Quantcast
Channel: Serverphorums.com - HAProxy
Viewing all 11674 articles
Browse latest View live

Re: patch (cleanup unused labels)

March 29, 2018, 3:40 am
$
0
0
Le 29/03/2018 à 12:11, Илья Шипицин a écrit :
> please review the patch attached
>

Hi,

These labels must not be removed, they are used in calls to the macro
EAT_AND_JUMP_OR_RETURN.

--
Christopher Faulet
Search

Re: patch (cleanup unused labels)

March 29, 2018, 3:40 am
$
0
0
oops

2018-03-29 15:31 GMT+05:00 Christopher Faulet <cfaulet@haproxy.com>:

> Le 29/03/2018 à 12:11, Илья Шипицин a écrit :
>
>> please review the patch attached
>>
>>
> Hi,
>
> These labels must not be removed, they are used in calls to the macro
> EAT_AND_JUMP_OR_RETURN.
>
> --
> Christopher Faulet
>

Re: Segmentation faults (1.8.4-de425f6 2018/02/26)

March 29, 2018, 2:50 pm
$
0
0
After upgrading to 1.8.5 a few days ago haproxy just segfaulted again :/
Willy, do you want to have a new coredump?

Re: Segmentation faults (1.8.4-de425f6 2018/02/26)

March 29, 2018, 3:10 pm
$
0
0
Sorry, here's the stacktrace

root@d1e4f8ea5d87:/# haproxy -vv
HA-Proxy version 1.8.5 2018/03/23
Copyright 2000-2018 Willy Tarreau <willy@haproxy.org>

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.0f 25 May 2017
Running on OpenSSL version : OpenSSL 1.1.0f 25 May 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace


(gdb) bt
#0 __eb_delete (node=node@entry=0x561e439d4938) at ebtree/ebtree.h:720
#1 eb_delete (node=node@entry=0x561e439d4938) at ebtree/ebtree.c:25
#2 0x0000561e414db866 in eb32_delete (eb32=0x561e439d4938) at ebtree/eb32tree.h:106
#3 __task_unlink_wq (t=0x561e439d48d8) at include/proto/task.h:145
#4 wake_expired_tasks () at src/task.c:147
#5 0x0000561e4148e9e9 in run_poll_loop () at src/haproxy.c:2405
#6 run_thread_poll_loop (data=<optimized out>) at src/haproxy.c:2461
#7 0x0000561e41409000 in main (argc=<optimized out>, argv=0x7ffc97021c98) at src/haproxy.c:3050
(gdb) Quit
(gdb) quit

Re: Segmentation faults (1.8.4-de425f6 2018/02/26)

March 29, 2018, 3:10 pm
$
0
0
Hi Holger,

On Thu, Mar 29, 2018 at 11:38:52PM +0200, Holger Amann wrote:
> After upgrading to 1.8.5 a few days ago haproxy just segfaulted again :/
> Willy, do you want to have a new coredump?

No that's not needed anymore, thank you very much. I'm really confident
that this issue is now addressed in the latest git, I managed to fix it
today thank to a number of reports including yours which allowed me to
narrow the problem down. If you pull latest snapshot tomorrow morning
you'll be safe. The main commit is cf2ab4d in 1.8 ("BUG/MAJOR: h2:
remove orphaned streams from the send list before closing") though it
is followed by a few other ones addressing related issues affecting H2
timeouts. If you're using the git repo you can already pull from 1.8
and you'll have the fix.

I hope to be able to release 1.8.6 before the week-end. There's actually
something on 1.9-dev that may also be present on 1.8 that I'd like to
figure before releasing so that you don't have to upgrade every morning!

Thanks,
Willy

proxy error 502

March 29, 2018, 8:00 pm
$
0
0
Hi:
File.zip (nginx haproxy php)


・ I can't solve it ,please help me!thank you!



#error
502 Bad Gateway The server returned an invalid or incomplete response.



[https://static.oschina.net/uploads/space/2018/0326/214155_DKqA_1441082.png]

Re: OCSP response missing in v1.8

March 30, 2018, 9:50 am
$
0
0
Hello,

> Running a quick Git Bisect reveals
> f6b37c67be277b5f0ae60438d796ff29ef19be40 introduced this regression
> in the haproxy-1.8 tree.

