Pdf files not loading through HaProxy


#1

Hi all,

i have setup haproxy with ssl enabled , when i opened pdf files from direct webserver it is working fine with https. when my connection goes through haproxy load balancer pdf’s files are not loading …
i dont what is the issue.

here is my haproxy config:

global
log /dev/log local0 info
log /dev/log local1 notice
stats timeout 30s
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048

defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

frontend http_front
bind *:80
bind *:443 ssl crt /etc/httpd/ssl/bbnl.pem
option forwardfor
default_backend http_back
reqadd X-Forwarded-Proto:\ https
redirect scheme https if !{ ssl_fc }
stats uri /haproxy?stats

backend http_back
cookie SERVERUSED insert indirect nocache
balance roundrobin
server webserver3 X.X.X.X:80 check cookie webserver3
server webserver3 X.X.X.X:80 check cookie webserver4

thanks in advance
Prasanth


#2

Please provide the output of haproxy -vv and the log line of that specific request.

Can you download the pdf files through wget and compare whether they are truncated or corrupted? Also, is the browser showing any errors?


#3

here is my haproxy -vv
HA-Proxy version 1.8.9-83616ec 2018/05/18
Copyright 2000-2018 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-unused-label
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace


#4

after increasing timeout in haproxy.cfg pdf is working. it is taking too much to time load but in my production with 10 sec everything gets done which is connecting to the same database . even current testing machine has more resource than production . main difference is production centos 6 -apache 2.2 ,current is centos 7 with apache 2.4.


#5

I can only comment on that when you tell which timeout you increased, and what the haproxy error log was when closing the connection because of a timeout.


#6

thanks for the reply lukastribus
i was getting error from httpd "504 Gateway Timeout Error ".

but now i am facing a new issue when i generate pdf my brand logo not loading in my pdf bill. it is /var/www/html itself. it is jpg and png files.
is there any new config need to add for that.

thanks in advance
Prasanth


#7

HI ,
actually i am not seeing any error in haprxoy log and even apache server log.
only jpg logo images not loading in haproxy . when i directly connect apache server it is working fine… what might be the issue.
can any one tell me.
Regards
Prasanth


#8

If you are not seeing logs it means either the request does not go through where you think it goes through, or logging is miss-configured.

Make sure you used debug level logging and all the logging data.