Redirecting issue

Deeps · October 28, 2021, 9:20am

Hi,
I need help in configuring haproxy. I have an application which is authenticated using keycloak server. Here I am trying to configure 2 keycloak servers for my application for load balancing.

frontend haproxynode
bind HAPROXYIP:PORT/auth
mode http
default_backend backendnodes

backend backendnodes
balance roundrobin
server server1 KEYCLOAK_SERVER1_IP:PORT check
server server2 KEYCLOAK_SERVER2_IP:PORT check

I am new in this and this is the configuration I am trying right now. If I am commenting one of the backend servers it works fine. If both the servers are enabled in backend section, request goes to both servers at same time and redirection issue happens when logging into the website. What needs to be done to fix this so that first request goes to server1 and second request goes to server 2. Thanks in advance.

Regards,
Deeps.

lukastribus · October 28, 2021, 4:42pm

This is wrong. You can’t specify URI’s here. The syntax is IP:port

No. A request either goes to one server or another.

Caused by load-balancing, most likely, you will to stick a client to a specific server, because server1 doesn’t know anything about the session on server2 and vice versa, so when haproxy load-balances between the two, those servers get confused.

That’s what already happens and is the root cause for your issue.

To fix it, we need to configure haproxy to stop doing this.

Replace balance roundrobin with balance source, so the clients source IP address is hashed and used for the server selection.

There are other way, like adding cookies for server persistence.

Deeps · October 29, 2021, 6:36am

Thank you Lukas.

Deeps · November 6, 2021, 8:48am

Hi,
Now I am trying to configure sticky session for my haproxy.

frontend haproxynode
bind HAPROXYIP:PORT
mode http
default_backend backendnodes

backend backendnodes
balance roundrobin
cookie AUTH_SESSION_ID prefix nocache
option forwardfor
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }
#option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server keynd1 KEYCLOAK_SERVER1_IP:PORT check cookie keynd1
server keynd2 KEYCLOAK_SERVER2_IP:PORT check cookie keynd2

Since I am working with keycloak servers, I think AUTH_SESSION_ID is the cookie that I should use for enabling the sticky sessions. How do we include HTTP headers in haproxy? With this above given configuration I am able to get the keycloak login screen, but getting forbidden error after logging in. How to fix this issue?

Thanks in advance,
Deeps.

Topic		Replies	Views
HAPROXY send 2 requests at time (roundrobin strange behavior ) Help!	6	542	November 27, 2018
Haproxy Accepting and Dropping connections Help!	4	641	January 31, 2023
Haproxy v 1.8 config Help!	4	2089	October 8, 2018
Loadbalancing TCP requests Help!	2	439	September 3, 2019
SSL Load balancing with session affinity Help!	3	8076	May 13, 2016

Redirecting issue

Related Topics