I seem to have also narrowed this down to being some compatibility
issue when using the OpenSSL package distributed for Ubuntu 14.04
Trusty (officially set to EOL in April 2019). That thing is left
behind on 1.0.1f with security updates being ported from upstream, but
seemingly nothing more. Using Ubuntu 16.04 Xenial which ships OpenSSL
1.0.2g delivers OCSP Status responses as expected. I will try to see
if this is an actual issue with OpenSSL 1.0.1 or if this is just
something related to the Ubuntu build there.

Cheers,
Valter J.

Re: proxy error 502

March 30, 2018, 10:30 am
$
0
0
Hi Ricky,

Works for me with your configuration, mostly.
Adding a bind to the frontend and using haproxy 1.8.3 (it doesn't allow
the implicit bind on the frontend line itself..).
Also added the fastcgi config and a empty mimetype file..

[2.4.3-RELEASE][root@pfSe.localdomain]/root: haproxy -f
/root/XuRicky/haproxy.cfg -d
Available polling systems :
     kqueue : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result FAILED
Total: 3 (2 usable), will use kqueue.

Available filters :
        [TRACE] trace
        [COMP] compression
        [SPOE] spoe
Using kqueue() as the polling mechanism.
00000000:main.accept(0005)=0009 from [192.168.0.40:56777] ALPN=<none>
00000001:main.accept(0005)=000a from [192.168.0.40:56778] ALPN=<none>
00000002:main.accept(0005)=000b from [192.168.0.40:56779] ALPN=<none>
00000000:main.clireq[0009:ffffffff]: GET /a.pdf HTTP/1.1
00000000:main.clihdr[0009:ffffffff]: Host: 192.168.0.133
00000000:main.clihdr[0009:ffffffff]: Connection: keep-alive
00000000:main.clihdr[0009:ffffffff]: Upgrade-Insecure-Requests: 1
00000000:main.clihdr[0009:ffffffff]: User-Agent: Mozilla/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
G                                                     ecko)
Chrome/65.0.3325.181 Safari/537.36
00000000:main.clihdr[0009:ffffffff]: Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*
;q=0.8
00000000:main.clihdr[0009:ffffffff]: Accept-Encoding: gzip, deflate
00000000:main.clihdr[0009:ffffffff]: Accept-Language:
nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
00000000:app.srvrep[0009:000c]: HTTP/1.1 200 OK
00000000:app.srvhdr[0009:000c]: Server: nginx/1.12.2
00000000:app.srvhdr[0009:000c]: Date: Fri, 30 Mar 2018 12:52:26 GMT
00000000:app.srvhdr[0009:000c]: Content-Type: application/octet-stream
00000000:app.srvhdr[0009:000c]: Content-Length: 1625682
00000000:app.srvhdr[0009:000c]: Last-Modified: Thu, 29 Mar 2018 23:20:07 GMT
00000000:app.srvhdr[0009:000c]: Connection: close
00000000:app.srvhdr[0009:000c]: ETag: "5abd74a7-18ce52"
00000000:app.srvhdr[0009:000c]: Accept-Ranges: bytes
00000000:app.srvcls[0009:adfd]
00000001:main.clicls[000a:ffffffff]
00000001:main.closed[000a:ffffffff]
00000002:main.clicls[000b:ffffffff]
00000002:main.closed[000b:ffffffff]
00000003:main.clicls[0009:ffffffff]
00000003:main.closed[0009:ffffffff]

Regards,
PiBa-NL (Pieter)

Op 30-3-2018 om 4:47 schreef Xu Ricky:
>
> Hi:
>
> File.zip (nginx haproxy php)
>
> ·I can't solve it ,please help me!thank you!
>
> #error
>
> 502 Bad Gateway The server returned an invalid or incomplete response.
>
> https://static.oschina.net/uploads/space/2018/0326/214155_DKqA_1441082.png
>
Search

Re: haproxy.com Errors

March 30, 2018, 10:40 am
$
0
0
Dear business owner of haproxy.com,

You can't expect your website to increase your revenue with so many errors.
Many business owners get puzzled as their website isn't performing well,
while others' are flourishing. That's unfortunate, but not your fortune!

