I was testing haproxy -> uwsgi(alert.io) and noticed a possible regression
with healthchecks(httpchk).
With 1.9.9 uwsgi logs:
[uwsgi-http key: host.name.fi client_addr: client_port: 45715] 
hr_read(): Connection reset by peer [plugins/http/http.c line 917]

health checks work
(option httpchk GET /_ HTTP/1.1\r\nHost:\ host.name.fi\r\nUser-Agent:\ haproxy)
but uwsgi logs the hr_read() warning/error.

I bisected 1.9.9 and this commit is probably the commit that changes
behaviour between 1.9.8 and 1.9.9:
5d0cb90eb78f869e8801b34eddfdfd5dd8360e71 is the first bad commit
commit 5d0cb90eb78f869e8801b34eddfdfd5dd8360e71
Author: Olivier Houchard <ohouch...@haproxy.com>
Date:   Fri Jun 14 15:26:06 2019 +0200

    BUG/MEDIUM: connections: Don't call shutdown() if we want to disable linger.

    In conn_sock_shutw(), avoid calling shutdown() if linger_risk is set. Not
    doing so will result in getting sockets in TIME_WAIT for some time.
    This is particularly observable with health checks.

    This should be backported to 1.9.

    (cherry picked from commit fe4abe62c7c5206dff1802f42d17014e198b9141)
    Signed-off-by: Christopher Faulet <cfau...@haproxy.com>

Also 1.9.11, 2.0.7 and 2.1-dev2 has the same problem with uwsgi hr_read().
If I revert commits 6c7e96a3e1abb331e414d1aabb45d9fedb0254c2 and
fe4abe62c7c5206dff1802f42d17014e198b9141 from 2.1-dev2 then the uwsgi hr_read()

If this seems worth digging into I can get packet captures or strace.
(I'm testing this is on rhel8 vm with 4.18.0-80.11.1.el8_0.x86_64 kernel).

This is fairly minimal config for testing:
frontend FE_alerta
        bind ipv4@:8443 name alertav4ssl ssl crt /etc/haproxy/ssl/crtname.pem 
alpn h2,http/1.1

        mode    http
        option  dontlognull
        option  http-ignore-probes  # ignore "pre-connect" requests
        timeout http-request    8s

        capture request header Host len 40

        option contstats
        option forwardfor       except

        # remove incoming X-Forwarded-For headers
        http-request set-header X-Forwarded-Proto https

        default_backend BE_alertaapi

# Alerta uwsgi backend
backend BE_alertaapi
        option httpchk GET /_ HTTP/1.1\r\nHost:\ demo3.uef.fi\r\nUser-Agent:\ 
        http-check expect string OK
        http-check disable-on-404

        retries         2
        option          redispatch
        option          prefer-last-server
        balance         roundrobin

        timeout connect         4500ms
        timeout server          30s
        timeout queue           4s
        timeout check           5s

        # uwsgi alerta app expects /alerts (not /api/alerts), strip /api
        #http-request replace-uri ^/api/?(.*) /\1

                # inter fast for uwsgi hr_read() testing
        default-server inter 6s downinter 25s rise 2
        server alertaapi1 id 1 check


Jarno Huuskonen

Reply via email to