Hi, please do not bother ay further about this. I had an iptables rate limit of 25 SYN requests per second configured. Sorry for wasting your time.
Stefan > On 16 Aug 2017, at 20:35, Stefan Sticht <[email protected]> wrote: > > Hi, > > sorry I missed to tell details: haproxy and webservers are running Ubuntu > 16.04.3 LTS > I am testing HA-Proxy version 1.6.3 2015/12/25 and HA-Proxy version > 1.7.8-1ppa1~xenial 2017/07/09 > > I also can test the webserver directly bypassing the haproxy completely > (apache2.4 on webserver has "KeepAlive Off” configured) > $ ab -v 1 -c 10 -n 1000 http://10.27.100.45/test/index.html > <http://10.27.100.45/test/index.html> | grep -e Requests -e Complete -e Failed > Complete requests: 1000 > Failed requests: 0 > Requests per second: 7948.87 [#/sec] (mean) > > Thanks! > Stefan > >> On 16 Aug 2017, at 17:53, Stefan Sticht <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> >> I need help with my haproxy config. I have been asked to disable keepalive >> in haproxy. >> As soon as I use "option forceclose” the requests per second rate mesured >> with apachebench >> goes down form like 1000 requests per second to 25 requests per second. >> >> frontend w-test-kon >> bind *:8000 >> bind *:8001 ssl crt /etc/ssl/private/wildcard.w.pem >> maxconn 4096000 >> default_backend web1 >> >> frontend w-test-koff >> option forceclose >> no option http-keep-alive >> bind *:8002 >> bind *:8003 ssl crt /etc/ssl/private/wildcard.w.pem >> maxconn 4096000 >> default_backend web1 >> >> backend web1 >> mode http >> balance roundrobin >> http-reuse always >> server web1-ip1 192.168.2.11:80 check source 192.168.2.211 >> option httpchk >> maxconn 4096000 >> http-response set-header Strict-Transport-Security >> "max-age=16000000; includeSubDomains; preload;" >> >> Without forceclose: >> >> $ ab -v 1 -k -c 10 -n 1000 https://w:8001/test/index.html >> <https://w:8001/test/index.html> | grep -e Requests -e Complete -e Failed >> Complete requests: 1000 >> Failed requests: 0 >> Requests per second: 1112.29 [#/sec] (mean) >> >> With foreclose: >> >> $ ab -v 1 -k -c 10 -n 1000 https://w:8003/test/index.html >> <https://w:8003/test/index.html> | grep -e Requests -e Complete -e Failed >> Complete requests: 1000 >> Failed requests: 0 >> Requests per second: 25.86 [#/sec] (mean) >> >> Whatever I configure as soon as I disable keepalive I am down to 24-45 >> requests per second. >> >> Anyone an idea what I am doing wrong? >> >> Thanks in advance! >> >> Stefan >> >> >> >> >> >
smime.p7s
Description: S/MIME cryptographic signature
