Hi Alek, Since the mail looked jumbled I did not notice this,
Please can you share the haproxy version and your config. (PFA of the Config File) haproxy -vv version : root@balqhaproxy01:/home/aravindv# haproxy -vv HA-Proxy version 1.6.3 2015/12/25 Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.8 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016 Running on OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.38 2015-11-23 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with Lua version : Lua 5.3.1 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Regards, Aravind Viswanathan -----Original Message----- From: Aleksandar Lazic <al-hapr...@none.at> Sent: Monday, April 13, 2020 4:14 PM To: Aravind Viswanathan <aravind.viswanat...@efi.com> Cc: haproxy@formilux.org Subject: Re: Question regarding increasing requests more than 32kb Hi. On 13.04.20 08:18, Aravind Viswanathan wrote: > Hi Team, > > Good Morning. > > We are using HaProxy as a load balancer in our bitbucket system and > Bitbucket is linked to JIRA via Application links. Please can you share the haproxy version and your config. haproxy -vv > Recently we noticed an error in our JIRA log > > 2020-04-01 03:08:23,477 Caesium-1-3 ERROR ServiceRunner > [c.a.j.p.devstatus.provider.DefaultDevSummaryPollService] Refresh > failure > > com.atlassian.jira.plugin.devstatus.provider.DataProviderRefreshFailure: > Data Provider refresh failed with error code 400 and message - HTTP > status 400 Bad request] > > and when we checked the same with Atlassian support they said we need > to configure request going through HAProxy is allowed as big as 32kb. > I thought Increasing the maxconn might solve this but later I > understood, > > maxconn > Sets the maximum per-process number of concurrent connections to <number>. > > Could you please advise how to configure request going through HAProxy > is allowed as big as 32kb? You could take a look to this parameter which describes the correlation between tune.bufsize, tune.maxrewrite and maxconn. https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcbonte.github.io%2Fhaproxy-dconv%2F2.1%2Fconfiguration.html%23tune.bufsize&data=02%7C01%7CAravind.Viswanathan%40efi.com%7C01112b41876642f7c4bc08d7df97a09c%7C3fe4532499b245c397517034bae71475%7C0%7C0%7C637223714645124453&sdata=miZ7S%2FByUOE00tsvHLDzeMNgY1CBRagyQmFKhqYfhgc%3D&reserved=0 > /Regards,/ > > /Aravind Viswanathan/ > > Confidentiality notice: This message may contain confidential information. > It is intended only for the person to whom it is addressed. If you are > not that person, you should not use this message. We request that you > notify us by replying to this message, and then delete all copies > including any contained in your reply. Thank you. Again a useless text as you send the Mail to a public mailing list. https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FEmail_disclaimer&data=02%7C01%7CAravind.Viswanathan%40efi.com%7C01112b41876642f7c4bc08d7df97a09c%7C3fe4532499b245c397517034bae71475%7C0%7C0%7C637223714645124453&sdata=JoLQJJ6ArmUC7jAT%2BDTMGtHINcnhHVV0QO%2FSW1z%2BVco%3D&reserved=0 Regards Aleks
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 maxconn 32000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend bitbucket_http_frontend bind *:80 stats enable stats refresh 20s stats uri /stats # bind *:443 ssl crt /etc/ssl/certs/apps_pem_bundled_all.pem ciphers RC4-SHA:AES128-SHA:AES256-SHA bind *:443 ssl crt /etc/ssl/private/apps.pem # bind *:443 ssl crt /etc/haproxy/apps_pem_bundled_all.pem ciphers RC4-SHA:AES128-SHA:AES256-SHA # bind *:443 ssl crt /etc/haproxy/security/cacerts default_backend bitbucket_http_backend backend bitbucket_http_backend mode http option httplog option httpchk GET /status option forwardfor option http-server-close # appsession BITBUCKETSESSIONID len 52 timeout 1h balance roundrobin cookie BITBUCKETSESSIONID prefix stick-table type string len 52 size 5M expire 30m stick store-response set-cookie(BITBUCKETSESSIONID) stick on cookie(BITBUCKETSESSIONID) # server fclqbit01 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5 #server fclqbit02 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5 server balqbit01 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5 server balqbit02 xx.x.xx.xx:7990 check inter 10000 rise 2 fall 5 # The following "backup" servers are just here to show the startup page when all nodes are starting up #server fclqbit01 xx.x.xx.xx:7990 backup #frontend bitbucket_ssh_frontend # bind *:7999 # default_backend bitbucket_ssh_backend #timeout client 15m #maxconn 50 #backend bitbucket_ssh_backend # mode tcp # balance roundrobin # server fclqbit01 xx.x.xx.xx:7999 check port 7999 #server fclqbit02 xx.x.xx.xx:7999 check port 7999 #timeout server 15m listen admin mode http bind *:8090 stats enable stats uri /