Hi, Pinging this thread incase if this an actual error/bug and not a configuration error. (current 2.0-dev1-8dca19-40 2019/03/01 sends 400 error to client when http/2 is used).
-Jarno On Sat, Feb 02, Jarno Huuskonen wrote: > (This is kind of related to this thread: > https://www.mail-archive.com/haproxy@formilux.org/msg32255.html). > > I'm seeing different behaviour between http1.1 / http2 when chaining > two frontends with mode http and the last frontend closes > connection with http-request reject (or tcp-request content reject). > > When client uses http/1.1 then client receives 502 error (I think > this is expected because the "server" for the first frontend just closes > connection). > > But when client uses http/2 then client will receive error 400. > (Tested with latest 2.0dev (2.0-dev0-32211a-258)). > I'm not sure if this is a bug, but at least seems to be different behaviour > between http/1.1 and http/2. (option http-use-htx doesn't seem to make > difference). > > The attached varnishtest should explain what I mean. I put some debug > printf output to proto_htx and with http/2 the status 400 comes > from /* 3: client abort with an abortonclose */ > (proto_htx.c line 1535, s->req.flags 0x9c42020). > > With http/1.1 status 502 comes from /* 4: close from server, capture > the response if the server has started to respond */ > (proto_htx.c line 1559, s->req.flags 0x9842000). > (If I interpret s->req.flags correctly then http/2 has > CF_READ_DONTWAIT and CF_SHUTR set and http/1.1 doesn't). > > -Jarno > > varnishtest "h2 chaining 400 error" > #REQUIRE_VERSION=1.9 > feature ignore_unknown_macro > > haproxy h1 -conf { > defaults > mode http > ${no-htx} option http-use-htx > timeout connect 1s > timeout client 1s > timeout server 1s > > listen HTTP_in > bind "fd@${HTTP_in}" > server tmpserver abns@proc1 send-proxy-v2 > > listen HTTP2_in > bind "fd@${HTTP2_in}" proto h2 > server tmpserver abns@proc1 send-proxy-v2 > > frontend fe > bind abns@proc1 accept-proxy > http-request reject if TRUE > default_backend be > > backend be > server s1 ${s1_addr}:${s1_port} > > } -start > > client c1h1 -connect ${h1_HTTP_in_sock} { > txreq > rxresp > expect resp.status == 502 > } -run > > client c1h2 -connect ${h1_HTTP2_in_sock} { > txpri > stream 0 { > txsettings > rxsettings > txsettings -ack > rxsettings > expect settings.ack == true > } -run > stream 1 { > # warning: -req, -scheme, -url MUST be placed first otherwise > # the H2 protocol is invalid since they are pseudo-headers > txreq \ > -req GET \ > -scheme "https" \ > -url /path/to/file.ext > > rxhdrs > expect resp.status == 502 > #rxdata -all > } -run > } -run > -- Jarno Huuskonen