Here's my configuration:

$ haproxy -vv
HA-Proxy version 2.0.7-1ppa1~bionic 2019/09/28 -
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -O2
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement
-fwrapv -Wno-format-truncation -Wno-unused-label -Wno-sign-compare
-Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers
-Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough
-Wno-stringop-overflow -Wtype-limits -Wshift-negative-value
-Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference


Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=4).
Built with OpenSSL version : OpenSSL 1.1.1  11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1  11 Sep 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE2 version : 10.31 2018-02-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with the Prometheus exporter as a service

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE     mux=H2
              h2 : mode=HTTP       side=FE        mux=H2
       <default> : mode=HTX        side=FE|BE     mux=H1
       <default> : mode=TCP|HTTP   side=FE|BE     mux=PASS

Available services :

Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace

$ cat /etc/haproxy/haproxy.cfg
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd
stats timeout 30s
user haproxy
group haproxy

maxconn 16384

nbproc 1
nbthread 4
cpu-map auto:1/1-4 0-3

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# See:
        ssl-default-bind-ciphers ...
        ssl-default-bind-ciphersuites ...
        ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
tune.ssl.default-dh-param 2048

log global
mode http
option  httpchk HEAD /health HTTP/1.1\r\nHost:\\r\nX-Forwarded-Proto:\
option httplog
option dontlognull
option  dontlog-normal
option  forwardfor
option  http-server-close
option  redispatch
        timeout client 10s
timeout client-fin 5s
        timeout http-request 5s
        timeout server 30s
timeout server-fin 10s
        timeout connect 10s
        timeout queue 10s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

listen stats
        bind :8000
        bind-process 1
        mode http
        stats enable
        stats hide-version
        stats realm HAProxy\ Stats
        stats uri /
        stats auth theuser:thepassword

frontend www-frontend
        bind :::80 v4v6
        bind :::443 v4v6 ssl crt /etc/ssl/private/ev-2019.pem
        default_backend www-backend
        compression algo gzip
        compression type text/html text/css text/javascript
application/javascript application/json

backend www-backend
http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] if {
hdr_beg(host) -i www. }
http-request add-header X-Forwarded-Proto https
redirect scheme https if !{ ssl_fc }
        balance roundrobin
        default-server maxconn 256 inter 10s fall 3 rise 2 check
        server web0
server web1
server web2

On Tue, Oct 1, 2019 at 11:02 AM Aleksandar Lazic <> wrote:

> Hi.
> Am 01.10.19 um 10:46 schrieb Marco Colli:
> > Hello!
> >
> > I use HAProxy to load balance HTTP(S) traffic to some web servers. Web
> servers
> > then connect to a database. I have noticed that when we restart the
> database
> > some errors occur (and that is normal during the restart).
> >
> > However the problem is that **a few hundreds connections remain open from
> > HAProxy to the Puma web servers forever**. That slow down HAProxy.
> >
> > When we restart HAProxy then everything works fine again and the number
> of
> > backend connections drops to zero, which is the normal value since we
> use option
> > http-server-close. We have also configured the following timeouts but
> nothing
> > has changed (some connections to backend remain open forever):
> >
> >         timeout client 10s
> > timeout client-fin 5s
> >         timeout http-request 5s
> >         timeout server 30s
> > timeout server-fin 10s
> >         timeout connect 10s
> >         timeout queue 10s
> >
> > HAProxy Version: 2.0
> Please can you post the full haproxy -vv as there are many fixes in the
> laster
> versions.
> Are there any checks in the config?
> Can you share the (minimal) config so that we can see some more
> information's
> about your setup.
> Regards
> Aleks

Reply via email to