3

On CentOS 7 Linux I successfully use HAProxy 1.5.14 in front of Jetty 9 serving a Wordpress site via FastCGI.

It works really well, but for a HTML5/WebSocket game at the same website much higher client and server timeouts for WebSocket connections to the /ws/ URL are needed.

So I have modifed /etc/haproxy/haproxy.cfg file to the following:

global
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    tune.ssl.default-dh-param 2048

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m    # HOW TO INCREASE FOR /ws/ ?
    timeout server          1m    # HOW TO INCREASE FOR /ws/ ?
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend public
    bind 144.76.184.151:80
    bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem

    acl websocket_url path_end /ws/
    #timeout client 60m if websocket_url   # SYNTAX ERROR
    use_backend ws-jetty if websocket_url
    default_backend jetty

backend jetty
    server domain 127.0.0.1:8080 send-proxy

backend ws-jetty
    timeout client 60m    # IS IGNORED HERE
    timeout server 60m
    server domain 127.0.0.1:8080 send-proxy

When I set 

    timeout client 60m
    timeout server 60m

in defaults section, my WebSocket game works as needed, but I don't want to have 1 hour timeouts for the usual HTTP connections.

When I put that section into backend ws-jetty then the warning is printed, that timeout client is not a backend option and thus is ignored.

When I try the line timeout client 60m if websocket_url then a syntax error is reported.

Alexander Farber
  • 714
  • 4
  • 16
  • 38

1 Answers1

5

If some long-lived sessions are mixed with short-lived sessions (eg: WebSocket and HTTP), it's worth considering timeout tunnel, which overrides timeout client and timeout server for tunnels, as well as timeout client-fin for half-closed connections.

http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-timeout%20client

When timeout tunnel is active on a connection - - which happens automatically for web sockets, since the HTTP logic is detached once a connection is upgraded to a web socket - - most of the other timeouts don't fire any more for that connection.

Note that this is an idle timer, not a session timer. The timer is reset by traffic from either direction. You can apply this to the backend or in the defaults section. It should only be actually used by HAProxy when appropriate, but putting it on the specific back-end where it is needed is arguably the best practice.

Michael - sqlbot
  • 21,988
  • 1
  • 57
  • 81