Session stickiness based on appsession. JSESSIONID twice on some log lines.
Dear All, I'm trying to have session stickiness based on an application cookie (i.e. JSESSIONID) through the following configuration: listen bpm_weblogics_prod bind 10.124.32.176:8090 balance roundrobin option httpclose capture cookie JSESSIONID= len 30 cookie JSESSIONID prefix appsession JSESSIONID len 30 timeout 3h request-learn server 10.124.4.236:8001 10.124.4.236:8001 check inter 3200 rise 2 fall 3 server 10.124.4.237:8002 10.124.4.237:8002 check inter 3200 rise 2 fall 3 This fails sometimes, like the following log snippet shows: --- [line #1] Jan 16 11:51:21 localhost haproxy[12314]: 10.124.32.182:56573 [16/Jan/2013:11:51:21.608] bpm_weblogics_prod bpm_weblogics_prod/10.124.4.237:8002 0/0/0/54/62 200 5759 - JSESSIONID=hLLcQ2kGjFF5KBWBsD2 --NP 53/1/1/1/0 0/0 "GET /bpm/workspace/ HTTP/1.1" [line #2] Jan 16 11:51:22 localhost haproxy[12314]: 10.124.32.182:56574 [16/Jan/2013:11:51:21.787] bpm_weblogics_prod bpm_weblogics_prod/10.124.4.236:8001 0/0/0/244/254 302 1113 JSESSIONID=hLLcQ2kGjFF5KBWBsD2 JSESSIONID=hLLcQ2kGjFF5KBWBsD2 --IP 53/1/1/0/0 0/0 "GET /bpm/workspace/?_afrLoop=7215946588586104&_afrWindowMode=0&_afrWindowId=null HTTP/1.1" [line #3] Jan 16 11:51:23 localhost haproxy[12314]: 10.124.32.190:59517 [16/Jan/2013:11:51:23.916] bpm_weblogics_prod bpm_weblogics_prod/10.124.4.237:8002 0/0/0/10/59 200 271952 JSESSIONID=hLLcQ2kGjFF5KBWBsD2 - --VN 55/2/2/2/0 0/0 "GET /bpm/workspace/adf/styles/cache/fusion-desktop-fek81w-en-ltr-gecko-macos-cmp.css HTTP/1.1" [line #4] Jan 16 11:51:24 localhost haproxy[12314]: 10.124.32.190:59519 [16/Jan/2013:11:51:24.001] bpm_weblogics_prod bpm_weblogics_prod/10.124.4.237:8002 0/0/0/6/9 200 14830 JSESSIONID=hLLcQ2kGjFF5KBWBsD2 - --VN 58/3/3/3/0 0/0 "GET /bpm/workspace/adf/jsLibs/resources/LocaleElements_en_US1_2_12_3_3.js?loc=en_US HTTP/1.1" --- As you can see requests on lines #1, #3 and #4 connect to backend #2 (10.124.4.237:8002) while the request on line #2 connects to backend #1 (10.124.4.236:8001). I find interesting that line #2 shows JSESSIONID twice (i.e.: JSESSIONID=hLLcQ2kGjFF5KBWBsD2 JSESSIONID=hLLcQ2kGjFF5KBWBsD2) and I'm not sure if this is indicative or something that's wrong, isn't it? Could anyone point out what's wrong with the configuration? Thank you so much -- unai
RE: enabling SPDY
Theoretically you are able to offload SSL at haproxy, and pass raw, unencrypted SPDY to the backend. I doubt however that this has been done before, and nginx most certainly doesn't accept unencrypted SPDY traffic, so yes, tcp mode will be the only option for now. Regards, Lukas > From: ke...@my.walr.us > Subject: enabling SPDY > Date: Tue, 15 Jan 2013 18:27:10 -0500 > To: haproxy@formilux.org > > I'd like to enable SPDY protocol using nginx. For this to work, do the > frontend haproxy load balancers need to operate in tcp mode only? Or, can > they use http mode to pass the SPDY requests to nginx?
enabling SPDY
I'd like to enable SPDY protocol using nginx. For this to work, do the frontend haproxy load balancers need to operate in tcp mode only? Or, can they use http mode to pass the SPDY requests to nginx?
