Hi Willy,
I'm afraid there's still some issues with HTTP/2 in the current dev branch :-(
This morning, I've upgraded a test server and discovered that some HTTPS sites
did not work anymore (content hangs and is not sent to the client), I've also
noticed some segfaults in haproxy.
As this is a test server that I've used for several years with haproxy, the
configuration begins to be quite ugly, it won't be helpful to provide it in its
current state.
Here is a backtrace of a recent segfault:
#0 si_cs_send (cs=0x0) at src/stream_interface.c:648
#1 0x0000557260d4c6cd in si_cs_io_cb (t=<optimized out>, ctx=<optimized out>,
state=<optimized out>) at src/stream_interface.c:764
#2 0x0000557260d7d237 in process_runnable_tasks () at src/task.c:384
#3 0x0000557260d2bf61 in run_poll_loop () at src/haproxy.c:2386
#4 run_thread_poll_loop (data=<optimized out>) at src/haproxy.c:2451
#5 0x0000557260c869de in main (argc=<optimized out>, argv=0x7fff3770b8d8) at
src/haproxy.c:3053
I could identify that it was easy to reproduce with a grafana server behind
haproxy (loading css/js resources seems to hang).
It seems the issues began with commit d54a8ceb9 MAJOR: start to change buffer
API.
Here is an example of configuration which allows to reproduce the hanging issue
(I could not reproduce the segfault with that one):
defaults http
mode http
timeout connect 5s
timeout client 300s
timeout server 300s
timeout http-request 10s
timeout http-keep-alive 15s
listen http
bind :4080 name http # OK
bind :4443 ssl crt localhost.pem ssl no-sslv3 alpn h2,http/1.1 # FAIL
bind :6443 ssl crt localhost.pem ssl no-sslv3 # OK
bind abns@http accept-proxy
server grafana 127.0.0.1:3000
listen https
bind :8443 ssl crt localhost.pem ssl no-sslv3 alpn h2,http/1.1 # FAIL
http-reuse never
server http abns@http send-proxy
>From the browser, requesting http://localhost:4080/ or
>https://localhost:6443/, it will work.
But once HTTP/2 is used, it hangs : https://localhost:4443/ and
http://localhost:8443/
Some details:
# haproxy -vv
HA-Proxy version 1.9-dev1-7ee465-56 2018/08/19
Copyright 2000-2018 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
-fno-strict-overflow -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.1.0f 25 May 2017
Running on OpenSSL version : OpenSSL 1.1.0f 25 May 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols markes as <default> cannot be specified using 'proto' keyword)
h2 : mode=HTTP side=FE
<default> : mode=TCP|HTTP side=FE|BE
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
I'll try to investigate more tonight,
Cyril
