ssl haproxy后端限制不能高于1000

okxuctiv  于 2022-11-14  发布在  HAProxy
关注(0)|答案(1)|浏览(297)

我将后端maxconn设置为5000,但限制不会从1000增加。屏幕截图中的全局maxconn为2k。我将其更改为10,但后端限制不会超过1k

这是我配置

global
  user haproxy
  group haproxy
  log /dev/log local0
  log-tag loggy
  chroot /var/lib/haproxy
  daemon
  quiet
  stats socket /var/lib/haproxy/stats mode 777 level admin
  pidfile /var/run/haproxy.pid
  maxconn 10000

defaults
  timeout connect 10s
  timeout client 60s
  timeout server 120s
  timeout tunnel 1h
  log global
  mode http
  balance roundrobin
  option httplog
  option dontlognull
  option redispatch
  stats uri /haproxy-status

frontend http-in
  default_backend servers
  bind *:80
  maxconn 10000
  acl is_record_http hdr(Upgrade) -i websocket
  use_backend servers-record if is_record_http
  use_backend servers if !is_record_http

frontend httpssl-in
  default_backend servers-ssl
  bind *:443
  maxconn 10000
  use_backend servers-ssl-record if { req_ssl_sni -i something.something.com }
  use_backend servers-ssl if { req_ssl_sni -i www.something.com }
  tcp-request inspect-delay 10s
  tcp-request content accept if { req_ssl_hello_type 1 }
  mode tcp

backend servers
  server server-app something.com

backend servers-record
  server server-record something.com

backend servers-ssl
  server server-app-ssl something.com
  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello
  stick on payload_lv(43,1) if clienthello
  stick store-response payload_lv(43,1) if serverhello
  maxconn 5000
  mode tcp
  stick-table type binary len 32 size 30k expire 30m
  tcp-response content accept if serverhello

backend servers-ssl-record
  server server-record-ssl something.com
  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello
  stick on payload_lv(43,1) if clienthello
  stick store-response payload_lv(43,1) if serverhello
  maxconn 5000
  mode tcp
  stick-table type binary len 32 size 30k expire 30m
  tcp-response content accept if serverhello
yeotifhr

yeotifhr1#

根据答案hereherehere以及文档:
后端限制是fullconn的值,默认为前端maxconn的10%。如果您已经在服务器行中设置了minconn参数(使用动态maxconn),则只需担心fullconn参数,否则可以忽略它。
因此,连接的最大数量是您的支持值的maxconn之和,仅当全局maxconn值低于后端值之和时,该值才会受到限制。

相关问题