Re: What is a nice way to bypass the maintenance mode for certain IP's?

Thu, 01 Mar 2018 06:30:47 -0800 

Hi Willy,

We use Memcached Session Manager that stores the Tomcat sessions to a Couchbase 
cluster. It suffixes the session ID with "-n1" like:

JSESSIONID=s01~1C7985929CDF981D9ACC79EBD8A3293D-n1

Could this JSESSIONID format somehow have impact on HAProxy?

 
Best regards,
Pieter Vogelaar
 

Op 01-03-18 15:25 heeft Willy Tarreau <[email protected]> geschreven:

    Hi Pieter,
    
    On Thu, Mar 01, 2018 at 01:16:36PM +0000, Pieter Vogelaar wrote:
    > Hi Willy,
    > 
    > I have the following (stripped down) configuration:
    > 
    > -----------
    > 
    > defaults
    >   log  global
    >   maxconn  8000
    >   option  redispatch
    >   option  allbackups
    >   retries  3
    >   stats  enable
    >   timeout  http-request 10s
    >   timeout  queue 1m
    >   timeout  connect 10s
    >   timeout  client 1m
    >   timeout  server 1m
    >   timeout  check 10s
    > 
    > frontend default-http
    >   bind :80
    >   mode http
    >   force-persist if TRUE
    >   option httplog
    >   use_backend 
%[base,regsub(^www\.,,i),map_beg(/etc/haproxy/http-bases-to-backends.map,default)]
    >     
    > frontend default-https
    >   bind :443 ssl crt /etc/ssl/haproxy
    >   mode http  
    >   force-persist if TRUE
    >   option httplog
    >   option http-server-close
    >   option forwardfor
    >   reqadd X-Forwarded-Proto:\ https
    >   reqadd X-Forwarded-Port:\ 443
    >   use_backend 
%[base,regsub(^www\.,,i),map_beg(/etc/haproxy/http-bases-to-backends.map,default)]
    >   
    > backend pieter-tomcat-tst
    >   mode http
    >   balance roundrobin
    >   cookie JSESSIONID prefix nocache
    >   redirect scheme https code 302 if !{ ssl_fc }
    >   server pieter-tomcat-01t:8080 10.15.17.142:8080 check cookie s01
    >   server pieter-tomcat-02t:8080 10.15.33.183:8080 check cookie s02
    > 
    > ------------
    > 
    > In defaults I have "option redispatch" and in the frontends 
"force-persist if
    > TRUE". But when I put both tomcat servers in maintenance mode I get a 503
    > served.
    > Why am I not getting access even though the servers are in maintenance 
mode?
    
    For me it works here. The difference is that I'm using cookie insertion
    since my server do not provide a cookie. Are you certain that you reached
    the page where your servers delivered this cookie so that the persistence
    can work ? I suspect that you don't have the JSESSIONID cookie yet in your
    case.
    
    Willy

Reply via email to