Pool of connections


#1

Hi,
Does HAProxy support a pool of connections (tcp /http) from client side ?


#2

Not sure why you would ask for “pooling” on the client side, that is the browsers job.

Does Haproxy support keep-alive on the frontend: yes (so browsers can pool if they want).
Does Haproxy support pooling on the backend side: yes, in 1.6, check http-reuse [1].

This applies to HTTP mode, obviously this is not supported for TCP.

[1] https://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4-http-reuse


#3

Thanks for the clear answer.
Sorry if my question was not clear, I mean HAProxy as client ===>(http) ===> backend servers.
so, check http-reuse will work
Tnx
Amir


#4

Hi,

I have more details regarding the clients and servers behavior.

The clients are applications which will send HTTP requests to HAPROXY (not
browsers).

HAPROXY will send the requests to the backend servers over HTTPS (using
2-way SSL)

Questions:

  1. Does HAPROXY support 2-way SSL as client and as server? Where can I find
    the required configuration?

  2. Can HAPROXY (as a client) initiate pool of HTTPS connections to the
    backend servers, regardless of the HTTP Clients connections?

The initiative is to improve the performance by reducing the 2-way SSL
handshakes.

Thanks a lot
Amir Yosef


#5

I’m not sure what you mean by “2-way SSL”. Do you mean client certificate authentication?

You can find the required configuration in the configuration manual, the ssl keyword on the server line being the first step:
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-ssl

http-reuse works just as well with SSL backends:
https://cbonte.github.io/haproxy-dconv/1.6/configuration.html#4-http-reuse


#6

Thanks ,
I would like to emphasis my question related “connection pool”.
As far as I understand using http-reuse will work as long as front-end
didn’t close the connection after getting response.
in our case , the front-end will close the connection immediately after
getting the response so http-reuse will not help here.
maybe i got wrong in my understanding of http-reuse, so please elaborate.
The question is if HAPROXY can maintain connection towards the back-end
servers regardless of front-end behavior.
Thanks Amir


#7

You right, its not actually a connection pool, it is connection re-use.

However as the SSL sessions are resumed, not renegotiated, you are not paying the large “CPU tax” for continuous handshakes.

No, it cannot.


#8

Hi Lukas,
Following our conversation, would you consider adding the ability of
maintaining an independent connection pool towards the back-end servers
regardless of the front-end clients connections in HAProxy next release?
Amir


#9

I suggest we move this conversation to the mailing list, its more appropriate there.

You can just send your request to (no need to subscribe):
haproxy@formilux.org

Do explain your use-case and why the current implementation does not work for it when you send this to the mailing list.