Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hi Lukas, On 22 Jun 2017 3:02 am, "Lukas Tribus" wrote: Hello, > Daniel, if using ssl to the backends shouldn't you use http mode? > Per your config you are using tcp which is default one. Afaik tcp > is for ssl passthrough. For the record, this is not true. Just because you

Re: LoadBalance whole subnet

On Wed, Jun 21, 2017 at 08:05:20AM +0200, Aleksandar Lazic wrote: > > Hi Aleksandar, > > > Don't worry that's a mistake, Sarunas put cont...@haproxy.com in copy to his > > mail which lead to this. > > > Please don't continue this thread on the mailing list, thanks. > > > Well, I assume I

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hello, > Daniel, if using ssl to the backends shouldn't you use http mode? > Per your config you are using tcp which is default one. Afaik tcp > is for ssl passthrough. For the record, this is not true. Just because you need TCP mode for TLS passthrough, doesn't mean you have to use HTTP mode

Re: Trouble getting rid of Connection Keep-Alive header

Hi Mats, Am 21.06.2017 um 14:30 schrieb Mats Eklund: > > Hi, > > > Thanks, here's the full config: > So for the record, what you are trying to achieve is to disable HTTP keep-alive between haproxy and the browser? In the default section, replace: option http-server-close with: option

Re: haproxy does not capture the complete request header host sometimes

On Wed, Jun 21, 2017 at 05:00:01PM +0200, Christopher Faulet wrote: > I attached a patch to improve the configuration parsing and to update the > documentation. It can be backported in 1.7, 1.6 and 1.5. I finally marked > this patch as a bug fix. Applied, thanks to both of your for killing this

Re: haproxy does not capture the complete request header host sometimes

Le 13/06/2017 à 14:16, Christopher Faulet a écrit : Le 13/06/2017 à 10:31, siclesang a écrit : haproxy balances by host,but often captures a part of request header host or null, and requests balance to default server. how to debug it , Hi, I'll try to help you. Can you share your

Re: Trouble getting rid of Connection Keep-Alive header

Hi Mats, Mats Eklund wrote: > I am running a load balanced Tomcat application on Openshift Online > v2, with HAProxy ver. 1.4.22 as load balancer. With your current config, HAProxy will add a "Connection: close" header to responses. However, since you mentioned you are running this in an

Re: Trouble getting rid of Connection Keep-Alive header

Hi, Thanks, here's the full config: global maxconn 256 stats socket ... defaults modehttp log global option httplog option dontlognull option http-server-close #option forwardfor

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Sorry, replace httpclose with http-server-close On 21 Jun 2017 7:55 pm, "Igor Cicimov" wrote: > Yes saw it but too late. Anyway according to the timers the Tr:26040 means > it took 26 seconds for the server to send the response. Any errors in the > backend logs?

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Yes saw it but too late. Anyway according to the timers the Tr:26040 means it took 26 seconds for the server to send the response. Any errors in the backend logs? client_ip:193.XX.XX.XXX client_port:18935 SSL_version:TLSv1.2 SSL_cypher:DHE-RSA-AES256-GCM-SHA384 -- Tt:26150 Tq:106 Tw:0 Tc:3

Re: 1.7.6 redirect regression (commit 73d071ecc84e0f26ebe1b9576fffc1ed0357ef32)

On Wed, Jun 21, 2017 at 12:30:47PM +0300, Jarno Huuskonen wrote: > Hi Christopher, > > On Wed, Jun 21, Christopher Faulet wrote: > > This bug was fixed in 1.8 (see commit > > 9f724edbd8d1cf595d4177c3612607f395b4380e "BUG/MEDIUM: http: Drop the > > connection establishment when a redirect is

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hi Igor, the config is set to "mode http" (see below) only the log output is set to "tcplog" to be able to get a more detailed log output. Please correct me if I'm wrong but regarding to the config HTTP-mode is (or at least should be) used. defaults log global option tcplog

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

On 21 Jun 2017 6:34 pm, "Daniel Heitepriem" wrote: Nothing special. No errors, no dropped connections just an increased server response time (Tr). An excerpt from low and high traffic times is below: Jun 20 18:05:29 localhost haproxy[13426]: ndc

Re: 1.7.6 redirect regression (commit 73d071ecc84e0f26ebe1b9576fffc1ed0357ef32)

Hi Christopher, On Wed, Jun 21, Christopher Faulet wrote: > This bug was fixed in 1.8 (see commit > 9f724edbd8d1cf595d4177c3612607f395b4380e "BUG/MEDIUM: http: Drop the > connection establishment when a redirect is performed"). I attached > the patch. Could you quickly check if it fixes your bug

Re: 1.7.6 redirect regression (commit 73d071ecc84e0f26ebe1b9576fffc1ed0357ef32)

Le 21/06/2017 à 07:27, Jarno Huuskonen a écrit : Hi, 1.7.6 gives me errors (in log) with redirect rules. Example config that produces 503 errors in logs and curl -v complains: < HTTP/1.1 301 Moved Permanently < Content-length: 0 < Location: https://127.0.0.1:8080/ < * Excess found in a non

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

On 21 Jun 2017 6:11 pm, "Daniel Heitepriem" wrote: Hi Jarno, yes we are decrypting TLS on the frontend (official SSL-certificate) and re-encrypt it before sending it to the backend (company policy so not that easy to change it to an unencrypted connection). The CPU

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hi Jarno, yes we are decrypting TLS on the frontend (official SSL-certificate) and re-encrypt it before sending it to the backend (company policy so not that easy to change it to an unencrypted connection). The CPU usage is not higher than 15-20% even during peak times and the memory usage is

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hi, On Wed, Jun 21, Daniel Heitepriem wrote: > we got a problem recently which we can't explain to ourself. We got > a java application (Tomcat WAR-File) which has to handle several > million of requests per day and several thousand requests per second > during peak times. Due to this high amount

Re: HAProxy makes backend unresponsive when handling multiple thousand connections per second

Sounds like ssl connections are not being reused between haproxy and tomcat. Can you send some netstat monitoring metrics showing tcp handshakes and time or close waits over time? -- Benjamin Lee +61 4 16 BEN LEE > El 21 jun 2017, a las 17:15, Daniel Heitepriem

HAProxy makes backend unresponsive when handling multiple thousand connections per second

Hi everyone, we got a problem recently which we can't explain to ourself. We got a java application (Tomcat WAR-File) which has to handle several million of requests per day and several thousand requests per second during peak times. Due to this high amount we are splitting traffic using an

Re: Trouble getting rid of Connection Keep-Alive header

Hello Mats, Am 21.06.2017 um 07:59 schrieb Mats Eklund: > > > Hi, > > > I am running a load balanced Tomcat application on Openshift Online v2, with > HAProxy ver. 1.4.22 as load balancer. > > > I would like to have HTTP connections closed after each response is returned. > But am unable to

Re: LoadBalance whole subnet

Hi William Lallemand, William Lallemand wrote on 20.06.2017: > On Tue, Jun 20, 2017 at 12:49:32PM +0200, Aleksandar Lazic wrote: >> Hi Anamarija. >> >> ?! >> >> Do you plan to make the mailing list out of support?! >> >> Best Regards >> aleks >> > Hi Aleksandar, > Don't worry that's a

Trouble getting rid of Connection Keep-Alive header

Hi, I am running a load balanced Tomcat application on Openshift Online v2, with HAProxy ver. 1.4.22 as load balancer. I would like to have HTTP connections closed after each response is returned. But am unable to make the response contain the corresponding response headers (i.e.