Re: "option forceclose" analog for mode tcp

Wed, 11 Sep 2013 04:35:44 -0700 

Hi, everyone.
>
>Let me describe problem we faced. Haproxy is working as a frontend in
>mode tcp to an application servers. By some reason haproxy spawns a lot
>of tcp sockets in "CLOSE_WAIT" state on client side which seems never
>will be closed until haproxy restart. Here is netstat:

Are you saying that CLOSE_WAIT sockets are growing on the client, which
connects to HAProxy? If thats the case, then this is likely a bug in
the client application, not calling close().


Or is CLOSE_WAIT growing on the HAProxy box? If thats the case, please
clarify whether frontend or backend sockets are affected.
Sorry for ambiguity, I'm talking about HAproxy box, with frontend sockets which accepting client connections from internet. We are using mode tcp due to https traffic (https doesn't terminated on HAproxy box and forwarded to backend server) 


Also, please post your configuration so we can better understand what
you are actually doing and provide the output of "haproxy -vv", so we
know exactly what release of haproxy you are running.

haproxy -vv
HA-Proxy version 1.4.23 2013/04/03
Copyright 2000-2013 Willy Tarreau <[email protected]>
Build options :
TARGET  = linux2628
CPU     = generic
CC      = gcc
CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 
OPTIONS = USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Available polling systems :
sepoll : pref=400,  test result OK
epoll : pref=300,  test result OK
poll : pref=200,  test result OK
select : pref=150,  test result OK
Total: 4 (4 usable), will use sepoll.


haproxy.cfg

global
log stats:5555 daemon info
maxconn 520000
nosplice
user haproxy
group haproxy
daemon

defaults
log global
retries 3
maxconn 131072
timeout server 25s
timeout client 25s
timeout connect 25s
option tcplog

#####

listen LISTENER-SSL xxx.xxx.xxx.xxx:443
mode tcp
server backend-ssl yyy.yyy.yyy.yyy:443 source zzz.zzz.zzz.zzz check inter 30000 fall 3 

... <a lot of similar listeners>
####

listen statistics proxy-stats:18080
mode http
stats enable
stats uri /
stats realm haproxy\ statistics
stats auth admin:xxxxxxxx
stats hide-version

Reply via email to