Re: Help with Chrome preconnects

2012-07-12 Thread Vikram Nayak
Sorry for the confusing config that I gave. I actually meant == listen https 0.0.0.0:44 3 mode tcp balance roundrobin acl clienthello req_ssl_hello_type 1 # use tcp content accepts to detects ssl client and server hello. tcp-request ins

Re: Help with Chrome preconnects

2012-07-12 Thread Vikram Nayak
Thanks for all the replies Willy, Baptiste and Lukas. Unfortunately we could not get the "tcp content" trick to work. Our guess is Chrome preconnect actually does a SSL handshake and so HAProxy does not have a choice and has to engage a Apache worker. We used the following == listen https 0.0.0.0

Re: Help with Chrome preconnects

2012-07-11 Thread Willy Tarreau
On Wed, Jul 11, 2012 at 07:03:52AM +0200, Baptiste wrote: > Hey, > > Depends at which phase of the health check Chrome maintains the > connection opened, you can give a try to HAProxy's content inspection: >listen https > mode tcp > balance roundrobin > acl clienthello

RE: Help with Chrome preconnects

2012-07-11 Thread Lukas Tribus
I would suggest terminating SSL on the haproxy box (with stud in front of it), thus switching haproxy from tcp to http mode. That way, longrunning keepalive-enabled HTTPS sessions terminate there and apache only sees real non-SSL request without blocking any threads. If you would like to avoid

Re: Help with Chrome preconnects

2012-07-10 Thread Baptiste
Hey, Depends at which phase of the health check Chrome maintains the connection opened, you can give a try to HAProxy's content inspection: listen https mode tcp balance roundrobin acl clienthello req_ssl_hello_type 1 # use tcp content accepts to detects ssl cli