A couple of weeks ago I installed haproxy on our server running FreeBSD 11.0-RELEASE-p16. (yes, I know it's an old version of the OS, I'm going to upgrade it as soon as I solve my haproxy problem.)
Haproxy is supposed to load balance between 2 web servers running apache. haproxy ran fine and balanced well for about 2 weeks, and then it stopped sending client connections to the second web server. It still does health checks to both servers just fine, and reports L7OK/200 at every check for both servers. I've tried using both roundrobin and leastconn, with no luck. I've restarted haproxy several times, and rebooted the server it's running on, and it the behavior doesn't change. I'm out of ideas, does anyone have suggestions for fixing this (or improving my config in general)? Here's my config file: <code> # global holds defaults, global variables, etc. global daemon user haproxy group haproxy log /dev/log local0 stats socket /var/run/haproxy/admin.sock user haproxy group haproxy mode 660 level admin # https://www.haproxy.com/blog/multithreading-in-haproxy/ maxconn 2048 # max connections we handle at once nbproc 1 # number of haproxy processes to start nbthread 4 # max threads, 1 per CPU core # cpu map = number of cpu cores cpu-map all 0-3 ssl-default-bind-ciphers "EECDH+ECDSA+AESGCM ECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4" ssl-default-bind-options ssl-min-ver TLSv1.2 defaults timeout connect 30s timeout client 600s timeout server 30s log global mode http stats enable stats uri /haproxy?stats stats realm Statistics stats auth REMOVED stats refresh 10s # frontend holds info about the public face of the site frontend vi-gate2.docbasedirect.com bind XXX.XX.XX.XXX:80 bind XXX.XX.XX.XXX:443 ssl crt "/usr/local/etc/2019-www-prod-SSL.crt" http-request redirect scheme https if !{ ssl_fc } default_backend web_servers option httplog # info about backend servers backend web_servers balance leastconn cookie phpsessid insert indirect nocache option httpchk HEAD / default-server check maxconn 2048 server vi-www3 10.3.3.10:8080 cookie phpsessid inter 120s server vi-www4 10.3.3.11:8080 cookie phpsessid inter 120s email-alert mailers vi-mailer email-alert from REMOVED email-alert to REMOVED mailers vi-mailer mailer localhost 127.0.0.1:25 mailer vi-backup2 10.3.3.100:25 </code> Thanks! -- ericr