Judging by the symptoms, I’m guessing this is related to browsers using TLS false start, which is a client-side trick Google introduced to reduce the back-and-forth in TLS: False Start is largely controlled by the browser and works by reducing the two round-trip passes of data described in official SSL specifications to a single round-trip … Read more
The order in which the cert and key files appear in the pem is important. Use the following to create the pem file. cat example.com.crt example.com.key > example.com.pem
The official HaProxy configuration file check was buried in the help sections. /usr/local/sbin/haproxy –help There are two ways to check the haproxy.cfg syntax is to use.. One way is the /usr/local/sbin/haproxy -c -V -f /etc/haproxy/haproxy.cfg which validates the file syntax. The -c switch in the command represents the Check, while the others denote “Verbose” & … Read more
Hey since I’m the author of this citation, I’ll respond 🙂 There are two big issues on large sites : concurrent connections and latency. Concurrent connection are caused by slow clients which take ages to download contents, and by idle connection states. Those idle connection states are caused by connection reuse to fetch multiple objects, … Read more
Willy got me an answer by email. I thought I would share it. His answers are in bold. I have a question about my haproxy config: #——————————————————————— # Global settings #——————————————————————— global log 127.0.0.1 syslog emerg maxconn 4000 quiet user haproxy group haproxy daemon #——————————————————————— # common defaults that all the ‘listen’ and ‘backend’ sections … Read more
I found this to be the biggest help: Use HAProxy 1.5 or newer, and simply add the following line to the frontend config: redirect scheme https code 301 if !{ ssl_fc }