Re: http2-issue with http2 enabled on frontend and on backend

Tue, 26 Feb 2019 06:44:29 -0800 

Hi Tim

Of course (haproxy-1.9.4):

------------------- schnipp -------------------

global
        log 127.0.0.1 local1 info
        chroot /home/haproxy
        user haproxy
        group haproxy
        master-worker
        ssl-server-verify none
        tune.ssl.default-dh-param 2048
        ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
        ssl-default-bind-options no-sslv3 no-tls-tickets
defaults
        log global
        mode http
        option dontlognull
        timeout connect 5s
        timeout client  50s
        timeout server 60s
        option http-use-htx

frontend http-in
bind 10.10.10.10:443 ssl crt /etc/haproxy/ssl/wildcard.pem crt /etc/haproxy/ssl/ alpn h2,http/1.1 log-format "srcip=%ci:%cp feip=%fi:%fp(%f,%ft,%fc) beip=%bi:%bp(%b,%bc) serverip=%si:%sp(%s) "%r" %ac/%fc/%bc/%sc/%rc %sq/%bq requests=%rt resptime=%Tr bytesread=%B status=%ST tsc=%tsc sslv=%sslv ms=%ms" 
        rspidel ^Server:.*
        default_backend server1

backend server1
        balance roundrobin
        http-check expect status 200
        option httpchk GET "/test"
server webserver1 10.20.20.20:443 ssl verify none alpn h2,http/1.1 check-alpn http/1.1 

------------------- schnapp -------------------

This config generates in our case a segfault:
Feb 26 15:39:17 haproxy: [ALERT] 056/153917 (21377) : Current worker #1 (21378) exited with code 139 (Segmentation fault) Feb 26 15:39:17 haproxy: [ALERT] 056/153917 (21377) : exit-on-failure: killing every workers with SIGTERM Feb 26 15:39:17 haproxy: [WARNING] 056/153917 (21377) : All workers exited. Exiting... (139) 
Feb 26 15:39:17 localhost haproxy[21392]: Proxy http-in started.
Feb 26 15:39:17 localhost haproxy[21392]: Proxy server1 started.
Feb 26 15:39:17 haproxy: [NOTICE] 056/153917 (21392) : New worker #1 (21394) forked 

When I remove the "rspidel", then no more segfaults.

Kind regards,
Tom



On 26.02.19 14:12, Tim Düsterhus wrote:

Tom,

Am 26.02.19 um 13:10 schrieb Tom:

2)
When I enable removing the server-header from the backend with
"rspidel ^Server:.*", then the haproxy-workers are terminating with
Segmentation fault and the website via haproxy is not working:


Does http-response del-header Server work (instead of rspidel) ?


Yes..., this worked. Is "rspidel" legacy and should be replaced with
"http-response del-header"-directive?



In any case a segmentation fault is not correct behaviour. Can you
provide a simple example configuration that reproduces the segmentation
fault for us to reproduce?

Best regards
Tim Düsterhus

Reply via email to