Re: haproxy stopped balancing after about 2 weeks
Hello, On Thu, May 09, 2019 at 11:42:54AM -0600, ericr wrote: > A couple of weeks ago I installed haproxy on our server running FreeBSD > 11.0-RELEASE-p16. (yes, I know it's an old version of the OS, I'm going to > upgrade it as soon as I solve my haproxy problem.) Can you tell us what exact version you're running ? Please send the output of "haproxy -vv". > Haproxy is supposed to load balance between 2 web servers running apache. > haproxy ran fine and balanced well for about 2 weeks, and then it stopped > sending client connections to the second web server. But it still works for the first one ? > It still does health checks to both servers just fine, and reports L7OK/200 > at every check for both servers. I've tried using both roundrobin and > leastconn, with no luck. I've restarted haproxy several times, and > rebooted the server it's running on, and it the behavior doesn't change. Did you notice if it's always after the exact same amount of time ? Or maybe after a certain number of requests ? We could have imagined a bug with one LB algo but if it does it regardless of the algo this rules it out. Oh wait a minute : > # info about backend servers > backend web_servers > balance leastconn > cookie phpsessid insert indirect nocache > option httpchk HEAD / > > default-server check maxconn 2048 > > server vi-www3 10.3.3.10:8080 cookie phpsessid inter 120s > server vi-www4 10.3.3.11:8080 cookie phpsessid inter 120s So for both servers you're setting a response cookie "phpsessid=phpsessid" which has the effect that all your visitors will come back with this cookie and that the first server which matches this value will take it, hence the first server. First, I recommend against naming your stickiness cookies "phpsessid" as it makes one think about the application's cookie which it is not. Second, you need to use different cookie values here, for example "cookie w3" and "cookie w4" for your two respective servers. Lat recommendation, I don't know if it's on purpose that you check your servers only once every two minutes, because it's extremely slow and will take a very long time to detect a failure. Unless you're facing a specific limitation, you should significantly shorten this interval to just a few seconds. Regards, Willy
haproxy stopped balancing after about 2 weeks
A couple of weeks ago I installed haproxy on our server running FreeBSD
11.0-RELEASE-p16. (yes, I know it's an old version of the OS, I'm going to
upgrade it as soon as I solve my haproxy problem.)
Haproxy is supposed to load balance between 2 web servers running apache.
haproxy ran fine and balanced well for about 2 weeks, and then it stopped
sending client connections to the second web server.
It still does health checks to both servers just fine, and reports L7OK/200
at every check for both servers. I've tried using both roundrobin and
leastconn, with no luck. I've restarted haproxy several times, and
rebooted the server it's running on, and it the behavior doesn't change.
I'm out of ideas, does anyone have suggestions for fixing this (or
improving my config in general)?
Here's my config file:
# global holds defaults, global variables, etc.
global
daemon
user haproxy
group haproxy
log /dev/log local0
stats socket /var/run/haproxy/admin.sock user haproxy group haproxy
mode 660 level admin
# https://www.haproxy.com/blog/multithreading-in-haproxy/
maxconn 2048 # max connections we handle at once
nbproc 1 # number of haproxy processes to start
nbthread 4 # max threads, 1 per CPU core
# cpu map = number of cpu cores
cpu-map all 0-3
ssl-default-bind-ciphers "EECDH+ECDSA+AESGCM ECDH+aRSA+AESGCM
EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA RC4"
ssl-default-bind-options ssl-min-ver TLSv1.2
defaults
timeout connect 30s
timeout client 600s
timeout server 30s
log global
mode http
stats enable
stats uri /haproxy?stats
stats realm Statistics
stats auth REMOVED
stats refresh 10s
# frontend holds info about the public face of the site
frontend vi-gate2.docbasedirect.com
bind XXX.XX.XX.XXX:80
bind XXX.XX.XX.XXX:443 ssl crt
"/usr/local/etc/2019-www-prod-SSL.crt"
http-request redirect scheme https if !{ ssl_fc }
default_backend web_servers
option httplog
# info about backend servers
backend web_servers
balance leastconn
cookie phpsessid insert indirect nocache
option httpchk HEAD /
default-server check maxconn 2048
server vi-www3 10.3.3.10:8080 cookie phpsessid inter 120s
server vi-www4 10.3.3.11:8080 cookie phpsessid inter 120s
email-alert mailers vi-mailer
email-alert from REMOVED
email-alert to REMOVED
mailers vi-mailer
mailer localhost 127.0.0.1:25
mailer vi-backup2 10.3.3.100:25
Thanks!
-- ericr
