Re: Haproxy 502 errors, all the time on specific sites or backend
By the way, this one is useless as long as you enable mode http, because it's implied in it. # Every header should end with a colon followed by one space. reqideny^[^:\ ]*[\ ]*$ Cheers On Thu, Nov 3, 2011 at 5:47 PM, Cyril Bonté cyril.bo...@free.fr wrote: Le Jeudi 3 Novembre 2011 17:34:38 Benoit GEORGELIN a écrit : Can you give me more details about your analyse? (examples) I will try to understand more what's happen Is the response who is not complete or the header only? The body is not complete. I tried with the examples I provided in my first mail. Examples : curl -si http://sandka.org/portfolio/; = HTTP/1.0 200 OK with html cut in the middle. curl -si http://sandka.org/portfolio/foobar; = HTTP/1.0 404 Not Found with html cut in the middle. There's something bad in ZenPhoto : it forces the response in HTTP/1.0, which prevents chunked transfer. That also can explain why mod_deflate generated 502 errors. One thing you can try : Edit the file index.php in ZenPhoto and replace HTTP/1.0 occurences (one for 200, one for 404) by HTTP/1.1. Hopefully, this will allow apache+php to use chunked responses and solve the problem. -- Cyril Bonté
Re: Haproxy 502 errors, all the time on specific sites or backend
Hi Benoit, Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit : Hi ! My name is Benoît and i'm in a associative project who provide web hosting. We are using Haproxy and we have a lot of problems with 502 errors :( So, i would like to know how to really debug this and find solutions :) There is some cases on mailling list archives but i will appreciate if someone can drive me with a real case on our infrastructure. My first observations, it it can help someone to target the issue : In your servers responses, there is no Content-Length header, this can make some troubles. 502 errors occurs when asking for compressed data : - curl -si -H Accept-Encoding: gzip,deflate http://sandka.org/portfolio/ HTTP/1.0 502 Bad Gateway - curl -si http://sandka.org/portfolio/ = results in a truncated page without Content-Length Header We'll have to find why your backends doesn't provide a Content-Length header (and what happens with compression, which should be sent in chunks). Details: Haproxy Stable 1.4.18 OS: Debian Lenny Configuration File: ## global log 127.0.0.1 local0 notice #debug maxconn 2 # count about 1 GB per 2 connections ulimit-n 40046 tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :( tune.maxrewrite 1024 #chroot /usr/share/haproxy user haproxy group haproxy daemon #nbproc 4 #debug #quiet defaults log global mode http retries 3 # 2 - 3 le 06102011 # maxconn 19500 # Should be slightly smaller than global.maxconn. OPTIONS ## option dontlognull option abortonclose #option redispatch # Désactive le 06102011 car balance en mode source et non RR # option tcpka #option log-separate-errors #option logasap TIMeOUT ## timeout client 30s #1m 40s Client and server timeout must match the longest timeout server 30s #1m 40s time we may wait for a response from the server. timeout queue 30s #1m 40s Don't queue requests too long if saturated. timeout connect 5s #10s 5s There's no reason to change this one. timeout http-request 5s #10s 5s A complete request may never take that long timeout http-keep-alive 10s timeout check 10s #10s ### # F R O N T E N D P U B L I C B E G I N # frontend public bind 123.456.789.123:80 default_backend webserver OPTIONS ## option dontlognull #option httpclose option httplog option http-server-close # option dontlog-normal # Gestion sur URL # Tout commenter le 21/10/2011 # log the name of the virtual server capture request header Host len 60 # # F R O N T E N D P U B L I C E N D ### ### # B A C K E N D W E B S E R V E R B E G I N # backend webserver balance source # Reactive le 06102011 # #balance roundrobin # Désactive le 06102011 # OPTIONS ## option httpchk option httplog option forwardfor #option httpclose # Désactive le 06102011 # option http-server-close option http-pretend-keepalive retries 5 cookie SERVERID insert indirect # Detect an ApacheKiller-like Attack acl killerapache hdr_cnt(Range) gt 10 # Clean up the request reqidel ^Range if killerapache server http-A 192.168.0.1:80 cookie http-A check inter 5000 server http-B 192.168.1.1:80 cookie http-B check inter 5000 server http-C 192.168.2.1:80 cookie http-C check inter 5000 server http-D 192.168.3.1:80 cookie http-D check inter 5000 server http-E 192.168.4.1:80 cookie http-E check inter 5000 # Every header should end with a colon followed by one space. reqideny ^[^:\ ]*[\ ]*$ # block Apache chunk exploit reqideny ^Transfer-Encoding:[\ ]*chunked reqideny ^Host:\ apache- # block annoying worms that fill the logs... reqideny ^[^:\ ]*\ .