Website not loading after logging in!

Help!
1

Hello guys,

i am using HAProxy to encrypt and load balance my two Axios Assyst Jboss webservers.

The main functions are working. HAProxy direkts with encryption to the Assyst Loginpage.

2019-07-04_11h45_32
2019-07-04_11h45_32.png1458×856 17.6 KB

But after logging in, the page is just blank and i need to refresh the page to get Assyst fully loaded.

Page after login:

2019-07-04_11h47_36
2019-07-04_11h47_36.png1446×740 6.34 KB

and after refresh:

2019-07-04_11h48_35
2019-07-04_11h48_35.png1660×874 101 KB

I think there is an issue in directing the response from the webserver after logging in.
Does anyone had an similar experiance or idea to fix it?

Here is my config:

global
    log 127.0.0.1 local0
    chroot /var/log/haproxy
    pidfile /var/run/haproxy.pid
    maxconn 100000
    user haproxy
    group haproxy
    daemon

    stats socket /var/run/haproxy.sock mode 660 level admin

    # Default SSL material locations
    ca-base /etc/haproxy/cert
    crt-base /etc/haproxy/cert

defaults
    log     global
    mode    http
    option httplog
    option dontlognull
    option redispatch
    option accept-invalid-http-response
    option accept-invalid-http-request
    option http-server-close
    option forwardfor except 127.0.0.0/8
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 100000

    stats enable
    stats hide-version
    stats refresh 30s
    stats show-node
    stats auth assyst:assyst
    stats uri  /haproxy?stats


frontend http_https
    mode http
    bind :443 ssl crt /etc/haproxy/cert/serverlb01.pem crt-ignore-err all
    bind :80

    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    redirect scheme https if !{ ssl_fc }
    # option http-keep-alive
    default_backend assyst_prod_lb

backend assyst_prod_lb
    balance roundrobin
    cookie JSESSIONID prefix nocache
    server server1.domain.net 101.161.219.202:8080 cookie s1 check inter 5s
    server server2.domain.net 101.161.219.203:8080 cookie s2 check inter 5s
2

I would suggest trying to use the browsers development mode and investigate the actual HTTP requests (especially the replies), and see if you can deduce from there what happened.

Also, make sure that if your servers require “sticky sessions”, the clients are routed to the same server each time.

3

My servers require sticky sessions! How can I make sure that the clients are routed to the same server each time?

4

You’ll have to properly configure the following options:

  • on the backend the cookie option;
  • for each server the cookie option;

(They are named both cookie but serve different purposes.)

However, if your application requires sticky sessions, then sooner or later you’ll end-up in trouble, especially if your servers get over-loaded or start failing intermittently. (I would strongly suggest looking into the application’s manual and see if there is any way in which they can use for example Memcache or similar to share the session information.)

Else you are using HAProxy just for “routing” at HTTP level based on these persistence cookies, and you won’t obtain any “high-availability”… (Granted if one of the servers goes down, traffic will be dispatched to the other live ones, but the users will have to re-login.)

Furthermore, as the documentation states, you’ll have to be extra careful about any Cache-Control headers emitted by the servers.