Re: Disable server in stat page triggers 503
Le 15/01/2013 09:24, Willy Tarreau a écrit : On Tue, Jan 15, 2013 at 09:09:22AM +0100, Cyril Bonté wrote: Hi Igor, Le 15/01/2013 09:00, Igor a écrit : Hi, conf like: listen admin bind 127.0.0.1:11199 stats enable stats hide-version stats uri /ha-stats stats realm Ha\ statistics stats auth admin:admin stats refresh 60s stats admin if TRUE I will try remove password to check that. You forgot to provide the defaults section. It's important, to see if you're not missing some options such as "http-server-close" or "httpclose", which could explain your 503. Agreed. Anyway this would be a bug because the stats page works in close mode. But it is still possible. I was thinking of a /favicon.ico downloaded by the browser that could leave the connection in keep-alive during the POST request but if there's no server behind, even a favicon.ico should reply with a 503 in close mode. BTW, Igor, when I said "remove the password", I meant "do not post your password to the list". There is no reason it should change anything to the issue you're facing, though I may be wrong of course. I'll try to reproduce the issue with your config which looks fine to me at this point (but let's see the defaults section). Willy -- Cyril Bonté
Re: Disable server in stat page triggers 503
OOps, here's the default session :) defaults log global modehttp option httplog option http-no-delay option logasap option tcp-smart-accept option tcp-smart-connect retries 2 option redispatch maxconn 4096 timeout check 3000 timeout connect 2 timeout server 3 timeout client 3 errorfile 403 /etc/haproxy/403.http errorfile 502 /etc/haproxy/502.http Bests, -Igor On Tue, Jan 15, 2013 at 4:24 PM, Willy Tarreau wrote: > On Tue, Jan 15, 2013 at 09:09:22AM +0100, Cyril Bonté wrote: >> Hi Igor, >> >> Le 15/01/2013 09:00, Igor a écrit : >> >Hi, conf like: >> > >> >listen admin >> > bind 127.0.0.1:11199 >> > stats enable >> > stats hide-version >> > stats uri /ha-stats >> > stats realm Ha\ statistics >> > stats auth admin:admin >> > stats refresh 60s >> > stats admin if TRUE >> > >> >I will try remove password to check that. >> >> You forgot to provide the defaults section. >> It's important, to see if you're not missing some options such as >> "http-server-close" or "httpclose", which could explain your 503. > > Agreed. Anyway this would be a bug because the stats page works in > close mode. But it is still possible. > > BTW, Igor, when I said "remove the password", I meant "do not post > your password to the list". There is no reason it should change anything > to the issue you're facing, though I may be wrong of course. > > I'll try to reproduce the issue with your config which looks fine to me > at this point (but let's see the defaults section). > > Willy >
Re: Disable server in stat page triggers 503
On Tue, Jan 15, 2013 at 09:09:22AM +0100, Cyril Bonté wrote: > Hi Igor, > > Le 15/01/2013 09:00, Igor a écrit : > >Hi, conf like: > > > >listen admin > > bind 127.0.0.1:11199 > > stats enable > > stats hide-version > > stats uri /ha-stats > > stats realm Ha\ statistics > > stats auth admin:admin > > stats refresh 60s > > stats admin if TRUE > > > >I will try remove password to check that. > > You forgot to provide the defaults section. > It's important, to see if you're not missing some options such as > "http-server-close" or "httpclose", which could explain your 503. Agreed. Anyway this would be a bug because the stats page works in close mode. But it is still possible. BTW, Igor, when I said "remove the password", I meant "do not post your password to the list". There is no reason it should change anything to the issue you're facing, though I may be wrong of course. I'll try to reproduce the issue with your config which looks fine to me at this point (but let's see the defaults section). Willy
Re: Disable server in stat page triggers 503
Hi Igor, Le 15/01/2013 09:00, Igor a écrit : Hi, conf like: listen admin bind 127.0.0.1:11199 stats enable stats hide-version stats uri /ha-stats stats realm Ha\ statistics stats auth admin:admin stats refresh 60s stats admin if TRUE I will try remove password to check that. You forgot to provide the defaults section. It's important, to see if you're not missing some options such as "http-server-close" or "httpclose", which could explain your 503. Bests, -Igor On Tue, Jan 15, 2013 at 4:27 AM, Willy Tarreau wrote: Hi Igor, On Tue, Jan 15, 2013 at 03:04:10AM +0800, Igor wrote: Hi, sometimes when I disable server in stat page, it will return 503, I must refresh the page to do disable again. This is issue happens when I upgrade to haproxy-ss-20131226, and haproxy-ss-20130108 still has this issue. This vaguely reminds me something I encountered and thought was fixed. Let me guess, you have a dedicated stats instance ? I suspect the request tries to pass through. Could you please share at least the section which contains the stats statement as well as the associated defaults section. Please remove any password if you have. Willy -- Cyril Bonté
Re: Disable server in stat page triggers 503
Hi, conf like: listen admin bind 127.0.0.1:11199 stats enable stats hide-version stats uri /ha-stats stats realm Ha\ statistics stats auth admin:admin stats refresh 60s stats admin if TRUE I will try remove password to check that. Bests, -Igor On Tue, Jan 15, 2013 at 4:27 AM, Willy Tarreau wrote: > Hi Igor, > > On Tue, Jan 15, 2013 at 03:04:10AM +0800, Igor wrote: >> Hi, sometimes when I disable server in stat page, it will return 503, >> I must refresh the page to do disable again. >> This is issue happens when I upgrade to haproxy-ss-20131226, and >> haproxy-ss-20130108 still has this issue. > > This vaguely reminds me something I encountered and thought was fixed. > Let me guess, you have a dedicated stats instance ? I suspect the > request tries to pass through. > > Could you please share at least the section which contains the stats > statement as well as the associated defaults section. Please remove > any password if you have. > > Willy >
