停止接受cottections

我已经看到类似的post，但我的问题似乎没有任何关系。我已经configuration了过去3个月的HAproxy大致相同，没有遇到任何问题。该服务器被2个防火墙保护，并阻止了从互联网的访问（防火墙configuration为允许从我的总部IP访问http）。上周我向全世界开放，进行了很多压力testing，一切似乎都很好。几个小时后，我的testing做了我的前端服务器没有响应，甚至没有统计页面可以加载。

检查我的监控系统没有显示任何高CPU，RAM或带宽。尽pipestats页面没有加载，但是我监视SNMP监视系统的统计页面，可以看到整个HAproxy服务器的最大并发连接数是700，甚至不接近全局maxconn 10000（fullconn也是10000）。

几个小时后，重新启动HAproxy服务就解决了问题。

我当然有HAproxy 1.5.3安装，虽然我已经阅读http://www.haproxy.org/download/1.5/src/CHANGELOG我不知道这个问题已经解决了以后的版本。

任何有关这个问题的援助将更受欢迎。

这是我的configuration：

global log 127.0.0.1 local0 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 10000 user haproxy group haproxy daemon tune.ssl.default-dh-param 2048 stats socket /etc/haproxy/haproxysock level admin stats socket /var/run/haproxy.stat mode 666 #--------------------------------------------------------------------- Defaults #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 5s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 10000 #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main bind *:80 bind site1.app.company.com:443 ssl crt /etc/haproxy/ssl/app/apppublic.pem no-sslv3 bind site2.company.com:443 ssl crt /etc/haproxy/ssl/public.pem no-sslv3 bind site3.company.net:443 ssl crt /etc/haproxy/ssl/net.pem no-sslv3 redirect scheme https code 301 if !{ ssl_fc } acl rule1 hdr_dom(host) -i site1.app.company.com use_backend site1 if rule1 acl rule2 hdr_dom(host) -i site2.company.com use_backend site2 if rule2 acl rule3 hdr_dom(host) -i site3.company.net use_backend site3 if rule3 default_backend site1 #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend site1 mode http fullconn 10000 balance roundrobin option httpclose option forwardfor cookie SERVERID insert indirect nocache server Server1 1.1.1.1:443 cookie A check ssl verify none server Server2 2.2.2.1:443 cookie B check ssl verify none backend wwwsest mode http fullconn 10000 balance roundrobin option httpclose option forwardfor cookie SERVERID insert indirect nocache http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] server Server1 1.1.1.2:443 cookie A check ssl verify none inter 3000 fall 2 rise 2 server Server2 2.2.2.2:443 cookie B check ssl verify none inter 3000 fall 2 rise 2 backend internalst mode http fullconn 10000 balance roundrobin option httpclose option forwardfor cookie SERVERID insert indirect nocache http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Port %[dst_port] server Server1 10.0.0.1:443 cookie A check ssl verify none inter 3000 fall 2 rise 2 server Server2 10.0.0.2:443 cookie B check ssl verify none inter 3000 fall 2 rise 2 #Statistics server: listen stats *:1936 bind *:1936 ssl crt /etc/haproxy/ssl/app/apppublic.pem stats enable stats uri / stats hide-version stats refresh 30s stats auth admin:********