*(\.|%2e)(\.|%2e)(%2f|%5c|/| ) reqideny ^[^:\ ]*\ ([^\ ]*\ [^\ ]*\ |.*%00) reqideny ^[^:\ ]*\ .*script reqideny ^[^:\ ]*\ .*/(root\.exe\?|cmd\.exe\?|default\.ida\?) # allow other syntactically valid requests, and block any other method reqipass ^(GET|POST|HEAD|OPTIONS)\ /.*\ HTTP/1\.[01]$ reqipass ^OPTIONS\ \\*\ HTTP/1\.[01]$ errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http Error 502 example (all the time) Log: Nov 3 13:52:15 127.0.0.1 haproxy[27813]: 216.46.4.5:49451 [03/Nov/2011:13:52:14.584] public webserver/http-B 11/0/0/-1/985 502 280 - - SHVN 121/121/19/3/0 0/0 {website.com} GET /portfolio/ HTTP/1.1 Nov 3 13:52:15 127.0.0.1 haproxy[27813]: 216.46.4.5:49452
Re: Haproxy 502 errors, all the time on specific sites or backend
Thanks Cyril for this elements. Here the modules available on apache2: actions alias auth_basic auth_mysql auth_pam authn_file authz_default authz_groupfile authz_host authz_user autoindex cache cgi deflate dir env expires headers include mime mod-evasive negotiation php5 python rewrite rpaf setenvif ssl status Maybe one of them have troubles.. I will search about Content-Length header Cordialement, Benoît Georgelin Web 4 all Hébergeur associatif +33 977 218 005 +1 514 463 7255 benoit.georgelin@web 4 all.fr Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité - Mail original - De: Cyril Bonté cyril.bo...@free.fr À: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:32:06 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Hi Benoit, Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit : Hi ! My name is Benoît and i'm in a associative project who provide web hosting. We are using Haproxy and we have a lot of problems with 502 errors :( So, i would like to know how to really debug this and find solutions :) There is some cases on mailling list archives but i will appreciate if someone can drive me with a real case on our infrastructure. My first observations, it it can help someone to target the issue : In your servers responses, there is no Content-Length header, this can make some troubles. 502 errors occurs when asking for compressed data : - curl -si -H Accept-Encoding: gzip,deflate http://sandka.org/portfolio/ HTTP/1.0 502 Bad Gateway - curl -si http://sandka.org/portfolio/ = results in a truncated page without Content-Length Header We'll have to find why your backends doesn't provide a Content-Length header (and what happens with compression, which should be sent in chunks). Details: Haproxy Stable 1.4.18 OS: Debian Lenny Configuration File: ## global log 127.0.0.1 local0 notice #debug maxconn 2 # count about 1 GB per 2 connections ulimit-n 40046 tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :( tune.maxrewrite 1024 #chroot /usr/share/haproxy user haproxy group haproxy daemon #nbproc 4 #debug #quiet defaults log global mode http retries 3 # 2 - 3 le 06102011 # maxconn 19500 # Should be slightly smaller than global.maxconn. OPTIONS ## option dontlognull option abortonclose #option redispatch # Désactive le 06102011 car balance en mode source et non RR # option tcpka #option log-separate-errors #option logasap TIMeOUT ## timeout client 30s #1m 40s Client and server timeout must match the longest timeout server 30s #1m 40s time we may wait for a response from the server. timeout queue 30s #1m 40s Don't queue requests too long if saturated. timeout connect 5s #10s 5s There's no reason to change this one. timeout http-request 5s #10s 5s A complete request may never take that long timeout http-keep-alive 10s timeout check 10s #10s ### # F R O N T E N D P U B L I C B E G I N # frontend public bind 123.456.789.123:80 default_backend webserver OPTIONS ## option dontlognull #option httpclose option httplog option http-server-close # option dontlog-normal # Gestion sur URL # Tout commenter le 21/10/2011 # log the name of the virtual server capture request header Host len 60 # # F R O N T E N D P U B L I C E N D ### ### # B A C K E N D W E B S E R V E R B E G I N # backend webserver balance source # Reactive le 06102011 # #balance roundrobin # Désactive le 06102011 # OPTIONS ## option httpchk option httplog option forwardfor #option httpclose # Désactive le 