I’m currently playing around with rdp-cookie load-balancing, and as far as I can tell, there are 2 ways to do it:
This works great - except the problem is that different clients format the cookie in different ways - it’d be nice to have a way to (almost always) extract the username from the rest of the data. IS there a way to modify the cookie before it’s used in balancing?
stick on rdp_cookie(mstshash),regsub(.*\\\,,g),regsub(@.*,,g)(with balance leastconn)
So the above lets me modify the cookie and remove windows domains from in front and behind the username - which is great! However tables aren’t persistent between unexpected outages/reboots ( and while I’m aware of peering, that doesn’t help for a single proxy server setup or whole-pool outage), so if someone has an rdp session open on a backend node, and I have to restart the proxy service, balance leastconn won’t send them back to their established session.
I’ve discovered I can read and set the table as follows:
echo "show table rdp" |socat stdio /var/run/haproxy.stat >/etc/haproxy/stick-table
Then use the key and server_id on restore to re-establish the table:
echo "set table rdp key bob data.server_id 1" | socat stdio /var/run/haproxy.stat
However doing this manually is a bit racey, and requires a regular backup and restore mechanism along-side haproxy.
any ideas on how to solve the problem of always wanting to balance on rdp-cookie, but also wanting a way to modify the cookie?