[FIXED] how to prevent 502 status code as response by haproxy as load balancer

Issue

I have 3 server:

server (A)= a nginx(port 80) as reverse proxy to kestler (5000 port)
server (B)= a nginx(port 80) as reverse proxy to kestler (5000 port)
server (C)= a HAProxy as load balancer for port 80 of server (A) and (B)
and server A & B are quite similar.

every things works very well and haproxy forwards requests to server (A) & (B), but if kestrel in one of servers (e.g. A) be killed, nginx respond 502 bad gateway error and haproxy not detect this issue and still redirect requests to it, and this is mistake! it must redirect requests to server (B) in this time.

global
    log 127.0.0.1 local2 info
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    log global
    mode http
    option httplog
    option dontlognull
    option redispatch
    retries 3
    timeout connect 5s
    timeout client 50s
    timeout server 50s
    stats enable
    stats hide-version
    stats auth admin:admin
    stats refresh 10s
    stats uri /stat?stats

frontend http_front
    bind *:80
    mode http
    option httpclose
    option forwardfor
    reqadd X-Forwarded-Proto:\ http
    default_backend http_back

backend http_back
    balance roundrobin
    mode http
    cookie SERVERID insert indirect nocache
    server ServerA 192.168.1.2:80 check cookie ServerA
    server ServerB 192.168.1.3:80 check cookie ServerB

How Can I resolve this issue? thanks very much.

Solution

You are only checking whether nginx is running, not whether the application is healthy enough to use.

In the backend, add option httpchk.

option httpchk GET /some/path HTTP/1.1\r\nHost:\ example.com

Replace some path with a path that will prove whether the application is usable on that server if it returns 200 OK (or any 2xx or 3xx response), and replace example.com with the HTTP Host header the application expects.

option httpchk

By default, server health checks only consist in trying to establish a TCP connection. When option httpchk is specified, a complete HTTP request is sent once the TCP connection is established, and responses 2xx and 3xx are considered valid, while all other ones indicate a server failure, including the lack of any response.

This will mark the server as unhealthy if the app is not healthy, so HAProxy will stop sending traffic to it. You will want to configure a check interval for each server using inter and downinter and fastinter options on each server entey to specify how often HAProxy should perform the check.

Answered By - Michael - sqlbot

Answer Checked By - Terry (PHPFixing Volunteer)

Read More

[FIXED] Why nginx's proxy_pass does not direct to asp.net core app?

Issue

I am deploying an angular app with asp.net core 2.2 api to Ubuntu 18.10 using nginx. With the following nginx configuration in the default file I get the client app working ok, but the api app cannot be found. Nginx returns 400 code.

While when I'm checking it locally with curl, it responds:

But when I'm checking from the outside (curl -v myapp.net/api/user/get) the response is:

/etc/nginx/sites-available/default

server {
    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name myapp.net www.myapp.net;

        # where the client app
    location / {
        rewrite ^/(.*) /$1 break;
        proxy_pass http://127.0.0.1:444;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
    }

        # where the api app
    location /api/ {
        proxy_pass http://127.0.0.1:555/;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/myapp.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myapp.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot 

}

server {
    if ($host = myapp.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = www.myapp.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;
    listen [::]:80 default_server;

    server_name myapp.net www.myapp.net;
    return 404; # managed by Certbot
}

There's also Let's Encrypt certificate installed which seems to work okay.

The error.log contents:

2019/04/20 14:46:17 [debug] 6311#6311: accept on 0.0.0.0:80, ready: 0
2019/04/20 14:46:17 [debug] 6311#6311: posix_memalign: 000055A547F0BF40:512 @16
2019/04/20 14:46:17 [debug] 6311#6311: *11 accept: 178.128.x.x:44294 fd:3
2019/04/20 14:46:17 [debug] 6311#6311: *11 event timer add: 3: 60000:75522395
2019/04/20 14:46:17 [debug] 6311#6311: *11 reusable connection: 1
2019/04/20 14:46:17 [debug] 6311#6311: *11 epoll add event: fd:3 op:1 ev:80002001
2019/04/20 14:46:17 [debug] 6311#6311: *11 http wait request handler
2019/04/20 14:46:17 [debug] 6311#6311: *11 malloc: 000055A547EE91D0:1024
2019/04/20 14:46:17 [debug] 6311#6311: *11 recv: eof:0, avail:1
2019/04/20 14:46:17 [debug] 6311#6311: *11 recv: fd:3 90 of 1024
2019/04/20 14:46:17 [debug] 6311#6311: *11 reusable connection: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 posix_memalign: 000055A547F08C60:4096 @16
2019/04/20 14:46:17 [debug] 6311#6311: *11 http process request line
2019/04/20 14:46:17 [debug] 6311#6311: *11 http request line: "GET /api/user/get/null HTTP/1.1"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http uri: "/api/user/get/null"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http args: ""
2019/04/20 14:46:17 [debug] 6311#6311: *11 http exten: ""
2019/04/20 14:46:17 [debug] 6311#6311: *11 posix_memalign: 000055A547F33220:4096 @16
2019/04/20 14:46:17 [debug] 6311#6311: *11 http process request header line
2019/04/20 14:46:17 [debug] 6311#6311: *11 http header: "Host: myapp.net"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http header: "User-Agent: curl/7.61.0"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http header: "Accept: */*"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http header done
2019/04/20 14:46:17 [debug] 6311#6311: *11 event timer del: 3: 75522395
2019/04/20 14:46:17 [debug] 6311#6311: *11 generic phase: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 rewrite phase: 1
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script var
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script var: "myapp.net"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script value: "myapp.net"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script equal
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script if
2019/04/20 14:46:17 [debug] 6311#6311: *11 http set discard body
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script copy: "https://"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script var: "myapp.net"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http script var: "/api/user/get/null"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http finalize request: 301, "/api/user/get/null?" a:1, c:1
2019/04/20 14:46:17 [debug] 6311#6311: *11 http special response: 301, "/api/user/get/null?"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http set discard body
2019/04/20 14:46:17 [debug] 6311#6311: *11 xslt filter header
2019/04/20 14:46:17 [debug] 6311#6311: *11 HTTP/1.1 301 Moved Permanently
Server: nginx/1.15.5 (Ubuntu)
Date: Sat, 20 Apr 2019 14:46:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://myapp.net/api/user/get/null

