I am having trouble finding where to look on this one. I can only assume that the cookie is coming back from my sso with the wrong value. However, I can’t imagine how or why it would touch that cookie. Has anyone had any experience with anything like this?
Thanx, LES On Oct 27, 2010, at 3:45 PM, Les Stroud wrote: > My config file is below. By way of explanation, I am using an acl to > redirect urls that start with /cas to my single signon server. Everything > else goes to my tomcat servers. If I run ab without using a url that goes to > /cas, then everything roundrobins fine. However, my applications redirect to > /cas which in turn redirects them back to the haproxy cluster once > authenticated. When I go through this process, haproxy always puts the > session on the first tomcat instance. Is there a way for me to debug how > haproxy/my config is making decisions on which backend to use for a new > session? > > Thanx, > LES > > ============= > global > log 127.0.0.1 local0 info > maxconn 25000 > stats socket /tmp/haproxy.sock level admin > defaults > log global > clitimeout 60000 > srvtimeout 300000 > contimeout 4000 > retries 3 > option redispatch > option httpclose > option abortonclose > > listen http_https_redirect *:80 > mode http > acl stunnel src 192.168.xxx.zzz/32 > redirect prefix https://erp.barnhardt.local unless stunnel > > frontend tomcat *:81 > mode http > acl ssorequest path_beg /cas > use_backend sso if ssorequest > default_backend tomcat_cluster > > backend sso > mode http > balance roundrobin > option forwardfor except 0.0.0.0 > reqadd X-Forwarded-Proto:\ https > cookie SERVERID insert indirect > option httpchk HEAD /check.html HTTP/1.0 > server sso 192.168.xxx.zzz:18080 cookie A check > > backend tomcat_cluster > mode http > stats uri /haproxy?stats > stats enable > balance roundrobin > option httplog > option forwardfor except 0.0.0.0 > reqadd X-Forwarded-Proto:\ https > cookie SERVERID insert indirect > option httpchk HEAD /check.html HTTP/1.0 > server tomcat01-instance1 192.168.xxx.xxx:8080 cookie A check port 8081 > inter 2000 > server tomcat01-instance2 192.168.xxx.xxx:18080 cookie B check port > 18081 inter 2000 > server tomcat02-instance1 192.168.xxx.yyy:8080 cookie C check port 8081 > inter 2000 > server tomcat02-instance2 192.168.xxx.yyy:18080 cookie D check port > 18081 inter 2000 > > server bkup-tomcat01-instance1 192.168.xxx.xxx:8080 cookie A check port > 8080 inter 2000 backup > server bkup-tomcat01-instance2 192.168.xxx.xxx:18080 cookie B check > port 18080 inter 2000 backup > server bkup-tomcat02-instance1 192192.168.xxx.yyy168.60.157:8080 > cookie C check port 8080 inter 2000 backup > server bkup-tomcat02-instance2 192.168.xxx.yyy:18080 cookie D check > port 18080 inter 2000 backup
