Re: nginx 400 status code sometimes reported as 502 in haproxy

From: Willy Tarreau <w#1wt.eu>
Date: Thu, 9 Jul 2009 17:16:26 +0200


On Thu, Jul 09, 2009 at 04:47:23PM +0200, Jean-Baptiste Quenot wrote:
> I could reproduce the issue in a test setup. Haproxy is running on
> port 80 and nginx on port 83. The client sends a very long cookie
> header value (4104 bytes). I used "tcpdump -s 0 -i lo -w dump port
> 83", loaded the dump in wireshark and exported as plain text to
> produce a readable output. Everytime I reload the page there are two
> HTTP requests, one for "/" and one for "/favicon.ico". After a random
> number of reloads, haproxy sends a 502 instead of displaying the 400
> error. I tried with and without option httpclose, it doesn't change
> the behavior.

how did you compile your haproxy ? could you run "haproxy -vv" ? That large a cookie might sometimes hit the buffer limit (which by default is 8kB).

> Please find attached the TCP packets involved.

Could you please send the pcap file instead, it's more readable for me :-)

> In the normal "GET /" case, at the end of the request we have:
>
> nginx: RST, ACK
> haproxy: ACK
> nginx: RST

that's interesting because an RST means that a packet was received for a non-existing connection, typically something which was closed during the transfer. I find it strange that nginx sends you an RST during a transfer, it means it has already closed, which is not really expected (or maybe its request buffer size is close to the request size too).

> However in the last "GET /" we have:
>
> nginx: RST, ACK
> haproxy: RST, ACK
>
> Or maybe I'm misinterpreting the various pieces of information...?

I think we will find everything in your trace, we're close to explain what you observe.

> Advice from a TCP expert is necessary :-)

:-)

Regards,
Willy Received on 2009/07/09 17:16

This archive was generated by hypermail 2.2.0 : 2009/07/09 17:30 CEST