Hi Rob,
Le 14/02/2017 à 20:23, Birdwell, Rob a écrit :
Hello,
I was curious if someone would be able to assist with return codes from HAProxy.
Currently, we are able to receive a 201 for a reverse proxy solution from Apache
HTTP, but when utilzing HAProxy, only a 200 is received utilizing an identical cURL
command. The current HAProxy/Apache HTTP & cURL outputs I have are below:
HAProxy configuration:
global
log 127.0.0.1 local2 debug
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 100000
group root
daemon
tune.ssl.default-dh-param 2048
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option log-separate-errors
option dontlognull
option http-keep-alive
option dontlog-normal
option http-server-close
Not related to your issue but you have to make a choice : use
"http-server-close" or "http-keep-alive", but not both.
option redispatch
option contstats
option forwardfor
timeout http-request 45s
timeout queue 45s
timeout connect 45s
timeout client 45s
timeout server 45s
timeout http-keep-alive 45s
timeout check 45s
Those timeouts should be better tuned.
http-send-name-header host
Here, there's something that can be related to what you observe.
Are you really sure you want to set a "Host" header on the request
between haproxy and your backend server ? Note that it also appears in
www-backend below.
maxconn 50000
listen globalstats
mode http
bind *:1936
stats enable
stats show-desc HAProxy for <frontend_url>
stats uri /stats
stats show-legends
stats show-node
stats refresh 5s
frontend www-http
bind *:80
reqadd X-Forwarded-Proto:\ http
default_backend www-backend
frontend www-frontend
bind *:443 ssl crt /etc/haproxy/ssl/<frontend>.pem
mode http
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
http-send-name-header host
Same observation here, I'd recommend to make some tests without those
"http-send-name-header host".
server lp <backend app>:80 check
Apache config:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName <frontend_url>
Redirect / https://<backend_app>/api/account/61447612/
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName <frontend_url>
LogLevel debug
CustomLog /etc/httpd/logs/ssl_access_log frontoffice
ErrorLog /etc/httpd/logs/ssl_access_log
LimitRequestLine 1000000
LimitRequestFieldSize 1000000
SSLEngine On
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
AllowEncodedSlashes On
ProxyPreserveHost On
SSLCertificateFile /etc/httpd/ssl/<frontend_url>.pem
SSLCertificateChainFile /etc/httpd/ssl/<frontend_url>.pem
RewriteEngine On
ProxyPass / https://<backend_app>/api/account/61447612/
retry=2 acquire=3000 timeout=600 Keepalive=On
ProxyPassReverse https://<frontend_url>/
https://<backend_app>/api/account/61447612/
ProxyPassReverseCookiePath https://<backend_app>/api/account/61447612/
https://<frontend_url>/
</VirtualHost>
Curl command is as follows:
curl -i --header "Accept:application/json" --header "Content-Type:application/json" --header "Authorization:<appname> appKey=<key>" -X POST
https://<frontend_url>/data/request.json?v=1 --verbose --data "{\"data\": { \"data\": \"data\", \"maxWaitTime\": 60000 } }"
--cacert /etc/haproxy/ssl/<frontend>.pem
Curl output from HAProxy:
…
POST /data/request.json?v=1 HTTP/1.1
Host: <frontend_app>
User-Agent: curl/7.47.1
Accept:application/json
Content-Type:application/json
Authorization:<appname> appKey=<key>
Content-Length: 65
* upload completely sent off: 65 out of 65 bytes
< HTTP/1.1 200 OK
< Server: WS
< P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
< Date: Tue, 14 Feb 2017 07:49:09 GMT
< Content-Length: 0
No "Location" header in the response, compared to what a direct request
to the backend server sends. I guess this is not the attended behaviour.
Curl output from Apache HTTP:
POST /data/request.json?v=1 HTTP/1.1
Host: <frontend_app>
User-Agent: curl/7.47.1
Accept:application/json
Content-Type:application/json
Authorization:LivePerson appKey=<key>
Content-Length: 65
* upload completely sent off: 65 out of 65 bytes
< HTTP/1.1 201 Created
< Date: Tue, 14 Feb 2017 19:15:23 GMT
< Server: WS
< Content-Length: 0
< Content-Type: application/json
< Location: https://<fronend_app>/api/<data>/<data>/data/<key>
< P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
< Connection: close
Perhaps I need to configure HAProxy differently? I have searched the forums and
the web, but do not believe I specifically understand what is required in order
to receive this code from the remote system as I do from Apache HTTP. Is this
because HAProxy is configured only to return a 200 for any successful
connection? Please advise and thank you very much for a wonderful product!
No, haproxy will send the same status code as the backend.
Rob
970.344.5170
--
Cyril Bonté