06102011 # option http-server-close option http-pretend-keepalive retries 5 cookie SERVERID insert indirect # Detect an ApacheKiller-like Attack acl killerapache hdr_cnt(Range) gt 10 # Clean up the request reqidel ^Range if killerapache server http-A 192.168.0.1:80 cookie http-A check inter 5000 server http-B 192.168.1.1:80 cookie http-B check inter 5000 server http-C 192.168.2.1:80 cookie http-C check inter 5000 server http-D 192.168.3.1:80 cookie http-D check inter 5000 server http-E 192.168.4.1:80 cookie http-E check inter 5000 # Every header should end with a colon followed by one space. reqideny ^[^:\ ]*[\ ]*$ # block Apache chunk exploit reqideny ^Transfer-Encoding:[\ ]*chunked reqideny ^Host:\ apache- # block annoying worms that fill the logs... reqideny ^[^:\ ]*\ .*(\.|%2e)(\.|%2e)(%2f|%5c|/| ) reqideny ^[^:\ ]*\ ([^\ ]*\ [^\ ]*\ |.*%00) reqideny ^[^:\ ]*\ .*script reqideny ^[^:\ ]*\
Re: Haproxy 502 errors, all the time on specific sites or backend
Humm very interesting, a disabled mod_deflate on now it's working like a charm :( Do you know why? Cordialement, Benoît Georgelin - Mail original - De: Cyril Bonté cyril.bo...@free.fr À: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:32:06 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Hi Benoit, Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit : Hi ! My name is Benoît and i'm in a associative project who provide web hosting. We are using Haproxy and we have a lot of problems with 502 errors :( So, i would like to know how to really debug this and find solutions :) There is some cases on mailling list archives but i will appreciate if someone can drive me with a real case on our infrastructure. My first observations, it it can help someone to target the issue : In your servers responses, there is no Content-Length header, this can make some troubles. 502 errors occurs when asking for compressed data : - curl -si -H Accept-Encoding: gzip,deflate http://sandka.org/portfolio/ HTTP/1.0 502 Bad Gateway - curl -si http://sandka.org/portfolio/ = results in a truncated page without Content-Length Header We'll have to find why your backends doesn't provide a Content-Length header (and what happens with compression, which should be sent in chunks). Details: Haproxy Stable 1.4.18 OS: Debian Lenny Configuration File: ## global log 127.0.0.1 local0 notice #debug maxconn 2 # count about 1 GB per 2 connections ulimit-n 40046 tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :( tune.maxrewrite 1024 #chroot /usr/share/haproxy user haproxy group haproxy daemon #nbproc 4 #debug #quiet defaults log global mode http retries 3 # 2 - 3 le 06102011 # maxconn 19500 # Should be slightly smaller than global.maxconn. OPTIONS ## option dontlognull option abortonclose #option redispatch # Désactive le 06102011 car balance en mode source et non RR # option tcpka #option log-separate-errors #option logasap TIMeOUT ## timeout client 30s #1m 40s Client and server timeout must match the longest timeout server 30s #1m 40s time we may wait for a response from the server. timeout queue 30s #1m 40s Don't queue requests too long if saturated. timeout connect 5s #10s 5s There's no reason to change this one. timeout http-request 5s #10s 5s A complete request may never take that long timeout http-keep-alive 10s timeout check 10s #10s ### # F R O N T E N D P U B L I C B E G I N # frontend public bind 123.456.789.123:80 default_backend webserver OPTIONS ## option dontlognull #option httpclose option httplog option http-server-close # option dontlog-normal # Gestion sur URL # Tout commenter le 21/10/2011 # log the name of the virtual server capture request header Host len 60 # # F R O N T E N D P U B L I C E N D ### ### # B A C K E N D W E B S E R V E R B E G I N # backend webserver balance source # Reactive le 06102011 # #balance roundrobin # Désactive le 06102011 # OPTIONS ## option httpchk option httplog option forwardfor #option httpclose # Désactive le 06102011 # option http-server-close option http-pretend-keepalive retries 5 cookie SERVERID insert indirect # Detect an ApacheKiller-like Attack acl killerapache hdr_cnt(Range) gt 10 # Clean up the request reqidel ^Range if killerapache server http-A 192.168.0.1:80 cookie http-A check inter 5000 server http-B 192.168.1.1:80 cookie http-B check inter 5000 server http-C 192.168.2.1:80 cookie http-C check inter 5000 server http-D 192.168.3.1:80 cookie http-D check inter 5000 server http-E 192.168.4.1:80 cookie http-E check inter 5000 # Every header should end with a colon followed by one space. reqideny ^[^:\ ]*[\ ]*$ # block Apache chunk exploit reqideny ^Transfer-Encoding:[\ ]*chunked reqideny ^Host:\ apache- # block annoying worms that fill the logs... reqideny ^[^:\ ]*\ .*(\.|%2e)(\.|%2e)(%2f|%5c|/| ) reqideny ^[^:\ ]*\ ([^\ ]*\ [^\ ]*\ |.*%00) reqideny ^[^:\ ]*\ .*script reqideny ^[^:\ ]*\ .*/(root\.exe\?|cmd\.exe\?|default\.ida\?) # allow other syntactically valid requests, and block any other method reqipass ^(GET|POST|HEAD|OPTIONS)\ /.*\ HTTP/1\.[01]$ reqipass ^OPTIONS\ \\*\ HTTP/1\.[01]$ errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504
