Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 5th December 2011, 10:14
abubin abubin is offline
Member
 
Join Date: Mar 2010
Posts: 81
Thanks: 0
Thanked 2 Times in 2 Posts
Default haproxy with stunnel problem

We have been using haproxy for quite a few years already for loadbalancing work.

Lately, we need to add https support into our haproxy system. As haproxy does not support https with headers, we need use stunnel for this as suggested in haproxy site.

However, after setting up stunnel for haproxy, 1 week later, we found our server seems to be having massive overloading problem. We are not sure if this is due to additional connections overloading or because of stunnel.

However, I do see a lot of chatter coming from stunnel logs. Below is partial of the logs:
Code:
2011.12.05 17:05:52 LOG5[6644:3080788880]: Service https connected remote server from 127.0.0.1:12829
2011.12.05 17:05:52 LOG5[6644:3082963856]: Service https accepted connection from 112.201.172.38:51234
2011.12.05 17:05:52 LOG5[6644:3074214800]: Service https accepted connection from 112.201.172.38:51235
2011.12.05 17:05:52 LOG5[6644:3080788880]: Connection closed: 471 bytes sent to SSL, 487 bytes sent to socket
2011.12.05 17:05:52 LOG3[6644:3080858512]: SSL_accept: Peer suddenly disconnected
2011.12.05 17:05:52 LOG5[6644:3080858512]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2011.12.05 17:05:52 LOG5[6644:3082963856]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:52 LOG5[6644:3082963856]: Service https connected remote server from 127.0.0.1:13221
2011.12.05 17:05:52 LOG5[6644:3074214800]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:52 LOG5[6644:3074214800]: Service https connected remote server from 127.0.0.1:13224
2011.12.05 17:05:52 LOG5[6644:3079318416]: Error detected on SSL (read) file descriptor: Connection reset by peer (104)
2011.12.05 17:05:52 LOG5[6644:3079318416]: Connection reset: 471 bytes sent to SSL, 488 bytes sent to socket
2011.12.05 17:05:53 LOG5[6644:3078970256]: Connection closed: 927 bytes sent to SSL, 497 bytes sent to socket
2011.12.05 17:05:53 LOG5[6644:3074214800]: Connection closed: 471 bytes sent to SSL, 492 bytes sent to socket
2011.12.05 17:05:53 LOG5[6644:3082963856]: Connection closed: 471 bytes sent to SSL, 487 bytes sent to socket
2011.12.05 17:05:53 LOG5[6644:3082963856]: Service https accepted connection from 112.202.184.50:50226
2011.12.05 17:05:53 LOG5[6644:3074214800]: Service https accepted connection from 112.202.184.50:50227
2011.12.05 17:05:53 LOG5[6644:3078970256]: Service https accepted connection from 112.202.184.50:50228
2011.12.05 17:05:53 LOG5[6644:3074075536]: Error detected on SSL (read) file descriptor: Connection reset by peer (104)
2011.12.05 17:05:53 LOG5[6644:3074075536]: Connection reset: 471 bytes sent to SSL, 493 bytes sent to socket
2011.12.05 17:05:53 LOG5[6644:3074075536]: Service https accepted connection from 118.137.180.101:50363
2011.12.05 17:05:53 LOG5[6644:3079318416]: Service https accepted connection from 182.52.155.183:15604
2011.12.05 17:05:53 LOG5[6644:3080858512]: Service https accepted connection from 182.52.155.183:15605
2011.12.05 17:05:53 LOG5[6644:3082963856]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:53 LOG5[6644:3082963856]: Service https connected remote server from 127.0.0.1:14159
2011.12.05 17:05:53 LOG5[6644:3078970256]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:53 LOG5[6644:3078970256]: Service https connected remote server from 127.0.0.1:14161
2011.12.05 17:05:53 LOG5[6644:3074214800]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:53 LOG5[6644:3074214800]: Service https connected remote server from 127.0.0.1:14160
2011.12.05 17:05:53 LOG5[6644:3081694096]: Connection closed: 927 bytes sent to SSL, 435 bytes sent to socket
2011.12.05 17:05:53 LOG5[6644:3081694096]: Service https accepted connection from 180.190.168.178:50767
2011.12.05 17:05:54 LOG5[6644:3078970256]: Connection closed: 471 bytes sent to SSL, 517 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3078970256]: Service https accepted connection from 115.165.160.66:62098
2011.12.05 17:05:54 LOG5[6644:3081694096]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3081694096]: Service https connected remote server from 127.0.0.1:14483
2011.12.05 17:05:54 LOG5[6644:3074214800]: Connection closed: 471 bytes sent to SSL, 512 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3074214800]: Service https accepted connection from 122.3.31.46:39483
2011.12.05 17:05:54 LOG5[6644:3080788880]: Service https accepted connection from 122.3.31.46:39484
2011.12.05 17:05:54 LOG5[6644:3081485200]: Service https accepted connection from 122.3.31.46:39485
