[ceph-users] [rgw] civetweb behind haproxy doesn't work with absolute URI

Rudenko Aleksandr ARudenko at croc.ru
Thu Mar 29 00:42:06 PDT 2018

Hi friends.

I'm sorry, maybe it isn't bug, but i don't know how to solve this problem.

I know that absolute URIs are supported in civetweb and it works fine for me without haproxy in the middle.

But if client send absolute URIs through reverse proxy(haproxy) to civetweb, civetweb breaks connection without responce.

i set:

debug rgw = 20
debug civetweb = 10

but no any messgaes in civetweb logs(access, error) and in rgw logs.
in tcpdump i only see as rgw closes connection after request with absolute URI. Relative URIs in requests work fine with haproxy.

Docker registry v2.6.2, s3 driver based on aws-sdk-go/1.2.4 (go1.7.6; linux; amd64) uses absolute URI in requests.

s3 driver options of docker registry:

    region: us-east-1
    bucket: docker
    accesskey: 'access_key'
    secretkey: 'secret_key'
    regionendpoint: http://storage.my-domain.ru
    secure: false
    v4auth: true

ceph.conf for rgw instance:

    rgw dns name = storage.my-domain.ru<http://storage.my-domain.ru>
    rgw enable apis = s3, admin
    rgw dynamic resharding = false
    rgw enable usage log = true
    rgw num rados handles = 8
    rgw thread pool size = 256

    host = aj15
    keyring = /var/lib/ceph/radosgw/rgw.a.keyring
    rgw enable static website = true
    rgw frontends = civetweb authentication_domain=storage.my-domain.ru<http://storage.my-domain.ru> num_threads=128 port= access_log_file=/var/log/ceph/civetweb.rgw.access.log error_log_file=/var/log/ceph/civetweb.rgw.error.log
    debug rgw = 20
    debug civetweb = 10

very simple haproxy.cfg:

    chroot /var/empty
    # /log is chroot path
    log /haproxy-log local2

    pidfile /var/run/haproxy.pid

    user haproxy
    group haproxy

    ssl-default-bind-options no-sslv3
    ssl-dh-param-file /etc/pki/tls/dhparams.pem

    mode http
    log global

frontend s3

    bind *:80
    bind *:443 ssl crt /etc/pki/tls/certs/s3.pem crt /etc/pki/tls/certs/s3-buckets.pem

    use_backend rgw

backend rgw

    balance roundrobin

    server a aj15:7480 check fall 1
    server a aj16:7480 check fall 1

http haeder from tcpdump before and after haproxy:

GET http://storage.my-domain.ru/docker?max-keys=1&prefix= HTTP/1.1
Host: storage.my-domain.ru<http://storage.my-domain.ru>
User-Agent: aws-sdk-go/1.2.4 (go1.7.6; linux; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=user:user at cloud.croc.ru<mailto:user at cloud.croc.ru>/20180328/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=10043867bbb2833d50f9fe16a6991436a5c328adc5042556ce1ddf1101ee2cb9
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20180328T111255Z
Accept-Encoding: gzip

i don't understand how use haproxy and absolute URIs in requests(

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ceph.com/pipermail/ceph-users-ceph.com/attachments/20180329/f48ff82a/attachment.html>

More information about the ceph-users mailing list