On 10/21/2014 03:59 PM, Cyril Bonté wrote:
Hi Colin,
Le 21/10/2014 22:05, Colin Ingarfield a écrit :
Hello,
Please help me understand this output in the haproxy log file:
Oct 21 14:53:17 host haproxy[4526]: 206.x.x.x:56480
[21/Oct/2014:14:53:16.560] http-in~ servers/server1 60/0/0/527/587 200
243 - - LRVN 12/12/1/2/0 0/0 "POST /ctx/cometd/connect HTTP/1.1"
The first two letters of the termination state are confusing me.
"L" indicates the session was processed by haproxy and not sent to a
server
"R" proxy was waiting for a complete request from the client
It also shows a status code of 200.
What circumstances could cause this? I'm testing haproxy now and it
(and the 2 servers behind it) are under no real load. So far I have
only observed this with Chrome Version 38.0.2125.104 (64-bit) linux. I
do not see any errors in the Chrome Network panel and the application
appears to work correctly.
Any insight greatly appreciated.
From a quick test I made, I think you have some redirect rules in your
haroxy configuration.
And it appears that flags are not reset on a keep-alived connection.
Please check in your logs if a previous request already used port
56480 with a 302 status.
This is maybe a bug, but I won't have time tonight to investigate more.
To reproduce it, I used this minimal configuration :
listen testflag :9000
mode http
option httplog
log /dev/log local7 debug err
http-request redirect location /redirected if { path / }
server s localhost:80
$ curl -L http://localhost:9000/
Oct 21 22:53:40 asus haproxy[11282]: 127.0.0.1:33985
[21/Oct/2014:22:53:40.094] testflag testflag/<NOSRV> 0/-1/-1/-1/0 302
89 - - LR-- 1/1/0/0/3 0/0 "GET / HTTP/1.1"
Oct 21 22:53:40 asus haproxy[11282]: 127.0.0.1:33985
[21/Oct/2014:22:53:40.094] testflag testflag/s 0/0/1/2/3 404 550 - -
LR-- 1/1/0/1/0 0/0 "GET /redirected HTTP/1.1"
Here, the second request inherits LR from the first one.
The same test with curl using HTTP/1.0 :
$ curl -0 -L http://localhost:9000/
Oct 21 22:55:26 asus haproxy[11282]: 127.0.0.1:33997
[21/Oct/2014:22:55:26.272] testflag testflag/<NOSRV> 0/-1/-1/-1/0 302
108 - - LR-- 0/0/0/0/3 0/0 "GET / HTTP/1.0"
Oct 21 22:55:26 asus haproxy[11282]: 127.0.0.1:33999
[21/Oct/2014:22:55:26.272] testflag testflag/s 0/0/0/2/2 404 529 - -
---- 0/0/0/0/0 0/0 "GET /redirected HTTP/1.0"
Here, it's OK.
Thank you for the quick reply.
I searched the log and did not find any request from port 56480 with a
302 status. I do not have any explicit redirect rules in my config, but
perhaps some rules can cause a redirect. I'm quite new to haproxy.
I've attached my cleaned config file. If you could take a look I'd
really appreciate it. And the haproxy version:
$ /usr/local/sbin/haproxy -vv
HA-Proxy version 1.5.4 2014/09/02
Copyright 2000-2014 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_LINUX_SPLICE=1 USE_GETADDRINFO=1 USE_ZLIB=1
USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
$ uname -a
Linux ip-x-x-x-x 3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC
2014 x86_64 x86_64 x86_64 GNU/Linux
Thank you again for looking into this.
-- Colin
global
log /dev/log local0
#log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
# Tuning
# must set to 1024 to suppress a warning. docs say > 1024 not
# supported by many clients (eg java 7)
tune.ssl.default-dh-param 1024
# users (controls access to the haproxy admin page)
userlist users
group admin users user1
group admin_ro users user2
user user1 password XX
user user2 password XX
defaults
log global
mode http
option httplog
option splice-auto
timeout connect 5000
timeout client 90000
timeout server 90000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
bind *:443 ssl crt /etc/haproxy/combined.pem
default_backend servers
option forwardfor
option http-keep-alive
# only allow access to stats page via HTTPS
acl stats_url path_beg /haproxy
acl https_req dst_port eq 443
http-request deny if stats_url !https_req
# block access to the healthcheck url
acl health_url path_beg /ctx/healthcheck
http-request deny if health_url
# we only have one backend
default_backend servers
backend servers
# inter Xs = X seconds between health checks
# fall X = server considered dead after X consecutive failed health checks
(default 3)
default-server inter 15s
balance source
# testing different http 'close' modes
#option http-server-close
option http-keep-alive
# default is to use OPTION / (HTTP 1.0)
#option httpchk
option httpchk GET /ctx/healthcheck
# verify none = don't verify server's ssl cert
# check = perform check, by default on server's port (8443)
# influenced by 'option httpchk' and default-server options
server server1 10.1.1.1:8443 ssl verify none check cookie server1
server server2 10.1.1.2:8443 ssl verify none check cookie server2
cookie JSESSIONID prefix
# enable stats with full control and ro access
stats enable
stats scope .
stats uri /haproxy?stats
acl ADMIN_RO http_auth(users)
acl ADMIN http_auth_group(users) admin
stats http-request auth unless ADMIN_RO
stats admin if ADMIN
# vim: set ft=haproxy
