On Tue, Jan 27, 2015 at 2:03 AM, Aaron Golub <[email protected]> wrote: > > > >> Hi, >> > > Sorry for re-posting...I didn't realize I had setn my previous question > without a subject: > >> We're having a strange problem with cookies being set and I'm hoping >> someone can help diagnose whats happening here. >> >> >> So we our http and https frontends set up like this: >> >> #--------------------------------- >> # "frontend" section describes a set of listening sockets accepting client >> connections. >> frontend PROD_aff_webfarm >> #--------------------------------- >> bind 10.2.0.201:80 >> mode http >> default_backend www_prodswap >> maxconn 4000 >> >> #--------------------------------- >> # "frontend" section describes a set of listening sockets accepting client >> connections. >> frontend PROD_www_https >> #--------------------------------- >> >> bind 10.2.0.201:443 >> mode tcp >> acl is_port_443 dst_port 443 >> use_backend PROD_https_swap if is_port_443 >> default_backend PROD_http >> maxconn 4000 >> >> >> >> These then use the following backends: >> >> #--------------------------------- >> # "backend" section describes a set of servers to which the proxy will >> connect to forward incoming connections. >> backend www_prodswap >> #--------------------------------- >> mode http >> option httplog >> stats enable >> stats auth ****:**** >> balance roundrobin >> cookie SWAP_SERVERID insert indirect nocache >> option httpclose >> option forwardfor >> option httpchk /healthcheck.txt # file on sprodswap1 and prodswap2 >> server prodswap1 10.2.0.50:80 cookie prodswap1 weight 50 check >> server prodswap2 10.2.0.51:80 cookie prodswap2 weight 50 check >> >> >> #--------------------------------- >> #Added to use https on prodswap >> backend PROD_https_swap >> #--------------------------------- >> mode tcp >> option tcplog >> balance roundrobin >> stick-table type ip size 200k expire 30m >> stick on src >> server prodswap1 10.2.0.50:443 >> server prodswap2 10.2.0.51:443 >> >> >> >> So far, so good...the SWAP_SERVERID cookies gets set fine. Now...from >> here, the servers at the www_prodswap and PROD_https_swap backends redirects >> some of their traffic to these frontends using reverse proxy that is >> configured in our paython site and effectively uses curl to access urls and >> the delivers that data back out to the client: >> >> >> #--------------------------------- >> # "frontend" section describes a set of listening sockets accepting client >> connections. >> frontend PROD_rev_proxy_http >> #--------------------------------- >> bind 10.2.0.202:80 >> mode http >> option httplog >> default_backend PROD_http >> >> #--------------------------------- >> # "frontend" section describes a set of listening sockets accepting client >> connections. >> frontend PROD_rev_proxy_tcp >> #--------------------------------- >> bind 10.2.0.202:443 >> acl is_port_443 dst_port 443 >> mode tcp >> use_backend PROD_https if is_port_443 >> default_backend PROD_http >> >> These front ends them direct traffic to the following backends: >> >> #--------------------------------- >> # "backend" section describes a set of servers to which the proxy will >> connect to forward incoming connections. >> backend PROD_http >> #--------------------------------- >> mode http >> option httplog >> stats enable >> stats auth ****:**** >> balance roundrobin >> stick on src table PROD_https >> cookie PHP_SERVERID insert indirect nocache >> option httpclose >> option forwardfor >> option httpchk /healthcheck.txt >> server prod4 10.2.0.105:80 cookie prod4 weight 34 check >> server prod5 10.2.0.106:80 cookie prod5 weight 33 check >> server prod6 10.5.0.107:80 cookie prod6 weight 33 check >> >> >> #--------------------------------- >> backend PROD_https >> #--------------------------------- >> mode tcp >> option tcplog >> balance roundrobin >> stick-table type ip size 200k expire 30m >> stick on src >> server prod4 10.2.0.105:443 >> server prod5 10.2.0.106:443 >> server prod6 10.5.0.107:443 >> >> >> >> So here's the problem....The pages on the PROD_http/PROD_https load just >> fine, but the PHP_SERVERID cookie is only set intermittently. Why would >> that be? Do I have the cookies settings configured incorrectly? The reason >> I ask is because we believe that these cookies settings are causing server >> affinity to be lost. Any insight into this would be greatly appreciated. >> >> Also...is it possible to have cookies set for HTTPs as well and can it be >> the same cookie as the http cookie? >> >> I'm currently using HAproxy1.4. >> >> >> Thanks in advance! >> Aaron >> [email protected] >> -- >> > > ------------------------------------------------------------------------------------------------------------- > If you received this communication by mistake, please don't forward it to > anyone else (it may contain confidential or privileged information), please > erase all copies of it, including all attachments, and please let the sender > know it went to the wrong person. Thank you. >
Hi, Your statement "cookie PHP_SERVERID insert indirect nocache" means that HAProxy won't insert a cookie if the client sent a valid cookie for a valid server. Remove the 'indirect' keyword and HAProxy will send a cookie for all requests. Baptiste
