What's in the haproxy log at this time? > > I was only logging errors at the time, and nothing showed up.
Could this message hide dome overload state? > I doubt it... the load on these systems is fairly low. What's your settings for the following parameters? > https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#maxconn > https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#maxconnrate > https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#maxsessrate > https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#maxsslconn > https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#maxsslrate > > See the conf I pasted underneath. The only one on it is maxconn. What are the default values for the other ones? Timeout* > > It's called Circuit Breaker pattern. > https://martinfowler.com/bliki/CircuitBreaker.html > I'll send this to the devs to take a look at, thank you. > In general can you share your minimal config? > Here you have a streamlined version: global maxconn 50000 ulimit-n 175000 nbproc 1 log /var/lib/haproxy/dev/log local0 err stats socket /var/run/haproxy.sock mode 0666 level admin tune.maxrewrite 4096 tune.bufsize 65536 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ssl-default-bind-options no-sslv3 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ssl-default-server-options no-sslv3 no-tls-tickets spread-checks 4 daemon defaults mode http balance roundrobin option tcpka option forwardfor option redispatch option contstats cookie SERVERID insert indirect retries 10 maxconn 50000 timeout http-request 300s timeout client 1200s timeout server 1200s timeout connect 100s timeout tarpit 200s timeout http-keep-alive 300s timeout check 5s errorfile 408 /dev/null errorfile 403 /etc/haproxy/errors/403error.http errorfile 503 /etc/haproxy/errors/maintenance.http frontend https bind 10.10.10.254:443 ssl crt /etc/ssl/private/star.domain.chain+dh.pem crt /etc/ssl/private/other.pem crt /etc/ssl/private/otherother.pem log global option forwardfor use_backend backend_api_https if { hdr(host) api.domain } use_backend backend_app_https if { hdr(host) app.domain } backend backend_api_https mode http redirect scheme https if !{ ssl_fc } option httpchk HEAD /status.html HTTP/1.0\r\nHost:\ api.domain\r\nUser-Agent:\ haproxy server api01 10.10.10.1:443 cookie api01-https ssl verify none check inter 7000 fall 5 weight 20 server api02 10.10.10.2:443 cookie api02-https ssl verify none check inter 7000 fall 5 weight 20 server api03 10.10.10.3:443 cookie api03-https ssl verify none check inter 7000 fall 5 weight 20 server api04 10.10.10.4:443 cookie api04-https ssl verify none check inter 7000 fall 5 weight 20 backend backend_app_https mode http redirect scheme https if !{ ssl_fc } option httpchk HEAD /status.html HTTP/1.0\r\nHost:\ app.domain\r\nUser-Agent:\ haproxy server app01 10.10.10.11:443 cookie app01-https ssl verify none check inter 7000 fall 5 weight 20 server app02 10.10.10.12:443 cookie app02-https ssl verify none check inter 7000 fall 5 weight 20 @haproxy.com: It would be nice to have a blog post which talks about the > excellent options for Circuit Breaker in haproxy like the timeouts, queues > and > the other options. > It most definitely would.
