Hi Wily,

That's a bug and it shouldn't be like this.
>
You can find information about this here :
https://www.mail-archive.com/haproxy@formilux.org/msg43291.html
But don't waste too much time on this.


> > For those interested, the (small) necessary config changes were :
> > - option httpchk syntax (use http-check)
> > - some healthchecks not working anymore on servers with
> > "send-proxy-v2-ssl-cn ssl-check", due to an unresolved bug in Apache 2.4
> (
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=63893).
>
> But why were they working previously ?

Yes, I confirm this was working previously with the exact same haproxy
config file.


> Maybe they were sent as dummy
> PROXY commands ? If so maybe we could implement a workaround for such
> broken implementations if that's a big problem (not sure if this is
> feasible, just trying to figure what the desired behavior should be).
>
I don't know what changed in HAProxy 2.2 or 2.4 about this. The
configuration was the following :

listen xxxxx:443
    mode tcp
    bind x.x.x.x:443
    option httpchk GET /test.php HTTP/1.0 # to be updated to new format
with 2.4
    server sx 192.168.1.19:443 id 12 check weight 5 send-proxy-v2-ssl-cn
check-ssl verify none
    server sx2 192.168.1.22:443 id 13 check weight 5 send-proxy-v2-ssl-cn
check-ssl verify none

The error reported was L6RSP (+ the above error in Apache log files).
Same error with "mode http" instead of tcp.

Removing "check-ssl" leads to L7RSP, but this is expected (talking plain
text when SSL is required).

Right now, I'm avoiding this issue by making the test on port 80 (http-check
connect port 80).



> > Everything seems to run smoothly, but on the monitoring, the number of
> > active sessions (scur) dropped significantly (only one third active
> > sessions compared to before), even after several hours. I did not make
> any
> > change on keep alive or timeouts, that's why I'm wondering if any
> > modifications between  2.0 and 2.4 may explain this behaviour.
>
> If you were running without HTX mode it's very likely because in the
> past it was indicating the number of established sessions while now
> it's reporting the number of active requests (since technically it's
> always a stream that is being accounted for, but in the past they used
> to remain present while in idle state, using all the resources between
> two requests).
>
That's it. I was indeed NOT using HTX in 2.0. Thanks for the explanation.

Olivier

Reply via email to