Le 14/02/2017 à 22:20, Birdwell, Rob a écrit :
Thanks for the quick reply Cyril!
You’re correct on both counts; this is a test config & the large timeout will
definitely not be kept. For the http-server-close, that was a mistake on my part;
thank you for noticing that. I’ve tried the configuration both ways (as far as
http-send-name-header) & receive the same result. Happy to try any additional
suggestions you can provide. (BTW, I just tried removing the http-send-name-header
which gave the same results).
Are you really sure you're making the same request on the application
side (access logs should give you a hint) ?
What happens with a curl request on
/api/account/61447612/data/request.json?v=1 through haproxy ? (to
reproduce the ProxyPass directives in apache). Something like :
curl -i --header "Accept:application/json" --header
"Content-Type:application/json" --header "Authorization:<appname>
appKey=<key>" -X POST
https://<frontend_url>/api/account/61447612/data/request.json?v=1
--verbose --data "{\"data\": { \"data\": \"data\", \"maxWaitTime\":
60000 } }" --cacert /etc/haproxy/ssl/<frontend>.pem
On 2/14/17, 1:58 PM, "Cyril Bonté" <[email protected]> wrote:
Hi Rob,
Le 14/02/2017 à 20:23, Birdwell, Rob a écrit :
> Hello,
>
> I was curious if someone would be able to assist with return codes from
HAProxy. Currently, we are able to receive a 201 for a reverse proxy solution from
Apache HTTP, but when utilzing HAProxy, only a 200 is received utilizing an identical
cURL command. The current HAProxy/Apache HTTP & cURL outputs I have are below:
>
> HAProxy configuration:
>
> global
>
> log 127.0.0.1 local2 debug
>
> chroot /var/lib/haproxy
> pidfile /var/run/haproxy.pid
> maxconn 100000
> group root
> daemon
> tune.ssl.default-dh-param 2048
>
> stats socket /var/lib/haproxy/stats
>
>
> defaults
> mode http
> log global
> option httplog
> option log-separate-errors
> option dontlognull
> option http-keep-alive
> option dontlog-normal
> option http-server-close
Not related to your issue but you have to make a choice : use
"http-server-close" or "http-keep-alive", but not both.
> option redispatch
> option contstats
> option forwardfor
> timeout http-request 45s
> timeout queue 45s
> timeout connect 45s
> timeout client 45s
> timeout server 45s
> timeout http-keep-alive 45s
> timeout check 45s
Those timeouts should be better tuned.
> http-send-name-header host
Here, there's something that can be related to what you observe.
Are you really sure you want to set a "Host" header on the request
between haproxy and your backend server ? Note that it also appears in
www-backend below.
> maxconn 50000
>
> listen globalstats
> mode http
> bind *:1936
> stats enable
> stats show-desc HAProxy for <frontend_url>
> stats uri /stats
> stats show-legends
> stats show-node
> stats refresh 5s
>
> frontend www-http
> bind *:80
> reqadd X-Forwarded-Proto:\ http
> default_backend www-backend
>
> frontend www-frontend
> bind *:443 ssl crt /etc/haproxy/ssl/<frontend>.pem
> mode http
> reqadd X-Forwarded-Proto:\ https
> default_backend www-backend
>
> backend www-backend
> redirect scheme https if !{ ssl_fc }
> http-send-name-header host
Same observation here, I'd recommend to make some tests without those
"http-send-name-header host".
> server lp <backend app>:80 check
>
> Apache config:
>
> NameVirtualHost *:80
> <VirtualHost *:80>
> ServerName <frontend_url>
>
> Redirect / https://<backend_app>/api/account/61447612/
>
>
> </VirtualHost>
>
> NameVirtualHost *:443
> <VirtualHost *:443>
> ServerName <frontend_url>
> LogLevel debug
> CustomLog /etc/httpd/logs/ssl_access_log frontoffice
> ErrorLog /etc/httpd/logs/ssl_access_log
>
> LimitRequestLine 1000000
> LimitRequestFieldSize 1000000
>
> SSLEngine On
> SSLProxyEngine On
>
> SSLProxyCheckPeerCN off
> SSLProxyCheckPeerExpire off
>
> AllowEncodedSlashes On
> ProxyPreserveHost On
>
>
> SSLCertificateFile /etc/httpd/ssl/<frontend_url>.pem
> SSLCertificateChainFile /etc/httpd/ssl/<frontend_url>.pem
>
> RewriteEngine On
>
> ProxyPass /
https://<backend_app>/api/account/61447612/ retry=2 acquire=3000 timeout=600
Keepalive=On
> ProxyPassReverse https://<frontend_url>/
https://<backend_app>/api/account/61447612/
> ProxyPassReverseCookiePath https://<backend_app>/api/account/61447612/
https://<frontend_url>/
>
> </VirtualHost>
>
>
>
>
> Curl command is as follows:
>
> curl -i --header "Accept:application/json" --header "Content-Type:application/json" --header "Authorization:<appname> appKey=<key>" -X
POST https://<frontend_url>/data/request.json?v=1 --verbose --data "{\"data\": { \"data\": \"data\", \"maxWaitTime\": 60000 } }"
--cacert /etc/haproxy/ssl/<frontend>.pem
>
>
>
> Curl output from HAProxy:
>
>
> …
>
>> POST /data/request.json?v=1 HTTP/1.1
>> Host: <frontend_app>
>> User-Agent: curl/7.47.1
>> Accept:application/json
>> Content-Type:application/json
>> Authorization:<appname> appKey=<key>
>> Content-Length: 65
>>
> * upload completely sent off: 65 out of 65 bytes
> < HTTP/1.1 200 OK
> < Server: WS
> < P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
> < Date: Tue, 14 Feb 2017 07:49:09 GMT
> < Content-Length: 0
No "Location" header in the response, compared to what a direct request
to the backend server sends. I guess this is not the attended behaviour.
>
>
> Curl output from Apache HTTP:
>
>> POST /data/request.json?v=1 HTTP/1.1
>> Host: <frontend_app>
>> User-Agent: curl/7.47.1
>> Accept:application/json
>> Content-Type:application/json
>> Authorization:LivePerson appKey=<key>
>> Content-Length: 65
>>
> * upload completely sent off: 65 out of 65 bytes
> < HTTP/1.1 201 Created
> < Date: Tue, 14 Feb 2017 19:15:23 GMT
> < Server: WS
> < Content-Length: 0
> < Content-Type: application/json
> < Location: https://<fronend_app>/api/<data>/<data>/data/<key>
> < P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
> < Connection: close
>
> Perhaps I need to configure HAProxy differently? I have searched the
forums and the web, but do not believe I specifically understand what is required
in order to receive this code from the remote system as I do from Apache HTTP. Is
this because HAProxy is configured only to return a 200 for any successful
connection? Please advise and thank you very much for a wonderful product!
No, haproxy will send the same status code as the backend.
>
> Rob
> 970.344.5170
>
--
Cyril Bonté
--
Cyril Bonté
