@bwmetcalf wrote:
With the following config, we are seeing keepalives working on the frontend, but not on the backend. Is there something about the proxy protocol that prevents keepalives from being maintained? If so, is there a way to do so? I have confirmed keepalives are working on the backend servers via several methods, but we are seeing in the haproxy stats the same number of connections/sec has http responses for the backend bk_foo.
defaults maxconn 100 http-reuse safe option http-keep-alive timeout connect 3s timeout client 30s timeout server 1h frontend ft_ssl mode http bind-process 2-10 bind *:80 bind *:443 ssl crt /usr/local/haproxy-1.6.6-openssl-1.0.1t-static/etc/foo.pem ciphers AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!MD5:!PSK no-sslv3 no-tls-tickets maxconn 100000 option httplog option forwardfor redirect scheme https code 301 if !{ ssl_fc } default_backend bk_ssl backend bk_ssl mode http bind-process 2-10 server ft_sock unix@ft.sock send-proxy-v2 frontend ft_plain mode http bind-process 1 bind unix@/usr/local/haproxy-1.6.6-openssl-1.0.1t-static/jail/ft.sock accept-proxy no log maxconn 100000 use_backend %[req.hdr(host),lower,map_dom(/usr/local/haproxy-1.6.6-openssl-1.0.1t-static/etc/map)] backend bk_foo mode http bind-process 1 server foo 10.10.1.1:443 check ssl verify none maxconn 2000Thanks very much.
Posts: 1
Participants: 1