search

PiBa-NL / pfsense-haproxy-package-doc

55 stars 15 forks source link

Performance issues on official Netgate hardware #11

Closed se4n01 closed 3 years ago

se4n01 commented 4 years ago

I have an XG7100U and I enabled a backend pointing to apache2 on an Ubuntu 20.04 machine. If I NAT directly to the machine using a pfsense NAT rule I can download from external server at around 40MB/s so far so good. If I enable a backend like this:

backend srv-frs_ipvANY
    mode            http
    id          126
    log         global
    # use mailers
    # level  err 
    email-alert mailers         globalmailers
    email-alert level           err
    email-alert from            admin@xxx.com
    email-alert to          sysadmins@xxx.com
    email-alert myhostname          xxx.com
    http-response set-header Strict-Transport-Security max-age=31536000;
    timeout connect     30000
    timeout server      30000
    retries         3
    option          httpchk OPTIONS / 
    server          srv-frs 10.192.3.54:80 id 127 check inter 10000  resolvers globalresolvers

and a frontend like this:

 global
    maxconn         10000
    log         /var/run/log    local0  info
    stats socket /tmp/haproxy.socket level admin  expose-fd listeners
    uid         80
    gid         80
    nbproc          4
    nbthread            1
    hard-stop-after     15m
    chroot              /tmp/haproxy_chroot
    daemon
    tune.ssl.default-dh-param   2048
    server-state-file /tmp/haproxy_server_state
    ssl-engine cryptodev
    tune.ssl.cachesize 1000000

  cache webcache
      total-max-size 256
      max-age 1800s

frontend http-88-test
    bind            94.103.xx.yy:80 name 94.103.xx.yy:80   
    mode            http
    log         global
    option          http-keep-alive
    option          forwardfor
    acl https ssl_fc
    http-request set-header     X-Forwarded-Proto http if !https
    http-request set-header     X-Forwarded-Proto https if https
    timeout client      30000
    default_backend srv-frs_ipvANY

and I put HAproxy in between I get external speeds of 1MB/s any clues as to what might be wrong? bare in mind these are almost all default settings, and the non defaults aren't used in the frontend or backend config.

Best wishes, Sean

se4n01 commented 3 years ago

Issue disappeared after ISP replaced their edge router.