Hi,
On Wed, Feb 06, Steve GIRAUD wrote:
> Effectively, the header size is 17 556 bytes.
Is the large header(s) only on response (and not on request) ?
(Is it one large header 17k header ?)
> If I increase the bufsize to 40 000 bytes and the maxrewrite to 20 000 the
> request failed.
For me (tested with current 2.0dev) increasing global tune.bufsize to
32768 allowed larger response header. With my limited testing http/https on
frontend didn't make difference.
(Does my test config work for you (you'll need to comment option htx
with haprox-1.8) ?)
But if I use curl --http2 to haproxy+ssl frontend and my silly
httpsrv.go sends x-dummy larger than 16309 then curl --http2 fails
with curl: (16) Error in the HTTP2 framing layer
(chrome reports ERR_SPDY_FRAME_SIZE_ERROR).
Is haproxy trying / sending a larger http2 frame than clients are
willing to receive (SETTINGS_MAX_FRAME_SIZE?) ?
(Same request with --http1.1 to haproxy+ssl frontend works).
I'm attaching my test config and the httpsrv.go that I used as a
backend server.
Maybe http2 gurus can take a look and see if the frame size error is
expected or not ?
-Jarno
> De : Jarno Huuskonen <[email protected]>
> Envoyé : mercredi 6 février 2019 09:36
> À : Steve GIRAUD
> Cc : [email protected]
> Objet : Re: HAProxy returns a 502 error when ssl offload and response has a
> large header
>
> Hi,
>
> On Wed, Feb 06, Steve GIRAUD wrote:
> > Hello everybody,
> > Has anyone ever found that HAProxy returns a 502 error when ssl offload is
> > enabled and the http response contains a very long header.
> > If I turn off SSL offload , all is OK with the same header.
>
> What's the size of the (very long) headers (how many bytes) ?
> Is it by any chance larger than the bufsize or maxrewrite ?
>
> > Default settings :
> > maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
>
> -Jarno
>
> --
> Jarno Huuskonen
--
Jarno Huuskonen
global
tune.bufsize 32678
defaults
mode http
option http-use-htx
timeout connect 1s
timeout client 2s
timeout server 4s
timeout tarpit 3s
listen HTTPS_in
mode http
bind 127.0.0.1:8443 ssl crt common.pem alpn h2,http/1.1
bind 127.0.0.1:8080
server go-http 127.0.0.1:8081
package main
import (
"fmt"
"math/rand"
"net/http"
)
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
func handler(w http.ResponseWriter, r *http.Request) {
l := 16309 // >= 16310 breaks haproxy http2 FE (curl: (16) Error in the
HTTP2 framing layer) / chrome also reports ERR_SPDY_FRAME_SIZE_ERROR
b := make([]byte, l)
for i := range b {
b[i] = letterBytes[rand.Int63()%int64(len(letterBytes))]
}
s := string(b[:l])
w.Header().Set("X-Dummy", s)
fmt.Fprintf(w, "Howdy neighbour!<br>\n")
}
func main() {
http.HandleFunc("/", handler)
http.ListenAndServe(":8081", nil)
}