2011.12.05 17:05:54 LOG5[6644:3079318416]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3079318416]: Service https connected remote server from 127.0.0.1:14565
2011.12.05 17:05:54 LOG5[6644:3080858512]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3080858512]: Service https connected remote server from 127.0.0.1:14637
2011.12.05 17:05:54 LOG5[6644:3082963856]: Connection closed: 471 bytes sent to SSL, 512 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3082963856]: Service https accepted connection from 222.127.252.203:64831
2011.12.05 17:05:54 LOG5[6644:3074075536]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3074075536]: Service https connected remote server from 127.0.0.1:14727
2011.12.05 17:05:54 LOG5[6644:3078970256]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3078970256]: Service https connected remote server from 127.0.0.1:14750
2011.12.05 17:05:54 LOG5[6644:3081694096]: Connection closed: 927 bytes sent to SSL, 398 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3074214800]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3074214800]: Service https connected remote server from 127.0.0.1:14795
2011.12.05 17:05:54 LOG5[6644:3080788880]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3080788880]: Service https connected remote server from 127.0.0.1:14806
2011.12.05 17:05:54 LOG5[6644:3081485200]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3081485200]: Service https connected remote server from 127.0.0.1:14809
2011.12.05 17:05:54 LOG5[6644:3081694096]: Service https accepted connection from 112.205.167.15:63151
2011.12.05 17:05:54 LOG5[6644:3079666576]: Service https accepted connection from 112.205.167.15:63389
2011.12.05 17:05:54 LOG5[6644:3081206672]: Service https accepted connection from 124.105.33.133:52801
2011.12.05 17:05:54 LOG5[6644:3081415568]: Service https accepted connection from 175.139.201.97:56748
2011.12.05 17:05:54 LOG5[6644:3074214800]: Connection closed: 471 bytes sent to SSL, 450 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3081415568]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3081415568]: Service https connected remote server from 127.0.0.1:14974
2011.12.05 17:05:54 LOG5[6644:3081485200]: Connection closed: 471 bytes sent to SSL, 455 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3081415568]: Connection closed: 795 bytes sent to SSL, 1552 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3080788880]: Connection closed: 471 bytes sent to SSL, 450 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3081694096]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3081694096]: Service https connected remote server from 127.0.0.1:15184
2011.12.05 17:05:54 LOG5[6644:3078970256]: Connection closed: 388 bytes sent to SSL, 702 bytes sent to socket
2011.12.05 17:05:54 LOG5[6644:3079666576]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:54 LOG5[6644:3079666576]: Service https connected remote server from 127.0.0.1:15354
2011.12.05 17:05:55 LOG5[6644:3079318416]: Connection closed: 608 bytes sent to SSL, 1282 bytes sent to socket
2011.12.05 17:05:55 LOG5[6644:3080858512]: Connection closed: 605 bytes sent to SSL, 1282 bytes sent to socket
2011.12.05 17:05:55 LOG5[6644:3081694096]: Connection closed: 471 bytes sent to SSL, 604 bytes sent to socket
2011.12.05 17:05:55 LOG5[6644:3081694096]: Service https accepted connection from 119.92.130.94:30655
2011.12.05 17:05:55 LOG5[6644:3079666576]: Connection closed: 471 bytes sent to SSL, 604 bytes sent to socket
2011.12.05 17:05:55 LOG5[6644:3079666576]: Service https accepted connection from 182.52.155.183:15622
2011.12.05 17:05:55 LOG5[6644:3080858512]: Service https accepted connection from 182.52.155.183:15624
2011.12.05 17:05:55 LOG5[6644:3079318416]: Service https accepted connection from 112.205.167.15:64751
2011.12.05 17:05:55 LOG5[6644:3078970256]: Service https accepted connection from 175.139.201.97:56752
2011.12.05 17:05:55 LOG5[6644:3078970256]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:55 LOG5[6644:3078970256]: Service https connected remote server from 127.0.0.1:16124
2011.12.05 17:05:55 LOG5[6644:3078970256]: Connection closed: 795 bytes sent to SSL, 1552 bytes sent to socket
2011.12.05 17:05:55 LOG5[6644:3078970256]: Service https accepted connection from 182.52.155.183:15627
2011.12.05 17:05:55 LOG5[6644:3079666576]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:55 LOG5[6644:3079666576]: Service https connected remote server from 127.0.0.1:16292
