2

I have a very specific business need that requires an embedded device to make an initial HTTP request and receive an HTTP response through HA Proxy in front of a set of custom backend servers. Then, on the same socket it established through HA Proxy, communicate over a custom TCP protocol for the rest of the socket's lifetime (which usually will last for days).

My initial thinking was that the http-tunnel option on HA Proxy would be the perfect fit for this even though it's deprecated. Specifically, it states:

Option "http-tunnel" disables any HTTP processing past the first request and
the first response. This is the mode which was used by default in versions
1.0 to 1.5-dev21. It is the mode with the lowest processing overhead, which
is normally not needed anymore unless in very specific cases such as when
using an in-house protocol that looks like HTTP but is not compatible, or
just to log one request per client in order to reduce log size. Note that
everything which works at the HTTP level, including header parsing/addition,
cookie processing or content switching will only work for the first request
and will be ignored after the first response.

So I tried setting up my HA proxy server to use http-tunnel mode. Here's a simplified config I tried:

frontend _front_http
    mode http
    bind :80
    option httplog
    option http-tunnel
    use_backend default_sleep-server_8080
    default_backend _error404

backend default_sleep-server_8080
    mode http
    option forwardfor
    option http-tunnel
    http-response set-header Strict-Transport-Security "max-age=15768000"
    server srv001 10.244.0.80:8080 weight 1 check inter 2s
    server srv002 10.244.0.81:8080 weight 1 check inter 2s
    server srv003 10.244.0.82:8080 weight 1 check inter 2s

defaults
    log global
    maxconn 2000
    option redispatch
    option dontlognull
    option http-server-close
    option http-keep-alive
    timeout client          50s
    timeout client-fin      50s
    timeout connect         5s
    timeout http-keep-alive 1m
    timeout http-request    5s
    timeout queue           5s
    timeout server          50s
    timeout server-fin      50s
    timeout tunnel          1h
    no option http-server-close

I also played around with only having http-tunnel turned on for the frontend or for the backend.

Any method I tried, I ran into the same issue. The initial HTTP request/response works as intended (i.e., hits the HA Proxy frontend, gets forwarded to the backend, backend crafts a response which gets sent down the client, socket stays open). But, for the subsequent packets that my client sends on the existing socket, those packets go directly to the HTTP server but are never forwarded to the backend server. I've verified this using TCP Dump -- all I see are the TCP packets hitting the frontend port, never any response sent back to the client or forwarding of those packets elsewhere.

Is there something wrong with my http-tunnel setup? Or am I using the completely wrong option here? I know there are likely other tools that can achieve this better but for domain-specific purposes it'd be great to be able to use HA Proxy.

CC BY-SA 4.0
Improve this question

1 Answer 1

Reset to default
0

From the documentation link

Warning : Because it cannot work in HTTP/2, this option is deprecated and it
is only supported on legacy HTTP frontends. In HTX, it is ignored and a
warning is emitted during HAProxy startup.

I would try to set no option http-use-htx in the frontend.

As the text above mention it is this option deprecated, which means with 2.1 and above does not exist this option, AFAIK.

CC BY-SA 4.0
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.