This information may also help:
haproxy -vv
HA-Proxy version 1.6.11 2016/12/25
Copyright 2000-2016 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g -fno-strict-aliasing
-Wdeclaration-after-statement
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1k-fips 8 Jan 2015
Running on OpenSSL version : OpenSSL 1.0.1k-fips 8 Jan 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.21 2011-12-12
Running on PCRE version : 8.21 2011-12-12
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
On 2/14/17, 4:10 PM, "Birdwell, Rob" <[email protected]> wrote:
Hi Cyril!
Responses below:
Are you really sure you're making the same request on the application side
(access logs should give you a hint) ?
Positive. I’m making the curl request directly from the Apache HTTP server
& HAProxy server. The details for the HAProxy curl are in the thread way down
below. I can share the exact curl command if it helps you (and as long as the
contents stay between us). Logs from proxy are directly below:
Feb 14 22:52:06 localhost haproxy[22304]: Proxy globalstats started.
Feb 14 22:52:06 localhost haproxy[22304]: Proxy www-http started.
Feb 14 22:52:06 localhost haproxy[22304]: Proxy www-frontend started.
Feb 14 22:52:06 localhost haproxy[22304]: Proxy www-backend started.
Feb 14 22:52:10 localhost haproxy[22305]: 34.195.251.10:30874
[14/Feb/2017:22:52:10.262] www-frontend~ www-backend/lp 67/0/4/6/77 200 158 - -
---- 1/1/0/1/0 0/0 "POST /chat/request.json?v=1 HTTP/1.1"
On 2/14/17, 3:28 PM, "Cyril Bonté" <[email protected]> wrote:
Le 14/02/2017 à 22:20, Birdwell, Rob a écrit :
> Thanks for the quick reply Cyril!
>
> You’re correct on both counts; this is a test config & the large
timeout will definitely not be kept. For the http-server-close, that was a
mistake on my part; thank you for noticing that. I’ve tried the configuration
both ways (as far as http-send-name-header) & receive the same result. Happy
to try any additional suggestions you can provide. (BTW, I just tried removing
the http-send-name-header which gave the same results).
Are you really sure you're making the same request on the application
side (access logs should give you a hint) ?
What happens with a curl request on
/api/account/61447612/data/request.json?v=1 through haproxy ? (to
reproduce the ProxyPass directives in apache). Something like :
curl -i --header "Accept:application/json" --header
"Content-Type:application/json" --header "Authorization:<appname>
appKey=<key>" -X POST
https://<frontend_url>/api/account/61447612/data/request.json?v=1
--verbose --data "{\"data\": { \"data\": \"data\", \"maxWaitTime\":
60000 } }" --cacert /etc/haproxy/ssl/<frontend>.pem
>
> On 2/14/17, 1:58 PM, "Cyril Bonté" <[email protected]> wrote:
>
> Hi Rob,
>
> Le 14/02/2017 à 20:23, Birdwell, Rob a écrit :
> > Hello,
> >
> > I was curious if someone would be able to assist with return
codes from HAProxy. Currently, we are able to receive a 201 for a reverse
proxy solution from Apache HTTP, but when utilzing HAProxy, only a 200 is
received utilizing an identical cURL command. The current HAProxy/Apache HTTP
& cURL outputs I have are below:
> >
> > HAProxy configuration:
> >
> > global
> >
> > log 127.0.0.1 local2 debug
> >
> > chroot /var/lib/haproxy
> > pidfile /var/run/haproxy.pid
> > maxconn 100000
> > group root
> > daemon
> > tune.ssl.default-dh-param 2048
> >
> > stats socket /var/lib/haproxy/stats
> >
> >
> > defaults
> > mode http
> > log global
> > option httplog
> > option log-separate-errors
> > option dontlognull
> > option http-keep-alive
> > option dontlog-normal
> > option http-server-close
>
> Not related to your issue but you have to make a choice : use
> "http-server-close" or "http-keep-alive", but not both.
>
> > option redispatch
> > option contstats
> > option forwardfor
> > timeout http-request 45s
> > timeout queue 45s
> > timeout connect 45s
> > timeout client 45s
> > timeout server 45s
> > timeout http-keep-alive 45s
> > timeout check 45s
>
> Those timeouts should be better tuned.
>
> > http-send-name-header host
>
> Here, there's something that can be related to what you observe.
> Are you really sure you want to set a "Host" header on the request
> between haproxy and your backend server ? Note that it also
appears in
> www-backend below.
