On Wed, Sep 03, 2025 at 11:30:50AM +0200, Amaury Denoyelle wrote: > On Wed, Sep 03, 2025 at 10:48:40AM +0200, Amaury Denoyelle wrote: > > On Wed, Sep 03, 2025 at 10:44:06AM +0200, Amaury Denoyelle wrote: > > > On Tue, Sep 02, 2025 at 04:18:22PM +0000, Daniel Lenar wrote: > > > > Hello, > > > > I was struggling to get connection reuse working when check_reuse_pool > > > > was enabled. My patch addresses what I had to do to get see TCP > > > > connections being reused with my haproxy configuration below. > > > > I had very simplistic haproxy.cfg. The IPs and hostnames have been > > > > redacted. > > > > global > > > > log stdout format raw local0 > > > > daemon > > > > stats socket /tmp/stats > > > > frontend main > > > > bind *:8080 > > > > mode http > > > > option httplog > > > > option http-keep-alive > > > > log global > > > > use_backend https:example.com > > > > backend https:example.com > > > > mode http > > > > option httpchk GET /ready HTTP/1.1 > > > > http-check send hdr Connection keep-alive hdr Host example.com hdr > > > > User-Agent "Health-Check" > > > > http-reuse always > > > > default-server maxconn 2000 check-reuse-pool inter 3000 > > > > pool-purge-delay 60s check ssl verify none > > > > server servara 10.0.0.1:443 > > > > server serverb 10.0.0.2:443 > > > > server serverc 10.0.0.3:443 > > > > > The tcpcheck_use_nondefault_connect() function was considering SSL as > > > > > a none default connection. If your backed servers were using SSL, > > > > > then you couldn’t reuse connections. In terms of http/https, only > > > > > http backends were eligible for connection reuse. > > > I have just seen your message so I did not conduct many tests. However, > > > one thing that may explain a part of the problem is that you do not have > > > "check-ssl" server keyword. Without it, checks will be performed in > > > clear HTTP, thus it won't be able to reuse any connection from the pool > > > as transport will not match. This explains why you had to change > > > tcpcheck_use_nondefault_connect() to remove check->use_ssl. > > Hum, please ignore this comment, I took the problem from the wrong side. > > If there is any check-* keywords on the server line, we consider that > > reuse should not be performed. Hence you must not specify any check-*, > > except of course check-reuse-pool. > So, regarding check SSL activation, the solution would not be to change > tcpcheck_use_nondefault_connect(), as it's still useful to detect if > "check-ssl" has been set : in this case, reuse must not be performed. > The solution instead is to not set check->use_ssl when it is inherited > implicitely from the server configuration during init_srv_check(). This > should be enough as it seems to allow to perform reuse now in my tests. > Now, there remains the issues of the hash mismatch which I'm looking at > and the draining of the connection for which I'm less comfortable than > Christopher :)
Small update here, I recently merged 2 fixes dedicated to check-reuse-pool. The first one ensures that it can be used with SSL and the other one fixes hash calculation with destination address. With that, I'm able to properly reuse connection for checks as intended and it remains compatible with reverse HTTP. For the record, here are the two patches : * 9410b2ab979306a9cee687ebbae1894ad951ad87 BUG/MINOR: check: fix dst address when reusing a connection * 6d3c3c78719cdd2bd0b271c2ef25b53e47e2d8d2 BUG/MINOR: check: ensure check-reuse is compatible with SSL Now, it seems it only remains the issue of the draining of checks connection, but as I already mentionned this is probably a trickier problem. -- Amaury Denoyelle
