Can someone please clarify which timeouts have to be configured for Server-Sent-Events to work?
There is no explicit reference to SSE in the documentation and after implementing multiple recommendations, e.g., How can I configure HAProxy to work with server sent events? it appears that the settings timeout tunnel, server-fin, client-fin that people suggest have no impact whatsoever.
Timeout client and timeout server let SSE work when their value, e.g., 60 seconds, is higher than the heartbeat frequency, e.g., 45 seconds, at which the backend server produces a CommentEvent in case that no data exists to be sent to the client.
However, Server-Sent-Events won’t work if, e.g., I send ping events every 60 seconds, but the timeout client and timeout server are 45 seconds (regardless of the values of timeout tunnel, timeout server-fin, timeout client-fin).
I was expecting the timeout tunnel (or something similar) to work for SSE and bypass client and server timeout like it’s supposed to do for Websockets, but it looks like timeout client and timeout server are the only settings that work…
Is this the intended behaviour? What’s the recommended configuration if I want to have high event update intervals for Server-Sent-Events, e.g., send a ping event only every 5 minutes if no data is available, ideally whilst maintaining lower timeouts for everything else ?
I’ve pasted configuration below. The behaviour is exactly the same whether I use haproxy 1.9.8 or 2.0.2, HTTP/2 or not, etc.
Thanks in advance!
global
daemon
log stdout local0
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
ssl-default-bind-ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
ssl-default-server-ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-dh-param-file /etc/haproxy/dhparam.pem
defaults
log global
mode http
option httplog
option http-server-close
option http-use-htx
timeout connect 3s
# Only when I increase these 2 from 5s to n minutes it works (but it affects other requests than SSE as the sse backend also handles POST/PUT/DELETE requests that have nothing to do with Server-Sent-Events and for which I'd like to maintain the lower 5 secs timeouts)
timeout client 5s
timeout server 5s
# These below don't do anything for SSEs?
timeout client-fin 10m
timeout server-fin 10m
timeout tunnel 10m
frontend https-in
bind :443 ssl crt /somedir/server.pem alpn h2,http/1.1
bind :80
redirect scheme https if !{ ssl_fc }
acl sse_url path /sse
use_backend sse if sse_url
default_backend otherstuff
backend otherstuff
server other1 some-ip:3000 check ssl verify none
backend sse
server sse1 some-ip:3001 check ssl verify none