Fatal编程技术网
  • ssl/
  • Ssl haproxy后端限制不超过1000

Ssl haproxy后端限制不超过1000

ssl amazon-ec2 tcp

Ssl haproxy后端限制不超过1000,ssl,amazon-ec2,tcp,load-balancing,haproxy,Ssl,Amazon Ec2,Tcp,Load Balancing,Haproxy,我的后端maxconn设置为5000,但限制不会从1000增加。屏幕截图中的全球maxconn是2k。我将其更改为10,但后端限制不会超过1k 这是我的配置 global user haproxy group haproxy log /dev/log local0 log-tag loggy chroot /var/lib/haproxy daemon quiet stats socket /var/lib/haproxy/stats mode 777 leve

我的后端
maxconn
设置为
5000
,但限制不会从
1000
增加。屏幕截图中的全球maxconn是2k。我将其更改为10,但后端限制不会超过1k

这是我的配置

global
  user haproxy
  group haproxy
  log /dev/log local0
  log-tag loggy
  chroot /var/lib/haproxy
  daemon
  quiet
  stats socket /var/lib/haproxy/stats mode 777 level admin
  pidfile /var/run/haproxy.pid
  maxconn 10000

defaults
  timeout connect 10s
  timeout client 60s
  timeout server 120s
  timeout tunnel 1h
  log global
  mode http
  balance roundrobin
  option httplog
  option dontlognull
  option redispatch
  stats uri /haproxy-status

frontend http-in
  default_backend servers
  bind *:80
  maxconn 10000
  acl is_record_http hdr(Upgrade) -i websocket
  use_backend servers-record if is_record_http
  use_backend servers if !is_record_http

frontend httpssl-in
  default_backend servers-ssl
  bind *:443
  maxconn 10000
  use_backend servers-ssl-record if { req_ssl_sni -i something.something.com }
  use_backend servers-ssl if { req_ssl_sni -i www.something.com }
  tcp-request inspect-delay 10s
  tcp-request content accept if { req_ssl_hello_type 1 }
  mode tcp


backend servers
  server server-app something.com

backend servers-record
  server server-record something.com

backend servers-ssl
  server server-app-ssl something.com
  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello
  stick on payload_lv(43,1) if clienthello
  stick store-response payload_lv(43,1) if serverhello
  maxconn 5000
  mode tcp
  stick-table type binary len 32 size 30k expire 30m
  tcp-response content accept if serverhello

backend servers-ssl-record
  server server-record-ssl something.com
  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello
  stick on payload_lv(43,1) if clienthello
  stick store-response payload_lv(43,1) if serverhello
  maxconn 5000
  mode tcp
  stick-table type binary len 32 size 30k expire 30m
  tcp-response content accept if serverhello
前端提升到20k后,后端限制提升到2k。为什么它只能接受前端限制的1/10?如果您实际将
maxconn
指令放在配置的实际
server
行上,会发生什么情况?