Re: Do I need more than HAProxy for SSL webserver

From: Holger Just <haproxy#meine-er.de>
Date: Thu, 11 Jun 2009 14:38:13 +0200


Erik Gulliksson wrote:
> On Wed, Jun 10, 2009 at 6:07 PM, Holger Just<haproxy#meine-er.de> wrote:

>>                                                          -----------
>>                                                    ---->| Backend 1 |
>>                                                   /      -----------
>>  ---------------         -------        --------- /       -----------
>> | teh Internets |------>| nginx |----->| HAProxy |------>| Backend 2 |
>>  ---------------  https  -------  http  --------- \ http  -----------
>>                                                   \      -----------
>>                                                    ---->| Backend 3 |
>>                                                          -----------

>
> I tried a similar setup with nginx 0.6.x a while back, but I ended up
> getting "411 Length Required" for requests without the Content-Length
> header. If I recall correctly a HTTP/1.1 client does not have to
> specify Content-Length when doing chunked encoding (TE: chunked)
> transfer, but nginx is not compliant with this. This is mainly an
> issue with PUT and POST requests. Did you bump into this or is it
> perhaps fixed in newer nginx?

Hi Erik!

Although, I have not observed that problem at our site yet (on nginx 0.5.x), it seems to be widely known. Nginx seems to not be compatible with the chunked encoding in PUT or POST requests.

I am not aware of any fix. A possible workaround would be to not use chunked encoding (or HTTP/1.0 which does not have that mechanism) :) Another possibility would be to not use nginx at all but to use stunnel. However, it has to be patched to support the X-Forwarded-For header.

--Holger Received on 2009/06/11 14:38

This archive was generated by hypermail 2.2.0 : 2009/06/11 14:45 CEST