HAProxy SSL Connection
Solution 1:
Given that Chrome reports extremely high connection setup times, it means that SYN packets are being dropped or at least not being answered. This can happen in three situations :
- packet losses : you may want to ensure that your internet link is still OK and that this specific server has correct connectivity (its network card could be dead)
- backlog full, this happens if haproxy is taking time to accept connections, and results in many SYN_RECV connections, but since you don't have any of them it's not the case ;
- improperly tuned conntrack causing incoming connections to be dropped. I would tend to vote for this one given that people deploy load balancers on systems without tuning them and this issue is quite frequent. Please at least check the system's logs using "dmesg" and look for various errors, any net_ratelimit or any "conntrack table full" message.
Edit: I'm just realizing that you only changed the global maxconn setting but not the default one, so your frontends are still limited to 2000 concurrent connections (check with haproxy -vv). And your netstat seems to indicate you're not too far from this limit, so it might be one reason. Please add a maxconn directive in your defaults section.