@vanoden wrote:
I have a site which I recently switched to SSL. It has run for years without a problem. But when I separated http and https frontends, and configured the http frontend to only redirect to https, the http current sessions climbs endlessly until max connections are hit. At this point, the https frontend is still fine, but http is unreachable.
I’ve tried tweaking timeouts to see if I can get the sessions to terminate but nothing seems to help. I’m currently running HAProxy version 1.7.9 on CentOS Linux 7.1
Here’s my configuration:
global
log localhost local4
log-send-hostname
log-tag haproxychroot /var/lib/haproxy pidfile /var/run/haproxy/www-site.pid maxconn 6000 user haproxy group haproxy tune.ssl.default-dh-param 2048 daemon stats socket /var/lib/haproxy/www-site.statsdefaults
mode http
log global
option httplog
option dontlognull
option redispatch
retries 3
timeout http-request 3s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
timeout http-keep-alive 3s
maxconn 5000frontend stats
bind 10.1.1.135:1936
stats enable
stats uri /
stats auth operations:sdfasdfasdf
stats admin if TRUEfrontend site-www-http
redirect scheme https
bind 1.2.3.4:80frontend site-www
bind 1.2.3.4:443 ssl crt /etc/pki/tls/private/www.site.com.pem ciphers …
bind 10.1.1.135:80default_backend wwwbackend www
mode http
balance roundrobin
option httpchk GET / HTTP/1.1\r\nHost:\ www.site.com
server www01 www-01.prod.app:80 check
server www02 www-02.prod.app:80 check
Posts: 2
Participants: 2