staging.inyokaproject.org

via DuckDuckGo

HAProxy - Website ist Langsam

Status: Ungelöst | Ubuntu-Version: Server 22.04 (Jammy Jellyfish)
Antworten |

rurotil

Anmeldungsdatum:
7. April 2009

Beiträge: 96
Zitieren
16. April 2023 12:02

Hi,

ich habe einen HAProxy und dahinter einen Linux Server mit Ngingx und ReverseProxy. Aber die Website kommt mir ziemlich langsam vor. Weiß evtl. jemand warum?

Nginx Konfiguration:

#wawi server
upstream wawi {
  server 127.0.0.1:8069;
}
upstream wawichat {
  server 127.0.0.1:8072;
}
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

# http -> https
server {
  listen 80;
  server_name wawitest.test.com;
  rewrite ^(.*) https://$host$1 permanent;
}

server {
  listen 443 ssl;
  server_name wawitest.test.com;
  proxy_read_timeout 720s;
  proxy_connect_timeout 720s;
  proxy_send_timeout 720s;

  # SSL parameters
  ssl_certificate /etc/ssl/certs/test.com.cert.pem;
  ssl_certificate_key /etc/ssl/private/test.com.key.pem;
  ssl_session_timeout 30m;
  ssl_protocols TLSv1.2;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  # log
  access_log /var/log/nginx/wawi.access.log;
  error_log /var/log/nginx/wawi.error.log;

  # Redirect websocket requests to wawi gevent port
  location /websocket {
    proxy_pass http://wawichat;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
  }

  # Redirect requests to wawi backend server
  location / {
    # Add Headers for wawi proxy mode
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_pass http://wawi;
  }

  # common gzip
  gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
  gzip on;
}

HA Proxy Konfiguration:

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    tune.ssl.default-dh-param   4096
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log audit debug
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats

# Frontend: LetsEncrypt_443 ()
frontend LetsEncrypt_443
    http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    bind 192.168.15.254:443 name 192.168.15.254:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/143f6609f106d1.17683543.certlist
    mode http
    option http-keep-alive
    default_backend acme_challenge_backend
    option forwardfor

    # logging options
    # ACL: wawiTest
    acl acl_6431291a1ba8d6.01912608 hdr(host) -i wawitest.test.com

    # ACTION: wawiTest
    use_backend wawiTest if acl_6431291a1ba8d6.01912608

# Frontend: LetsEncrypt_80 ()
frontend LetsEncrypt_80
    bind 192.168.2.253:80 name 192.168.15.254:80
    mode tcp
    default_backend acme_challenge_backend

    # logging options
    # ACL: find_acme_challenge
    acl acl_113a6d4b5456F0.03059920 path_beg -i /.well-known/acme-challenge/

    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_13aF6d4b6434e2.03059920

# Backend: acme_challenge_backend (Added by Let's Encrypt plugin)
backend acme_challenge_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    http-reuse safe
    server acme_challenge_host 127.0.0.1:43580

# Backend: wawiTest ()
backend wawiTest
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    http-reuse safe
    server wawiTEST 192.168.11.1:443 ssl verify none

# statistics are DISABLED

encbladexp Team-Icon

Ehemaliger
Avatar von encbladexp

Anmeldungsdatum:
16. Februar 2007

Beiträge: 17277
Zitieren
16. April 2023 21:12

Was ist langsam? Wie langsam ist langsam? Wie wird das gemessen? Ist das backend oder haproxy das Problem? Was für eine Anwendung haben wir da?
Antworten |