Hello, I was testing haproxy -> uwsgi(alert.io) and noticed a possible regression with healthchecks(httpchk). With 1.9.9 uwsgi logs: [uwsgi-http key: host.name.fi client_addr: 127.0.0.1 client_port: 45715] hr_read(): Connection reset by peer [plugins/http/http.c line 917]
health checks work (option httpchk GET /_ HTTP/1.1\r\nHost:\ host.name.fi\r\nUser-Agent:\ haproxy) but uwsgi logs the hr_read() warning/error. I bisected 1.9.9 and this commit is probably the commit that changes behaviour between 1.9.8 and 1.9.9: 5d0cb90eb78f869e8801b34eddfdfd5dd8360e71 is the first bad commit commit 5d0cb90eb78f869e8801b34eddfdfd5dd8360e71 Author: Olivier Houchard <[email protected]> Date: Fri Jun 14 15:26:06 2019 +0200 BUG/MEDIUM: connections: Don't call shutdown() if we want to disable linger. In conn_sock_shutw(), avoid calling shutdown() if linger_risk is set. Not doing so will result in getting sockets in TIME_WAIT for some time. This is particularly observable with health checks. This should be backported to 1.9. (cherry picked from commit fe4abe62c7c5206dff1802f42d17014e198b9141) Signed-off-by: Christopher Faulet <[email protected]> Also 1.9.11, 2.0.7 and 2.1-dev2 has the same problem with uwsgi hr_read(). If I revert commits 6c7e96a3e1abb331e414d1aabb45d9fedb0254c2 and fe4abe62c7c5206dff1802f42d17014e198b9141 from 2.1-dev2 then the uwsgi hr_read() disappears. If this seems worth digging into I can get packet captures or strace. (I'm testing this is on rhel8 vm with 4.18.0-80.11.1.el8_0.x86_64 kernel). This is fairly minimal config for testing: frontend FE_alerta bind ipv4@:8443 name alertav4ssl ssl crt /etc/haproxy/ssl/crtname.pem alpn h2,http/1.1 mode http option dontlognull option http-ignore-probes # ignore "pre-connect" requests timeout http-request 8s capture request header Host len 40 option contstats option forwardfor except 127.0.0.0/8 # remove incoming X-Forwarded-For headers http-request set-header X-Forwarded-Proto https default_backend BE_alertaapi # # Alerta uwsgi backend # backend BE_alertaapi option httpchk GET /_ HTTP/1.1\r\nHost:\ demo3.uef.fi\r\nUser-Agent:\ UEFHaproxy http-check expect string OK http-check disable-on-404 retries 2 option redispatch option prefer-last-server balance roundrobin timeout connect 4500ms timeout server 30s timeout queue 4s timeout check 5s # uwsgi alerta app expects /alerts (not /api/alerts), strip /api #http-request replace-uri ^/api/?(.*) /\1 # inter fast for uwsgi hr_read() testing default-server inter 6s downinter 25s rise 2 server alertaapi1 127.0.0.1:8080 id 1 check -Jarno -- Jarno Huuskonen
