James Records wrote:
Can you show us the relayd protocol definition your using?
J
This "cookie hash" seems to be working in such way that the same cookie
is always forwarded to the same backend, but that backend is not always
the correct one, i.e. not the same backend that issued the cookie.
Our configuration is like this:
webcluster="some.public.address"
log updates
timeout 1500
web_be1="internal.address.1"
web_be2="internal.address.2"
table <webhosts> { $web_be1 $web_be2 }
http protocol "http" {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Keep-Alive" to "$TIMEOUT"
cookie hash "PHPSESSID" log
}
http protocol "http_ssl" {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Keep-Alive" to "$TIMEOUT"
cookie hash "PHPSESSID" log
ssl { sslv2, ciphers "MEDIUM:HIGH" }
}
relay webcluster {
listen on $webcluster port www
protocol http
forward to <webhosts> port http mode loadbalance \
check http / host www.site.com code 200
}
relay webclusterssl {
listen on $webcluster port https ssl
protocol http_ssl
forward to <webhosts> port http mode loadbalance \
check http / host www.site.com code 200
}
On Sun, Apr 26, 2009 at 12:32 PM, Magnus Hultman <[email protected]
<mailto:[email protected]>> wrote:
We have a pair of OpenBSD boxes running 4.5/relayd, loadbalancing two
webservers. The webservers identify each session with a unique cookie
returned to the client. We have tried to use the "hash cookie" directive
in relayd.conf to force the correct session to the correct webserver,
but it is not working. Instead, relayd hashes the client supplied
cookie (returned by one of the webservers) to an arbitrary
webserver. Sometimes the correct and sometimes not, forcing the
client to login again. Is "hash cookie" not meant to solve this kind
of problem, or is there any other functionality in relayd to keep a
session (cookie) tied to a specific backend?
Magnus Hultman
