来自文档:
maxconn <number>
Sets the maximum per-process number of concurrent connections to <number>. It
is equivalent to the command-line argument "-n". Proxies will stop accepting
connections when this limit is reached. The "ulimit-n" parameter is
automatically adjusted according to this value. See also "ulimit-n". Note:
the "select" poller cannot reliably use more than 1024 file descriptors on
some platforms. If your platform only supports select and reports "select
FAILED" on startup, you need to reduce maxconn until it works (slightly
below 500 in general).
据我了解,当客户端尝试连接代理并且代理有maxconn连接时,它不会向客户端发送 SYN + ACK 包,因此客户端最终会超时。
我想让 haproxy 在maxconn到达时向客户端发送 RST。可以吗?
答案1
这不受 haproxy 控制。我思考它只设置监听套接字积压。“等待”工作由操作系统完成。如果您想发送重置,则可能应该从操作系统防火墙执行此操作,使用连接跟踪器或其他东西(在 Linux 中,使用 iptables 限制到特定端口的最大连接数)。