2011.12.05 17:05:55 LOG5[6644:3080858512]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:55 LOG5[6644:3079318416]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:55 LOG5[6644:3079318416]: Service https connected remote server from 127.0.0.1:16369
2011.12.05 17:05:55 LOG5[6644:3080858512]: Service https connected remote server from 127.0.0.1:16368
2011.12.05 17:05:56 LOG3[6644:3081206672]: SSL_accept: Peer suddenly disconnected
2011.12.05 17:05:56 LOG5[6644:3081206672]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3081206672]: Service https accepted connection from 222.127.47.172:12444
2011.12.05 17:05:56 LOG5[6644:3079318416]: Connection closed: 471 bytes sent to SSL, 609 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3079318416]: Service https accepted connection from 222.127.47.172:58786
2011.12.05 17:05:56 LOG5[6644:3080788880]: Service https accepted connection from 180.190.168.178:50775
2011.12.05 17:05:56 LOG5[6644:3081415568]: Service https accepted connection from 180.190.168.178:50776
2011.12.05 17:05:56 LOG5[6644:3081485200]: Service https accepted connection from 180.190.168.178:50777
2011.12.05 17:05:56 LOG5[6644:3079666576]: Connection closed: 471 bytes sent to SSL, 1336 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3083660176]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:56 LOG5[6644:3083660176]: Service https connected remote server from 127.0.0.1:17039
2011.12.05 17:05:56 LOG5[6644:3081206672]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:56 LOG5[6644:3081206672]: Service https connected remote server from 127.0.0.1:17137
2011.12.05 17:05:56 LOG5[6644:3080788880]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:56 LOG5[6644:3080788880]: Service https connected remote server from 127.0.0.1:17138
2011.12.05 17:05:56 LOG5[6644:3081415568]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:56 LOG5[6644:3081415568]: Service https connected remote server from 127.0.0.1:17240
2011.12.05 17:05:56 LOG5[6644:3080858512]: Connection closed: 471 bytes sent to SSL, 1336 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3081485200]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:56 LOG5[6644:3081485200]: Service https connected remote server from 127.0.0.1:17247
2011.12.05 17:05:56 LOG5[6644:3080788880]: Connection closed: 471 bytes sent to SSL, 447 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3081415568]: Connection closed: 471 bytes sent to SSL, 447 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3081415568]: Service https accepted connection from 182.52.155.183:15611
2011.12.05 17:05:56 LOG5[6644:3080788880]: Service https accepted connection from 182.52.155.183:15609
2011.12.05 17:05:56 LOG5[6644:3080858512]: Service https accepted connection from 121.96.72.246:47481
2011.12.05 17:05:56 LOG5[6644:3081485200]: Connection closed: 471 bytes sent to SSL, 452 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3081206672]: Connection closed: 927 bytes sent to SSL, 503 bytes sent to socket
2011.12.05 17:05:56 LOG5[6644:3078970256]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:56 LOG5[6644:3078970256]: Service https connected remote server from 127.0.0.1:17737
2011.12.05 17:05:57 LOG3[6644:3079527312]: SSL_accept: Peer suddenly disconnected
2011.12.05 17:05:57 LOG5[6644:3079527312]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2011.12.05 17:05:57 LOG5[6644:3083660176]: Connection closed: 927 bytes sent to SSL, 411 bytes sent to socket
2011.12.05 17:05:57 LOG5[6644:3083660176]: Service https accepted connection from 125.60.227.195:14828
2011.12.05 17:05:57 LOG5[6644:3080858512]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:57 LOG5[6644:3080858512]: Service https connected remote server from 127.0.0.1:18370
2011.12.05 17:05:57 LOG5[6644:3081694096]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:57 LOG5[6644:3081694096]: Service https connected remote server from 127.0.0.1:18515
2011.12.05 17:05:57 LOG5[6644:3079527312]: Service https accepted connection from 119.92.130.94:26843
2011.12.05 17:05:57 LOG5[6644:3081206672]: Service https accepted connection from 119.92.130.94:55673
2011.12.05 17:05:57 LOG5[6644:3083660176]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:57 LOG5[6644:3083660176]: Service https connected remote server from 127.0.0.1:18737
2011.12.05 17:05:57 LOG5[6644:3081415568]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:57 LOG5[6644:3081415568]: Service https connected remote server from 127.0.0.1:18749
2011.12.05 17:05:57 LOG5[6644:3080788880]: connect_blocking: connected 0.0.0.0:81
2011.12.05 17:05:57 LOG5[6644:3080788880]: Service https connected remote server from 127.0.0.1:18752
Here is our config for stunnel.conf:
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1