Re: Haproxy 502 errors, all the time on specific sites or backend
It's working better, but now i have some blanks pages. Cordialement, Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité - Mail original - De: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr À: Cyril Bonté cyril.bo...@free.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:47:57 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Humm very interesting, a disabled mod_deflate on now it's working like a charm :( Do you know why? Cordialement, Benoît Georgelin - Mail original - De: Cyril Bonté cyril.bo...@free.fr À: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:32:06 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Hi Benoit, Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit : Hi ! My name is Benoît and i'm in a associative project who provide web hosting. We are using Haproxy and we have a lot of problems with 502 errors :( So, i would like to know how to really debug this and find solutions :) There is some cases on mailling list archives but i will appreciate if someone can drive me with a real case on our infrastructure. My first observations, it it can help someone to target the issue : In your servers responses, there is no Content-Length header, this can make some troubles. 502 errors occurs when asking for compressed data : - curl -si -H Accept-Encoding: gzip,deflate http://sandka.org/portfolio/ HTTP/1.0 502 Bad Gateway - curl -si http://sandka.org/portfolio/ = results in a truncated page without Content-Length Header We'll have to find why your backends doesn't provide a Content-Length header (and what happens with compression, which should be sent in chunks). Details: Haproxy Stable 1.4.18 OS: Debian Lenny Configuration File: ## global log 127.0.0.1 local0 notice #debug maxconn 2 # count about 1 GB per 2 connections ulimit-n 40046 tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :( tune.maxrewrite 1024 #chroot /usr/share/haproxy user haproxy group haproxy daemon #nbproc 4 #debug #quiet defaults log global mode http retries 3 # 2 - 3 le 06102011 # maxconn 19500 # Should be slightly smaller than global.maxconn. OPTIONS ## option dontlognull option abortonclose #option redispatch # Désactive le 06102011 car balance en mode source et non RR # option tcpka #option log-separate-errors #option logasap TIMeOUT ## timeout client 30s #1m 40s Client and server timeout must match the longest timeout server 30s #1m 40s time we may wait for a response from the server. timeout queue 30s #1m 40s Don't queue requests too long if saturated. timeout connect 5s #10s 5s There's no reason to change this one. timeout http-request 5s #10s 5s A complete request may never take that long timeout http-keep-alive 10s timeout check 10s #10s ### # F R O N T E N D P U B L I C B E G I N # frontend public bind 123.456.789.123:80 default_backend webserver OPTIONS ## option dontlognull #option httpclose option httplog option http-server-close # option dontlog-normal # Gestion sur URL # Tout commenter le 21/10/2011 # log the name of the virtual server capture request header Host len 60 # # F R O N T E N D P U B L I C E N D ### ### # B A C K E N D W E B S E R V E R B E G I N # backend webserver balance source # Reactive le 06102011 # #balance roundrobin # Désactive le 06102011 # OPTIONS ## option httpchk option httplog option forwardfor #option httpclose # Désactive le 06102011 # option http-server-close option http-pretend-keepalive retries 5 cookie SERVERID insert indirect # Detect an ApacheKiller-like Attack acl killerapache hdr_cnt(Range) gt 10 # Clean up the request reqidel ^Range if killerapache server http-A 192.168.0.1:80 cookie http-A check inter 5000 server http-B 192.168.1.1:80 cookie http-B check inter 5000 server http-C 192.168.2.1:80 cookie http-C check inter 5000 server http-D 192.168.3.1:80 cookie http-D check inter 5000 server http-E 192.168.4.1:80 cookie http-E check inter 5000 # Every header should end with a colon followed by one space. reqideny ^[^:\ ]*[\ ]*$ # block Apache chunk exploit reqideny ^Transfer-Encoding:[\ ]*chunked reqideny ^Host:\ apache- # block annoying worms that fill the logs... reqideny ^[^:\ ]*\ .*(\.|%2e)(\.|%2e)(%2f|%5c|/| ) reqideny ^[^:\ ]*\ ([^\ ]*\ [^\ ]*\ |.*%00) reqideny ^[^:\ ]*\ .*script reqideny ^[^:\ ]*\ .*/(root\.exe\?|cmd\.exe\?|default\.ida\?) # allow other
