Ssl – HAProxy with SSL and sticky sessions

We're trying to set up HAProxy (v1.5.1) to use SSL.

While we managed to do that, we're having some issues with the round robin settings:

We do want to have stick sessions, but haproxy seems to send all sessions (from different browsers) to the same node (my.vm.2), even though the other node (my.vm.1) is also available. So it looks like the round robin setting isn't working properly.

This is our current configuration, we would appreciate some help/ideas. :):

global
   debug
   stats socket /etc/haproxy/haproxysock level admin
   tune.ssl.default-dh-param 2048

defaults
   mode http
   balance roundrobin
   timeout connect 5s
   timeout queue   300s
   timeout client  300s
   timeout server  300s

frontend https_frontend
   bind *:8443
   mode tcp
   reqadd X-Forwarded-Proto:\ https
   default_backend my_backend


backend my_backend
   mode tcp
   stick-table type ip size 200k expire 30m
   stick on src
   default-server inter 1s
   server my.vm.1 my.vm.1:8443 check id 1 maxconn 500
   server my.vm.2 my.vm.2:8443 check id 2 maxconn 500
   option httpclose
   option redispatch
   retries 15

listen admin
   bind *:8081
   stats enable
   stats refresh 1s

listen ssl-proxy bind 1.2.3.4:443 ssl crt /etc/ssl/mycert.pem npn http/1.1 mode tcp bind-process 2 3 4 server http 127.0.0.1:80 send-proxy frontend dev #Do whatever you want here since it is http mode http bind 1.2.3.4:80 name dev bind 127.0.0.1:80 accept-proxy name accept-sslproxy bind-process 1 acl is_ssl dst_port 443 reqadd X-Forwarded-Proto:\ https if is_ssl default_backend my_backend backend my_backend mode http #Do whatever you want here since it is http

Ssl – HAProxy with SSL and sticky sessions

Best Answer

Related Topic

Best Answer

Related Solutions

Ssl – HaProxy – Http and SSL pass through config

Ssl – How to horizontally scale SSL termination behind HAProxy load balancing

Related Topic