Pavlo Zhuk pavlo@... writes:
Hi,
I am searching for help with understanding of qtime KPI nature for
haproxy, and possible optimization of my installation in this perspective.
We are using haproxy 1.5.14 in TCP mode as a L4 load-balancer for HTTPS
endpoints for multiple domain hostnames. We are also using SNI inspection in
order to select proper backend for the request.
And I've noticed that backend qtime stat vaue is pretty high (200-300ms),
which disturbs me a lot. qcur
(current queue lengh) is zero at the same time. Are we basically slowing
down all our requests by 200ms-300ms at haproxy
side? (not sure if I understood this value of qtime properly) Is it
related with SNI inspection? If yes - I
am definitely searching the way to optimize it.
All the installation - haproxy frontend as well as HTTPS backends are
living in AWS Cloud at the moment, and instance sizes are pretty big (c3,
c4), so we don't see any resource limitation.
Example of the config below. Any feedback appreciated.
==global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4
ulimit-n10
userhaproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
modehttp
log global
option httplog
option dontlognull
option http-server-close
retries 3
timeout http-request1s
timeout queue 1m
timeout connect 3s
timeout client 1m
timeout server 30s
timeout http-keep-alive 2s
timeout check 3s
maxconn 4
frontend https-in *:443
mode tcp
option tcplog
option socket-stats
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend foo-ssl if { req_ssl_sni -m beg foo }
use_backend bar-ssl if { req_ssl_sni -m beg bar }
backend foo-ssl *:443
balance leastconn
mode tcp
option ssl-hello-chk
server foo1 x.x.x.x:443 maxconn 1 check
server foo2 x.x.x.x:443 maxconn 1 check
backend bar-ssl *:443
balance leastconn
mode tcp
option ssl-hello-chk
server bar1 x.x.x.x:443 maxconn 1 check
server bar2 x.x.x.x:443 maxconn 1 check==--
BR,
Pavlo Zhuk+38093 241
hi friend!
Give you my config of haproxy.cfg zabbix
#cat /etc/zabbix/zabbix_agentd.d/haproxy.cfg
UserParameter=haproxy.discovery,/usr/local/check_openstack/zhaproxy.py -d
UserParameter=haproxy.allstatus,/usr/local/check_openstack/zhaproxy.py -c
UserParameter=haproxy.parameter[*],/usr/local/check_openstack/zhaproxy.py -p
$1 -s $2 -v $3
UserParameter=haproxy.mysql_galera_cluster,/usr/local/check_openstack/zhaproxy.py
-p mysql_galera_cluster -s FRONTEND -v status
(just ideas, not suggestions, not competent advice) serve up
from www.ledlightmake.com jimmy