Re: What did option maxconn mean in keyword server? will it cause 503 status?
Hi, Lukas Many thanks , you are awesome. It's my fault that did not read the documentation carefully. I enlarged the "timeout queue". No 503 page returned, but the total sessions in frontend accumulated quickly, which means most of the requests are queued by haproxy. I will try to add more servers to run backend server. 谢谢 金杰 (Jie Jin) On Tue, Jul 1, 2014 at 9:50 PM, Lukas Tribus wrote: > Hi, > > > > > > I add an option maxconn after keyword server. When haproxy face > > high volume of requests (about 2 concurrent requests), it return > > many 503 page > > Of course it will. > > You would like to serve 2 concurrent requests, but your 6 servers > only support 180 concurrent connections each. Do the math: > > 6 x 180 = 1080 concurrent request can be served in your configuration, > of course you will see a lot of 503 errors. > > > > > why did haproxy send 503 page? > > Because all backend servers are busy serving 180 concurrent requests, > as per your configuration. You have instructed HAProxy not the send > more than 180 request per server, and that is exactly what HAProxy > is doing (queueing the request until timeout queue [2] expires and > then sending 503 errors). > > > > > I also did not understand the meaning of optioin maxconn. If I remove > > this option, haproxy will return only very few 503 page. > > Please read the documentation about maxconn fully [1] then. > > > > > Do option maxconn in above configration mean: if concurrent requests > > come from frontend is bigger than 180, haproxy will reject these > > requests and return 503? > > It means: each server can handle up to 180 concurrent requests and HAproxy > will not send more request to the server, but either use a different server > (if there are), or queue it until "timeout queue" [2] expires, or > "contimeout" as it is in your case (3 seconds). > > > > > If yes, can I configure the size of the queue? > > 180 *is* your per server queue size, and its exactly the limitation > you are hitting. > > > > > Additional info > > [jj@p2p3 tmp]$ echo "show errors" | sudo socat stdio /tmp/haproxysock > > Total events captured on [01/Jul/2014:18:49:29.713] : 0 > > You gonna need to configure the stats socket properly, "show errors" > requires operator or admin privileges on the socket [2] ("level admin"). > > > > > > Regards, > > Lukas > > > > [1] > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#maxconn%20%28Server%20and%20default-server%20options%29 > [2] > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#timeout%20queue > [3] > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2-show%20errors >
dns resoluton and caching
We are using haproxy to route traffic to several AWS services that are behind an ELB and noticed the following behavior: - haproxy resolves the ELB address at startup and routes traffic just fine (not sure if haproxy uses the first IP or all resolved IPs and round-robins between them, though) - however, Amazon uses short TTL for ELB DNS entries, 60s or so. If the ELB is modified, due to load, or internal reconfiguration, Amazon can modify the ELB DNS mapping - once the IP(s) mapped to the ELB are completely replaced, relative to the initially resolved ones at startup, haproxy fails to route traffic and returns status 503 Is there a way to configure haproxy to respect DNS TTL when resolving dns names? If not, is there something you can recommend that would allow us to deal with this problem? Our current plan is to stop using DNS for the ELB and instead to use its ip addresses. We'll then periodically do DNS resolutions and once we detect a change, we'll rewrite the configuration and have haproxy reload it. Thanks for you help and for this great product! -aydan
Re: Issue with ssl_c_sha1
Willy, Thanks for you help. Your suggestion worked! What tripped me was the lack of an example involving ssl_c_sha1 in the documentation. The easiest way to improve would be to the line you sent me to the list of other SSL examples. Thanks, ‹aydan On 5/28/14, 5:47 PM, "Willy Tarreau" wrote: >Hi, > >On Wed, May 28, 2014 at 08:47:11PM +, Yumerefendi, Aydan wrote: >> Hi, >> >> I am trying to extract the sha1 hash of the client certificate and to >>pass it >> to the backend server. My configuration has this line: >> >> http-request set-header X-SSL-Client-SHA1 %{+Q}[ssl_c_sha1] >> >> However, this does not seem to produce a string of the form "aabbcc..." >>as >> the examples I've seen on the web. Instead, it appears to write the raw >>sha1 >> hash bytes. The downstream server, node.js, appears to treat these >>value as >> utf8 strings. > >Indeed, the doc says it's binary, so if you want it in hex, you just need >to >chain the hex converter : > > http-request set-header X-SSL-Client-SHA1 >%{+Q}[ssl_c_sha1,hex] > >The binary form is more suited to stick tables for example as it takes >half >of the space. > >Do you think we could improve the doc one way or another to make this >easier >to find ? Maybe with more examples ? Do not hesitate to suggest >adaptations >or even patches! > >Regards, >Willy >
