Hello Martin,
On 1 February 2018 at 17:18, Martin Goldstone <[email protected]> wrote: > Hi, > > We've been using haproxy in docker for quite some time to provide reverse > proxy facilities for many and varied application servers. Typically, we've > always used option http-server-close in the config, except for rare > occasions where we might need http-keep-alive (eg ntlm authentication). We > also have the following in our front end configs: > > compression algo gzip > compression type text/html application/x-javascript text/css > application/javascript text/javascript text/plain text/xml application/json > application/vnd.ms-fontobject application/x-font-opentype > application/x-font-truetype application/x-font-ttf application/xml font/eot > font/opentype font/otf image/svg+xml image/vnd.microsoft.icon > > These have been working fine up to and including the most recent release of > 1.7. We've recently began re-engineering our reverse proxy set up, and as > part of this we want to move to 1.8. However, we've discovered that some > resources requested by web pages (mainly javascript and css) don't load > properly when using haproxy 1.8 with these options. Basically, the page > doesn't display and the developer toolbar in Chrome gives an error of > net::ERR_INCOMPLETE_CHUNKED_ENCODING or net::ERR_INVALID_CHUNKED_ENCODING > against the resources that failed to load in the network pane. I haven't > been able to determine yet why this doesn't apply to every resource the page > attempts to load, but in this case out of 20 javascript and css files, 5 > fail to load. > > [...] > Can anyone offer any advice? Ok, so this is clearly a bug that has to be fixed. > We've noticed that the problem goes away when using option http-keep-alive > and option http-pretend-keepalive, but as the documentation suggests that > http-server-close is the preferred option, we'd prefer to stick with that. Yeah, that comment in the documentation stems from the introduction of keepalive support 8 years ago (commit 16bfb021 "MINOR: config: add option http-keep-alive"), I think it should be removed now. We made http-keep-alive the default mode 4 years ago (commit 70dffdaa "MAJOR: http: switch to keep-alive mode by default") and everyone is using it nowadays, which is why you are seeing this unfixed bug in those old close modes as opposed to http-keep-alive. Really http-keep-alive is what you should use in haproxy 1.8 (and 1.7), as it gets all the testing (filters, compression, HTTP/2) and everyone is using that (default) mode. Keep-alive is safe as it does not reuse session between different sessions by default: http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-http-reuse If there is agreement (Willy?) I can send a doc patch removing that paragraph. Regards, Lukas
