Site running slow

Fri, 05 Feb 2010 13:03:30 -0800 

Hi,
Setup haproxy 1.3.22 with stunnel 4.22 + OpenSSL 0.9.7m and runs well with a 
few internal users.  I run this setup on a P4 with 1Gb of Ram and with a few 
users am left with about 750Mb of free Ram.

After deployment of the site and heavy traffic I noticed free mem going down to 
45Mb, occasionally lower than that then goes back to 45Mb.  The site was 
brought to a standstill and eventually I had to route straight into 1 webserver.

I noticed the following entries in stunnel:
2010.02.05 21:04:00 LOG3[4030:139813211576080]: SSL_read: Connection reset by 
peer (104)
2010.02.05 21:05:25 LOG3[4030:139813211576080]: connect_wait: getsockopt: 
Connection refused (111)
2010.02.05 21:10:40 LOG3[4030:139813211645712]: SSL_accept: Peer suddenly 
disconnected
2010.02.05 21:12:11 LOG3[4030:139813211576080]: SSL_read: Connection reset by 
peer (104)
2010.02.05 21:12:12 LOG3[4030:139813211576080]: SSL socket closed on SSL_read 
with 7468 byte(s) in buffer
2010.02.05 21:12:12 LOG3[4030:139813211576080]: SSL socket closed on SSL_read 
with 16384 byte(s) in buffer
2010.02.05 21:12:12 LOG3[4030:139813211576080]: SSL socket closed on SSL_read 
with 16384 byte(s) in buffer
2010.02.05 21:12:15 LOG3[4030:139813211645712]: SSL_read: Connection reset by 
peer (104)
2010.02.05 21:12:28 LOG3[4030:139813211576080]: SSL_accept: Peer suddenly 
disconnected
2010.02.05 21:17:28 LOG3[4030:139813211576080]: SSL_read: Connection reset by 
peer (104)
2010.02.05 21:17:32 LOG3[4030:139813211645712]: SSL_read: Connection reset by 
peer (104)
2010.02.05 21:17:34 LOG3[4030:139813211576080]: SSL socket closed on SSL_read 
with 2385 byte(s) in buffer
2010.02.05 21:17:38 LOG3[4030:139813211576080]: SSL socket closed on SSL_read 
with 2385 byte(s) in buffer

My stunnel.conf:
#setuid=stunnel
#setgid=proxy

debug = 3
output = /var/log/stunnel.log

socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1

[https]
accept=10.0.1.50:443
connect=10.0.1.50:80
TIMEOUTclose=0
xforwardedfor=yes

and haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon
#       debug
        #quiet

defaults
        log     global
        mode    http
#       option  httplog
        option  dontlognull
        retries 3
        option redispatch
        maxconn 4096
        contimeout      5000
        clitimeout      150000
        srvtimeout      30000


listen loadbalancer :80
                mode http
                balance roundrobin
                option forwardfor
                option httpclose
                cookie SERVERID insert indirect nocache
                server WEB01 10.0.1.108:80 cookie A check inter 5000
                server WEB05 10.0.1.109:80 cookie B check inter 5000


listen statistics 10.0.1.50:8080
        stats enable
        stats auth stats:stats
        stats uri /


The clues I think run in stunnel's logs, in particular: 
SSL_accept: Peer suddenly disconnected 
&
SSL_read: Connection reset by peer (104)

Is there some setting I am missing in haproxy that could alleviate the problem 
or is it just a question of putting more physical ram in?  

Thanks in advance.

Reply via email to