HI Willy, Great thanks for you explanation. About the second part you introduced, In part, because right now all browsers support cookies and have done so for the last 10 years at least. Even WAP gateways and terminals do support cookies. What you may find are browsers where cookie support has been explicitly disabled. But even then, when users disable cookies, they normally disable persistent cookies, those that are stored into a file. Session cookies, such as the cookies haproxy inserts, just live while the browser window is open and are not stored in any file. Those ones are almost never blocked. When we disable the cookie in browsers such as Firefox, IE, It will don't send cookie to the server in the request, We really need the appsession to do the sticky session persistence.
According you guys suggestion, I adjust my configuration file as follows: ============================================================== global maxconn 32000 # Total Max Connections. This is dependent on ulimit daemon nbproc 1 # Number of processing cores. Dual Dual-core Opteron is 4 cores for example. pidfile /tmp/haproxy.pid #stats maxconn 5 defaults mode http clitimeout 10000 srvtimeout 10000 contimeout 10000 #option httpclose # Disable Keepalive log global log 127.0.0.1 local3 option httplog listen http_proxy 10.211.162.15:80 balance roundrobin # Load Balancing algorithm option httpchk HEAD /wap2/login.jsp HTTP/1.0 option forwardfor # This sets X-Forwarded-For stats enable stats realm testing \ Haproxy stats uri /admin stats auth hogan:hogan stats refresh 30s stats hide-version #option httpclose option http-server-close capture cookie JSESSIONID len 52 #stick-table type string len 52 size 2g expire 1h cookie HTTPSERVERID insert nocache indirect #appsession JSESSIONID len 52 timeout 3h mode query-string appsession JSESSIONID len 34 timeout 1h acl image_ico path_sub .ico acl image_gif path_sub .gif acl image_png path_sub .png acl image_jpg path_sub .jpg ignore-persist if image_ico || image_gif || image_png || image_jpg ## Define your servers to balance server server1 10.211.162.15:8280 weight 1 maxconn 15000 check inter 2000 rise 2 fall 3 cookie A server server2 10.198.9.139:8280 weight 1 maxconn 15000 check inter 2000 rise 2 fall 3 cookie B listen https_proxy 10.211.162.15:443 balance roundrobin # Load Balancing algorithm option httpchk HEAD /wap2/login.jsp HTTP/1.0 option forwardfor # This sets X-Forwarded-For stats enable stats realm icebreakersoftware\ Haproxy stats uri /admin stats auth hogan:hogan stats refresh 30s stats hide-version cookie HTTPSSERVERID insert nocache indirect appsession JSESSIONID len 52 timeout 30m mode path-parameters acl image_ico path_sub .ico acl image_gif path_sub .gif acl image_png path_sub .png acl image_jpg path_sub .jpg ignore-persist if image_ico || image_gif || image_png || image_jpg ## Define your servers to balance server server1 10.211.162.15:8280 weight 1 maxconn 15000 check inter 2000 rise 2 fall 3 cookie A server server1 10.198.9.139:8280 weight 1 maxconn 15000 check inter 2000 rise 2 fall 3 cookie A ============================================================== I add the ACL for ignore-persistent for images and a new 443 port to listen. It is the load balance for some java application servers. do you have any suggestion for my configuration? Best Regards, Hogan On Sat, Nov 13, 2010 at 3:59 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Sat, Nov 13, 2010 at 10:54:26AM +0800, Hogan Yu wrote: > > Hi Cryil, > > > > Great thanks for you help. I change the nbproc to 1 and it works. > > About you suggestion on the param "option http-server-close" and "option > > httpclose". If i don't config it ,It still works for me. The spec saids: > > By default HAProxy operates in a tunnel-like mode with regards to > persistent > > connections: for each connection it processes the first request and > forwards > > everything else (including additional requests) to selected server. Once > > established, the connection is persisted both on the client and server > sides. > > Use "option http-server-close" to preserve client persistent connections > > while handling every incoming request individually, dispatching them one > > after another to servers, in HTTP close mode. Use "option httpclose" to > > switch both sides to HTTP close mode. "option forceclose" and "option > > http-pretend-keepalive" help working around servers misbehaving in HTTP > > close mode. > > > > It said it processes the first request and follows to on selected > server, > > So we don't need to analysis the headers again. > > In general, tunnel mode will work. But it's dirty for several reasons : > - when you want to add header rewriting rules, you'll find they randomly > work (only first requests/responses will be affected). This is also true > for the x-forwarded-for header. > > - logging will only report the first request > > - ACL-based switching rules won't be usable > > - the clients uselessly maintain idle connections to the server between > their fetches, which induces a load on the server and prevents them > from being usable by other clients. > > You'd really better use "http-server-close" which will still enable client > side keep-alive but close server-side idle connections. > > > I set cookie in headers to > > help check which server is selected by follows: > > cookie HTTPERVERID insert nocache indirect > > > > It will set the cookie "HTTPSERVERID=A" for server1 and "HTTPSERVERID=B" > > for server2. If we don't click the link for a long time and the > connection > > is timeout, the Haproxy will reanylisis the head and send the request to > the > > correct server. > > > > For this browsers that they dont support the cookie. it works same. > > > > does my thougt is correct? > > In part, because right now all browsers support cookies and have done > so for the last 10 years at least. Even WAP gateways and terminals do > support cookies. What you may find are browsers where cookie support > has been explicitly disabled. But even then, when users disable cookies, > they normally disable persistent cookies, those that are stored into a > file. Session cookies, such as the cookies haproxy inserts, just live > while the browser window is open and are not stored in any file. Those > ones are almost never blocked. > > > I use the > > cookie HTTPERVERID insert nocache indirect > > and > > appsession JSESSIONID len 34 timeout 1h > > together. I use this cookie because I want to HAproxy to forward request > to > > correct server when I restart the HAproxy. All the jsessionids mapping > with > > backend server in the Haproxy memory will be lost when I restart it and > It > > will maybe forward the request to another server. > > > > If the user browser enable supporting of cookie, there will two cookies > in > > the user client (HTTPSERVERID and JSESSIONID). does the HAproxy pick the > > HTTPSERVERID first and send the request to the server and not set the > > JSESSIONID into the hash map to the server? > > Yes. To be more precise, in the request, haproxy looks for the HTTPSERVERID > and if found and valid, sets the server to match this one. Next, it will > look to the JSESSIONID, and if found and valid and if the server has not > been assigned, it will then be assigned. The two processings are performed > one at a time and are not mutually-exclusive. > > Regards, > Willy > > -- Hogan Yu Technical Operations Director Ice BreakerSoftware (Beijing) Lmt. Mobile: 18611746815 Tel:86-10-82800259 82800942 Fax:86-10-82800941