\ https > option http-server-close > default_backend ipv4-80 > > > frontend ipv4-172_16_0_126-80 > bind 172.16.0.126:80 > redirect scheme https code 301 if !{ ssl_fc } > > frontend ipv4-172_16_0_126-443 > bind 172.16.0.126:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains > > reqadd X-Forwarded-Proto:\ https > option http-server-close > default_backend ipv4-80 > > > frontend ipv6-2000_00_00_00-80 > bind 2000:00:00::0:80 > redirect scheme https code 301 if !{ ssl_fc } > > frontend ipv6-2000_00_00_00-443 > bind 2000:00:00::0:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains > > reqadd X-Forwarded-Proto:\ https > option http-server-close > default_backend ipv6-80 > > > frontend ipv6-2000_11_11_11-80 > bind 2000:11:11::1:80 > redirect scheme https code 301 if !{ ssl_fc } > > frontend ipv6-2000_11_11_11-443 > bind 2000:11:11::1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH > rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains > > reqadd X-Forwarded-Proto:\ https > option http-server-close > default_backend ipv6-80 > > > > > > # Application Backend > backend ipv4-80 > balance roundrobin > server pubwebsite01 172.16.0.116:80 weight 1 check inter 5000 rise 2 > fall 5 > server pubwebsite02 172.16.0.123:80 weight 1 check inter 5000 rise 2 > fall 5 > > backend ipv6-80 > balance roundrobin > server pubwebsite01 2000:22:22::22:80 weight 1 check inter 5000 rise 2 > fall 5 > server pubwebsite02 2000:22:22::23:80 weight 1 check inter 5000 rise 2 > fall 5 > > > > listen admin 172.16.0.126:1234 > mode http > stats uri / > > # For Chrome : https://code.google.com/p/chromium/issues/detail?id=85229#c33 > and ML haproxy > errorfile 408 /dev/null > >> >> Regards, >> -- >> Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info >> Linkedin: http://www.linkedin.com/in/nenadmerdanovic > >
Kevin, You should add this directive in your defaults section: errorfile 408 /dev/null Cause in your current configuration it applies to your stats page only! Baptiste