Hello,
I’m running HAproxy with this version
HA-Proxy version 1.7.3 2017/02/28
Copyright 2000-2017 Willy Tarreau willy@haproxy.org
I have this config of haproxy
global
stats timeout 30s
maxconn 5001
defaults
option httplog
option dontlognull
retries 3
mode http
timeout connect 5000
timeout client 50000
timeout server 50000
frontend https-in
bind *:443
log 127.0.0.1 local2
mode tcp
option tcplog
timeout client 3h
timeout server 3h
option clitcpka
use_backend back_webapp_apache2_php56-443
backend back_webapp_apache2_php56-443
mode tcp
balance roundrobin
server host0 10.0.4.59:443 check fall 3 rise 2
So I have one apache backend running at ip 10.0.4.59.
The problem is sometimes I’m getting this error.
https-in https-in/ -1/-1/0 0 SC 0/0/0/0/0 0/0
Sometimes it is working. But connection is not consistent. What can be the issue HAproxy or Apache ? I don’t know where to start debug this issue.
Thanks & Regards,
Chintan Patel
Hi. Looks like your Apache server couldn’t recieve a connection:
S : the TCP session was unexpectedly aborted by the server, or the server explicitly refused it.
C : the proxy was waiting for the CONNECTION to establish on the server. The server might at most have noticed a connection attempt.
Hello @AllertGen,
Thanks for the reply.
I checked this gist file https://gist.github.com/ayosec/8112308#file-8-5-session-state-at-disconnection
It mentioned the same thing as you said about termination_state also as the combination.
SC The server or an equipment between it and haproxy explicitly refused
the TCP connection (the proxy received a TCP RST or an ICMP message
in return). Under some circumstances, it can also be the network
stack telling the proxy that the server is unreachable (eg: no route,
or no ARP response on local network). When this happens in HTTP mode,
the status code is likely a 502 or 503 here.
I’m still not sure where to go from here, I’m giving more information:
- Running HAProxy on docker with official image haproxy:1.7
- Running Apache2 also in a docker container
- Both are running on different systems.
Also test with JMeter and I’m getting 2% of errors
Thanks again
Means the backend is rejecting the connection attempt.
Check your backend logs, from a application, kernel and firewall point of view, and every device that is between the backend and the haproxy server.
It could be anything (from network to limits of your Apache server). It’s better to use some bandwith tests for creating a lot of connections to Apache server (like tcpkali or apache tools). It easly could be limits of OS of Apache server or apache itself.
Also I see that you are using tcp mode for web servrice. It would be better to swith to http mode and use:
option http-keep-alive
no option http-server-close
At this case your haproxy server will not be creating additional connection for each client (without it at not tuned OS you can keep only ~35k connections). It will use existing connections for transfering data of all clients.
Hello,
At the end we implemented http mode with ssl. Thank you again @lukastribus @AllertGen
Regards,
Chintan Patel