Thanks for the quick reply Cyril! You’re correct on both counts; this is a test config & the large timeout will definitely not be kept. For the http-server-close, that was a mistake on my part; thank you for noticing that. I’ve tried the configuration both ways (as far as http-send-name-header) & receive the same result. Happy to try any additional suggestions you can provide. (BTW, I just tried removing the http-send-name-header which gave the same results).
On 2/14/17, 1:58 PM, "Cyril Bonté" <[email protected]> wrote: Hi Rob, Le 14/02/2017 à 20:23, Birdwell, Rob a écrit : > Hello, > > I was curious if someone would be able to assist with return codes from HAProxy. Currently, we are able to receive a 201 for a reverse proxy solution from Apache HTTP, but when utilzing HAProxy, only a 200 is received utilizing an identical cURL command. The current HAProxy/Apache HTTP & cURL outputs I have are below: > > HAProxy configuration: > > global > > log 127.0.0.1 local2 debug > > chroot /var/lib/haproxy > pidfile /var/run/haproxy.pid > maxconn 100000 > group root > daemon > tune.ssl.default-dh-param 2048 > > stats socket /var/lib/haproxy/stats > > > defaults > mode http > log global > option httplog > option log-separate-errors > option dontlognull > option http-keep-alive > option dontlog-normal > option http-server-close Not related to your issue but you have to make a choice : use "http-server-close" or "http-keep-alive", but not both. > option redispatch > option contstats > option forwardfor > timeout http-request 45s > timeout queue 45s > timeout connect 45s > timeout client 45s > timeout server 45s > timeout http-keep-alive 45s > timeout check 45s Those timeouts should be better tuned. > http-send-name-header host Here, there's something that can be related to what you observe. Are you really sure you want to set a "Host" header on the request between haproxy and your backend server ? Note that it also appears in www-backend below. > maxconn 50000 > > listen globalstats > mode http > bind *:1936 > stats enable > stats show-desc HAProxy for <frontend_url> > stats uri /stats > stats show-legends > stats show-node > stats refresh 5s > > frontend www-http > bind *:80 > reqadd X-Forwarded-Proto:\ http > default_backend www-backend > > frontend www-frontend > bind *:443 ssl crt /etc/haproxy/ssl/<frontend>.pem > mode http > reqadd X-Forwarded-Proto:\ https > default_backend www-backend > > backend www-backend > redirect scheme https if !{ ssl_fc } > http-send-name-header host Same observation here, I'd recommend to make some tests without those "http-send-name-header host". > server lp <backend app>:80 check > > Apache config: > > NameVirtualHost *:80 > <VirtualHost *:80> > ServerName <frontend_url> > > Redirect / https://<backend_app>/api/account/61447612/ > > > </VirtualHost> > > NameVirtualHost *:443 > <VirtualHost *:443> > ServerName <frontend_url> > LogLevel debug > CustomLog /etc/httpd/logs/ssl_access_log frontoffice > ErrorLog /etc/httpd/logs/ssl_access_log > > LimitRequestLine 1000000 > LimitRequestFieldSize 1000000 > > SSLEngine On > SSLProxyEngine On > > SSLProxyCheckPeerCN off > SSLProxyCheckPeerExpire off > > AllowEncodedSlashes On > ProxyPreserveHost On > > > SSLCertificateFile /etc/httpd/ssl/<frontend_url>.pem > SSLCertificateChainFile /etc/httpd/ssl/<frontend_url>.pem > > RewriteEngine On > > ProxyPass / https://<backend_app>/api/account/61447612/ retry=2 acquire=3000 timeout=600 Keepalive=On > ProxyPassReverse https://<frontend_url>/ https://<backend_app>/api/account/61447612/ > ProxyPassReverseCookiePath https://<backend_app>/api/account/61447612/ https://<frontend_url>/ > > </VirtualHost> > > > > > Curl command is as follows: > > curl -i --header "Accept:application/json" --header "Content-Type:application/json" --header "Authorization:<appname> appKey=<key>" -X POST https://<frontend_url>/data/request.json?v=1 --verbose --data "{\"data\": { \"data\": \"data\", \"maxWaitTime\": 60000 } }" --cacert /etc/haproxy/ssl/<frontend>.pem > > > > Curl output from HAProxy: > > > … > >> POST /data/request.json?v=1 HTTP/1.1 >> Host: <frontend_app> >> User-Agent: curl/7.47.1 >> Accept:application/json >> Content-Type:application/json >> Authorization:<appname> appKey=<key> >> Content-Length: 65 >> > * upload completely sent off: 65 out of 65 bytes > < HTTP/1.1 200 OK > < Server: WS > < P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM" > < Date: Tue, 14 Feb 2017 07:49:09 GMT > < Content-Length: 0 No "Location" header in the response, compared to what a direct request to the backend server sends. I guess this is not the attended behaviour. > > > Curl output from Apache HTTP: > >> POST /data/request.json?v=1 HTTP/1.1 >> Host: <frontend_app> >> User-Agent: curl/7.47.1 >> Accept:application/json >> Content-Type:application/json >> Authorization:LivePerson appKey=<key> >> Content-Length: 65 >> > * upload completely sent off: 65 out of 65 bytes > < HTTP/1.1 201 Created > < Date: Tue, 14 Feb 2017 19:15:23 GMT > < Server: WS > < Content-Length: 0 > < Content-Type: application/json > < Location: https://<fronend_app>/api/<data>/<data>/data/<key> > < P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM" > < Connection: close > > Perhaps I need to configure HAProxy differently? I have searched the forums and the web, but do not believe I specifically understand what is required in order to receive this code from the remote system as I do from Apache HTTP. Is this because HAProxy is configured only to return a 200 for any successful connection? Please advise and thank you very much for a wonderful product! No, haproxy will send the same status code as the backend. > > Rob > 970.344.5170 > -- Cyril Bonté
