Invalid Content-Length in header

I am somewhat frustrated with putthing a software called ELOG behind HAProxy. I am running tons of services behind HAProxy in a Docker Swarm and everything works flawlessly but ELOG does not want to.

First: I have a working Docker image and the ELOG software is working properly when I run it as a standalone container or in a swarm. The problems arise when I put it behind HAProxy.

I currently have a live instance running using ELOG 3.1.4-3 (latest version at the moment) where one can see that creating a post causes a “Invalid Content-Length in header”
https://elog.test.km3net.de/demo/

I also contacted the ELOG forums, first last year with my first attempt running EOG 3.1.3 behind HAProxy, which always resulted in an infinte redirect-loop right after the user authentication. With an empty password file, it worked. We however need accounts…

I assume now that the problem lies in the ELOG software. It might be some wrongly implemented RFCs (see Invalid Content-Length) or some other bug. However, I did not get anything helpful out of the dev or the ELOG community so I thought I try to contact HAProxy experts, maybe there is a way to solve or debug this issue from this side.

Anyways, long story short, my configuration of HAProxy looks like this:

frontend default
    bind *:80
    bind *:443 ssl crt /etc/ssl/private/ # strict-sni

    # default_backend no-match

    http-request set-header X-Forwarded-For %[src]
    http-request redirect scheme https code 301 unless { ssl_fc }

    # this is experimental, to see if ELOG needs it => makes no difference
    # http-request set-header X-Forwarded-Proto https if { ssl_fc }
    #http-request set-header X-Forwarded-Proto http if !{ ssl_fc }

    reqadd X-Forwarded-Proto:\ https
    option http-server-close

    option forwardfor
    option httpclose

    # tons of acls and backends here, left out for clarity

    acl ACL_elog.km3net.de hdr(host) -i elog.test.km3net.de elog.km3net.de
    use_backend be_elog.km3net.de if ACL_elog.km3net.de

backend be_elog.km3net.de
    mode http
    server-template km3net-elog- 1 km3net-elog_elog:8080 check resolvers docker init-addr libc,none

and the only log entry in HAProxy I get when I hit “submit” on the web page is:

haproxy-service_haproxy.1.we522bmf647t@ecap-s029    | <150>Jan 25 14:38:41 haproxy[398]: 10.0.0.2:50792 [25/Jan/2023:14:38:41.332] default~ be_elog.km3net.de/km3net-elog-1 0/0/1/1/2 404 732 - - ---- 1/1/0/0/0 0/0 "POST /demo/ HTTP/1.1"

So there is some “404” for POST request, which I don’t know where it comes from.

By any chance, does anyone has a clue what I could do to get more information out of this?

The log entry indicates that it came in through the frontend called default, went through the backend be_elog.km3net.de and then hit the server km3net-elog-1. The four dashes “----” mean that HAProxy did not encounter an error in processing the request at all. This means that km3net-elog-1 returned the 404. I would check the logs on that server for details.

Source: HAProxy version 2.6.8 - Configuration Manual - 8.5: Termination States

Thanks, unfortunately there are no logs from ELOG, so it’s hard to see what’s going on.
Anyways, I have now put an Apache as reverse proxy between HAProxy and ELOG and it works (almost completely). I assume that ELOG does something weird which Apache is OK with but HAProxy not, but I can only speculate.