Dear Jarno : Please see below my answers.
Hello, On Fri, Aug 08, [email protected] wrote: > But, when I migrated system to complex > environment(haproxy+cluster). my browser always could not found this > CASTGC cookie. Does your browser get the CASTGC cookie if you send your requests directly to your clustered webserver for example to WEB01 in your diagram ? yes, We have single testing environment. CASTGC cookie has been generated in my browser, after I logon. (What version of haproxy are you using ?) current haproxy version is 1.5.3. > 1. Below, I redraw my architecture by ascii format. > +-------+ > +---> | WEB01 | <---+ > | +-------+ | > +---------+ +---------+ | | > +------------+ > | Browser | <-------> | HAProxy | <---+ +---> | CAS > Server | > +---------+ +---------+ | | > +------------+ > | +-------+ | > +---> | WEB02 | <---+ > +-------+ > > 2. I put whole HAProxy configure: > listen tda_web_http 0.0.0.0:80 > mode http > reqadd X-Forwarded-Proto:\ http > option tcpka > no option http-server-close > stats enable > stats refresh 10s > stats uri /status > stats realm Haproxy\ statistics > log global > timeout server 10m > timeout client 10m > balance source > cookie JSESSIONID prefix > cookie CASTGC indirect preserve secure > capture cookie CASTGC len 63 > option httpclose > option forwardfor > option httplog > server web01 10.10.0.1:8080 cookie web01 weight 50 check > inter 4000 > server web02 10.10.0.2:8080 cookie web02 weight 50 check > inter 4000 How are you trying to achieve session persistence ? Looks like you have "balance source" and "cookie JSESSIONID" / "cookie CASTGC" persistence options in your config. Some of the options are probably redundant. I don't understand you say session persistence how to config! Does your web/cas servers send the CASTGC cookie with secure flag ? yes Have you tried with tcpdump (on haproxy server) to see what the webservers / browser send/receive ? 17:00:14.072030 IP (tos 0x0, ttl 64, id 43528, offset 0, flags [DF], proto TCP (6), length 708) khtrdsvr15.kh.asegroup.com.webcache > tdatwo.kh.asegroup.com.53574: Flags [P.], cksum 0xfef8 (correct), seq 1:657, ack 779, win 126, options [nop,nop,TS val 884655958 ecr 801304258], length 656 E.....@.@.!T.. O.. L...F..l........~....... 4..V/...HTTP/1.1 302 Moved Temporarily^M Server: Apache-Coyote/1.1^M Set-Cookie: CASTGC=TGT-144-6Q2bBccjqXHGdCk6W6gnuEZzed5Gto7fSDSLPgXYpDMbGP2xDb-khtrdsso01.kh.asegroup.com; Domain=khtrdsso01.kh.asegroup.com; Path=/cas/; Secure^M Set-Cookie: JSESSIONID=EEE2BAA00BB0C4803D90DA8DFBFAE8A7; Domain=khtrdsso01.kh.asegroup.com; Path=/cas/; Secure^M Content-Length: 245^M Date: Fri, 15 Aug 2014 09:01:37 GMT^M Connection: close^M ^M <html><body onload='document.forms[0].submit()'><form action='http://tdatwo.kh.asegroup.com/TdaJSFWeb/index.ase' method='get'><input type='hidden' name='ticket' value='ST-144-IhwNPrzMmzP3FClSNqiM-khtrdsso01.kh.asegroup.com'></form></body></html> > 3. Below is our HAProxy's partial debug log : If you need persistence, does your httplog show that all requests that shoud go to same server actually go there ? I don't know what's your meaning. -Jarno -- Jarno Huuskonen