2019/04/20 14:46:17 [debug] 6311#6311: *11 write new buf t:1 f:0 000055A547F33600, pos 000055A547F33600, size: 219 file: 0, size: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 http write filter: l:0 f:0 s:219
2019/04/20 14:46:17 [debug] 6311#6311: *11 http output filter "/api/user/get/null?"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http copy filter: "/api/user/get/null?"
2019/04/20 14:46:17 [debug] 6311#6311: *11 image filter
2019/04/20 14:46:17 [debug] 6311#6311: *11 xslt filter body
2019/04/20 14:46:17 [debug] 6311#6311: *11 http postpone filter "/api/user/get/null?" 000055A547F09C48
2019/04/20 14:46:17 [debug] 6311#6311: *11 write old buf t:1 f:0 000055A547F33600, pos 000055A547F33600, size: 219 file: 0, size: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 write new buf t:0 f:0 0000000000000000, pos 000055A547899AE0, size: 116 file: 0, size: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 write new buf t:0 f:0 0000000000000000, pos 000055A547899DE0, size: 62 file: 0, size: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 http write filter: l:1 f:0 s:397
2019/04/20 14:46:17 [debug] 6311#6311: *11 http write filter limit 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 writev: 397 of 397
2019/04/20 14:46:17 [debug] 6311#6311: *11 http write filter 0000000000000000
2019/04/20 14:46:17 [debug] 6311#6311: *11 http copy filter: 0 "/api/user/get/null?"
2019/04/20 14:46:17 [debug] 6311#6311: *11 http finalize request: 0, "/api/user/get/null?" a:1, c:1
2019/04/20 14:46:17 [debug] 6311#6311: *11 set http keepalive handler
2019/04/20 14:46:17 [debug] 6311#6311: *11 http close request
2019/04/20 14:46:17 [debug] 6311#6311: *11 http log handler
2019/04/20 14:46:17 [debug] 6311#6311: *11 free: 000055A547F08C60, unused: 8
2019/04/20 14:46:17 [debug] 6311#6311: *11 free: 000055A547F33220, unused: 2553
2019/04/20 14:46:17 [debug] 6311#6311: *11 free: 000055A547EE91D0
2019/04/20 14:46:17 [debug] 6311#6311: *11 hc free: 0000000000000000
2019/04/20 14:46:17 [debug] 6311#6311: *11 hc busy: 0000000000000000 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 tcp_nodelay
2019/04/20 14:46:17 [debug] 6311#6311: *11 reusable connection: 1
2019/04/20 14:46:17 [debug] 6311#6311: *11 event timer add: 3: 65000:75527395
2019/04/20 14:46:17 [debug] 6311#6311: *11 http keepalive handler
2019/04/20 14:46:17 [debug] 6311#6311: *11 malloc: 000055A547EE91D0:1024
2019/04/20 14:46:17 [debug] 6311#6311: *11 recv: eof:1, avail:1
2019/04/20 14:46:17 [debug] 6311#6311: *11 recv: fd:3 0 of 1024
2019/04/20 14:46:17 [info] 6311#6311: *11 client 178.128.x.x closed keepalive connection
2019/04/20 14:46:17 [info] 6311#6311: *11 client 178.128.x.x closed keepalive connection
2019/04/20 14:46:17 [debug] 6311#6311: *11 close http connection: 3
2019/04/20 14:46:17 [debug] 6311#6311: *11 event timer del: 3: 75527395
2019/04/20 14:46:17 [debug] 6311#6311: *11 reusable connection: 0
2019/04/20 14:46:17 [debug] 6311#6311: *11 free: 000055A547EE91D0
2019/04/20 14:46:17 [debug] 6311#6311: *11 free: 000055A547F0BF40, unused: 136

What I have already tried:

1. playing with slashes in location and proxy_pass;
2. commenting out include /etc/nginx/sites-enabled/*; in nginx.conf

Solution

Your screen shots showed two pieces of important information.

1. The ASP.NET Core app expects the incoming requests at http://localhost:555, and the Host header should be localhost:555.
2. Your nginx conf at that time was passing myapp.net as Host header.

To fix the conf, I suggested you change the Host header to pass to upstream server, and it seems to work.

Answered By - Lex Li

Answer Checked By - Cary Denson (PHPFixing Admin)

Read More