Baptiste <bedis9@...> writes:
>
> Hi Steve,
>
> Can you send us your configuration (anonymised if required).
> We also need your sysctls (at least the one you've modified).
>
> Baptiste
>
> On Fri, Oct 11, 2013 at 4:43 AM, steve <blogad69@...> wrote:
> > I have been working on trouble shooting Haproxy 1.5 dev 19 with SSL for
the
> > last day or so on Cent OS 6.4 64bit.
> >
> > Lastest OpenSSL compiled 1.0.1e, recompiled haproxy with this make -s
> > TARGET=linux2628 USE_EPOLL=1 USE_OPENSSL=1 ARCH=x86_64 clean all
> >
> > SSL cert wild card, plus godaddy intermediate and our key.
> >
> > Our current set of issues we are seeing:
> > *Massive amounts of connection refused when running the test with ssl
> > *Very High usage of CPU on this 8 core 32 gig box with 100 gig ssd and
1gb
> > nic
> > *Maybe 1/4 the amount of traffic we can push though, compaired to a non
ssl
> > test
> >
> > We are using Jmeter to load test and blazemeter to do up to 40k jmeter
> > threads for a full hour.
> >
> > Here is a list of the errors that are spit back after the test is done
> > Response codes
> >
> > response codecountresponse message
> > 400 29 Bad request
> >
> > Non HTTP response code: javax.net.ssl.SSLPeerUnverifiedException
> > 86069 Non HTTP response message: peer not authenticated
> >
> > Non HTTP response code: org.apache.http.conn.HttpHostConnectException
27229
> > Non HTTP response message: Connection to https://xxxx.com:2222 refused
> >
> > Non HTTP response code: java.net.SocketException
> > 88 Non HTTP response message: Connection reset
> >
> > 4122 Precondition Failed
> > Non HTTP response code: org.apache.http.NoHttpResponseException270Non
HTTP
> > response message: The target server failed to respond
> >
> > So this is what we are facing and we are not haproxy experts and think
we
> > have taken it to the best of what we understand about haproxy config and
> > settings.
> >
> > special note: we do not have a web site on the backend, its user server
for
> > an upcoming game we are working on so the stack is quite simple from
haproxy
> > -> node.js --> db and back.
> >
> > Json data is posted to the user server and returned.
> >
> >
> >
>
>
word of warning we are not haproxy experts so we are not 100% sure if in our
config we have a proper settig to handle 40k requests a second.. so bare
with us..
----------------
global
log /dev/log local0 #notice
maxconn 31500
#tune.bufsize 128000
user netcom
group netcom
pidfile /home/netcom/haproxy.pid
daemon
#nbproc 7
#debug
#quiet
defaults
log global
#mode http
mode tcp
### Options ###
#option httplog
option tcplog
#option logasap
option dontlog-normal
#option dontlognull
option redispatch
#option httpchk GET /?method=echo HTTP/1.1
option tcp-smart-accept
option tcp-smart-connect
#option http-server-close
#option httpclose
#option forceclose
### load balance strategy ###
#balance leastconn
balance roundrobin
### Other ###
retries 5
maxconn 31500
backlog 100000
### Timeouts ###
#timeout client 25s
timeout client 60s
#timeout connect 5s
timeout connect 60s
#timeout server 25s
timeout server 60s
timeout tunnel 3600s
timeout http-keep-alive 1s
#timeout http-request 15s
timeout http-request 60s
#timeout queue 30s
timeout queue 30s
timeout tarpit 60s
listen stats *:1212
mode http
stats enable
stats show-node
stats show-desc AquaProxy
stats realm AquaProxy\ Statistics
stats auth xxx:xxx
stats refresh 5s
stats uri /
###### HTTP ######
frontend http-in
bind *:1111
acl user_request url_reg method=user.register
use_backend user_group_http if user_request
default_backend other_group_http
backend user_group_http
stick-table type ip size 200k expire 30m
stick on src
server n2 x.195:1111 maxconn 3500 check port 8097 inter 2000
server n10 x.197:1111 maxconn 3500 check port 8097 inter 2000
server n13 x.199:1111 maxconn 3500 check port 8097 inter 2000
server n15 x.201:1111 maxconn 3500 check port 8097 inter 2000
server n21 x.202:1111 maxconn 3500 check port 8097 inter 2000
backend other_group_http
stick-table type ip size 200k expire 30m
stick on src
server n3 x.196:1111 maxconn 3500 check port 8097 inter 2000
server n11 x.198:1111 maxconn 3500 check port 8097 inter 2000
server n14 x.200:1111 maxconn 3500 check port 8097 inter 2000
server n22 x.203:1111 maxconn 3500 check port 8097 inter 2000
###### HTTPS ######
frontend https-in
bind *:2222
acl user_request url_reg method=user.register
use_backend user_group_https if user_request
default_backend other_group_https
backend user_group_https
stick-table type ip size 200k expire 30m
stick on src
server n2 x.195:2222 maxconn 3500 check port 8097 inter 2000
server n10 x.197:2222 maxconn 3500 check port 8097 inter 2000
server n13 x.199:2222 maxconn 3500 check port 8097 inter 2000
server n15 x.201:2222 maxconn 3500 check port 8097 inter 2000
server n21 x.202:2222 maxconn 3500 check port 8097 inter 2000
backend other_group_https
stick-table type ip size 200k expire 30m
stick on src
server n3 x.196:2222 maxconn 3500 check port 8097 inter 2000
server n11 x.198:2222 maxconn 3500 check port 8097 inter
2000
server n14 x.200:2222 maxconn 3500 check port 8097 inter
2000
server n22 x.203:2222 maxconn 3500 check port 8097 inter
2000
