On Thu, Jun 4, 2015 at 12:21 PM, RAKESH P B <pb.rakes...@gmail.com> wrote:
> Hi All, > > I have a strange situation where requests to my HAProxy are returning with > a 503 error. HAProxy logs shows that a NOSRV error: for POST requests from > application RSET service. > > api-https-in~ api-https-in/<NOSRV> -1/-1/-1/-1/40 503 1237 - - SC-- > 15/0/0/0/0 0/0 "POST /<PATH> HTTP/1.1" > According to the docs the SC connection termination flags mean: SC The server or an equipment between it and haproxy explicitly refused the TCP connection (the proxy received a TCP RST or an ICMP message in return). Under some circumstances, it can also be the network stack telling the proxy that the server is unreachable (eg: no route, or no ARP response on local network). When this happens in HTTP mode, the status code is likely a 502 or 503 here. So if you are confident that you are looking at the same type of requests and in the same time period for both cases you are showing (with and without HAP), then you should turn your attention to the networking side of the things. Make sure nothing is blocking the connections between HAP and the backends (ie can you at least telnet to port 80 from HAP to the backend), confirm that your health check "HEAD /test.jsp HTTP/1.0" really works, confirm your backend understands and actually uses X-Forwarded-Proto header, confirm that your backend has a capacity for 8096 simultaneous connections etc. etc. etc. > > During this time, the backend server was confirmed up and was receiving > traffic for GET requests from web browser and also POST request from REST > client POSTMAN rest client. > > > api-https-in~ <name1>/<name> 669/0/2/4/675 200 513 - - ---- 2/2/0/1/0 0/0 > "GET /<PATH> HTTP/1.1" > > api-https-in~ <name1>/<name> 336/0/1/4/341 415 95 - - ---- 2/2/0/1/0 0/0 > "POST /<PATH> HTTP/1.1" > > > Here is my configuration file > > frontend http-in > bind *:80 > redirect scheme https code 301 if !{ ssl_fc } > maxconn 8096 > > > frontend api-https-in > bind X.X.X.X:443 ssl crt <PATH1> > reqadd X-Forwarded-Proto:\ https > acl host_soap hdr_end(host) -i example.com > use_backend <name1> if host_soap > acl secure dst_port eq 44 > > > > backend <name1> > > mode http > option httpchk HEAD /test.jsp HTTP/1.0 > appsession JSESSIONID len 32 timeout 1800s > server <name> X.X.X.X:80 > -- Igor Cicimov | DevOps p. +61 (0) 433 078 728 e. ig...@encompasscorporation.com <http://encompasscorporation.com/> w*.* encompasscorporation.com a. Level 4, 65 York Street, Sydney 2000