HI Willy,
Great thanks for you explanation.
About the second part you introduced,
In part, because right now all browsers support cookies and have done
so for the last 10 years at least. Even WAP gateways and terminals do
support cookies. What you may find are browsers where cookie support
has been explicitly disabled. But even then, when users disable cookies,
they normally disable persistent cookies, those that are stored into a
file. Session cookies, such as the cookies haproxy inserts, just live
while the browser window is open and are not stored in any file. Those
ones are almost never blocked.
When we disable the cookie in browsers such as Firefox, IE, It will don't
send cookie to the server in the request, We really need the appsession to
do the sticky session persistence.
According you guys suggestion, I adjust my configuration file as follows:
==============================================================
global
maxconn 32000 # Total Max Connections. This is dependent on
ulimit
daemon
nbproc 1 # Number of processing cores. Dual Dual-core Opteron
is 4 cores for example.
pidfile /tmp/haproxy.pid
#stats maxconn 5
defaults
mode http
clitimeout 10000
srvtimeout 10000
contimeout 10000
#option httpclose # Disable Keepalive
log global
log 127.0.0.1 local3
option httplog
listen http_proxy 10.211.162.15:80
balance roundrobin # Load Balancing algorithm
option httpchk HEAD /wap2/login.jsp HTTP/1.0
option forwardfor # This sets X-Forwarded-For
stats enable
stats realm testing \ Haproxy
stats uri /admin
stats auth hogan:hogan
stats refresh 30s
stats hide-version
#option httpclose
option http-server-close
capture cookie JSESSIONID len 52
#stick-table type string len 52 size 2g expire 1h
cookie HTTPSERVERID insert nocache indirect
#appsession JSESSIONID len 52 timeout 3h mode query-string
appsession JSESSIONID len 34 timeout 1h
acl image_ico path_sub .ico
acl image_gif path_sub .gif
acl image_png path_sub .png
acl image_jpg path_sub .jpg
ignore-persist if image_ico || image_gif || image_png || image_jpg
## Define your servers to balance
server server1 10.211.162.15:8280 weight 1 maxconn 15000 check inter
2000 rise 2 fall 3 cookie A
server server2 10.198.9.139:8280 weight 1 maxconn 15000 check inter
2000 rise 2 fall 3 cookie B
listen https_proxy 10.211.162.15:443
balance roundrobin # Load Balancing algorithm
option httpchk HEAD /wap2/login.jsp HTTP/1.0
option forwardfor # This sets X-Forwarded-For
stats enable
stats realm icebreakersoftware\ Haproxy
stats uri /admin
stats auth hogan:hogan
stats refresh 30s
stats hide-version
cookie HTTPSSERVERID insert nocache indirect
appsession JSESSIONID len 52 timeout 30m mode path-parameters
acl image_ico path_sub .ico
acl image_gif path_sub .gif
acl image_png path_sub .png
acl image_jpg path_sub .jpg
ignore-persist if image_ico || image_gif || image_png || image_jpg
## Define your servers to balance
server server1 10.211.162.15:8280 weight 1 maxconn 15000 check inter
2000 rise 2 fall 3 cookie A
server server1 10.198.9.139:8280 weight 1 maxconn 15000 check inter
2000 rise 2 fall 3 cookie A
==============================================================
I add the ACL for ignore-persistent for images and a new 443 port to
listen.
It is the load balance for some java application servers.
do you have any suggestion for my configuration?
Best Regards,
Hogan
On Sat, Nov 13, 2010 at 3:59 PM, Willy Tarreau <w...@1wt.eu> wrote:
> On Sat, Nov 13, 2010 at 10:54:26AM +0800, Hogan Yu wrote:
> > Hi Cryil,
> >
> > Great thanks for you help. I change the nbproc to 1 and it works.
> > About you suggestion on the param "option http-server-close" and "option
> > httpclose". If i don't config it ,It still works for me. The spec saids:
> > By default HAProxy operates in a tunnel-like mode with regards to
> persistent
> > connections: for each connection it processes the first request and
> forwards
> > everything else (including additional requests) to selected server. Once
> > established, the connection is persisted both on the client and server
> sides.
> > Use "option http-server-close" to preserve client persistent connections
> > while handling every incoming request individually, dispatching them one
> > after another to servers, in HTTP close mode. Use "option httpclose" to
> > switch both sides to HTTP close mode. "option forceclose" and "option
> > http-pretend-keepalive" help working around servers misbehaving in HTTP
> > close mode.
> >
> > It said it processes the first request and follows to on selected
> server,
> > So we don't need to analysis the headers again.
>
> In general, tunnel mode will work. But it's dirty for several reasons :
> - when you want to add header rewriting rules, you'll find they randomly
> work (only first requests/responses will be affected). This is also true
> for the x-forwarded-for header.
>
> - logging will only report the first request
>
> - ACL-based switching rules won't be usable
>
> - the clients uselessly maintain idle connections to the server between
> their fetches, which induces a load on the server and prevents them
> from being usable by other clients.
>
> You'd really better use "http-server-close" which will still enable client
> side keep-alive but close server-side idle connections.
>
> > I set cookie in headers to
> > help check which server is selected by follows:
> > cookie HTTPERVERID insert nocache indirect
> >
> > It will set the cookie "HTTPSERVERID=A" for server1 and "HTTPSERVERID=B"
> > for server2. If we don't click the link for a long time and the
> connection
> > is timeout, the Haproxy will reanylisis the head and send the request to
> the
> > correct server.
> >
> > For this browsers that they dont support the cookie. it works same.
> >
> > does my thougt is correct?
>
> In part, because right now all browsers support cookies and have done
> so for the last 10 years at least. Even WAP gateways and terminals do
> support cookies. What you may find are browsers where cookie support
> has been explicitly disabled. But even then, when users disable cookies,
> they normally disable persistent cookies, those that are stored into a
> file. Session cookies, such as the cookies haproxy inserts, just live
> while the browser window is open and are not stored in any file. Those
> ones are almost never blocked.
>
> > I use the
> > cookie HTTPERVERID insert nocache indirect
> > and
> > appsession JSESSIONID len 34 timeout 1h
> > together. I use this cookie because I want to HAproxy to forward request
> to
> > correct server when I restart the HAproxy. All the jsessionids mapping
> with
> > backend server in the Haproxy memory will be lost when I restart it and
> It
> > will maybe forward the request to another server.
> >
> > If the user browser enable supporting of cookie, there will two cookies
> in
> > the user client (HTTPSERVERID and JSESSIONID). does the HAproxy pick the
> > HTTPSERVERID first and send the request to the server and not set the
> > JSESSIONID into the hash map to the server?
>
> Yes. To be more precise, in the request, haproxy looks for the HTTPSERVERID
> and if found and valid, sets the server to match this one. Next, it will
> look to the JSESSIONID, and if found and valid and if the server has not
> been assigned, it will then be assigned. The two processings are performed
> one at a time and are not mutually-exclusive.
>
> Regards,
> Willy
>
>
--
Hogan Yu Technical Operations Director
Ice BreakerSoftware (Beijing) Lmt.
Mobile: 18611746815
Tel:86-10-82800259 82800942
Fax:86-10-82800941
