RE: Question regarding increasing requests more than 32kb

Aravind Viswanathan Wed, 15 Apr 2020 00:04:28 -0700

Hi Alek,

Since the mail looked jumbled I did not notice this,


Please can you share the haproxy version and your config. (PFA of the Config 
File)

haproxy -vv

version : 

root@balqhaproxy01:/home/aravindv# haproxy -vv
HA-Proxy version 1.6.3 2015/12/25
Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security 
-Wdate-time -D_FORTIFY_SOURCE=2
  OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.38 2015-11-23
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Regards,
Aravind Viswanathan

-----Original Message-----
From: Aleksandar Lazic <al-hapr...@none.at> 
Sent: Monday, April 13, 2020 4:14 PM
To: Aravind Viswanathan <aravind.viswanat...@efi.com>
Cc: haproxy@formilux.org
Subject: Re: Question regarding increasing requests more than 32kb

Hi.

On 13.04.20 08:18, Aravind Viswanathan wrote:
> Hi Team,
> 
> Good Morning.
> 
> We are using HaProxy as a load balancer in our bitbucket system and 
> Bitbucket is linked to JIRA via Application links.

Please can you share the haproxy version and your config.

haproxy -vv

> Recently we noticed an error in our JIRA log
> 
> 2020-04-01 03:08:23,477 Caesium-1-3 ERROR ServiceRunner     
> [c.a.j.p.devstatus.provider.DefaultDevSummaryPollService] Refresh 
> failure
> 
> com.atlassian.jira.plugin.devstatus.provider.DataProviderRefreshFailure: 
> Data Provider refresh failed with error code 400 and message - HTTP 
> status 400 Bad request]
> 
> and when we checked the same with Atlassian support they said we need 
> to configure request going through HAProxy is allowed as big as 32kb. 
> I thought Increasing the maxconn might solve this but later I 
> understood,
> 
> maxconn
> Sets the maximum per-process number of concurrent connections to <number>.
> 
> Could you please advise how to configure request going through HAProxy 
> is allowed as big as 32kb?

You could take a look to this parameter which describes the correlation between 
tune.bufsize, tune.maxrewrite and maxconn.

https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcbonte.github.io%2Fhaproxy-dconv%2F2.1%2Fconfiguration.html%23tune.bufsize&amp;data=02%7C01%7CAravind.Viswanathan%40efi.com%7C01112b41876642f7c4bc08d7df97a09c%7C3fe4532499b245c397517034bae71475%7C0%7C0%7C637223714645124453&amp;sdata=miZ7S%2FByUOE00tsvHLDzeMNgY1CBRagyQmFKhqYfhgc%3D&amp;reserved=0

> /Regards,/
> 
> /Aravind Viswanathan/
> 
> Confidentiality notice: This message may contain confidential information. 
> It is intended only for the person to whom it is addressed. If you are 
> not that person, you should not use this message. We request that you 
> notify us by replying to this message, and then delete all copies 
> including any contained in your reply. Thank you.

Again a useless text as you send the Mail to a public mailing list.
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FEmail_disclaimer&amp;data=02%7C01%7CAravind.Viswanathan%40efi.com%7C01112b41876642f7c4bc08d7df97a09c%7C3fe4532499b245c397517034bae71475%7C0%7C0%7C637223714645124453&amp;sdata=JoLQJJ6ArmUC7jAT%2BDTMGtHINcnhHVV0QO%2FSW1z%2BVco%3D&amp;reserved=0

Regards
Aleks

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers 
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3
        

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        maxconn 32000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


frontend bitbucket_http_frontend
    bind *:80
    stats enable
    stats refresh 20s
    stats uri /stats
   # bind *:443 ssl crt /etc/ssl/certs/apps_pem_bundled_all.pem ciphers 
RC4-SHA:AES128-SHA:AES256-SHA
     bind *:443 ssl crt /etc/ssl/private/apps.pem
   # bind *:443 ssl crt /etc/haproxy/apps_pem_bundled_all.pem ciphers 
RC4-SHA:AES128-SHA:AES256-SHA
   # bind *:443 ssl crt /etc/haproxy/security/cacerts
    default_backend bitbucket_http_backend

backend bitbucket_http_backend
    mode http
    option httplog
    option httpchk GET /status
    option forwardfor
    option http-server-close
#   appsession BITBUCKETSESSIONID len 52 timeout 1h
    balance roundrobin
    cookie BITBUCKETSESSIONID prefix
    stick-table type string len 52 size 5M expire 30m
    stick store-response set-cookie(BITBUCKETSESSIONID)
    stick on cookie(BITBUCKETSESSIONID)
   # server fclqbit01 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5
    #server fclqbit02 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5
    server balqbit01 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5
    server balqbit02 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5
    # The following "backup" servers are just here to show the startup page 
when all nodes are starting up
    #server fclqbit01 xx.x.xx.xx:7990 backup


#frontend bitbucket_ssh_frontend
 # bind *:7999
 #   default_backend bitbucket_ssh_backend
    #timeout client 15m
    #maxconn 50

#backend bitbucket_ssh_backend
 #   mode tcp
  #  balance roundrobin
   # server fclqbit01 xx.x.xx.xx:7999 check port 7999
    #server fclqbit02 xx.x.xx.xx:7999 check port 7999
    #timeout server 15m

listen admin
    mode http
    bind *:8090
    stats enable
    stats uri /

RE: Question regarding increasing requests more than 32kb

Reply via email to