From wiki.mikejung.biz
Revision as of 15:00, 28 June 2016 by Admin (talk | contribs) (Timeouts)
Jump to navigation Jump to search

HAProxy Overview

HAProxy Configuration


Sysctl / Kernel Tweaks

Please do not blindly copypasta these settings! Make sure the values here are sane for your environment and test them out one at a time instead of applying them at once. These should be fairly safe settings, but you never know!

vim /etc/sysctl.conf
net.ipv4.ip_local_port_range = “1025 65534”
net.ipv4.tcp_max_syn_backlog = 100000
net.core.netdev_max_backlog = 100000
net.core.somaxconn = 65534
ipv4.tcp_rmem = “4096 16060 64060”
ipv4.tcp_wmem = “4096 16384 262144”

If your workload allows for this:

tcp_slow_start_after_idle = 0

If using IPtables with HAProxy

net.netfilter.nf_conntrack_max = 131072

To apply changes:

sysctl -p


  • timeout client - client side inactivity
  • timeout connect - time to establish the TCP connection to the server
  • timeout server - TCP: server side inactivity, HTTP: time for server to process the response (504 returned)
  • timeout client-fin - max time to wait in FIN_WAIT state on client side
  • timeout server-fin - max time to wait in FIN_WAIT state on server side
  • timeout http-request - Used in HTTP mode. The timeout for the client to send a whole request, this can help protect against DoS like attacks.
  • timeout http-keep-alive - Used in HTTP mode. The max time to wait for the next request when doing HTTP keep alive
  • timeout queue - How long a request can remain in HAProxy queue
  • timeout tarpit - How long the tarpitted connection is maintained for.

Config EXAMPLE for HTTP Service (timeouts). This is an EXAMPLE only, please do not copypasta!

defaults HTTP
  mode http
  timeout http-request 10s
  timeout client 20s
  timeout connect 4s
  timeout server 30s
  timeout http-keep-alive 4s