Hello ! I will try to answer qustions and explain my case
<How do you know HAProxy doesn't maintains the correct affinity? My web servers contain text file wich contain name of that server. Then put following line to web browser https://X.X.X.X/index.txt and browse this page it displays server name One server file index.txt contains server name etee-live1 and other server the file contains this server name etee-live2. If affinity works browser displays always the same server name and then in the sticky tabel must contain one entry. But in my SSL affinity case web browser displays once one server name and on the other refresh browser displays other server name . Then i look sticky table it displays two entries but in then SSL affinity - (SSL sticky session) case there must be one entry. My sticky table displys: echo "show table etlive_https" | socat unix-connect:/var/run/haproxy.stat stdio # table: etlive_https, type: binary, size:30720, used:2 0x17eddd4: key=7D4CD359DDAB9F3F7F976E7A995045670FFF0118FDDB72773165273BE6DA16FA use=0 exp=1778829 server_id=2 0x17ee1d4: key=905273E4AC943682F48106A6BD07777486F8FD60F8B80E4860FE7032F7D69DC2 use=0 exp=1783937 server_id=1 Are you tcpdumping the frontent traffic? If undestood correctly tcpdump displays encrypted traffic without necessary information about affinity < Are you sure your backend servers have an session cache enabled and working? Person who configred these apache server ensures that these things are working I will tried source ip based affinity/stickiness and all worked as expected (http://blog.exceliance.fr/2011/07/12/send-user-to-the-same-backend-for-both-http-and-https/) NB : I will try to make my HAproxy with make clean; make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 and try experiment ssl sessioon affinity again. Lauri-Alo Adamson -----Original Message----- From: Lukas Tribus [mailto:[email protected]] Sent: Friday, January 03, 2014 11:41 PM To: Lauri-Alo Adamson; [email protected] Subject: RE: HA-Proxy version 1.5-dev21-51437d2 2013/12/29 sticky ssl sessons are not working in my environment Hi, > Hello , > > Many thanks for your replay. This thing is more stranger i downloaded > and compiled serverl versions of HAproxy 1.5.x.x and the result was > alwase the same > > I experimented with following versions > > At first i testing with > http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz > > After i tested with these > http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev20.tar.gz > http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev18.tar.gz > http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev17.tar.gz > > latest downloded was haproxy-ss-LATEST.tar.gz from > http://haproxy.1wt.eu/download/1.5/src/snapshot/ > > All the time the result was same Well, your make line looks very specific, whats the reason you use those CFLAGS manually and don't use on the other hand a specific TARGET? I suggest you give this a try: make clean; make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 \ USE_ZLIB=1 With the custom make TARGET, you are not using epoll, falling back to the slower poll(). This shouldn't make any difference regarding the ssl affinity though. Regarding that, your configuration looks ok, and you have tested a different releases, which make me think the issue may not be in haproxy. How do you know HAProxy doesn't maintains the correct affinity? Are you tcpdumping the frontent traffic? Are you sure your backend servers have an session cache enabled and working? Regards, Lukas
