Hi Wily,
That's a bug and it shouldn't be like this. > You can find information about this here : https://www.mail-archive.com/haproxy@formilux.org/msg43291.html But don't waste too much time on this. > > For those interested, the (small) necessary config changes were : > > - option httpchk syntax (use http-check) > > - some healthchecks not working anymore on servers with > > "send-proxy-v2-ssl-cn ssl-check", due to an unresolved bug in Apache 2.4 > ( > > https://bz.apache.org/bugzilla/show_bug.cgi?id=63893). > > But why were they working previously ? Yes, I confirm this was working previously with the exact same haproxy config file. > Maybe they were sent as dummy > PROXY commands ? If so maybe we could implement a workaround for such > broken implementations if that's a big problem (not sure if this is > feasible, just trying to figure what the desired behavior should be). > I don't know what changed in HAProxy 2.2 or 2.4 about this. The configuration was the following : listen xxxxx:443 mode tcp bind x.x.x.x:443 option httpchk GET /test.php HTTP/1.0 # to be updated to new format with 2.4 server sx 192.168.1.19:443 id 12 check weight 5 send-proxy-v2-ssl-cn check-ssl verify none server sx2 192.168.1.22:443 id 13 check weight 5 send-proxy-v2-ssl-cn check-ssl verify none The error reported was L6RSP (+ the above error in Apache log files). Same error with "mode http" instead of tcp. Removing "check-ssl" leads to L7RSP, but this is expected (talking plain text when SSL is required). Right now, I'm avoiding this issue by making the test on port 80 (http-check connect port 80). > > Everything seems to run smoothly, but on the monitoring, the number of > > active sessions (scur) dropped significantly (only one third active > > sessions compared to before), even after several hours. I did not make > any > > change on keep alive or timeouts, that's why I'm wondering if any > > modifications between 2.0 and 2.4 may explain this behaviour. > > If you were running without HTX mode it's very likely because in the > past it was indicating the number of established sessions while now > it's reporting the number of active requests (since technically it's > always a stream that is being accounted for, but in the past they used > to remain present while in idle state, using all the resources between > two requests). > That's it. I was indeed NOT using HTX in 2.0. Thanks for the explanation. Olivier