On 2018-01-17 11:37, Bart Geesink wrote:

On 01/17/2018 10:16 AM, Christopher Faulet wrote:
Le 16/01/2018 à 16:18, Lukas Tribus a écrit :
Hello Christopher,

On 16 January 2018 at 15:01, Bart Geesink <bart.gees...@surfnet.nl>

We have an issue in haproxy > 1.8 on CentOS when using SSL in the server
configuration. Haproxy sometimes logs a http status code "-1" followed
by the termination_state SDxx. This happens every few requests. When
using one backend, the clients don't notice it. When using multiple
backends, this can result in redirecting traffic to the wrong backend
(the proxy inserts a cookie to track which backend is used).

Removing the SSL configuration and using plain http solves the issue, as
does downgrading to version 1.7.
Also see:

Hi Lukas,

Thanks, I will check these 2 issues. First of all, I need to reproduce
them to be sure. This one seems to be a bit different because the status
code is "-1".

It also different since it occurs in both 1.8.1 and 1.8.3

Bart, when you said your backend does not log any problems, it means
that for a request logged with SD termination state on haproxy, you have
a 200 on Apache side ? And what does the response look like from the
client side ? (truncated / good / error ...)

Apache logs a 200. The reponse looks fine from the client side. The only
thing that seems to be missing is the cookie inserted by the proxy for
some requests. Other requests seem not to experience this behaviour.
There is no real pattern: I can happen when a valid proxy cookie is
present, but also when a new browser session is started and a proxy
cookie is not yet present. Downgrading to 1.7 helps, as does using a
http backend without ssl.



I have same issue. It's pretty random as I would say about 60-70% requests are OK, but rest is failing. I compiled all 1.8 versions and was able to isolate this a little bit. It's fine up to 1.8.0-dev3 branch and it's failing since 1.8.0-rc1. The problem is for SSL connections and after digging in my apps logs it looks like it's related to reusing keep alived connections between client and haproxy. By default I have in config "option http-server-close" present and when it's there I can see the problem. When this option is removed - problem is solved.


Reply via email to