Intermittent 500 errors with http/2 and 1.8.4

Fri, 09 Feb 2018 22:58:57 -0800 

After seeing the 1.8.4 release, I decided to upgrade and try to run http/2
again

Unfortunately as soon I enable it, I see intermittent 500 errors from our
fleet. I know a lot of work went in between 1.8.2 and 1.8.3 to reduce these
errors, yes its very few but a customer did notice, so we had to roll it
back. Let me know how I can help diagnose this. [image: Screen Shot
2018-02-10 at 12.45.14 AM.png]


All I need is to enable * alpn h2,http/1.1 *to see 500 errors happening.

global
    log 127.0.0.1    local0
    log 127.0.0.1    local1 notice
    maxconn 4096
    pidfile /var/run/haproxy.pid
    stats socket /var/run/haproxy.stat mode 600 level admin
    daemon
    hard-stop-after 30s
    tune.ssl.default-dh-param 1024
    tune.ssl.cachesize 100000
    ssl-default-bind-ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    ssl-default-server-ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
    tune.bufsize 16384
    tune.maxrewrite 1024
    ssl-engine rdrand
    ssl-mode-async
    nbthread 4

defaults
    log global
    mode http
    compression algo gzip
    compression type text/html text/plain text/css application/javascript
application/octet-stream application/json
    option httplog
    option dontlognull
    option redispatch
    option tcp-smart-accept
    option tcp-smart-connect
    option forwardfor
    timeout check 5s
    timeout client 50s
    timeout tunnel 60000s
    timeout connect 20s
    timeout http-keep-alive 15s
    timeout http-request 30s
    timeout queue 20s
    timeout server 50s
    hash-balance-factor 125
    balance hdr(Cookie)
    hash-type consistent djb2
    stats enable
    stats hide-version
    stats auth redacted:redacted
    stats uri /redacted
    default-server inter 5s fall 3 rise 1

frontend health_check
    bind *:8081
    timeout client 5s
    monitor-uri /

frontend http
    bind :::80 v4v6
    maxconn 4096
    redirect scheme https if !{ ssl_fc }
    default_backend assets_backend
frontend https
    bind :::443 v4v6 ssl crt /etc/ssl/www.ourdomain.com.crt no-sslv3
no-tls-tickets *# alpn h2,http/1.1*
    maxconn 4096
   ....


   -

Reply via email to