Hi Jim, The client sent a request over HTTP and HAProxy todl him to come back using HTTPS (status code 302 generated by HAProxy, frontend name not suffixed by a tild '~' which means connection in clear).
So no problem at all here. and LR code is normal in such situation, no resources exhaustion. Baptiste On Wed, Aug 7, 2013 at 5:10 AM, Jim Alateras <j...@comware.com.au> wrote: > We are looking at using HAProxy for SSL termination and dropping our reliance > on nginx. IIt seems to work for some instances but for others i get the > following type of others > > Aug 7 12:08:31 localhost haproxy[15807]: 121.219.244.144:60611 > [07/Aug/2013:12:08:31.191] http_global_secure http_global_secure/<NOSRV> > 10/-1/-1/-1/10 302 170 - - LR-- 2/2/0/0/0 0/0 "GET > /service/vizs/action/exec?media=json&_=1375837124050 HTTP/1.1" > Aug 7 12:08:43 localhost haproxy[15807]: 127.0.0.1:52602 > [07/Aug/2013:12:08:43.845] http_global_secure http_global_secure/<NOSRV> > 0/-1/-1/-1/0 302 133 - - LR-- 2/2/0/0/0 0/0 "POST /ringo/observations > HTTP/1.1" > > which from the documentation indicate some sort of resource exhaustion > problem 'LR' > > Here is my configuration > > global > log 127.0.0.1 local0 > maxconn 4096 > user haproxy > group haproxy > daemon > > defaults > mode http > log global > maxconn 4096 > option dontlognull > option redispatch > timeout connect 5s > timeout client 30s > timeout server 30s > > frontend http_global_insecure > bind :80 > > bind :443 ssl crt /etc/haproxy/server.pem > mode http > > option forwardfor > option http-server-close > option httplog > reqadd X-Forwarded-Proto:\ https > redirect scheme https if !{ ssl_fc } > > acl ringo_url path_beg /ringo > acl phoenix_url path_beg /phoenix > acl athena_url path_beg /athena > acl william_url path_beg /william > acl blowfish_url path_beg /blowfish > acl lenny_url path_beg /lenny > > use_backend ringo_server if ringo_url > use_backend phoenix_server if phoenix_url > use_backend athena_server if athena_url > use_backend william_server if william_url > use_backend blowfish_server if blowfish_url > use_backend lenny_server if lenny_url > default_backend ringo_server > > frontend blowfish_tcp > bind :35718 > mode tcp > timeout client 300s > backlog 4096 > maxconn 50000 > default_backend blowfish_tcp_servers > > > backend blowfish_tcp_servers > mode tcp > option log-health-checks > option redispatch > option tcplog > server blowfish_tcp1 127.0.0.1:36000 > timeout connect 1s > timeout queue 5s > timeout server 3600s > > backend ringo_server > server ringo1 127.0.0.1:8080 maxconn 512 > > backend phoenix_server > server phoenix1 127.0.0.1:8080 maxconn 512 > > backend athena_server > server athena1 127.0.0.1:8080 maxconn 512 > > backend william_server > server william1 127.0.0.1:8080 maxconn 512 > > backend blowfish_server > reqirep ^([^\ ]*)\ /blowfish/(.*) \1\ /\2 > server blowfish1 127.0.0.1:3333 maxconn 512 > > backend lenny_server > reqirep ^([^\ ]*)\ /lenny/(.*) \1\ /\2 > server lenny1 127.0.0.1:3000 maxconn 512 > > > Any thoughts, why i might be getting those errorsa. > > cheers > </jima> > > > > > >