I think that your problem comes from the lack of timeouts in both your stunnel config and your haproxy config. From time to time, some clients disconnect from the net in a dirty fashion, resulting in a lot of unterminated connections pending on your server. At one point, all stunnel's connections are used and you can't connect anymore. It is *very* important to apply timeouts on *every* component in a web infrastructure, otherwise it is 100% sure that it will fail.
Also you can improve your performance and decrease this issue by replacing "option httpclose" with "option http-server-close", which will maintain keep-alive to the clients. It will also slightly hide the
effects of your lack of timeouts.
|