Hi Cyril, Thank you very much. That did fix my issue. Should I be concerned about any performance ramifications of not being in tunnel mode?
Also, thank you for mentioning that issue with the global maxconn. I'm currently just prototyping a new system and am using a configuration I found elsewhere. What would you recommend for those numbers? Willy: Sorry I wasn't able to rectify my confusing questions. Fortunately Cyril was able to make sense of it. Thanks for your time, Jordan On Sun, Oct 20, 2013 at 6:11 AM, Cyril Bonté <[email protected]> wrote: > Hi Jordan and Willy, > > Le 20/10/2013 13:00, Willy Tarreau a écrit : > > On Sun, Oct 20, 2013 at 03:27:45AM -0500, Jordan Arentsen wrote: >> >>> Hi Willy, >>> >>> I apologize for my confusing question. The important thing I forgot to >>> mention is that I'm trying to redirect from within the backend, using the >>> backend's application logic. So in this case, the selected backend >>> performs >>> an authentication check, realizes it doesn't have a session, and need to >>> redirect to another backend to perform a login. In this case the backend >>> is >>> PHP and I was attempting to use a 302 redirect to a URL that would match >>> my >>> authentication backend. >>> >>> Is there no way for me to redirect from one backend to another once an >>> ACL >>> has been matched? >>> >>> Hope that helped. >>> >> >> Unfortunately it does not :-( >> >> I think there is a problem of terminology as you seem to sometimes use >> the term "backend" to designate alternatively haproxy's backend sections >> and sometimes the application server. But with that word used 7 times in >> 7 lines, I'm still having difficulties understanding what you're trying >> to do. Because if you're only talking about the application server, then >> what would prevent the server from returning a 302 that the client will >> follow ? >> > > I suspect a configuration issue : the "middleman" backend is in tunnel > mode. > > Jordan, I think your redirect is done using a HTTP keep-alive connection, > which prevents haproxy to analyze the new request, then each new request on > this connection will be sent to "middleman". > > Try to add "option http-server-close" on the frontend (and not only in the > "noser" backend). This could solve your issue. Btw, your global maxconn is > extremely low, if this is really the value you want, you'd probably prefer > "option httpclose" instead of "http-server-close", depending on your > traffic. > > -- > Cyril Bonté >
