Welcome! Log In Create A New Profile

Advanced

Intermittent 500 errors with http/2 and 1.8.4

Posted by Robin Anil 
Robin Anil
Intermittent 500 errors with http/2 and 1.8.4
February 10, 2018 08:10AM
After seeing the 1.8.4 release, I decided to upgrade and try to run http/2
again

Unfortunately as soon I enable it, I see intermittent 500 errors from our
fleet. I know a lot of work went in between 1.8.2 and 1.8.3 to reduce these
errors, yes its very few but a customer did notice, so we had to roll it
back. Let me know how I can help diagnose this. [image: Screen Shot
2018-02-10 at 12.45.14 AM.png]


All I need is to enable * alpn h2,http/1.1 *to see 500 errors happening.

global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin
daemon
hard-stop-after 30s
tune.ssl.default-dh-param 1024
tune.ssl.cachesize 100000
ssl-default-bind-ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
tune.bufsize 16384
tune.maxrewrite 1024
ssl-engine rdrand
ssl-mode-async
nbthread 4

defaults
log global
mode http
compression algo gzip
compression type text/html text/plain text/css application/javascript
application/octet-stream application/json
option httplog
option dontlognull
option redispatch
option tcp-smart-accept
option tcp-smart-connect
option forwardfor
timeout check 5s
timeout client 50s
timeout tunnel 60000s
timeout connect 20s
timeout http-keep-alive 15s
timeout http-request 30s
timeout queue 20s
timeout server 50s
hash-balance-factor 125
balance hdr(Cookie)
hash-type consistent djb2
stats enable
stats hide-version
stats auth redacted:redacted
stats uri /redacted
default-server inter 5s fall 3 rise 1

frontend health_check
bind *:8081
timeout client 5s
monitor-uri /

frontend http
bind :::80 v4v6
maxconn 4096
redirect scheme https if !{ ssl_fc }
default_backend assets_backend
frontend https
bind :::443 v4v6 ssl crt /etc/ssl/www.ourdomain.com.crt no-sslv3
no-tls-tickets *# alpn h2,http/1.1*
maxconn 4096
....


-
Attachments:
open | download - Screen Shot 2018-02-10 at 12.45.14 AM.png (42.5 KB)
Sorry, only registered users may post in this forum.

Click here to login