HAProxy - Slow Page Load on 1 (of 4) FrontEnds

  • I have just upgraded to a 1GB fiber connection and in the process I seem to have broken HAProxy (I first brought up the fiber on a additional interface I setup).

    I have two Front Ends - a 80-443 redirect which redirects to my SSL Primary.

    I have 4 shared front ends, one for Wordpress (multiple sites), one for nextcloud, one for email, and one for airsonic. Each shared front end redirects to a different server/ip address.

    Nextcloud, webmail, and airsonic all load super fast. Wordpress takes 5-10 seconds "waiting on site". Then it loads fast.

    The difference between the frontends are that wordpress has multiple certs which uses 'hostname contains" and SSL offloading based on LetsEncrypt Certs. The others all have a single "hostname contails" and SSL cert. They all use apache or nginx listening on 80/443.

    If I setup a nat rule for 80/443 that redirects all traffic to the wordpress server, bypassing haprox, the wordpress sites load fast.

    I rolled back my pfsense box to a backup taken prior to the fiber upgrade (which should have removed the additional interface changes I made), and the issue persisted.

    I duplicated my wordpress front end, removed all except one cert/site, moved it above the original wordpress front end and the issue persisted.

    To be clear, this worked fine before the upgrade.

    The ISP is ATT, the RG is in passthrough mode, but I do understand it has some nat limitations.

    What can I provide to help assist in troubleshooting? Any ideas what I've done?

    pfSense v 2.4.4.p3
    haprox .59_19

  • @Craash
    Can you try and install the haproxy-devel package? I wonder if the newer haproxy binary version might have contained a fix. Either way im going to try and get the new 2.0 version info pfSense once i have tested it a little.

  • I can test, no problem.

    It just doesn't make sense to me, even the simple one page, apache2 hosted, site on that machine loads slow.

    I have other apache2 machines that are fine.

    I"m considering spinning up a new VM, moving the single page site over, and seeing if the issue persists.


  • @Craash
    Not much thoughts at the moment.. Ive seen once where a haproxy version update did improve site load time, even though nothing apparent seemed to go wrong..

    Can do tcpdump/wireshark packet captures, and examine the syslog output from haproxy.. But if the apache2 is fast when accessed directly, there is no good reason i can think of for it to slow down significantly with haproxy is put in between. If changing versions doesn't help checking logs and packetcaptures will likely be the next step in diagnosing this.. but updating is way easier..

  • @PiBa I spun up a new vm. Clean ubuntu 18.04.2 with a lemp stack

    Moved my single page site over to it. Pointed the existing back end to it.

    Bam. Fast.

    Still think the update will fix it, or should I install and move a WordPress site over?

  • @Craash
    If you can easily move all sites over, i guess thats an option. Still strange that a otherwise fast server would serve a certain page slowly through haproxy and fast without. Without a clear reason I guess all bets are off...

  • @PiBa does it help you if I move to the devl version? I'd rather not move the sites if you think it will fix it

  • @Craash
    It wont help me ;) , but might help you? Only way to know for sure is if you give it a try. The webgui and config used is exactly the same at the moment, so if 1.8 doesn't fix it you can easily go back and reinstall the haproxy 1.7 version again if you feel more comfortable with that.

  • @PiBa

    Did the update, no love.

    The original server is still slow behind HAProxy, all the others are fast. Guess I'll start to move all the sites to the new VM I spun up.

  • Just to follow up, after moving all my sites to a new VM, speed is as expected. Dunno.

Log in to reply