Re: Haproxy 502 errors, all the time on specific sites or backend
Le Jeudi 3 Novembre 2011 15:53:50 Benoit GEORGELIN a écrit : It's working better, but now i have some blanks pages. Yes, responses are still truncated most of the time. Cordialement, Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité - Mail original - De: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr À: Cyril Bonté cyril.bo...@free.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:47:57 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Humm very interesting, a disabled mod_deflate on now it's working like a charm :( Do you know why? Cordialement, Benoît Georgelin - Mail original - De: Cyril Bonté cyril.bo...@free.fr À: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:32:06 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Hi Benoit, Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit : Hi ! My name is Benoît and i'm in a associative project who provide web hosting. We are using Haproxy and we have a lot of problems with 502 errors :( So, i would like to know how to really debug this and find solutions :) There is some cases on mailling list archives but i will appreciate if someone can drive me with a real case on our infrastructure. My first observations, it it can help someone to target the issue : In your servers responses, there is no Content-Length header, this can make some troubles. 502 errors occurs when asking for compressed data : - curl -si -H Accept-Encoding: gzip,deflate http://sandka.org/portfolio/ HTTP/1.0 502 Bad Gateway - curl -si http://sandka.org/portfolio/ = results in a truncated page without Content-Length Header We'll have to find why your backends doesn't provide a Content-Length header (and what happens with compression, which should be sent in chunks). Details: Haproxy Stable 1.4.18 OS: Debian Lenny Configuration File: ## global log 127.0.0.1 local0 notice #debug maxconn 2 # count about 1 GB per 2 connections ulimit-n 40046 tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :( tune.maxrewrite 1024 #chroot /usr/share/haproxy user haproxy group haproxy daemon #nbproc 4 #debug #quiet defaults log global mode http retries 3 # 2 - 3 le 06102011 # maxconn 19500 # Should be slightly smaller than global.maxconn. OPTIONS ## option dontlognull option abortonclose #option redispatch # Désactive le 06102011 car balance en mode source et non RR # option tcpka #option log-separate-errors #option logasap TIMeOUT ## timeout client 30s #1m 40s Client and server timeout must match the longest timeout server 30s #1m 40s time we may wait for a response from the server. timeout queue 30s #1m 40s Don't queue requests too long if saturated. timeout connect 5s #10s 5s There's no reason to change this one. timeout http-request 5s #10s 5s A complete request may never take that long timeout http-keep-alive 10s timeout check 10s #10s ### # F R O N T E N D P U B L I C B E G I N # frontend public bind 123.456.789.123:80 default_backend webserver OPTIONS ## option dontlognull #option httpclose option httplog option http-server-close # option dontlog-normal # Gestion sur URL # Tout commenter le 21/10/2011 # log the name of the virtual server capture request header Host len 60 # # F R O N T E N D P U B L I C E N D ### ### # B A C K E N D W E B S E R V E R B E G I N # backend webserver balance source # Reactive le 06102011 # #balance roundrobin # Désactive le 06102011 # OPTIONS ## option httpchk option httplog option forwardfor #option httpclose # Désactive le 06102011 # option http-server-close option http-pretend-keepalive retries 5 cookie SERVERID insert indirect # Detect an ApacheKiller-like Attack acl killerapache hdr_cnt(Range) gt 10 # Clean up the request reqidel ^Range if killerapache server http-A 192.168.0.1:80 cookie http-A check inter 5000 server http-B 192.168.1.1:80 cookie http-B check inter 5000 server http-C 192.168.2.1:80 cookie http-C check inter 5000 server http-D 192.168.3.1:80 cookie http-D check inter 5000 server http-E 192.168.4.1:80 cookie http-E check inter 5000 # Every header should end with a colon followed by one space. reqideny ^[^:\ ]*[\ ]*$ # block Apache