>
> > maxconn 50000
> >
> > listen globalstats
> > mode http
> > bind *:1936
> > stats enable
> > stats show-desc HAProxy for <frontend_url>
> > stats uri /stats
> > stats show-legends
> > stats show-node
> > stats refresh 5s
> >
> > frontend www-http
> > bind *:80
> > reqadd X-Forwarded-Proto:\ http
> > default_backend www-backend
> >
> > frontend www-frontend
> > bind *:443 ssl crt /etc/haproxy/ssl/<frontend>.pem
> > mode http
> > reqadd X-Forwarded-Proto:\ https
> > default_backend www-backend
> >
> > backend www-backend
> > redirect scheme https if !{ ssl_fc }
> > http-send-name-header host
>
> Same observation here, I'd recommend to make some tests without
those
> "http-send-name-header host".
>
> > server lp <backend app>:80 check
> >
> > Apache config:
> >
> > NameVirtualHost *:80
> > <VirtualHost *:80>
> > ServerName <frontend_url>
> >
> > Redirect / https://<backend_app>/api/account/61447612/
> >
> >
> > </VirtualHost>
> >
> > NameVirtualHost *:443
> > <VirtualHost *:443>
> > ServerName <frontend_url>
> > LogLevel debug
> > CustomLog /etc/httpd/logs/ssl_access_log frontoffice
> > ErrorLog /etc/httpd/logs/ssl_access_log
> >
> > LimitRequestLine 1000000
> > LimitRequestFieldSize 1000000
> >
> > SSLEngine On
> > SSLProxyEngine On
> >
> > SSLProxyCheckPeerCN off
> > SSLProxyCheckPeerExpire off
> >
> > AllowEncodedSlashes On
> > ProxyPreserveHost On
> >
> >
> > SSLCertificateFile /etc/httpd/ssl/<frontend_url>.pem
> > SSLCertificateChainFile /etc/httpd/ssl/<frontend_url>.pem
> >
> > RewriteEngine On
> >
> > ProxyPass /
https://<backend_app>/api/account/61447612/ retry=2 acquire=3000 timeout=600
Keepalive=On
> > ProxyPassReverse https://<frontend_url>/
https://<backend_app>/api/account/61447612/
> > ProxyPassReverseCookiePath
https://<backend_app>/api/account/61447612/ https://<frontend_url>/
> >
> > </VirtualHost>
> >
> >
> >
> >
> > Curl command is as follows:
> >
> > curl -i --header "Accept:application/json" --header
"Content-Type:application/json" --header "Authorization:<appname> appKey=<key>"
-X POST https://<frontend_url>/data/request.json?v=1 --verbose --data
"{\"data\": { \"data\": \"data\", \"maxWaitTime\": 60000 } }" --cacert
/etc/haproxy/ssl/<frontend>.pem
> >
> >
> >
> > Curl output from HAProxy:
> >
> >
> > …
> >
> >> POST /data/request.json?v=1 HTTP/1.1
> >> Host: <frontend_app>
> >> User-Agent: curl/7.47.1
> >> Accept:application/json
> >> Content-Type:application/json
> >> Authorization:<appname> appKey=<key>
> >> Content-Length: 65
> >>
> > * upload completely sent off: 65 out of 65 bytes
> > < HTTP/1.1 200 OK
> > < Server: WS
> > < P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD
TEL SAM"
> > < Date: Tue, 14 Feb 2017 07:49:09 GMT
> > < Content-Length: 0
>
> No "Location" header in the response, compared to what a direct
request
> to the backend server sends. I guess this is not the attended
behaviour.
>
> >
> >
> > Curl output from Apache HTTP:
> >
> >> POST /data/request.json?v=1 HTTP/1.1
> >> Host: <frontend_app>
> >> User-Agent: curl/7.47.1
> >> Accept:application/json
> >> Content-Type:application/json
> >> Authorization:LivePerson appKey=<key>
> >> Content-Length: 65
> >>
> > * upload completely sent off: 65 out of 65 bytes
> > < HTTP/1.1 201 Created
> > < Date: Tue, 14 Feb 2017 19:15:23 GMT
> > < Server: WS
> > < Content-Length: 0
> > < Content-Type: application/json
> > < Location: https://<fronend_app>/api/<data>/<data>/data/<key>
> > < P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD
TEL SAM"
> > < Connection: close
> >
> > Perhaps I need to configure HAProxy differently? I have
searched the forums and the web, but do not believe I specifically understand
what is required in order to receive this code from the remote system as I do
from Apache HTTP. Is this because HAProxy is configured only to return a 200
for any successful connection? Please advise and thank you very much for a
wonderful product!
>
> No, haproxy will send the same status code as the backend.
>
> >
> > Rob
> > 970.344.5170
> >
>
>
> --
> Cyril Bonté
>
>
--
Cyril Bonté
