Reverse proxy: Very slow page load

@joel wrote:

Hello folks,

Overview:
I managed to successfully setup an HAproxy installation for use as a reverse proxy and later load balancer. Technically everything is working but the pages loaded through the proxy are extremely slow (like multiple minutes for a simple Wordpress site).

My setup:

• HAproxy on FreeBSD 11 64-bit. It’s a root server with a 4-core Xeon 3.3 GHz, 32 GB memory and 1G/1G internet connection
• Different webservers running FreeBSD 11 64-bit. Those are usually machines with two to four cores and 8 to 16 GB of memory and 1G/1G internet connection.
• The servers are not physically at the same location. I use OpenVPN to tie them into a private network. The ping between the HAproxy and the web servers are around 20 ms stable.
• OpenVPN runs in UDP mode. Everything is pretty much default config.
• All involved servers have tons of free resources left and are not busy at all. The HAproxy server isn’t doing anything other than running HAproxy and acting as the OpenVPN server.

My problem:
I tried to reverse-proxy three different existing websites through the new HAproxy machine. When I access the website through the web servers public IP they load within less than a second. When I load then through the HAproxy machine they take up to 11 minutes to complete loading.
Here’s an example of a Wordpress side being loaded through HAproxy:

• Chrome console screenshot: paste
• HAproxy log: paste

I have the same problem with other Wordpress installations, with the Jenkins dashboard and other existing websites.

My config:
Here’s my HAproxy config:

global
        log /var/run/log local0 info
        log /var/run/log local0 notice
        daemon
        maxconn 8000
        tune.ssl.default-dh-param 2048
        user nobody
        group nobody

defaults
        log global
        option httplog
        option dontlognull
        mode http
        timeout connect 5s
        timeout client 1min
        timeout server 1min
        option forwardfor
        errorfile 400 /usr/local/etc/haproxy/errorfiles/400.http
        errorfile 403 /usr/local/etc/haproxy/errorfiles/403.http
        errorfile 408 /usr/local/etc/haproxy/errorfiles/408.http
        errorfile 500 /usr/local/etc/haproxy/errorfiles/500.http
        errorfile 502 /usr/local/etc/haproxy/errorfiles/502.http
        errorfile 503 /usr/local/etc/haproxy/errorfiles/503.http
        errorfile 504 /usr/local/etc/haproxy/errorfiles/504.http

frontend http-in
        bind *:80
        bind *:443 ssl crt /usr/local/etc/haproxy/certs/stuff.pem
        mode http
        use_backend jenkins if { hdr(host) -i jenkins.my.org }
        use_backend blog if { hdr(host) -i blog.my.org }
        default_backend test

backend blog
        mode http
        server blog01 10.8.0.18:80 check
        rspadd Content-Security-Policy:\ upgrade-insecure-requests

backend jenkins
        server jenkins1 10.8.0.14:8180
        mode http
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        reqrep ^([^\ :]*)\ /(.*)     \1\ /\2
        acl response-is-redirect res.hdr(Location) -m found
        rspirep ^Location:\ (http)://10.8.0.14:8180/(.*)   Location:\ https://jenkins.my.org:443/\2  if response-is-redirect

The Jenkins backend config has been taken from the official Jenkins & HAproxy example from the official Jenkins documentation.

I’d appreciate any kind of help on this!

Posts: 2

Participants: 2

Read full topic