🪴 Zero's Garden

HAProxy

2 min read

Statistics report

You may see a session limit on “Backend” that is one tenth of the frontend’s session limit, which represents the default fullconn for a backend. Unless you have set a minconn parameter, you may safely ignore this “limit” on backend, but other limits still apply.

maxconn max settings

If maxconn value is not set, it will be automatically calculated based on the current file descriptors limits, reported by the “ulimit -nH” command (we take the maximum between the hard and soft values), then automatic value will be possibly reduced by “fd-hard-limit” and by memory limit, if the latter was enforced via “-m” command line option.

If HAProxy is managed by systemd, it gets the default limits from DefaultLimitNOFILE and DefaultLimitNOFILESoft:

systemctl show | grep LimitNOFILE

If you need to support a large number of connections, you may either set maxconn or fd-hard-limit to let HAProxy process raise the limits itself, or specify LimitNOFILE in systemd unit configuration. But the system-wide fs.nr_open sysctl configuration still applies and your new limits cannot exceed it.

Given that HAProxy needs to reserved some file descriptors for listeners and checks, setting maxconn to 50% of fs.nr_open will make HAProxy crash as described in https://github.com/haproxy/haproxy/commit/8438ca273f4b174b51b5ff2a504ff5d2278134af. You should try one of the following:

  • Increase the system-wide fs.nr_open, which is already the maximum if the Linux system is managed by systemd and includes the commit a8b627aa from systemd.
  • For Debian that is since commit 99066f93 on salsa where -Dbump-proc-sys-fs-nr-open=false was removed, which is included in stable since Debian 13.
  • Set maxconn to roughly 49% of the current limit minus the known used FDs for listeners and checks.
  • Use fd-hard-limit instead and let HAProxy adjust the maxconn limit by itself.

Also, each frontend and backend server can have their own maxconn limits. You may check all limits on HAProxy’s statistics report.

The systemd-wide fs-file-max also matters, but usually it’s set to a very large value and not of concern.

Graph View