Haproxy SSL and sessions


#1

Hello,
i’m trying to configure 2 backends (citrix storefront) active-active with haproxy. Backends are in https. When i log in node1 and i disconnect the node for test the node2, haproxy not “save” the credentials and i have to log in again. Is it possible to save sessions and pass them to node2 when node1 fails? I have tested several configurations in both tcp mode and http mode

Examples:

http mode:
[…]
bind 0.0.0.0:443 ssl crt /etc/pki/tls/private/mycert.pem
[…]
backend mybackend
mode http
cookie SRVNAME insert
server node1 192.168.1.1:443 ssl check cookie app1
server node2 192.168.1.2:443 ssl check cookie app1

tcp mode:
[…]
mode tcp
bind 0.0.0.0:443
[…]
backend mybackend
mode tcp
server node1 192.168.1.1:443
server node2 192.168.1.2:443

thank you so much


#2

sorry i have a mistake with copy&paste

server node1 192.168.1.1:443 ssl check cookie app1
erver node2 192.168.1.2:443 ssl check cookie app2


#3

No, haproxy cannot write to your backend databases.


#4

oh… ok thanks
and with http? without encryption?

thanks


#5

It doesn’t matter.

Haproxy can use stickiness to make sure one browser session always hits the same server, but it cannot synchronize your backends with each other.

I strongly suggest you talk to your application people.


#6

ok thank you very much