Now, I will show you the number of broken links, pages that returned 4XX
status code upon request, images with no ALT text, pages with no meta
description tag, not having a unique meta description, having a too long
title, etc., found in your haproxy.com. Too many issues to worry about!

If this is something you are interested in, then allow me to send you a no
obligation audit report.

Best Regards,
Alan Walker
Marketing Consultant
[image: beacon]

Re: haproxy.org Errors

March 30, 2018, 10:40 am
$
0
0
Dear business owner of haproxy.org,

You can't expect your website to increase your revenue with so many errors.
Many business owners get puzzled as their website isn't performing well,
while others' are flourishing. That's unfortunate, but not your fortune!

Now, I will show you the number of broken links, pages that returned 4XX
status code upon request, images with no ALT text, pages with no meta
description tag, not having a unique meta description, having a too long
title, etc., found in your haproxy.org. Too many issues to worry about!

If this is something you are interested in, then allow me to send you a no
obligation audit report.

Best Regards,
Alan Walker
Marketing Consultant
[image: beacon]

Re: OCSP response missing in v1.8

March 30, 2018, 11:50 am
$
0
0
Hello,

> I seem to have also narrowed this down to being some compatibility
> issue when using the OpenSSL package distributed for Ubuntu 14.04
> Trusty (officially set to EOL in April 2019). That thing is left
> behind on 1.0.1f with security updates being ported from upstream,
> but seemingly nothing more.

Building OpenSSL 1.0.1f from source results in the CMS consistency
test failing due to an expired certificate in the test suite; building
HAProxy against it resulted in no OCSP responses. Building OpenSSL
1.0.1u from source went well; building HAProxy against it resulted in
proper OCSP responses being sent as one would expect.

Could not find what changed by a quick look at the changelog, but I
will just conclude there has been some change in the 1.0.1 tree that
the Ubuntu maintainers have not picked up in regards to context
management and OCSP Status responses. This is not really a concern for
us then as we have plans to finally upgrade once Ubuntu 18.04.1 Bionic
drops in July with OpenSSL 1.1.0 and there is no external pressure to
Must-Staple our certificates or anything along those lines.

Cheers,
Valter J.

Re: OCSP response missing in v1.8

March 30, 2018, 12:00 pm
$
0
0
Hello Valter,

On Fri, Mar 30, 2018 at 09:43:03PM +0300, Valter Jansons wrote:
> Hello,
>
> > I seem to have also narrowed this down to being some compatibility
> > issue when using the OpenSSL package distributed for Ubuntu 14.04
> > Trusty (officially set to EOL in April 2019). That thing is left
> > behind on 1.0.1f with security updates being ported from upstream,
> > but seemingly nothing more.
>
> Building OpenSSL 1.0.1f from source results in the CMS consistency
> test failing due to an expired certificate in the test suite; building
> HAProxy against it resulted in no OCSP responses. Building OpenSSL
> 1.0.1u from source went well; building HAProxy against it resulted in
> proper OCSP responses being sent as one would expect.
>
> Could not find what changed by a quick look at the changelog, but I
> will just conclude there has been some change in the 1.0.1 tree that
> the Ubuntu maintainers have not picked up in regards to context
> management and OCSP Status responses. This is not really a concern for
> us then as we have plans to finally upgrade once Ubuntu 18.04.1 Bionic
> drops in July with OpenSSL 1.1.0 and there is no external pressure to
> Must-Staple our certificates or anything along those lines.

Thanks a lot for sharing your findings, it's very likely that it will
help other people experiencing the same issue later and who will find
this explanation in the archives.

Cheers,
Willy

Fix building haproxy 1.8.5 with LibreSSL 2.6.4

March 31, 2018, 7:50 am
$
0
0
I used to rework previous patch from Alpinelinux to build with latest
stable libressl
But found no way to run tests with openssl which is primary library as I see
Is it possible to accept the patch upstream or get review on it?

