On Thu, Sep 18, 2014 at 10:50 AM, Rainer Duffner <rai...@ultra-secure.de> wrote: > Hi, > > I've configured nginx+haproxy in front of a couple of IIS servers. > NGINX terminates SSL. > > configuration is as following: > > global > log /var/run/log local5 > log /var/run/log local1 notice > #log loghost local0 info > maxconn 4096 > #debug > #quiet > user www > group www > daemon > > defaults > log global > mode http > retries 2 > timeout client 50s > timeout connect 5s > timeout server 50s > option dontlognull > option forwardfor > option httplog > option redispatch > balance leastconn > http-check expect string server_up > http-check disable-on-404 > default-server minconn 50 maxconn 100 > > # Set up application listeners here. > > frontend app-main-prod > mode http > bind 0.0.0.0:8000 > maxconn 2000 > default_backend app-main-prod-back > > frontend app-import > mode http > bind 0.0.0.0:8001 > maxconn 2000 > default_backend app-import-back > > frontend app-images > mode http > bind 0.0.0.0:8002 > maxconn 2000 > default_backend app-images-back > > > backend app-main-prod-back > balance leastconn > fullconn 2000 > mode http > option httpchk GET /healthcheck.aspx HTTP/1.1\r\nHost:\ > www.app.ch\r\nConnection:\ close cookie SERVERID insert indirect nocache > server appsrv-one 192.168.69.17:80 weight 1 maxconn 1000 check > cookie s1 server appsrv-two 192.168.69.18:80 weight 1 maxconn 1000 > check cookie s2 > > backend app-import-back > balance leastconn > fullconn 2000 > mode http > #option httpchk GET /healthcheck.aspx HTTP/1.1\r\nHost:\ > import.app.ch\r\nConnection:\ close server appsrv-import-one > 192.168.69.32:80 weight 1 maxconn 1000 check #server appsrv-import-two > 192.168.69.33:80 weight 1 maxconn 1000 check > > backend app-images-back > balance leastconn > fullconn 2000 > mode http > option httpchk GET /healthcheck.aspx HTTP/1.1\r\nHost:\ > images.app.ch\r\nConnection:\ close server appsrv-images-one > 192.168.69.41:80 weight 1 maxconn 1000 check #server appsrv-images-two > 192.168.69.42:80 weight 1 maxconn 1000 check > > > listen admin 0.0.0.0:22002 > mode http > stats uri / > > > > What happens is that it will mostly work, but in wireshark, I see a lot > of RST being sent from the haproxy-server to the backend IIS-servers. > This doesn't make sense and is probably the reason I see so many 50x in > the logs and why occasionally gateway-errors are being shown to users > because nginx can't find any live servers... > > Can anyone see any obvious error in the config? > >
Hi Rainer, HAProxy uses RST to close connections on the server side to allow fast reuse of the source port. So this behavior is expected and normal. That said, 50x errors are not normal... Can you tell us who is generating thoses errors? Can you share your HAProxy logs showing these errors? Baptiste