Need help with haproxy config
Below is my haproxy config, I have 1 server and 1 backend for testing This is a Wt wthttpd app, with no Apache loaded, Problem I have is that the path to the app seems to change when running from port 80 or haproxy, meaning I lost all my style sheets and resources, not sure what the path is at this point. if I pull the site up with the port address mad-news.net:8060/ww/en/, the path is fine, Also it crashes after running a while, I have monit loaded, so eventually (minute or two) it will restart, not sure how to troubleshoot that failure, the app runs for weeks with no problems by itself. Current url is mad-news.net/ww/en. Also, does haproxy stats require Apache or web server to run? Thanks for any help. # global log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 user haproxy group haproxy daemon defaults log global modehttp option httplog option dontlognull retries 3 option redispatch maxconn1000 #contimeout 5000 # haproxy 1.4 timeout connect 5000 #clitimeout 5 # haproxy 1.4 timeout client 5 #srvtimeout 5 # haproxy 1.4 timeout server 5 #option httpclose #option http-server-close # HTTP keepalive without killing Apache #option http-pretend-keepalive #option forwardfor #option originalto frontend wt bind 216.224.185.71:80 # bind 108.59.251.28:80 # bind 0.0.0.0:80 # option http-server-close # HTTP keepalive without killing Apache # acl has_ww_uri path_beg -i /ww reqirep ^([^\ :]*)\ /(.*) \1\ /ww/\2 if !has_ww_uri # redirect prefix http://mad-news.net code 301if { hdr(host) -i www.mad-news.net } redirect prefix http://wittywizard.org code 301 if { hdr(host) -i www.wittywizard.org } redirect prefix http://lightwizzard.com code 301if { hdr(host) -i www.lightwizzard.com } redirect prefix http://vetshelpcenter.com code 301 if { hdr(host) -i www.vetshelpcenter.com } # Note: see wthttpd.sh session-id-prefix acl srv1 url_sub wtd=wt-8060 acl srv1_up nbsrv(bck1) gt 0 use_backend bck1 if srv1_up srv1 default_backend bck_lb backend bck_lb balance roundrobin server srv1 216.224.185.71:8060 track bck1/srv1 # server srv2 108.59.251.28:8061 track bck2/srv2 backend bck1 balance roundrobin server srv1 216.224.185.71:8060 check #server srv2 108.59.251.28:8060 check
Re: Using the socket interface to access ACLs
Hi Baptiste I tried: > > # haproxyctl del acl myacl > This command expects two parameters: ACL identifier and key. then i tried this # haproxyctl del acl myacl 0 > Unknown map identifier. Please use # or . as well as the inverse ('0 myacl') I do see the acl listed though: # haproxyctl show acl > # id (file) description > 0 (/root/myacl) pattern loaded from file '/root/myacl' used by acl at file > '/etc/haproxy/haproxy.cfg' line 19 > 1 () acl 'hdr' file '/etc/haproxy/haproxy.cfg' line 19 > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 Also a redirect stmt that uses the aforementioned threw an error when I defined it like you suggested: [ALERT] 180/204636 (5765) : parsing [/etc/haproxy/haproxy.cfg:31] : error > detected in frontend 'x' while parsing redirect rule : error in condition: > no such ACL : 'redir_true'. -William On Tue, Jul 1, 2014 at 2:42 PM, Baptiste wrote: > On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez > wrote: > > Hi Baptiste, thank you for the response. I'm afraid I still don't follow. > > Say I have the an ACL that I want to toggle from its current state (as > > defined in the flat file) to 'always_false'. I can see it exists from the > > output of the 'show acl' command: > > > >> # id (file) description > >> 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > > > > So to modify it I assume I would run something using 'add acl'. I thought > > you mentioned it needs to be defined in a file so I tried: > >> > >> # haproxyctl add acl myacl > >> 'add acl' expects two parameters: ACL identifier and pattern. > > > > > > where 'myacl' is a file containing: > > > >> acl redir_true always_true > > > > > > Hope that