[https]
cert=/etc/stunnel/avn.innity.com.crt
key=/etc/stunnel/avn.innity.com.key
accept=0.0.0.0:443
connect=0.0.0.0:81
xforwardedfor=yes

And below is PART of our haproxy config for https:
listen web-https *:81
contimeout 30000
mode http
balance roundrobin
option httpclose
option forwardfor except 127.0.0.1
option httpchk HEAD /robots.txt HTTP/1.0
reqadd X-Forwarded-Proto:\ https
server 1.2.3.1 1.2.3.1:80 minconn 400 maxconn 600 weight 2 check
server 1.2.3.2 1.2.3.2:80 minconn 400 maxconn 600 weight 2 check
server 1.2.3.3 1.2.3.3:80 minconn 200 maxconn 400 weight 1 check backup


Anyone can help to see what's the problem? I can't find any solutions based on the logs from stunnel. Cause https seems to be working fine through the haproxy server.

Last edited by abubin; 5th December 2011 at 10:16.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange email problem for one of my domains... any help appreciated paulrobert_a Installation/Configuration 5 9th August 2010 14:15
BIG Problem Postfix issue admins Installation/Configuration 11 13th November 2009 10:05
TLS Problem admins Installation/Configuration 1 19th September 2009 10:55
Apache handeling SSL requests and passing them through to HAproxy gamboni Installation/Configuration 5 3rd September 2009 04:48
postfix mysql on fedora core5 igongora Installation/Configuration 7 17th April 2007 04:40


All times are GMT +2. The time now is 12:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.