开增值税(发票)优惠 网上可验证 电132 657 77082 李小姐微信同号 QQ2137175988

April 1, 2018, 12:00 am
$
0
0
yhfguyfyufy{收件人信息1}haproxy@serverphorums.com

Grrrr.... warnings

April 1, 2018, 2:30 pm
$
0
0
Can someone tell me how I'm supposed to work around this one ?

gcc -Iinclude -Iebtree -Wall -O2 -march=native -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-unused-label -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSO_MARK=36 -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"1.9-dev0-495298-299\" -DCONFIG_HAPROXY_DATE=\"2018/03/21\" \
-DBUILD_TARGET='"linux2628"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"native"' \
-DBUILD_CC='"gcc"' \
-DBUILD_CFLAGS='"-O2 -march=native -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-unused-label -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSO_MARK=36"' \
-DBUILD_OPTIONS='"USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1"' \
-c -o src/haproxy.o src/haproxy.c

src/haproxy.c:1:1: warning: gcc has detected the presence of C code in this file. This language is potentially unsafe as it lets the developer do things that the compiler doesn't understand. Please upgrade to a new language, support will be deprecated in gcc-9. [-Wc-deprecated].

Thanks,
Willy
Search

Re: Grrrr.... warnings

April 1, 2018, 2:40 pm
$
0
0
Le 01/04/2018 à 23:24, Willy Tarreau a écrit :
> Can someone tell me how I'm supposed to work around this one ?

It seems a patch will be available at midnight :)

>
> gcc -Iinclude -Iebtree -Wall -O2 -march=native -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-unused-label -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSO_MARK=36 -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"1.9-dev0-495298-299\" -DCONFIG_HAPROXY_DATE=\"2018/03/21\" \
> -DBUILD_TARGET='"linux2628"' \
> -DBUILD_ARCH='""' \
> -DBUILD_CPU='"native"' \
> -DBUILD_CC='"gcc"' \
> -DBUILD_CFLAGS='"-O2 -march=native -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-unused-label -DBUFSIZE=8030 -DMAXREWRITE=1030 -DSO_MARK=36"' \
> -DBUILD_OPTIONS='"USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1"' \
> -c -o src/haproxy.o src/haproxy.c
>
> src/haproxy.c:1:1: warning: gcc has detected the presence of C code in this file. This language is potentially unsafe as it lets the developer do things that the compiler doesn't understand. Please upgrade to a new language, support will be deprecated in gcc-9. [-Wc-deprecated].
>
> Thanks,
> Willy
>


--
Cyril Bonté

Re: Grrrr.... warnings

April 1, 2018, 2:40 pm
$
0
0
On Sun, Apr 01, 2018 at 11:28:43PM +0200, Cyril Bonté wrote:
> Le 01/04/2018 à 23:24, Willy Tarreau a écrit :
> > Can someone tell me how I'm supposed to work around this one ?
>
> It seems a patch will be available at midnight :)

Cool, thanks, I'll wait then!

Willy

Re: 答复: proxy error 502

April 2, 2018, 6:00 am
$
0
0
Hi Ricky,

Probably found the anomaly in the filename header : vs = the header
should probably be "filename: a.pdf" instead of "filename= a.pdf"

[2.4.4-DEVELOPMENT][root@pfSe.localdomain]/root: echo "show errors" |
socat stdio /var/lib/haproxy/stats | head -n 30
Total events captured on [02/Apr/2018:14:42:10.603] : 2

[02/Apr/2018:14:40:57.817] backend app (#3): invalid response
  frontend main (#2), server app1 (#1), event #1
  src 192.168.0.40:49068, session #9, session flags 0x000004ce
  HTTP msg state MSG_HDR_NAME(17), msg flags 0x00000000, tx flags
0x28603000
  HTTP chunk len 0 bytes, HTTP body len 0 bytes
  buffer flags 0x80008002, out 0 bytes, total 15360 bytes
  pending 15360 bytes, wrapping at 16384, error at position 155:

  00000  HTTP/1.1 200 OK\r\n
  00017  Server: nginx\r\n
  00032  Date: Mon, 02 Apr 2018 12:40:57 GMT\r\n
  00069  Content-Type: application/pdf\r\n
  00100  Transfer-Encoding: chunked\r\n
  00128  Connection: close\r\n
  00147 filename=a.pdf: \r\n
  00165  Strict-Transport-Security: max-age=31536000\r\n
  00210  X-Content-Type-Options: nosniff\r\n
  00243  \r\n
  00245  1fb8\r\n
  00251  %PDF-1.5\r\n