helps clarify the situation. What am I doing wrong? > > > > Thanks in advance, > > William > > > > > > On Tue, Jul 1, 2014 at 2:00 PM, Baptiste wrote: > >> > >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez > >> wrote: > >> > Hello > >> > I am trying to modify ACLs via the socket interface. When I try to do > >> > something like 'get acl', I get an error: > >> > > >> > Missing ACL identifier and/or key. > >> > > >> > How do I find the ACL identifier or key for a specific ACL? I see the > >> > list > >> > of ACLs when i do a 'show acl', but unsure which of these values is > the > >> > file > >> > or key: > >> > > >> > # id (file) description > >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 > >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 > >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 > >> > > >> > Thanks > >> > >> Hi William, > >> > >> In order to be able to update ACL content, they must load their > >> content from a file. > >> The file name will be considered as a 'reference' you can point to > >> when updating content. > >> Don't forget to update simultaneously the content from an ACL and from > >> the flat file to make HAProxy reload reliable :) > >> > >> Baptiste > > > > > > > > > > -- > > William Jimenez > > Systems Engineer, Operations > > ItsOn, Inc. > > 650-241-8470 {us/pacific} > > > Hi William, > > In your configuration, you should load your acl like this: > acl myacl hdr(Host) -f /path/to/myhosthdr.acl > > then your file acl reference will be myhosthdr.acl. > > Baptiste > -- William Jimenez Systems Engineer, Operations ItsOn, Inc. 650-241-8470 {us/pacific}
Re: Using the socket interface to access ACLs
On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez wrote: > Hi Baptiste, thank you for the response. I'm afraid I still don't follow. > Say I have the an ACL that I want to toggle from its current state (as > defined in the flat file) to 'always_false'. I can see it exists from the > output of the 'show acl' command: > >> # id (file) description >> 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > > So to modify it I assume I would run something using 'add acl'. I thought > you mentioned it needs to be defined in a file so I tried: >> >> # haproxyctl add acl myacl >> 'add acl' expects two parameters: ACL identifier and pattern. > > > where 'myacl' is a file containing: > >> acl redir_true always_true > > > Hope that helps clarify the situation. What am I doing wrong? > > Thanks in advance, > William > > > On Tue, Jul 1, 2014 at 2:00 PM, Baptiste wrote: >> >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez >> wrote: >> > Hello >> > I am trying to modify ACLs via the socket interface. When I try to do >> > something like 'get acl', I get an error: >> > >> > Missing ACL identifier and/or key. >> > >> > How do I find the ACL identifier or key for a specific ACL? I see the >> > list >> > of ACLs when i do a 'show acl', but unsure which of these values is the >> > file >> > or key: >> > >> > # id (file) description >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 >> > >> > Thanks >> >> Hi William, >> >> In order to be able to update ACL content, they must load their >> content from a file. >> The file name will be considered as a 'reference' you can point to >> when updating content. >> Don't forget to update simultaneously the content from an ACL and from >> the flat file to make HAProxy reload reliable :) >> >> Baptiste > > > > > -- > William Jimenez > Systems Engineer, Operations > ItsOn, Inc. > 650-241-8470 {us/pacific} Hi William, In your configuration, you should load your acl like this: acl myacl hdr(Host) -f /path/to/myhosthdr.acl then your file acl reference will be myhosthdr.acl. Baptiste
Re: Using the socket interface to access ACLs
Hi Baptiste, thank you for the response. I'm afraid I still don't follow. Say I have the an ACL that I want to toggle from its current state (as defined in the flat file) to 'always_false'. I can see it exists from the output of the 'show acl' command: # id (file) description > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 So to modify it I assume I would run something using 'add acl'. I thought you mentioned it needs to be defined in a file so I tried: > # haproxyctl add acl myacl > 'add acl' expects two parameters: ACL identifier and pattern. where 'myacl' is a file containing: acl redir_true always_true Hope that helps clarify the situation. What am I doing wrong? Thanks in advance, William On Tue, Jul 1, 2014 at 2:00 PM, Baptiste wrote: > On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez > wrote: > > Hello > > I am trying to modify ACLs via the socket interface. When I try to do > > something like 'get acl', I get an error: > > > > Missing ACL identifier and/or key. > > > > How do I find the ACL identifier or key for a specific ACL? I see the > list > > of ACLs when i do a 'show acl', but unsure which of these values is the > file > > or key: > > > > # id (file) description > > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 > > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 > > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 > > > > Thanks > > Hi William, > > In order to be able to update ACL content, they must load their > content from a file. > The file name will be considered as a 'reference' you can point to > when updating content. > Don't forget to update simultaneously the content from an ACL and from > the flat file to make HAProxy reload reliable :) > > Baptiste > -- William Jimenez Systems Engineer, Operations ItsOn, Inc. 650-241-8470 {us/pacific}
Re: Using the socket interface to access ACLs
On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez wrote: > Hello > I am trying to modify ACLs via the socket interface. When I try to do > something like 'get acl', I get an error: > > Missing ACL identifier and/or key. > > How do I find the ACL identifier or key for a specific ACL? I see the list > of ACLs when i do a 'show acl', but unsure which of these values is the file > or key: > > # id (file) description > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 > > Thanks Hi William, In order to be able to update ACL content, they must load their content from a file. The file name will be considered as a 'reference' you can point to when updating content. Don't forget to update simultaneously the content from an ACL and from the flat file to make HAProxy reload reliable :) Baptiste
Using the socket interface to access ACLs
Hello I am trying to modify ACLs via the socket interface. When I try to do something like 'get acl', I get an error: Missing ACL identifier and/or key. How do I find the ACL identifier or key for a specific ACL? I see the list of ACLs when i do a 'show acl', but unsure which of these values is the file or key: # id (file) description 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 Thanks
Re: single or many haproxy instances
My understanding, and I could very well be wrong. Is that HAProxy is not SMP aware, it's single threaded and will not automatically take advantage of systems with multiple CPU's or cores. Other than the OS scheduler moving things around. Running multiple instances allows you to peg each instance to a particular CPU, core. Is this correct? On Tue, Jul 1, 2014 at 12:54 PM, Justin Franks wrote: > Not sure why you would run multiple HAProxy in one node. I don't > understand what you want to do. But... > > Look into using Consul to help load balance/cluster your HAProxy > instances. That is what we are doing. Simple and works great. Think of > Consul as a Global load balancing service that works internally. > > Consul will look at all your instances (HAProxy or whatever) and > round-robin or weight load balance to all of them based on health checks > you plug in. I don't know if this would solve your prob though. > > > > * > Justin Franks > Lead Operations Engineer > SaaS, Cloud, Data Centers & Infrastructure > Lithium Technologies, Inc > 225 Bush St., 15th Floor > San Francisco, CA 94104 > tel: +1 415 757 3100 x3219 > -- > *From:* Xu (Simon) Chen > *Sent:* Monday, June 30, 2014 7:38 AM > *To:* HAProxy > *Subject:* single or many haproxy instances > >Hi folks, > > I am writing a simple load balancer as a service to automate haproxy > configuration while providing a simple API to users, who only need to give > a few simple specifications of the load balancer they want. > > I am trying to decide whether to run multiple haproxy instances or a > single instance on a particular node. I currently use jinja2 template to > combine all services into a single haproxy configuration file and run a > single instance of haproxy. Every time, when a service spec is changed, I > run check config mode, and only reload the config if the test passes. But I > fear that a single incorrect service spec would prevent everyone else from > updating their services, unless I maintain some last-known good config for > every service. > > Managing one haproxy instance for every service solves this problem, but > I might end up with too many processes on a single box. > > Any recommendations on which way to go? Is there a recommended max number > of haproxy instances per node/core? > > Thanks. > -Simon > -- *Zachary Buckholz* E: zachary.buckh...@pearson.com T: 480-457-7789 PearsonAlways Learning Learn more at www.pearson.com
