HAProxy - dropping connections
frozenmsp last edited by
My first foray into HAProxy, and I've been bashing my head against a wall trying to sort this one out.
I've got a pfSense 2.4.2-p1 install w/ HAProxy going to 2 different internal servers. Both servers load just fine, and you can navigate and browse.
However, if you do anything that takes time on either one, the connections are interrupted and dropped. One is an internal project management app on an IIS server, the other is a file hosting server running Rumpus. Timeout shouldn't be an issue as I've set both to 20 minutes. Doesn't appear to be load related as CPU load is minimal (80% free).
Downloading a file through the file manager, it starts at full speed then after a few MB it drops steadily in speed until the browser eventually reports a connection error.
Any help would be appreciated.
stats socket /tmp/haproxy.socket level admin
bind 127.0.0.1:2200 name localstats
stats admin if TRUE
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
bind WAN1:80 name WAN1:80
bind WAN2:80 name WAN2:80
bind LAN:80 name LAN:80
timeout client 30000
acl url_acme_http01 path_beg -i /.well-known/acme-challenge/
acl url_redirect_https path_sub -i /.well-known/acme-challenge/
http-request use-service lua.acme-http01 if METH_GET url_acme_http01
http-request redirect scheme https code 301 if !url_redirect_https
bind WAN1:443 name WAN1:443 ssl crt /var/etc/haproxy/SharedFrontEnd.pem
bind WAN2:443 name WAN2:443 ssl crt /var/etc/haproxy/SharedFrontEnd.pem
bind LAN:443 name LAN:443 ssl crt /var/etc/haproxy/SharedFrontEnd.pem
timeout client 120000000
acl WEB_APP hdr_beg(host) -i WEB_APP
acl Rumpus hdr_beg(host) -i ftpserver
use_backend WEB_APP_http_ipvANY if WEB_APP
use_backend Rumpus_http_ipvANY if Rumpus
timeout connect 120000
timeout server 120000
option httpchk OPTIONS /
server WEB_APP WEB_APP_LAN:80 check inter 1000
timeout connect 12000000
timeout server 12000000
option httpchk GET /
server FTPServer FTP_LAN:80 check inter 1000
pfSense is 2004 - 2018 by Rubicon Communications, LLC (Netgate). All Rights Reserved. [view license]
PiBa last edited by
Your server timeout is 2 minutes for the webapp, and a connect timeout shouldn't really be above 10 seconds, if it takes 10 seconds to get a working tcp connection there is some serious network issues even when accessing a server over the internet..
As for dropping established connections there could be different factors causing that.. Configuring the syslog on the haproxy settings tab(perhaps to the local syslog unixsocket) and enabling 'detailed logs' on the frontend should help tell if the client or server breaks the connection or a timeout is hit perhaps..
In case of doubt also run also capture the packets on both wan and lan side of haproxy to check with wireshark which side traffic gets interrupted.