HAProxy community

Haproxy stays bound to frontend port when all backends are down


HI everyone. Perhaps my expectations are incorrect, but I figured haproxy would unbind from the listening port when a “tcp-request connection reject” is in place and the condition is currently true.

My use case is that I have five backend servers and one haproxy listening on port X. When all five backends are down (such as for maintenance), I had hoped this rule:

tcp-request connection reject if { nbsrv(xyz) lt 1 }

would cause haproxy to stop listening. Unfortunately I have to deal with some exceptionally stupid software on the other end that uses a “dump and go” policy whereby it connects and just blindly dumps its data. If it connects successfully it assumes the data was delivered. I know, it is tremendously bad behaviour but unfortunately not under my control.

Is my expectation correct? netstat shows haproxy still listening and I can connect with telnet, though it disconnects as soon as I send data.



I should have said, I was using version 1.6.3.

I have upgraded to 1.6.13 and now haproxy is still listening, but connections to it behave differently. I got different results on consecutive telnet attempts:

[sean@dev ~]$ telnet localhost 54054
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

[sean@dev ~]$ telnet localhost 54054
telnet: connect to address Connection reset by peer

which I find a little odd. It smells like timing to me. Is there any way to guarantee the latter behaviour?

Thanks again


Haproxy will always keep listening on the frontend. It can only close the socket on exit.

tcp-request connection reject will close the socket asap, however it will still accept the connection in the first place (the 3 way handshake succeeds).

No and I think the latter behavior is a consequence of something else. Maybe haproxy shutdown or reloaded or crashed while you where testing it; I don’t have an explanation for the “Connection reset by peer” behavior.