On Thu, Sep 12, 2019 at 11:45:00AM +0200, Elias Abacioglu wrote: > Alright, thanks Willy and Lukas! > > But I wonder why the build-up of connections is between our haproxy-no-tls > and haproxy-tls and not the "real" backends. The communication between > haproxy-no-tls and haproxy-tls is "mode tcp" and "http-reuse never" and > since it's mode tcp, it shouldn't really use the http-reuse?
Ah indeed, I missed this point. Thus it could be another bug, but it looked so similar to the one I recently addressed that it appeared almost obvious to me it was the same :-/ > Both haproxy-no-tls and haproxy-tls uses our backends. So wouldn't I see > this problem between the haproxy-no-tls and our backends as well if I was > affected? Likely yes, depending on how the connections are closed. > I believe I could use "pool-max-conn 0" between haproxy-no-tls and > haproxy-tls since it's "mode tcp" and I don't want to reuse connections as > it breaks the "option forwardfor", sounds logical? For "mode tcp" there's no pool nor reuse. > I've never actually compiled haproxy before, I just install Vincent Bernats > PPA packages. > I guess I could take his packages and try to build my own deb with the > latest snapshot. > > So a bit off-topic, a pipeline that does nightly builds would make it > easier to test changes and bugfixes. > If anyone on this list have the time and competence, I could provide the > hardware and probably bandwidth (well depending on nr downloads). > (I should probably lift this part of the conversation to a separate thread) We do have nightly snapshots but we don't provide builds anymore. I stopped doing that around 1.5 when deployments started to diverge due to the various libraries found in field with different distros. Now we rely on distros to ship an up-to-date well-known version and we provide sources for those who want to tune anything for their use case. I'm not much interested in having to go back to the extra entropy in bug reports caused by random build combinations, nor having to arbitrate what option should be enabled in the default build even if that forces someone else to install extra packages that they don't need. Regards, Willy
