Am 2019-06-25 19:44, schrieb Lukas Tribus:
Hello Rainer,
[...]
I suggest your try a HEAD request for the haproxy health check instead:
option httpchk HEAD /swagger/ui/index HTTP/1.1\r\nHost:\
app-api.dom.intern\r\nUser-agent:\ LB-Check-API\r\nConnection:\ close
There is no need for the actual HTTP payload to be send to haproxy,
and I don't recall what happens when the response is bigger than
haproxy buffers.
<surprised pikachu>
And now it works!
</surprised pikachu>
Holy moly.
I've never had this problem. Always used GET. Though we also never used
SNI with haproxy.
(You know how you carry stuff over from the past? When I was first
introduced to haproxy, my then co-worker used GET in the healthchecks.
It kind-of stuck.)
I know that once you add SSL to something, things can get very dicey and
the smallest details become relevant.
The problem in this case may also be that the result of the GET is a bit
larger than usual (in most cases, we have dedicated health-check pages
that just return "ok" and nothing else).
Thanks a lot for your help. It was invaluable!
Best Regards
Rainer
