Hi there,
Thanks for the great SSL support in 1.5, keep up the good work! My exact
version is 1.5~dev19.
I'm using SSL a lot for corporate use, and notice some performance issues
with an ajax-intensive application. I checked in Chrome's developer
console that keep alive headers are properly used and returned by haproxy
(content-length), however I notice in haproxy logs that a new port is used
for each request, which means connections are not reused IIUC:
Dec 22 23:35:15 127.0.0.1 haproxy[32673]:
90.84.144.124:4989[22/Dec/2013:23:35:13.742] ocw_ssl~ ocw2/ocw2
1558/0/1/14/1573 200 1525 - -
---- 1/1/0/0/0 0/0 "POST /web/dataset/call_kw HTTP/1.1"
Dec 22 23:35:20 127.0.0.1 haproxy[32673]:
90.84.144.124:18924[22/Dec/2013:23:35:14.276] ocw_ssl~ ocw2/ocw2
1573/0/1/4666/6241 200 13350
- - ---- 0/0/0/0/0 0/0 "POST /web/dataset/search_read HTTP/1.1"
Dec 22 23:36:03 127.0.0.1 haproxy[32673]:
90.84.144.124:13753[22/Dec/2013:23:36:02.803] ocw_ssl~ ocw1/ocw1
405/0/0/19/424 200 1526 - -
---- 1/1/0/0/0 0/0 "POST /web/dataset/call_kw HTTP/1.1"
Dec 22 23:36:11 127.0.0.1 haproxy[32673]:
90.84.144.124:13454[22/Dec/2013:23:36:02.936] ocw_ssl~ ocw1/ocw1
702/0/0/7455/8158 200 13893 -
- ---- 0/0/0/0/0 0/0 "POST /web/dataset/search_read HTTP/1.1"
My setup has nothing special that would prevent keep-alive AFAICT:
global
log 127.0.0.1 local2 info
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 150000
srvtimeout 150000
listen ocw
bind 0.0.0.0:80
redirect scheme https if !{ ssl_fc }
listen ocw_ssl
bind 0.0.0.0:443 ssl crt /etc/haproxy/haproxy-mysite.pem
use_backend ocw1
backend ocw1
server ocw1 192.168.1.1:8069
Is anything ringing a bell to you? Anything I could do for the app to be
more responsive in HTTPS?
Thanks in advance,
--
Jean-Baptiste Quenot
Tel: +33 (0)972 394 293
