Haproxy SSL and sessions

mandevnull · June 26, 2017, 10:50am

Hello,
i’m trying to configure 2 backends (citrix storefront) active-active with haproxy. Backends are in https. When i log in node1 and i disconnect the node for test the node2, haproxy not “save” the credentials and i have to log in again. Is it possible to save sessions and pass them to node2 when node1 fails? I have tested several configurations in both tcp mode and http mode

Examples:

http mode:
[…]
bind 0.0.0.0:443 ssl crt /etc/pki/tls/private/mycert.pem
[…]
backend mybackend
mode http
cookie SRVNAME insert
server node1 192.168.1.1:443 ssl check cookie app1
server node2 192.168.1.2:443 ssl check cookie app1

tcp mode:
[…]
mode tcp
bind 0.0.0.0:443
[…]
backend mybackend
mode tcp
server node1 192.168.1.1:443
server node2 192.168.1.2:443

thank you so much

mandevnull · June 26, 2017, 10:57am

sorry i have a mistake with copy&paste

server node1 192.168.1.1:443 ssl check cookie app1
erver node2 192.168.1.2:443 ssl check cookie app2

lukastribus · June 26, 2017, 11:54am

No, haproxy cannot write to your backend databases.

mandevnull · June 26, 2017, 12:43pm

oh… ok thanks
and with http? without encryption?

thanks

lukastribus · June 26, 2017, 1:23pm

It doesn’t matter.

Haproxy can use stickiness to make sure one browser session always hits the same server, but it cannot synchronize your backends with each other.

I strongly suggest you talk to your application people.

mandevnull · June 27, 2017, 7:23am

ok thank you very much

Topic		Replies	Views
HAProxy in `mode tcp` accepts HTTP with HTTPS backend Help!	1	610	March 3, 2020
Backend using https on different port Help!	5	4862	November 9, 2018
Http to https jumps to another server using https passthrough Help!	1	934	November 21, 2016
Backend encryption and reusing SSL sessions Help!	4	3077	July 28, 2016
TCP mode and http/2 backend Help!	6	3026	June 4, 2020

Haproxy SSL and sessions

Related Topics