Re: Haproxy 502 errors, all the time on specific sites or backend
Can you give me more details about your analyse? (examples) I will try to understand more what's happen Is the response who is not complete or the header only? Thanks Cordialement, Benoît Georgelin Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité - Mail original - De: Cyril Bonté cyril.bo...@free.fr À: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:54:46 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Le Jeudi 3 Novembre 2011 15:53:50 Benoit GEORGELIN a écrit : It's working better, but now i have some blanks pages. Yes, responses are still truncated most of the time. Cordialement, Afin de contribuer au respect de l'environnement, merci de n'imprimer ce mail qu'en cas de nécessité - Mail original - De: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr À: Cyril Bonté cyril.bo...@free.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:47:57 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Humm very interesting, a disabled mod_deflate on now it's working like a charm :( Do you know why? Cordialement, Benoît Georgelin - Mail original - De: Cyril Bonté cyril.bo...@free.fr À: Benoit GEORGELIN (web4all) benoit.george...@web4all.fr Cc: haproxy@formilux.org Envoyé: Jeudi 3 Novembre 2011 10:32:06 Objet: Re: Haproxy 502 errors, all the time on specific sites or backend Hi Benoit, Le Jeudi 3 Novembre 2011 14:46:10 Benoit GEORGELIN a écrit : Hi ! My name is Benoît and i'm in a associative project who provide web hosting. We are using Haproxy and we have a lot of problems with 502 errors :( So, i would like to know how to really debug this and find solutions :) There is some cases on mailling list archives but i will appreciate if someone can drive me with a real case on our infrastructure. My first observations, it it can help someone to target the issue : In your servers responses, there is no Content-Length header, this can make some troubles. 502 errors occurs when asking for compressed data : - curl -si -H Accept-Encoding: gzip,deflate http://sandka.org/portfolio/ HTTP/1.0 502 Bad Gateway - curl -si http://sandka.org/portfolio/ = results in a truncated page without Content-Length Header We'll have to find why your backends doesn't provide a Content-Length header (and what happens with compression, which should be sent in chunks). Details: Haproxy Stable 1.4.18 OS: Debian Lenny Configuration File: ## global log 127.0.0.1 local0 notice #debug maxconn 2 # count about 1 GB per 2 connections ulimit-n 40046 tune.bufsize 65536 # Necessary for lot of CMS page like Prestashop :( tune.maxrewrite 1024 #chroot /usr/share/haproxy user haproxy group haproxy daemon #nbproc 4 #debug #quiet defaults log global mode http retries 3 # 2 - 3 le 06102011 # maxconn 19500 # Should be slightly smaller than global.maxconn. OPTIONS ## option dontlognull option abortonclose #option redispatch # Désactive le 06102011 car balance en mode source et non RR # option tcpka #option log-separate-errors #option logasap TIMeOUT ## timeout client 30s #1m 40s Client and server timeout must match the longest timeout server 30s #1m 40s time we may wait for a response from the server. timeout queue 30s #1m 40s Don't queue requests too long if saturated. timeout connect 5s #10s 5s There's no reason to change this one. timeout http-request 5s #10s 5s A complete request may never take that long timeout http-keep-alive 10s timeout check 10s #10s ### # F R O N T E N D P U B L I C B E G I N # frontend public bind 123.456.789.123:80 default_backend webserver OPTIONS ## option dontlognull #option httpclose option httplog option http-server-close # option dontlog-normal # Gestion sur URL # Tout commenter le 21/10/2011 # log the name of the virtual server capture request header Host len 60 # # F R O N T E N D P U B L I C E N D ### ### # B A C K E N D W E B S E R V E R B E G I N # backend webserver balance source # Reactive le 06102011 # #balance roundrobin # Désactive le 06102011 # OPTIONS ## option httpchk option httplog option forwardfor #option httpclose # Désactive le 06102011 # option http-server-close option http-pretend-keepalive retries 5 cookie SERVERID insert indirect # Detect an ApacheKiller-like Attack acl