We have been using haproxy for a long time and it has been an excellent addition to our enterprise. Our Application Development is working to migrate their web applications to Server 2019. We started testing in Dev and are seeing inconsistent behavior where the browser will connect sometimes and won’t at other times. Clearing cache doesn’t seem to help and it doesn’t seem to matter if we’re using Firefox, Chrome or Edge.
The target configuration will initially support 2 groups of servers (for the 2012 env) and 2 groups for the 2019 env). Each application will have it’s own path. It’s all port 80 for now but once this is all working, we’ll add port 443 over time. My haproxy configuration represents this by using ACLs for the host name, the port and then the path. From those, a backend is selected.
The Dev/UAT NLB is running HAProxy 2.3.10 on Fedora Linux.
The testing configuration I’m using is below. This represents only one of the initial 12 (out of approximately 65) applications as we’ve chosen to focus on this one for now.
global daemon user haproxy group haproxy maxconn 2048 log 127.0.0.1 local2 defaults log global mode http # option httplog option tcplog option dontlognull option log-health-checks timeout connect 5000ms timeout client 50000ms timeout server 50000ms stats enable stats refresh 30s stats show-node stats auth hapstats:*** stats uri /HAProxyStats errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend https-in-VIP9-AD-APPENV-DEV bind 10.14.164.31:80 bind 10.14.164.31:443 mode tcp option tcplog no option http-server-close timeout client 1m acl Host_AD_AppEnv_DEV hdr_beg(host) -i treasweb-dev acl Host_AD_AppEnvFnet_DEV hdr_beg(host) -i treaswebfnet-dev acl port80 dst_port 80 acl port443 dst_port 443 acl DoresPATS_DEV path /PATS use_backend Cluster_AD_APPENV2019_DEV if port80 Host_AD_AppEnv_DEV DoresPATS_DEV # Implied AND between ACLs backend Cluster_AD_APPENV2019_DEV mode tcp mode http balance roundrobin server trevdevweb1 trevdevweb1 maxconn 64
What will happen is that if I go to treasweb-dev/PATS, it will often work initially, then we’ll get 502s or 504s. Am I thinking about this the wrong way or am I missing something in terms of how haproxy is interacting with the browsers and servers? Any help would be greatly appreciated.