Baptiste <bedis9@...> writes: > > Hi Steve, > > Can you send us your configuration (anonymised if required). > We also need your sysctls (at least the one you've modified). > > Baptiste > > On Fri, Oct 11, 2013 at 4:43 AM, steve <blogad69@...> wrote: > > I have been working on trouble shooting Haproxy 1.5 dev 19 with SSL for the > > last day or so on Cent OS 6.4 64bit. > > > > Lastest OpenSSL compiled 1.0.1e, recompiled haproxy with this make -s > > TARGET=linux2628 USE_EPOLL=1 USE_OPENSSL=1 ARCH=x86_64 clean all > > > > SSL cert wild card, plus godaddy intermediate and our key. > > > > Our current set of issues we are seeing: > > *Massive amounts of connection refused when running the test with ssl > > *Very High usage of CPU on this 8 core 32 gig box with 100 gig ssd and 1gb > > nic > > *Maybe 1/4 the amount of traffic we can push though, compaired to a non ssl > > test > > > > We are using Jmeter to load test and blazemeter to do up to 40k jmeter > > threads for a full hour. > > > > Here is a list of the errors that are spit back after the test is done > > Response codes > > > > response codecountresponse message > > 400 29 Bad request > > > > Non HTTP response code: javax.net.ssl.SSLPeerUnverifiedException > > 86069 Non HTTP response message: peer not authenticated > > > > Non HTTP response code: org.apache.http.conn.HttpHostConnectException 27229 > > Non HTTP response message: Connection to https://xxxx.com:2222 refused > > > > Non HTTP response code: java.net.SocketException > > 88 Non HTTP response message: Connection reset > > > > 4122 Precondition Failed > > Non HTTP response code: org.apache.http.NoHttpResponseException270Non HTTP > > response message: The target server failed to respond > > > > So this is what we are facing and we are not haproxy experts and think we > > have taken it to the best of what we understand about haproxy config and > > settings. > > > > special note: we do not have a web site on the backend, its user server for > > an upcoming game we are working on so the stack is quite simple from haproxy > > -> node.js --> db and back. > > > > Json data is posted to the user server and returned. > > > > > > > > word of warning we are not haproxy experts so we are not 100% sure if in our config we have a proper settig to handle 40k requests a second.. so bare with us..
---------------- global log /dev/log local0 #notice maxconn 31500 #tune.bufsize 128000 user netcom group netcom pidfile /home/netcom/haproxy.pid daemon #nbproc 7 #debug #quiet defaults log global #mode http mode tcp ### Options ### #option httplog option tcplog #option logasap option dontlog-normal #option dontlognull option redispatch #option httpchk GET /?method=echo HTTP/1.1 option tcp-smart-accept option tcp-smart-connect #option http-server-close #option httpclose #option forceclose ### load balance strategy ### #balance leastconn balance roundrobin ### Other ### retries 5 maxconn 31500 backlog 100000 ### Timeouts ### #timeout client 25s timeout client 60s #timeout connect 5s timeout connect 60s #timeout server 25s timeout server 60s timeout tunnel 3600s timeout http-keep-alive 1s #timeout http-request 15s timeout http-request 60s #timeout queue 30s timeout queue 30s timeout tarpit 60s listen stats *:1212 mode http stats enable stats show-node stats show-desc AquaProxy stats realm AquaProxy\ Statistics stats auth xxx:xxx stats refresh 5s stats uri / ###### HTTP ###### frontend http-in bind *:1111 acl user_request url_reg method=user.register use_backend user_group_http if user_request default_backend other_group_http backend user_group_http stick-table type ip size 200k expire 30m stick on src server n2 x.195:1111 maxconn 3500 check port 8097 inter 2000 server n10 x.197:1111 maxconn 3500 check port 8097 inter 2000 server n13 x.199:1111 maxconn 3500 check port 8097 inter 2000 server n15 x.201:1111 maxconn 3500 check port 8097 inter 2000 server n21 x.202:1111 maxconn 3500 check port 8097 inter 2000 backend other_group_http stick-table type ip size 200k expire 30m stick on src server n3 x.196:1111 maxconn 3500 check port 8097 inter 2000 server n11 x.198:1111 maxconn 3500 check port 8097 inter 2000 server n14 x.200:1111 maxconn 3500 check port 8097 inter 2000 server n22 x.203:1111 maxconn 3500 check port 8097 inter 2000 ###### HTTPS ###### frontend https-in bind *:2222 acl user_request url_reg method=user.register use_backend user_group_https if user_request default_backend other_group_https backend user_group_https stick-table type ip size 200k expire 30m stick on src server n2 x.195:2222 maxconn 3500 check port 8097 inter 2000 server n10 x.197:2222 maxconn 3500 check port 8097 inter 2000 server n13 x.199:2222 maxconn 3500 check port 8097 inter 2000 server n15 x.201:2222 maxconn 3500 check port 8097 inter 2000 server n21 x.202:2222 maxconn 3500 check port 8097 inter 2000 backend other_group_https stick-table type ip size 200k expire 30m stick on src server n3 x.196:2222 maxconn 3500 check port 8097 inter 2000 server n11 x.198:2222 maxconn 3500 check port 8097 inter 2000 server n14 x.200:2222 maxconn 3500 check port 8097 inter 2000 server n22 x.203:2222 maxconn 3500 check port 8097 inter 2000