Re: [ANNOUNCE] haproxy 1.5-dev3

Fri, 12 Nov 2010 06:51:40 -0800 

Le vendredi 12 novembre 2010 15:05:40, Willy Tarreau a écrit :
> On Fri, Nov 12, 2010 at 02:07:22PM +0100, Cyril Bonté wrote:
> > >   - support for binding to UNIX socket on the accept side. Haproxy can
> > >   
> > >     now receive connections over a UNIX socket. This is particularly
> > >     useful when combined with stunnel (we also have a patch for that
> > >     in the 'patches' directory).
> > 
> > First of all, it works :-) But using ab to stress stunnel+haproxy, I got
> > some "SSL read failed" errors (with at least 10 concurrent connections
> > on a laptop). I suspect it comes from ab and not from stunnel or
> > haproxy, but as soon as I go back to TCP instead of a UNIX socket, I
> > don't have these errors. I also tested stunnel+nginx with UNIX sockets,
> > still no error.
> > And replacing ab with httperf, it always works.
> 
> Do you know if keep-alive was involved in any of these tests ?

I tried both, It's easier to reproduce without keep-alive.
Actually, I also met the issue with httperf.

My configuration files :
# stunnel.conf
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
foreground=yes
pid=/var/run/stunnel.pid
unix-sockets-dir=/var/run
debug=3

[localhost-uxst]
cert = /home/cbonte/tmp/server.crt
key  = /home/cbonte/tmp/server.key
accept=0.0.0.0:8443
connect=/ssl.sock
TIMEOUTclose = 0
;sendproxy=yes

[localhost-tcp]
cert = /home/cbonte/tmp/server.crt
key  = /home/cbonte/tmp/server.key
accept=0.0.0.0:8444
connect=127.0.0.1:8080
TIMEOUTclose = 1
;sendproxy=yes

# haproxy.conf
global
        stats socket /var/run/haproxy.sock

defaults
        timeout server 60s
        timeout client 60s
        timeout connect 10s

listen https-in
        bind /var/run/ssl.sock user root mode 600 # accept-proxy
        bind :8080

        mode http
        #option http-server-close
        option httpclose
        stats enable

        server local localhost:80

Using the UNIX Socket 
httperf --server localhost --port 8443 --uri / --rate 100 --num-conn 1000 \
        --ssl --num-call 1
=> I see a lot of "readsocket: Invalid argument (22)" in stunnel

Using the TCP Socket 
httperf --server localhost --port 8444 --uri / --rate 100 --num-conn 1000 \
        --ssl --num-call 1
=> no error message

-- 
Cyril Bonté

Reply via email to