spilo
spilo copied to clipboard
zalando
Could someone provide an HAProxy configuration example ?
Hi, thanks for the amazing project and sorry for the newbie question. I try to make an HAProxy configuration but I experience some disconnections (SSL SYSCALL error: EOF detected) and warnings that I don't know how to fix.
Here is my haproxy.cfg
global
log fd@2 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 1000
stats socket /var/lib/haproxy/stats expose-fd listeners
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
master-worker
defaults
mode http
log global
mode http
option httplog
option dontlognull
timeout check 5s
timeout connect 5s
timeout client 50s
timeout client-fin 50s
timeout server 50s
errorfile 400 /usr/local/etc/haproxy/errors/400.http
errorfile 403 /usr/local/etc/haproxy/errors/403.http
errorfile 408 /usr/local/etc/haproxy/errors/408.http
errorfile 500 /usr/local/etc/haproxy/errors/500.http
errorfile 502 /usr/local/etc/haproxy/errors/502.http
errorfile 503 /usr/local/etc/haproxy/errors/503.http
errorfile 504 /usr/local/etc/haproxy/errors/504.http
resolvers docker
nameserver dns1 127.0.0.11:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold valid 10s
hold obsolete 10s
frontend fe-postgres-master
bind *:5000
mode tcp
option tcplog
option tcpka
default_backend be-postgres-master
frontend fe-postgres-replicas
bind *:5001
mode tcp
option tcplog
option tcpka
default_backend be-postgres-replicas
frontend fe-patroni
bind *:8008
default_backend be-patroni
backend be-postgres-master
mode tcp
option tcpka
option httpchk OPTIONS /master
server dbnode1 spilo1:5432 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
server dbnode2 spilo2:5432 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
server dbnode3 spilo3:5432 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
backend be-postgres-replicas
mode tcp
option tcpka
option httpchk OPTIONS /replica
server dbnode1 spilo1:5432 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
server dbnode2 spilo2:5432 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
server dbnode3 spilo3:5432 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
backend be-patroni
option httpchk OPTIONS /master
server dbnode1 spilo1:8008 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
server dbnode2 spilo2:8008 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
server dbnode3 spilo3:8008 maxconn 100 check port 8008 resolvers docker resolve-prefer ipv4 init-addr none
backend maintenance
balance roundrobin
When I start haproxy I have the following warnings:
node03 | [WARNING] 106/140424 (7) : Server be-postgres-master/dbnode3 is DOWN, reason: Layer7 wrong status, code: 503, info: "Service Unavailable", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
node03 | <145>Apr 16 14:04:24 haproxy[7]: Server be-postgres-master/dbnode3 is DOWN, reason: Layer7 wrong status, code: 503, info: "Service Unavailable", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
node03 | [WARNING] 106/140424 (7) : Server be-postgres-replicas/dbnode1 is DOWN, reason: Layer7 wrong status, code: 503, info: "Service Unavailable", check duration: 3ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
node03 | <145>Apr 16 14:04:24 haproxy[7]: Server be-postgres-replicas/dbnode1 is DOWN, reason: Layer7 wrong status, code: 503, info: "Service Unavailable", check duration: 3ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
node03 | <145>Apr 16 14:04:24 haproxy[7]: Server be-postgres-replicas/dbnode2 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
node03 | [WARNING] 106/140425 (7) : Server be-patroni/dbnode3 is DOWN, reason: Layer7 wrong status, code: 503, info: "Service Unavailable", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
node03 | <145>Apr 16 14:04:25 haproxy[7]: Server be-patroni/dbnode3 is DOWN, reason: Layer7 wrong status, code: 503, info: "Service Unavailable", check duration: 3ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
I also have some disconnection errors if there is no traffic for several minutes:
SSL SYSCALL error: EOF detected
I guess it is due to the connection timeouts:
timeout client 50s
timeout client-fin 50s
timeout server 50s
Any suggestion what can be adjusted to remove those warnings and what are appropriate values for the timeouts or other parameters for a more reliable connection ?
