Hi Willy, I have the following (stripped down) configuration:
----------- defaults log global maxconn 8000 option redispatch option allbackups retries 3 stats enable timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout check 10s frontend default-http bind :80 mode http force-persist if TRUE option httplog use_backend %[base,regsub(^www\.,,i),map_beg(/etc/haproxy/http-bases-to-backends.map,default)] frontend default-https bind :443 ssl crt /etc/ssl/haproxy mode http force-persist if TRUE option httplog option http-server-close option forwardfor reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 443 use_backend %[base,regsub(^www\.,,i),map_beg(/etc/haproxy/http-bases-to-backends.map,default)] backend pieter-tomcat-tst mode http balance roundrobin cookie JSESSIONID prefix nocache redirect scheme https code 302 if !{ ssl_fc } server pieter-tomcat-01t:8080 10.15.17.142:8080 check cookie s01 server pieter-tomcat-02t:8080 10.15.33.183:8080 check cookie s02 ------------ In defaults I have "option redispatch" and in the frontends "force-persist if TRUE". But when I put both tomcat servers in maintenance mode I get a 503 served. Why am I not getting access even though the servers are in maintenance mode? Best regards, Pieter Vogelaar Op 19-02-18 14:04 heeft Willy Tarreau <w...@1wt.eu> geschreven: Hi, On Mon, Feb 19, 2018 at 12:18:36PM +0000, Pieter Vogelaar wrote: > Hi, > > At the moment if we set backends in maintenance mode, the servers can't be > reached by anyone. > Is it possible to still allow traffic from certain IP's (of the office > network) so that testing can be done, before the backend is available to the > general public again? Please take a look at "force-persist", it's designed exactly for what you want to do. Regards, Willy