Hi Sergei,
> Full configuration is in attachment. Briefly, we have 1 haproxy, and 2 > backend (nginx), tests were running against static file (1kb, and 5kb). > Haproxy listen on 443 in tcp mode (“listen tcp mode”), then listen > figure out what frontend to use (“use-server <frontend> if <condition>), > and send data with “send-proxy/accept-proxy” to frontend, which in turn > sends it to backend. Haproxy is running in multiple process mode (nbproc > 14, 1-10 - for SSL termination (listen), 11-14 - for HTTP (front ends + > backend). I’ve tried to simplify configuration via using “use_backend” > in “listen” section, but didn’t notice any difference. > > The problem I see that total number of connections (stot metric) stops > at 200k with HTTPS, but goes over 400k-500k with plain HTTP. Each haproxy > process stops at 20k (we’re running 10 processes). Graph attached. I ran > few different tests and every time 200k seems to be the limit. Just a few suggestion to narrow it down: What about if you run with 5 processes instead of 10? Ar you still maxing out at 200k session (which would increase the per process sessions to 40k) or are you maxing out at 100k (maintaing max 20k per process)? How are your benchmarking this, are you sure the limit is not on the client (benchmark) site? Can you provide the output of "haproxy -vv"? I would suggest to bump both maxconn settings to a larger value for this benchmark (maxconn also affects ulimit). HAProxy 1.5.9 contains some improvements in the ssl code for low memory conditions, however, I'm not confident that this will improve your situation. In any case, if you want to give it a try, you can install latest stable binary via apt-get from here [1], if you don't want to build from source. Regards, Lukas [1] http://haproxy.debian.net/
