HA Proxy Confg Long Timeout

Hi… what are Pro & Con for Long time out?
log global
timeout server 5s
timeout connect 5s
timeout client 5s


log global
timeout server 50000s
timeout connect 5000s
timeout client 50000s

Its pretty much always a bad idea to set high timeouts.

Cons are:

  • as more concurrent sessions are used, you need higher maxconn values and therefor more memory
  • if set maxconn higher than your box has RAM for it, your kernel will OOM kill haproxy
  • if set maxconn too low, you will saturate maxconn and new connections attempts won’t be answered
  • whatever maxconn, the higher the timeouts are, the easier it is for an attacker to DDoS your setup
1 Like

I would add to Lukas response that there is no good reason to have a long “timeout connect”.
This value matches the time between a TCP SYN and a SYN/ACK on the network between HAProxy and the server.

1 Like

Thank you both of you.