Haproxy timeouts and returns NULL as response

Fri, 30 Aug 2019 05:28:52 -0700 

Hi,

 We have a client-haproxy-server setup like this https://imgur.com/bxV3BA9,
we use apache and jetty httpclient for http1.1 and http2 requests
respectively. Our http request will take 2 secs to 10 mins for processing a
request depends on the request type. Some of the requests returns null as
response(whereas, the request is received and processed succesfully by
server which I can verify via server logs) which triggers
*org.apache.http.MalformedChunkCodingException:
Unexpected content at the end of chunk *on the client side and this problem
is happening with http1.1 requests for a speicifc type of requests, I tried
tweaking timeouts and tried to fix this but its doesnt help me and timeout
does not have a pattern. Each request timeout is having diff timeout values
like 5 secs, 12secs, 27 secs or even 45secs. This error dissapears if I
remove haproxy and connect directly yo server. my config file as follows,

global
    log         127.0.0.1 local2
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon

    tune.ssl.cachesize 200000
    ssl-dh-param-file /etc/haproxy/dhparam.pem

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Obtained from
https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-bind-ciphersuites
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11

    ssl-default-server-ciphers
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    ssl-default-server-ciphersuites
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11

defaults
    log     global
    maxconn 2000
    mode    http
    option  dontlognull
    option httplog
    timeout connect 5000

frontend    https
    timeout client  10m
    timeout http-keep-alive 10m
    timeout http-request 10m

    # add X-FORWARDED-FOR & X-CLIENT-IP (IP forwarding to access logs)
    #http-request add-header X-CLIENT-IP %[src]
    option forwardfor

    bind    *:6060  ssl crt /etc/haproxy/sample-key.pem alpn h2,http/1.1
    default_backend desired_backend

backend     desired_backend
    timeout server  10m
    fullconn 2000
    server http1.1 localhost:5050 check

It wil be great if someone can shed some light on it, TIA

-- 
*With Regards,*
*Santhosh Kumar J*

Reply via email to