More specifically, should I increase tune.bufsize? It seems that the default value is 16384 in HAProxy and that it could cause header truncation above that value. Am I correct?
Le dim. 10 déc. 2017 à 10:02, Guillaume Lefranc <[email protected]> a écrit : > Hi Willy, > > thanks a lot! I ignored the existence of the show errors command. > That works fine indeed, but I'm not sure what to make of the error: > > [10/Dec/2017:08:56:27.526] backend cgy-web (#4): invalid response > frontend https-in (#3), server web-05 (#5), event #1 > src 124.187.163.95:51542, session #823147, session flags 0x000004ce > HTTP msg state MSG_RQBEFORE(0), msg flags 0x00000000, tx flags 0xa8600000 > HTTP chunk len 0 bytes, HTTP body len 0 bytes > buffer flags 0x80008002, out 0 bytes, total 15360 bytes > pending 15360 bytes, wrapping at 16384, error at position 15360: > 00000 HTTP/1.1 200 OK\r\n > 00017 Server: nginx\r\n > 00032 Date: Sun, 10 Dec 2017 08:56:27 GMT\r\n > 00069 Content-Type: text/html; charset=UTF-8\r\n > 00109 Transfer-Encoding: chunked\r\n > 00137 Connection: close\r\n > 00156 Vary: Accept-Encoding\r\n > .. snip .. > 15308+ secure; httponly\r\n > 15326 X-Frame-Options: sameorigin\r\n > 15355 Conte > > Could it be that the header exceeds the length that is configured in > nginx, and HAProxy gets a truncated header? > > Regards > Guillaume > > 2017-12-10 7:26 GMT+01:00 Willy Tarreau <[email protected]>: > >> Hi, >> >> On Sat, Dec 09, 2017 at 03:58:13PM +0000, Aleksandar Lazic wrote: >> > Hi. >> > >> > ------ Originalnachricht ------ >> > Von: "Guillaume Lefranc" <[email protected]> >> > An: [email protected] >> > Gesendet: 09.12.2017 16:01:07 >> > Betreff: PH error - Capturing all response headers? >> > >> > > We are getting occasional PH errors (Premature abort - Header issue) >> on >> > > requests returned by our nginx backends, so in order to debug the >> issue >> > > I would like to capture all the response headers on the affected URI. >> > > However, according to HAProxy docs, headers can only be captured by >> > > name. Is there a way so I can capture all headers instead of one >> > > specifically? >> > I have searched also for such a feature. >> > I end up to call tcpdump/tshark for this. >> > >> > Maybe you can make a small lua script which prints all header into the >> log. >> >> Well, there's even easier. If you're seeing PH, it means that haproxy >> has blocked a response containing invalid headers. In this case it's >> *always* captured. So you can simply observe this on the CLI using >> "show errors". It will even report the exact position of the first >> invalid character that causes the problem, and the date of the last >> event. >> >> Guillaume, for this you need to have a stats socket with admin level in >> your global section, for example : >> >> global >> stats socket /var/run/haproxy.sock level admin >> >> Then once you've seen one of these issues in the logs, you can issue : >> >> $ echo "show errors" | socat - /var/run/haproxy.sock >> >> It only keeps the last error seen in each direction for each proxy, but >> often that's enough to iteratively fix the problem (thanks to the date >> telling you it hasn't happened in a while). >> >> Willy >> > >
