Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-15801

Timeout on login with HTTP/2 on certain browsers



    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: 5.8.3, 5.8.4
    • Fix Version/s: None
    • Component/s: Web UI
    • Labels:
    • Environment:

      Ubuntu 16.04


      We encountered a timeout problem in our setup when calling the login page with certain browsers. Our Artifactory OSS (5.8.3) is served behind a HAProxy (1.8.3) with HTTP/2 enabled.

      We can definitely reproduce this error with Firefox version 58 and some of our colleagues mentioned Chromium 64, which we could not reproduce.

      Our analysis show that after calling /artifactory/webapp/#/login the 3 POST requests to /artifactory/ui/auth/loginRelatedData get a successful response in expected time. However, after each request Firefox waits until the connection is terminated by a HAProxy client timeout (60 seconds). All other requests do not show this behaviour and are completed as expected. After a successful login, the UI can be used normally.

      If we disable HTTP/2 in our HAProxy settings, the issue does not occur.

      So, this is either an issue in Firefox, HAProxy, or the used javascript file /artifactory/webapp/vendorScripts.739.js . Our HAProxy serves multiple sites with HTTP/2 without any issues (even with Firefox). As mentioned before, we could not find any other POST request to Artifactory that runs into such a wait-for-connection-close timeout.

      Sadly, there is no useful information in any of the log files. Artifactory runs on default settings, our HAProxy settings are the following:

        chroot  /var/lib/haproxy
        group  haproxy
        log /dev/log  len 2048 local1 info
        maxconn  4096
        pidfile  /var/run/haproxy.pid
        ssl-default-bind-ciphers  [...]
        ssl-default-bind-options  ssl-min-ver TLSv1.0
        ssl-default-server-ciphers [...]
        ssl-default-server-options  ssl-min-ver TLSv1.2
        tune.ssl.default-dh-param  2048
        user  haproxy
        fullconn  409
        log  global
        maxconn  4096
        mode  http
        option  redispatch
        option  abortonclose
        option  dontlognull
        option  httplog
        option  http-server-close
        option  forwardfor except
        option  logasap
        retries  3
        timeout  http-request 10s
        timeout  queue 1m
        timeout  connect 5s
        timeout  client 1m
        timeout  server 1m
      frontend ft_http_in
        mode http
        redirect scheme https code 301 if !{ ssl_fc }
      frontend ft_https_in
        bind ssl crt /etc/ssl/certs/bundle.crt.pem alpn h2,http/1.1
        mode http
        use_backend be_artifactory
      backend be_artifactory
        acl hdr_set_cookie_path res.hdr(Set-cookie) -m sub Path=/artifactory/
        acl a9y_path path_beg -i /artifactory/
        http-request add-header X-Artifactory-Override-Base-Url https://artifactory.example.com
        http-request redirect location https://%[hdr(host)]/webapp%[url] code 301 if { path / }
        http-request redirect location https://%[hdr(host)]%[url,regsub(^/artifactory,)] code 301 if a9y_path
        http-request set-uri https://%[req.hdr(host)]/artifactory%[path]?%[query] if !a9y_path
        option httpchk OPTIONS * HTTP/1.1\r\nHost:\ artifactory.example.com\r\nUser-Agent:\ HAProxy
        rspirep ^(Set-Cookie:.*)\ Path=(.*) \1\ Path=/ if hdr_set_cookie_path
        server artifactory artifactory:8081 check




            andreas.huebler Andreas Huebler
            0 Vote for this issue
            1 Start watching this issue