Hi Amol, On Tue, Feb 15, 2011 at 08:49:49AM -0800, Amol wrote: > I was benchmarking my stunnel --> haproxy --> apache webserver configuration > from a ubuntu server and when i run this test i keep getting the SSL read > failed - closing connection error > here is the snippet > > $ ab -n 10000 -c 10 https://xxx.xxx.com/xxx/xxx.php > This is ApacheBench, Version 2.3 <$Revision: 655654 $> > Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ > Licensed to The Apache Software Foundation, http://www.apache.org/ > > Benchmarking (be patient) > Completed 1000 requests > Completed 2000 requests > Completed 3000 requests > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read > failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > Completed 4000 requests > Completed 5000 requests > Completed 6000 requests > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > SSL read failed - closing connection > Completed 7000 > requests > Completed 8000 requests > Completed 9000 requests > Completed 10000 requests > Finished 10000 requests > > > $ more /proc/sys/net/netfilter/nf_conntrack_max > 131072 > > > > my haproxy config is > > listen swebcluster y.x.51.11:8000 > mode tcp > balance roundrobin > server l1-app y.x.43.197:80 check > server l2-app y.x.51.190:80 check > ~ > does this have anyconfiguration missing which leads to those errors? > how would adding a maxconn 1 improve this setup? > and does this setup keep the https traffic encrypted from haproxy to apache > and vice-versa?
>From what I understand of your setup, stunnel deciphers the SSL itself, so between stunnel, haproxy and apache, you'll only see http, not https. In my opinion what you're observing is totally unrelated to your config above. Check your stunnel's config, maybe you used too low timeouts, or you're limited to too low concurrent connections (derived from ulimit -n by default). Willy
