How to make HA Proxy keepalive
Asked Answered
V

1

7

In my environment I have haproxy load balance for 2 web servers (Apache), this is my HA Proxy configuration :

global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
        tune.ssl.default-dh-param 2048
    daemon
        nbproc      1
    stats socket /var/lib/haproxy/stats
        stats       timeout 1m
        nogetaddrinfo
listen front
    bind :80
    redirect scheme https if { hdr(Host) -i domain.com } !{ ssl_fc }
listen front_ssl
    bind :443 ssl crt /opt/certificate/domain.pem
    mode http
        option dontlognull
    stats      enable
    stats      uri /ha?stats
    stats      realm system
    stats      auth root:*********
    stats      refresh 5s
    option http-keep-alive
    option forwardfor
    option redispatch
    reqadd X-Forwarded-Proto:\ https if { ssl_fc }
         timeout client  15s
        timeout connect 3s
        timeout server  15s
        timeout http-request 15s
        timeout http-keep-alive 15s
        default_backend bk_http
backend bk_http
        mode http
        balance source
        option http-keep-alive
        default-server inter 1s
        retries 3
        timeout connect 3s
        timeout server  15s
        timeout queue 60s
        timeout check 10s
        timeout http-request 15s
        timeout http-keep-alive 15s
        server node1 1.2.3.4:82 check id 1 weight 1 maxconn 2000 maxqueue 2000
        server node2 5.6.7.8:82 check id 1 weight 1 maxconn 2000 maxqueue 2000

"KeepAlive On" in /etc/httpd/conf/httpd.conf But when I test with curl, I see that keepalive is not work :

curl -Iv http://domain.com 2>&1 | grep -i 'connection #0'
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Closing connection #0
curl -Iv https://domain.com 2>&1 | grep -i 'connection #0'
* Closing connection #0

As I know if keepalive is working, result should be :

  0   162    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0* Connection #0 to host domain.com left intact
* Closing connection #0

Please let me know if something wrong in my configuration ?

Verdaverdant answered 27/1, 2015 at 2:52 Comment(1)
Unlike forum sites, we don't use "Thanks", or "Any help appreciated", or signatures on Stack Overflow. See "Should 'Hi', 'thanks,' taglines, and salutations be removed from posts?. BTW, it's "Thanks in advance", not "Thanks in advanced".Sherasherar
P
12

You have the right configuration. You simply require option http-keep-alive which is the default as of haproxy 1.5. Do check which version you have installed.

See http://www.haproxy.org/download/1.5/doc/configuration.txt section 4. Proxies

In HTTP mode, the processing applied to requests and responses flowing over a connection depends in the combination of the frontend's HTTP options and the backend's. HAProxy supports 5 connection modes :

  • KAL : keep alive ("option http-keep-alive") which is the default mode : all requests and responses are processed, and connections remain open but idle between responses and new requests.

  • TUN: tunnel ("option http-tunnel") : this was the default mode for versions 1.0 to 1.5-dev21 : only the first request and response are processed, and everything else is forwarded with no analysis at all. This mode should not be used as it creates lots of trouble with logging and HTTP processing.

  • PCL: passive close ("option httpclose") : exactly the same as tunnel mode, but with "Connection: close" appended in both directions to try to make both ends close after the first request/response exchange.

  • SCL: server close ("option http-server-close") : the server-facing connection is closed after the end of the response is received, but the client-facing connection remains open.

  • FCL: forced close ("option forceclose") : the connection is actively closed after the end of the response.

Your backends, node1/node2, are probably closing the connection. They may not have keepalives enabled.

If you intercept the traffic check for http/1.1 and no "Connection: close" header

Piggin answered 26/8, 2015 at 23:3 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.