Re: http2-issue with http2 enabled on frontend and on backend

Tue, 26 Feb 2019 03:37:48 -0800 

Hi Jérôme
Many thanks for your hint. This solved the initial problem. But there are other issues regarding http2: 

1)

When I enable "errorfile 503 /etc/haproxy/503.html" in the 
defaults-section, then haproxy comes not up and logs the following error:

"Unable to convert message in HTX for HTTP return code 503."

2)

When I enable removing the server-header from the backend with "rspidel 
^Server:.*", then the haproxy-workers are terminating with Segmentation 
fault and the website via haproxy is not working:
Feb 26 12:02:09 haproxy: [NOTICE] 056/120209 (31432) : New worker #1 
(31433) forked
Feb 26 12:02:12 haproxy: [ALERT] 056/120212 (31432) : Current worker #1 
(31433) exited with code 139 (Segmentation fault)
Feb 26 12:02:12 haproxy: [ALERT] 056/120212 (31432) : exit-on-failure: 
killing every workers with SIGTERM
Feb 26 12:02:12 haproxy: [WARNING] 056/120212 (31432) : All workers 
exited. Exiting... (139)



3) When I enable "http2_push_preload on;" on the nginx (because nginx 
wants to push images etc.) then the website is not working and I have 
the following entries in the haproxy-log:
Feb 26 12:04:50 localhost haproxy[31691]: srcip=1.1.1.1:56146 
feip=10.10.10.10:443(http-in,http-in~,1) beip=-:-(http-in,0) 
serverip=-:-(<NOSRV>) <BADREQ> 1/1/0/0/0 0/0 requests=11 resptime=-1 
bytesread=0 status=0 tsc=PR-- sslv=TLSv1.2 ms=114



Feb 26 12:04:50 localhost haproxy[31691]: srcip=1.1.1.1:56146 
feip=10.10.10.10:443(http-in,http-in~,1) 
beip=10.10.10.10:38632(server1,0) serverip=10.20.20.20:443(webserver1) 
GET /auth HTTP/1.1 1/1/0/0/0 0/0 requests=10 resptime=-1 bytesread=0 
status=-1 tsc=SD-- sslv=TLSv1.2 ms=114



Any hints for this too?
Thanks in advance.
Tom

On 26.02.19 11:27, Jerome Magnin wrote:

On Tue, Feb 26, 2019 at 11:19:12AM +0100, Tom wrote:

Hi list

When I enable health-checks on the backend, then the backend comes not up,
because of "Layer7 invalid response". The backend is a simple nginx with
http2 enabled. As I mentioned: When I directly talk to the backend with
http2, then everything is fine. So it has something to do regarding my
haproxy-config, but I'm not sure whats wrong.


Sorry I missed the part about health checks, I believe you need to use
check-alpn http/1.1 on your server lines for checks to work. They are not
supported over http2 for now and since you have alpn h2,http/1.1 on your
server lines, haproxy will try to send http/1 traffic to a server expecting
h2, that is, unless you set check-alpn.

Jérôme

























					Reply via email to