Op 2-4-2018 om 5:22 schreef Xu Ricky:
>
> Thank you for your reply,    sorry ,I am not english.Probably not very
> accurate.
>
> http://exemple.com/pdf.php
>
> ·error 502I've been trying this for weeks.
>
> 1.But you can directly access nginx.
>
> 2.Haproxy+apache+php  is ok.
>
> 3.http://exemple.com/a.pdf http://exemple.com/a.pdfis ok.
>
> 4.Haproxy tcp proxy is ok.
>
> 5.
>
> /[root@t08 haproxy-1.8.5]# haproxy -f /etc/haproxy/haproxy.cfg -d///
>
> /Available polling systems :/
>
> /      epoll : pref=300,  test result OK/
>
> /       poll : pref=200,  test result OK/
>
> /     select : pref=150,  test result FAILED/
>
> /Total: 3 (2 usable), will use epoll./
>
> //
>
> /Available filters :/
>
> /       [SPOE] spoe/
>
> /       [COMP] compression/
>
> /       [TRACE] trace/
>
> /Using epoll() as the polling mechanism./
>
> /00000000:main.accept(0005)=0009 from [192.168.241.40:2787] ALPN=<none>/
>
> /00000001:main.accept(0005)=000a from [192.168.241.40:2788] ALPN=<none>/
>
> /00000000:main.clireq[0009:ffffffff]: GET ///pdf.phpHTTP/1.1/
>
> /00000000:main.clihdr[0009:ffffffff]: Host: 192.168.241.18/
>
> /00000000:main.clihdr[0009:ffffffff]: Connection: keep-alive/
>
> /00000000:main.clihdr[0009:ffffffff]: Cache-Control: max-age=0/
>
> /00000000:main.clihdr[0009:ffffffff]: Upgrade-Insecure-Requests: 1/
>
> /00000000:main.clihdr[0009:ffffffff]: User-Agent: Mozilla/5.0 (Windows
> NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/64.0.3282.140 Safari/537.36/
>
> /00000000:main.clihdr[0009:ffffffff]: Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8/
>
> /00000000:main.clihdr[0009:ffffffff]: Accept-Encoding: gzip, deflate/
>
> /00000000:main.clihdr[0009:ffffffff]: Accept-Language: zh-CN,zh;q=0.9/
>
> /00000000:app.srvcls[0009:adfd]/
>
> /00000000:app.clicls[0009:adfd]/
>
> /00000000:app.closed[0009:adfd]/
>
> /00000001:main.clicls[000a:ffffffff]/
>
> /00000001:main.closed[000a:ffffffff]/
>
> *发件人:*PiBa-NL [mailto:piba.nl.dev@gmail.com]
> *发送时间:*2018年3月31日1:20
> *收件人:*Xu Ricky <Xu.Binfeng@live.com>; haproxy@formilux.org
> *主题:*Re: proxy error 502
>
> Hi Ricky,
>
> Works for me with your configuration, mostly.
> Adding a bind to the frontend and using haproxy 1.8.3 (it doesn't
> allow the implicit bind on the frontend line itself..).
> Also added the fastcgi config and a empty mimetype file..
>
> [2.4.3-RELEASE][root@pfSe.localdomain
> <mailto:root@pfSe.localdomain>]/root: haproxy -f
> /root/XuRicky/haproxy.cfg -d
> Available polling systems :
>      kqueue : pref=300,  test result OK
>        poll : pref=200,  test result OK
>      select : pref=150,  test result FAILED
> Total: 3 (2 usable), will use kqueue.
>
> Available filters :
>         [TRACE] trace
>         [COMP] compression
>         [SPOE] spoe
> Using kqueue() as the polling mechanism.
> 00000000:main.accept(0005)=0009 from [192.168.0.40:56777] ALPN=<none>
> 00000001:main.accept(0005)=000a from [192.168.0.40:56778] ALPN=<none>
> 00000002:main.accept(0005)=000b from [192.168.0.40:56779] ALPN=<none>
> 00000000:main.clireq[0009:ffffffff]: GET /a.pdf HTTP/1.1
> 00000000:main.clihdr[0009:ffffffff]: Host: 192.168.0.133
> 00000000:main.clihdr[0009:ffffffff]: Connection: keep-alive
> 00000000:main.clihdr[0009:ffffffff]: Upgrade-Insecure-Requests: 1
> 00000000:main.clihdr[0009:ffffffff]: User-Agent: Mozilla/5.0 (Windows
> NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like G ecko)
> Chrome/65.0.3325.181 Safari/537.36
> 00000000:main.clihdr[0009:ffffffff]: Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*
> ;q=0.8
> 00000000:main.clihdr[0009:ffffffff]: Accept-Encoding: gzip, deflate
> 00000000:main.clihdr[0009:ffffffff]: Accept-Language:
> nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
> 00000000:app.srvrep[0009:000c]: HTTP/1.1 200 OK
> 00000000:app.srvhdr[0009:000c]: Server: nginx/1.12.2
> 00000000:app.srvhdr[0009:000c]: Date: Fri, 30 Mar 2018 12:52:26 GMT
> 00000000:app.srvhdr[0009:000c]: Content-Type: application/octet-stream
> 00000000:app.srvhdr[0009:000c]: Content-Length: 1625682
> 00000000:app.srvhdr[0009:000c]: Last-Modified: Thu, 29 Mar 2018
> 23:20:07 GMT
> 00000000:app.srvhdr[0009:000c]: Connection: close
> 00000000:app.srvhdr[0009:000c]: ETag: "5abd74a7-18ce52"
> 00000000:app.srvhdr[0009:000c]: Accept-Ranges: bytes
> 00000000:app.srvcls[0009:adfd]
> 00000001:main.clicls[000a:ffffffff]
> 00000001:main.closed[000a:ffffffff]
> 00000002:main.clicls[000b:ffffffff]
> 00000002:main.closed[000b:ffffffff]
> 00000003:main.clicls[0009:ffffffff]
> 00000003:main.closed[0009:ffffffff]
>
> Regards,
> PiBa-NL (Pieter)
>
> Op 30-3-2018 om 4:47 schreef Xu Ricky:
>
> Hi:
>
> File.zip (nginx haproxy php)
>
> ·I can't solve it ,please help me!thank you!
>
> #error
>
> 502 Bad Gateway The server returned an invalid or incomplete response.
>
> https://static.oschina.net/uploads/space/2018/0326/214155_DKqA_1441082.png
>

