Haproxy cause to full nf_conntrack_max

Help!
1

Hi
I setup haproxy(HA-Proxy version 1.5.18 2016/05/10 in centos7
) with below config (proxy hundreds of web sites) .But now i see kernel drop packets and reveal lots of error message on monitoring tools indicate ping loss is too high on my server .although i increased nf_conntrack_count and setup max connection in haproxy to 10000 but just a few hours later nf_conntrack_count (current connection) reaches to nf_contrack_max (600000). also in in haproxy log just show incomprehensible information posted after haproxy config.

Global settings

log         127.0.0.1:514 local0
stats socket /var/run/haproxy.stat
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     10000
user        haproxy
group       haproxy
daemon
stats socket /var/lib/haproxy/stats

defaults
log global
option tcplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 30s
timeout client 1m
timeout server 2m
#timeout http-keep-alive 10s
timeout check 10s
maxconn 4000

#---------------------------------------------------------------------
frontend http-in
bind *:80
mode http
redirect scheme https code 301

frontend tls
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
tcp-request content capture req_ssl_sni len 10
#log-format “capture0: %[capture.req.hdr(0)]”

use_backend something.com if { req_ssl_sni -i something.com }


default_backend other-tls

backend other-tls
mode tcp
option ssl-hello-chk
server google-site yahoo.com:443

backend something.com
mode tcp
option ssl-hello-chk
server something-site something.com:443


##############################################################
haproxy.log
############
Nov 1 09:00:01 localhost haproxy[15072]: 2.190.54.80:49554 [01/Nov/2020:08:58:01.618] tls other-tls/google-site 90003/-1/120003 0 cC 4008/3999/3749/3749/3 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 49.12.108.130:51765 [01/Nov/2020:08:58:01.668] tls other-tls/google-site 90004/-1/120004 0 sC 4008/3999/3748/3748/3 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 5.160.32.10:60732 [01/Nov/2020:08:58:01.753] tls other-tls/google-site 90003/-1/120003 0 cC 4008/3999/3749/3749/3 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 81.12.108.130:47867 [01/Nov/2020:08:58:01.756] tls other-tls/google-site 90002/-1/120001 0 cC 4008/3999/3749/3749/3 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 91.98.142.90:31132 [01/Nov/2020:09:00:01.773] http-in http-in/ -1/-1/4 148 LR 4010/10/0/0/0 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 5.160.51.44:63643 [01/Nov/2020:09:00:01.769] http-in http-in/ -1/-1/8 147 LR 4009/9/0/0/0 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 46.209.207.227:53677 [01/Nov/2020:08:58:01.882] tls other-tls/google-site 90003/-1/120002 0 cC 4007/3998/3748/3748/3 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 80.75.4.214:53361 [01/Nov/2020:08:58:01.882] tls other-tls/google-site 90003/-1/120002 0 sC 4006/3997/3747/3747/3 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 5.160.103.238:30621 [01/Nov/2020:09:00:01.902] http-in http-in/ -1/-1/1 147 LR 4009/9/0/0/0 0/0
Nov 1 09:00:01 localhost haproxy[15072]: 92.242.207.41:51244 [01/Nov/2020:08:58:01.985] tls other-tls/google-site 90002/-1/120002 0 cC 4007/3999/3746/3746/3 0/0