HAProxy community

[ Closed ] Connection Dropping Issue in SSL Backend with TCP Mode


I’m running HAproxy with this version

HA-Proxy version 1.7.3 2017/02/28
Copyright 2000-2017 Willy Tarreau willy@haproxy.org

I have this config of haproxy

    stats timeout 30s
    maxconn 5001
    option httplog
    option dontlognull
    retries 3
    mode http
    timeout connect 5000
    timeout client  50000
    timeout server  50000
frontend https-in
    bind *:443
    log local2
    mode tcp
    option tcplog
    timeout client  3h
    timeout server  3h
    option          clitcpka
    use_backend back_webapp_apache2_php56-443
backend back_webapp_apache2_php56-443
    mode tcp
    balance roundrobin
    server host0 check fall 3 rise 2

So I have one apache backend running at ip

The problem is sometimes I’m getting this error.

https-in https-in/ -1/-1/0 0 SC 0/0/0/0/0 0/0

Sometimes it is working. But connection is not consistent. What can be the issue HAproxy or Apache ? I don’t know where to start debug this issue.

Thanks & Regards,
Chintan Patel


Hi. Looks like your Apache server couldn’t recieve a connection:

S : the TCP session was unexpectedly aborted by the server, or the server explicitly refused it.
C : the proxy was waiting for the CONNECTION to establish on the server. The server might at most have noticed a connection attempt.


Hello @AllertGen,

Thanks for the reply.
I checked this gist file https://gist.github.com/ayosec/8112308#file-8-5-session-state-at-disconnection
It mentioned the same thing as you said about termination_state also as the combination.

SC The server or an equipment between it and haproxy explicitly refused
the TCP connection (the proxy received a TCP RST or an ICMP message
in return). Under some circumstances, it can also be the network
stack telling the proxy that the server is unreachable (eg: no route,
or no ARP response on local network). When this happens in HTTP mode,
the status code is likely a 502 or 503 here.

I’m still not sure where to go from here, I’m giving more information:

  • Running HAProxy on docker with official image haproxy:1.7
  • Running Apache2 also in a docker container
  • Both are running on different systems.

Also test with JMeter and I’m getting 2% of errors

Thanks again


Means the backend is rejecting the connection attempt.

Check your backend logs, from a application, kernel and firewall point of view, and every device that is between the backend and the haproxy server.


It could be anything (from network to limits of your Apache server). It’s better to use some bandwith tests for creating a lot of connections to Apache server (like tcpkali or apache tools). It easly could be limits of OS of Apache server or apache itself.
Also I see that you are using tcp mode for web servrice. It would be better to swith to http mode and use:

option http-keep-alive
no option http-server-close

At this case your haproxy server will not be creating additional connection for each client (without it at not tuned OS you can keep only ~35k connections). It will use existing connections for transfering data of all clients.



At the end we implemented http mode with ssl. Thank you again @lukastribus @AllertGen

Chintan Patel