RE: single or many haproxy instances
Not sure why you would run multiple HAProxy in one node. I don't understand what you want to do. But... Look into using Consul to help load balance/cluster your HAProxy instances. That is what we are doing. Simple and works great. Think of Consul as a Global load balancing service that works internally. Consul will look at all your instances (HAProxy or whatever) and round-robin or weight load balance to all of them based on health checks you plug in. I don't know if this would solve your prob though. * Justin Franks Lead Operations Engineer SaaS, Cloud, Data Centers & Infrastructure Lithium Technologies, Inc 225 Bush St., 15th Floor San Francisco, CA 94104 tel: +1 415 757 3100 x3219 From: Xu (Simon) Chen Sent: Monday, June 30, 2014 7:38 AM To: HAProxy Subject: single or many haproxy instances Hi folks, I am writing a simple load balancer as a service to automate haproxy configuration while providing a simple API to users, who only need to give a few simple specifications of the load balancer they want. I am trying to decide whether to run multiple haproxy instances or a single instance on a particular node. I currently use jinja2 template to combine all services into a single haproxy configuration file and run a single instance of haproxy. Every time, when a service spec is changed, I run check config mode, and only reload the config if the test passes. But I fear that a single incorrect service spec would prevent everyone else from updating their services, unless I maintain some last-known good config for every service. Managing one haproxy instance for every service solves this problem, but I might end up with too many processes on a single box. Any recommendations on which way to go? Is there a recommended max number of haproxy instances per node/core? Thanks. -Simon
RE: Build failed on OS X
Hi, > Hi, list > > Tried to build with USE_STATIC_PCRE=1 but failed, error: > > .. ebtree/ebistree.o -L/usr/local/Cellar/pcre/8.35/lib -Wl,-Bstatic > -lpcreposix -lpcre -Wl,-Bdynamic > ld: unknown option: -Bstatic > clang: error: linker command failed with exit code 1 (use -v to see > invocation) > make: *** [haproxy] Error 1 > > Seems Apple's ld doesn't support mixing static and dynamic libraries > very well, how could I get around of this? Configure/Build pcre with "--enable-shared=no", so you don't need USE_STATIC_PCRE. Regards, Lukas
RE: What did option maxconn mean in keyword server? will it cause 503 status?
Hi, > I add an option maxconn after keyword server. When haproxy face > high volume of requests (about 2 concurrent requests), it return > many 503 page Of course it will. You would like to serve 2 concurrent requests, but your 6 servers only support 180 concurrent connections each. Do the math: 6 x 180 = 1080 concurrent request can be served in your configuration, of course you will see a lot of 503 errors. > why did haproxy send 503 page? Because all backend servers are busy serving 180 concurrent requests, as per your configuration. You have instructed HAProxy not the send more than 180 request per server, and that is exactly what HAProxy is doing (queueing the request until timeout queue [2] expires and then sending 503 errors). > I also did not understand the meaning of optioin maxconn. If I remove > this option, haproxy will return only very few 503 page. Please read the documentation about maxconn fully [1] then. > Do option maxconn in above configration mean: if concurrent requests > come from frontend is bigger than 180, haproxy will reject these > requests and return 503? It means: each server can handle up to 180 concurrent requests and HAproxy will not send more request to the server, but either use a different server (if there are), or queue it until "timeout queue" [2] expires, or "contimeout" as it is in your case (3 seconds). > If yes, can I configure the size of the queue? 180 *is* your per server queue size, and its exactly the limitation you are hitting. > Additional info > [jj@p2p3 tmp]$ echo "show errors" | sudo socat stdio /tmp/haproxysock > Total events captured on [01/Jul/2014:18:49:29.713] : 0 You gonna need to configure the stats socket properly, "show errors" requires operator or admin privileges on the socket [2] ("level admin"). Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#maxconn%20%28Server%20and%20default-server%20options%29 [2] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#timeout%20queue [3] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#9.2-show%20errors
