Hello! This might be a bit off-topic (but just a little bit), as my question is related to the performance of stunnel when used with haproxy.
First of all: Is haproxy + stunnel the most common technique for terminating ssl with haproxy? Is there a solution that's more common or even uncommon but performing better on a 99% ssl traffic loadbalancer? We are currently terminating ssl via stunnel (4.27, ulimit -n 50000), handing the decrypted traffic over to haproxy 1.3.23 via 127.0.0.1. Haproxy is proxying the request to 2 other systems. The loadbalancer is an Intel XeonDual Core E3110 with 4 GB RAM, so plenty of ressources for a system doing nothing else besides ssl termination / load balancing. We are experiencing a limit of about 100 requests per second on the ssl path. Unencrypted direct connections to haproxy perform much better, of course, so I'm pretty sure haproxy is not a bottleneck. Basically I'm interessted in getting feedback on how other people implement ssl termination on a haproxy system and if you're reaching a request rate higher than 100 req/s? This is why I didn't supply any configuration settings in this mail. The stunnel config is very basic. We played around with the timeout values and ulimit values a bit, without any noticeable performance boost while the system was loaded. The system load "idles" at around 0.11 most of the time. Thanks in advance. Best, Michael
