HAProxy community

SSL termination + vhost & uri routing performance impact?

Hello, we working on switching our ha proxy from ssl pass-though to ssl termination & ssl to the backend (ssl verify none). This will allow us to use the ha proxy to route traffic based on fqdn (vhost) and uri (path).

So we’re going from no haproxy routing or ssl termination, to ssl termination (plus ssl to backend), plus haproxy routing based on fqdn and uri. Routing will be done via haproxy map

I have tested this in a lab setup and it works. Do we have any guidelines/community experience/tips on how to size (cpu, mem) the ha proxy for the additional load (decryption and routing)? We will be doing testing, but at this stage I looking for “generic” guidelines to give us an indication of where to start. Our current TPS is 1000 TPS per app and we have 20 apps.