We had something similar recently. We had to disable "rgw dns name" in the end. Sean On Thu, 29 Mar 2018, Rudenko Aleksandr said: > > Hi friends. > > > I'm sorry, maybe it isn't bug, but i don't know how to solve this problem. > > I know that absolute URIs are supported in civetweb and it works fine for me without haproxy in the middle. > > But if client send absolute URIs through reverse proxy(haproxy) to civetweb, civetweb breaks connection without responce. > > i set: > > debug rgw = 20 > debug civetweb = 10 > > > but no any messgaes in civetweb logs(access, error) and in rgw logs. > in tcpdump i only see as rgw closes connection after request with absolute URI. Relative URIs in requests work fine with haproxy. > > Client: > Docker registry v2.6.2, s3 driver based on aws-sdk-go/1.2.4 (go1.7.6; linux; amd64) uses absolute URI in requests. > > s3 driver options of docker registry: > > s3: > region: us-east-1 > bucket: docker > accesskey: 'access_key' > secretkey: 'secret_key' > regionendpoint: http://storage.my-domain.ru > secure: false > v4auth: true > > > ceph.conf for rgw instance: > > [client] > rgw dns name = storage.my-domain.ru<http://storage.my-domain.ru> > rgw enable apis = s3, admin > rgw dynamic resharding = false > rgw enable usage log = true > rgw num rados handles = 8 > rgw thread pool size = 256 > > [client.rgw.a] > host = aj15 > keyring = /var/lib/ceph/radosgw/rgw.a.keyring > rgw enable static website = true > rgw frontends = civetweb authentication_domain=storage.my-domain.ru<http://storage.my-domain.ru> num_threads=128 port=0.0.0.0:7480 access_log_file=/var/log/ceph/civetweb.rgw.access.log error_log_file=/var/log/ceph/civetweb.rgw.error.log > debug rgw = 20 > debug civetweb = 10 > > > very simple haproxy.cfg: > > global > chroot /var/empty > # /log is chroot path > log /haproxy-log local2 > > pidfile /var/run/haproxy.pid > > user haproxy > group haproxy > daemon > > ssl-default-bind-options no-sslv3 > ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > ssl-dh-param-file /etc/pki/tls/dhparams.pem > > defaults > mode http > log global > > frontend s3 > > bind *:80 > bind *:443 ssl crt /etc/pki/tls/certs/s3.pem crt /etc/pki/tls/certs/s3-buckets.pem > > use_backend rgw > > backend rgw > > balance roundrobin > > server a aj15:7480 check fall 1 > server a aj16:7480 check fall 1 > > > http haeder from tcpdump before and after haproxy: > > GET http://storage.my-domain.ru/docker?max-keys=1&prefix= HTTP/1.1 > Host: storage.my-domain.ru<http://storage.my-domain.ru> > User-Agent: aws-sdk-go/1.2.4 (go1.7.6; linux; amd64) > Authorization: AWS4-HMAC-SHA256 Credential=user:user@xxxxxxxxxxxxx<mailto:user@xxxxxxxxxxxxx>/20180328/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=10043867bbb2833d50f9fe16a6991436a5c328adc5042556ce1ddf1101ee2cb9 > X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 > X-Amz-Date: 20180328T111255Z > Accept-Encoding: gzip > > i don't understand how use haproxy and absolute URIs in requests( > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |