Hello,
we're trying to set up HAProxy 1.5-dev25 to terminate SSL and load
balance to various back-ends. From our benchmarks it seems we need to
run haproxy with nbproc higher than 1 to scale out SSL handshakes. So we
tested the setup described here:
https://www.mail-archive.com/[email protected]/msg13104.html
and quickly ran into problems with what looks like source-port
exhaustion between ssl-front and clear-front. We then followed the
approach described by Stack Overflow
(http://brokenhaze.com/blog/2014/03/25/how-stack-exchange-gets-the-most-out-of-haproxy/)
and configured multiple `server` and `bind` on local IPs.
That seems to work fine for now, but I have a few questions about this
setup:
* Is the right way to do this in HAProxy?
* Should the ssl-front run in tcp mode or in http mode?
* Where do I configure `timeout client`, in the ssl-front or clear-front?
Here is the current config we're running with (without the backends):
https://gist.github.com/theflow/3593c5fcc0bfe206c8f4
thanks!
Florian
