Troubleshooting

Common questions

This guide isn’t intended to solve problems directly, but rather to lead you from a general problem to a specific one to be solved. This isn’t to replace the ability to ask our support team for help directly, just to give a direction to the questions, especially if you aren’t fully familiar with HAProxy Enterprise.

You receive a connection timeout response Jump to heading

Possible causes include:

  • HAProxy Enterprise has reached its global maxconn value of connections.

    Check the HAProxy Enterprise Stats page or Real Time Dashboard and see if the frontend section’s cur column, which indicates the number of current connections, is equal to the max column (or the same as the global settings in the top left of the page). This would indicate that the load balancer or its frontend are at the maximum connection limit (maxconn in the configuration) and that that number needs to be raised (or the reason it is at the limit otherwise investigated).

  • HAProxy Enterprise can’t be reached on the network

    If the logs don’t show anything, try using tcpdump on the load balancer server to see if it is receiving any SYN packets at all. Make this filter as specific as needed to keep it quiet enough to read. For example, host 192.168.122.14 and port 443 to restrict to a specific inbound IP address.

    nix
    tcpdump -vv -i any "port 80"
    nix
    tcpdump -vv -i any "port 80"
  • Other causes can be more complicated to troubleshoot, but may be discovered by checking the access logs in /var/log/hapee-2.9/.

You receive a connection refused response Jump to heading

Possible causes include:

  • HAProxy Enterprise is not running. Check the service with sudo systemctl status hapee-2.9-lb.
  • The connection reached the wrong server. Check whether traffic was received on another server.

You receive an empty response Jump to heading

  • Check the Stats page or Real Time Dashboard to see if the backend application may be down.
  • Check the HAProxy Enterprise logs to see the termination state code, which shows the reason that the connection was aborted.

You receive a 503 Service Unavailable response Jump to heading

  • Check the Stats page or Real Time Dashboard to see if the backend application may be marked as down.

    On the Stats page, check for any backends with all servers colored red. If you see any, you can mouse over the LastChk column value with its dotted underline to get a more specific reason for the failure. Alternatively, you can grep for is DOWN in the access or admin logs to find a message with the same information. You can also grep for 503.

  • If the logs show the backend name being the same as the frontend name, check if the frontend has a default_backend line. If it doesn’t, it’s possible that none of the use_backend lines matched the request. Requests that fall out of a frontend without matching a use_backend or default_backend rule return a 503 response.

    Once you’ve found the line in the logs, look at the termination state code to see why the request failed.

You receive a 504 Gateway Timeout response Jump to heading

  • Check the access logs to see why HAProxy Enterprise timed out while waiting for the server to respond. If curl works fine but problems still exist, the next step is to find out what the difference is. For example, SSL cipher/protocol mismatches.

HAProxy Enterprise fails to restart or reload Jump to heading

  • The load balancer configuration may have a syntax error. Check the status of the service:

    nix
    systemctl status hapee-2.9-lb
    nix
    systemctl status hapee-2.9-lb

    Or display the recent log entries:

    nix
    tail -n50 /var/log/messages
    nix
    tail -n50 /var/log/messages

    Look for lines that begin with [ALERT], such as:

    nix
    Mar 31 13:04:09 rhel8vm hapee-lb[3055]: [ALERT] 090/130409 (3055) : parsing [/etc/hapee-2.9/hapee-lb.cfg:123] : unknown keyword 'hxtp-request' in 'frontend' section
    nix
    Mar 31 13:04:09 rhel8vm hapee-lb[3055]: [ALERT] 090/130409 (3055) : parsing [/etc/hapee-2.9/hapee-lb.cfg:123] : unknown keyword 'hxtp-request' in 'frontend' section

    There may be multiple alert lines, but the first one is the most urgent.

  • If the error mentions not being able to bind to a socket and this is a passive node in a VRRP cluster and HAProxy Enterprise is configured to bind to a specific IP address, check that the sysctl option net.ipv4.ip_nonlocal_bind is set to 1. Usually, you can do this by uncommenting the line in the sysctl file HAProxy Enterprise ships with in /etc/sysctl.d/30-hapee-2.9.conf.

Do you have any suggestions on how we can improve the content of this page?