I realize that not everyone may have had those old messages around. I have included my original post below. Also, I've read that using the ssl sessionid is not reliable so I'm looking for an alternative.
I was happily using HAProxy, until I received word that we need to also encrypt traffic to the web servers. So, internet --https--> load balancer --https--> web servers. Can I still do this with HAProxy? We don't need any Layer 7 rules. If so, what would the config look like? We do need the following: 1) HTTPS all the way through 2) Web servers need to see the IP of the user 3) Users need sticky sessions to a web server (where the sticky assignment counter gets refreshed on each user request) 4) HTTPS Keep-Alive support 5) Mobile and older browser support (I say this because I keep reading this about SNI, but I don't know if that applies to us) Would #4 cause problems because HAProxy is a proxy and not a forwarder? Thanks On Fri, Jul 18, 2014 at 9:41 AM, Jacob Gibson <jacob.gibbl...@gmail.com> wrote: > It's been a while since I've asked this question and I see there have been > some advancements since. Can someone provide me with an example of how to > achieve all these items? It seems pretty common, but looks really > difficult to do with HAProxy. > > Thanks, > Jacob > > > On Fri, Nov 8, 2013 at 12:41 AM, <hushmeh...@hushmail.com> wrote: > >> >> >> On Thu, 07 Nov 2013 14:24:23 +0100 "Jacob Gibson" er they were >> assigned to. So, "mode tcp" isn't possible >> >here? >> > What if I used the IP instead of a cookie? Right now I'm >> >prefixing the >> >JSESSOINID cookie with server1, server2, or server3. >> >> you could use the ssl sessionid in mode tcp, see the payload_lv >> example: >> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2- >> stick%20store-response >> <http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-stick%20store-response> >> >> >
