HAProxy SSL Connection

ssl haproxy

Solution 1:

Given that Chrome reports extremely high connection setup times, it means that SYN packets are being dropped or at least not being answered. This can happen in three situations :

  • packet losses : you may want to ensure that your internet link is still OK and that this specific server has correct connectivity (its network card could be dead)
  • backlog full, this happens if haproxy is taking time to accept connections, and results in many SYN_RECV connections, but since you don't have any of them it's not the case ;
  • improperly tuned conntrack causing incoming connections to be dropped. I would tend to vote for this one given that people deploy load balancers on systems without tuning them and this issue is quite frequent. Please at least check the system's logs using "dmesg" and look for various errors, any net_ratelimit or any "conntrack table full" message.

Edit: I'm just realizing that you only changed the global maxconn setting but not the default one, so your frontends are still limited to 2000 concurrent connections (check with haproxy -vv). And your netstat seems to indicate you're not too far from this limit, so it might be one reason. Please add a maxconn directive in your defaults section.

Related

Is there a command to list AWS instances that results in short output?
Windows Active Directory backup to a file
Linux swap not used, even when OS run out of memory
How to setup redundant ejabberd servers?
Apply GPO to single workgroup computer
Outlook 2010 Warning About Old Cert that No-longer Exists on Exchange 2007 server
Rsync hangs: expand file_list pointer array to N bytes, did move
How properly handle deletion of pid.file in service script
Possible to set the specific order of a resource in a Pacemaker group?
Linux guest graceful shutdown in Hyper-V
Can't install Active Directory Management Gateway Service on Windows Server 2003 DC because hotfix 969166 is missing
docker-machine memory allocation