Re: Why maxconn value can have a negative value?

April 2, 2018, 7:50 am
$
0
0
Nikhil,

Am 26.03.2018 um 08:07 schrieb Nikhil Kapoor:
> Above output shows that maxconn value is "4294967295" which is taken randomly.

This is not random. What you are seeing is unsigned integer wrap around.
It's 4294967296 (2^32) added to your negative argument.

> Is this a bug? If not then why haproxy behaves abnormally for these values?
> Can we enhance the check for which will prompt user from not having a negative value of "maxconn" as done for others(such as "inter")?
>

While I was preparing a patch for this I noticed that variables called
`maxconn` are sometimes unsigned and sometimes signed.

Willy, global.maxconn is signed, while proxy.maxconn is unsigned. Is
this intentional?

Best regards
Tim Düsterhus

Re: Why maxconn value can have a negative value?

April 2, 2018, 7:50 am
$
0
0
Hi Tim,

On Mon, Apr 02, 2018 at 04:38:30PM +0200, Tim Düsterhus wrote:
> Nikhil,
>
> Am 26.03.2018 um 08:07 schrieb Nikhil Kapoor:
> > Above output shows that maxconn value is "4294967295" which is taken randomly.
>
> This is not random. What you are seeing is unsigned integer wrap around.
> It's 4294967296 (2^32) added to your negative argument.
>
> > Is this a bug? If not then why haproxy behaves abnormally for these values?
> > Can we enhance the check for which will prompt user from not having a negative value of "maxconn" as done for others(such as "inter")?
> >
>
> While I was preparing a patch for this I noticed that variables called
> `maxconn` are sometimes unsigned and sometimes signed.
>
> Willy, global.maxconn is signed, while proxy.maxconn is unsigned. Is this
> intentional?

Very likely not, I think that maxconn is 0 when not set, so most likely
it's a leftover from old code.

Willy
Viewing all 11674 articles
Browse latest View live
Search