RE: Client Certificate
Hi Martin, > Hi, > > I'm trying to configure HAProxy so that on one specific domain users > authenticate with a SSL Client certificate. > > The Load Balancer has one public IP address and has a frontend > configured which is bind to port 443: > bind *:443 ssl crt ./haproxy/ > > I selected the correct backend as followed: > use_backend secure_servers if { ssl_fc_sni secure.domain.tld ssl_fc_has_crt } > > default_backend default_servers > > When changing bind to verify the ssl certicate all other ssl traffic is > no longer allowed: > bind *:443 ssl crt ./haproxy/ ca-file ./ca.pem verify required > > A solution would be to create another frontend with an additional > public IP address but I want to prevent this if possible. > > How can I only require a SSL Client certificate on the secure.domain.tld? You cannot, this is not currently supported. The only workaround here is to put another proxying layer in tcp mode in front of your current deployment, enabling you to switch to a different backend --> second layer frontend combination according to the SNI value (req.ssl_sni [1] in this case, since you are not using SSL termination on the first proxy tier). (and you could use the recently implemented abstract namespaces for 1st tier backend -> 2nd tier frontend connection). Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.5-req.ssl_sni
Client Certificate
Hi, I'm trying to configure HAProxy so that on one specific domain users authenticate with a SSL Client certificate. The Load Balancer has one public IP address and has a frontend configured which is bind to port 443: bind *:443 ssl crt ./haproxy/ I selected the correct backend as followed: use_backend secure_servers if { ssl_fc_sni secure.domain.tld ssl_fc_has_crt } default_backend default_servers When changing bind to verify the ssl certicate all other ssl traffic is no longer allowed: bind *:443 ssl crt ./haproxy/ ca-file ./ca.pem verify required A solution would be to create another frontend with an additional public IP address but I want to prevent this if possible. How can I only require a SSL Client certificate on the secure.domain.tld? Many thanks! Martin
What did option maxconn mean in keyword server? will it cause 503 status?
Hi, all Here is the partial of the haproxy.cfg backend receivers mode http balance roundrobin server s0 172.16.0.202:7700 check maxconn 180 server s1 172.16.0.202:7711 check maxconn 180 I add an option maxconn after keyword server. When haproxy face high volume of requests (about 2 concurrent requests), it return many 503 page: 503 Service Unavailable No server is available to handle this request. Above message is sent by haproxy ( I found this message in ./src/proto_http.c) . why did haproxy send 503 page? I also did not understand the meaning of optioin maxconn. If I remove this option, haproxy will return only very few 503 page. Do option maxconn in above configration mean: if concurrent requests come from frontend is bigger than 180, haproxy will reject these requests and return 503? If the concurrent requests come from frontend is bigger than 180, will haproxy put these requests into a queue? If yes, can I configure the size of the queue? *Additional info* [jj@p2p3 tmp]$ echo "show errors" | sudo socat stdio /tmp/haproxysock Total events captured on [01/Jul/2014:18:49:29.713] : 0 *Full configuration (haproxy-1.5-dev24)* global log 127.0.0.1 local0 err ulimit-n 50 maxconn 24 nbproc 1 stats socket /tmp/haproxysock defaults log global option log-separate-errors mode http option httplog option dontlognull retries 3 option redispatch contimeout 3000 clitimeout 5 srvtimeout 5 stats uri /haproxy stats enable frontend http_frontend maxconn 24 bind *:80 mode http option forceclose option forwardfor reqrep ^([^\ :]*)\ /(.*) \1\ /receiver/\2 reqadd X-Forwarded-Proto:\ http default_backend receivers backend receivers mode http balance roundrobin server s0 172.16.0.202:7700 check maxconn 180 server s1 172.16.0.202:7711 check maxconn 180 server s2 172.16.0.202:7722 check maxconn 180 server s3 172.16.0.202:7733 check maxconn 180 server s4 172.16.0.202:7744 check maxconn 180 server s5 172.16.0.202:7755 check maxconn 180 谢谢 金杰 (Jie Jin)
Cum Imbunatatim Vanzarile Online...
( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs )Click here to forward this email to a friend ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) | Click here open this email on your web browser ( http://client.campaignsender.ro/wb.php?p=38h/2zs/rs/8w1/1jp/rs ) ( http://estores.ro/ro/ ) www.estores.ro ( http://estores.ro/ro/ ) * Nou ! Sistem de management al proceselor intr-o firma * Sistemul este compus dintr-o serie de module destinate tuturor departamentelor din cadrul unei firme, precum vanzari, productie, financiar-contabil etc. Informatia este operata o singura data si este accesibila oricarui modul ii este necesara, astfel se economisesc resurse si se diminueaza probabilitatea de a comite erori de operare. Aplicatia este destinata in special tipografiilor insa poate fi adaptata oricarui domeniu de activitate, datorita structurii sale. Avantaje : * Poate sa identifice punctual ruperile de ritm, si sa le aprecieze ca facand parte din categoria de "am uitat" sau din categoria de supraincarcare; * Are acces suplimentar la functii ale calculatorului de pret, pe axa cost/pret/discount/pret impus; --- Magazin Online ( http://estores.ro/ro/magazin-online.html ) --- ( http://estores.ro/ro/magazin-online.html ) Vrei sa vinzi produse indiferent de locatia ta in tara? eStores poate sa iti dezvolte o platforma perfecta pentru comertul electornic. Caracteristici:-Design complet personalizat-Sincronizare cu sistemul de gestiune;-Sistem de inregistrare personalizat pentru clienti;-Numar nelimitat de imagini / produs. Exemple: www.redzip.ro ( http://redzip.ro/ ) www.fmracing.ro ( http://fmracing.ro/ ) Mai multe detalii... ( http://estores.ro/ro/magazin-online.html ) --- Optimizare SEO ( http://estores.ro/ro/optimizare-seo.html ) --- ( http://estores.ro/ro/optimizare-seo.html ) Optimizare pe Brand Marketing-ul site-ului; Numar nelimitat de cuvinte cheie; Implementarea etichetelor Meta completa; Analiza concurentei;Optimizarea navigarii, imaginilor si linkurilor din site; Rezolvarea problemelor de HTML si CSS + Viteza de incarcare;Inscriere manuala in directoare WEB Romanesti si Straine; Exemple: www.jaluzele-ieftine.ro ( http://www.jaluzele-ieftine.ro/ ) Mai multe detalii... ( http://estores.ro/ro/optimizare-seo.html ) Site de Prezentare ( http://estores.ro/ro/site-prezentare.html ) ( http://estores.ro/ro/site-prezentare.html ) Design unic si original; Structura website cu 2-5 varinte lingvistice; Panou de administrare al continutului ce permite: - Crearea/ modificarea unui numar nelimitat de pagini - Administrarea imaginilor din galeria foto - Inserarea/ modificare butoanelor din meniul secundar - Formular de contact - Statistici vizitatori. Exemple : www.inforegio.ro ( http://www.inforegio.ro/ro/ ) Mai multe detalii... ( http://estores.ro/ro/site-prezentare.html ) Cu respect, Ing. Iulian POP WE BRING YOU THE FUTURE ___ Mobil: 0720031123 Tel/fax: 0362 404 903 E-mail: iul...@mydomains.ro Website: www.estores.ro Address: Str Carbunari nr 8 ___ Click here to unsubscribe ( http://client.campaignsender.ro/u.php?p=38h/rs/8w1/1jp/2zs/rs/rt ) | Click here to forward this email to a friend ( http://client.campaignsender.ro/f.php?p=38h/2zs/rs/8w1/1jp/rs )