Hi,
You need to split your configuration in frontend/backend.
Then you can do content swithing based on header or prefix, depending
on how you can detect a user has a session.
So let us know how you check whether a user has a session or not, then
we can help you with the configuration.
cheers
Hi All,
After scaling up Stud, @exceliance, we (actually, @emeriBr) worked to
make it able to scale out:
More information here:
http://blog.exceliance.fr/2011/11/07/scaling-out-ssl/
Regards
On Wed, Sep 28, 2011 at 4:37 PM, Baptiste bed...@gmail.com wrote:
On the same subject, an excellent
Hi,
We are currently having a system which runs haproxy in the amazon cloud. Our
system is also using autoscaling of backendservers
so when we reach a certain cpu usage during x min we will add more servers to
the backend and update the haproxy config + reloading haproxy.
This works good as we
Is it possible to utilize some sort of sticky session for incoming requests?
SSL connections are terminated at the servers in the backend. Right now I can
do source IP based balance. But then users behind a firewall/NAT will not get
load balanced correctly. Instead, they all end up on same
You are running haproxy in a tcp mode since you are relaying SSL and
decrypting on the backend. Cookies can only be analyzed in HTTP mode. Not
sure how to do sticky sessions in tcp mode.
Vivek
On Mon, Nov 7, 2011 at 2:03 PM, Mir Islam mis...@mirislam.com wrote:
Is it possible to utilize some
Yup. I accomplish what you're describing by using HTTP mode along with
stunnel for the SSL.
David
From: Vivek Malik [mailto:vivek.ma...@gmail.com]
Sent: Monday, November 07, 2011 11:10 AM
To: Mir Islam
Cc: haproxy@formilux.org
Subject: Re: SSL Pass through and sticky session
You are
Interesting. In this case we are expecting a lot of burst traffic during a very
short period of time, 15-30min so I am not sure if we can rely on scaling in a
more proactive way to send traffic to the new servers. I would be
more comfortable if we could just clean the existing sessions and let
Yea that is the problem. Right now SSL is terminated at the application level
on each server. There is no way to inspect the cookie even if the server sets
one. Sticky session in TCP mode can be done by source IP (that is why I have
balance source). But that creates the other problem as I
Will the persistence sessions used by appsession be cleared if I renamed the
existing servers and then reloaded the config?
If so I could make it just change the names of the backend servers slightly in
order to clean existing sessions.
Or is the session bound to backend IP and not the name?
OoO Pendant le journal télévisé du lundi 07 novembre 2011, vers 20:16,
Mir Islam mis...@mirislam.com disait :
Yea that is the problem. Right now SSL is terminated at the
application level on each server. There is no way to inspect the
cookie even if the server sets one. Sticky session in TCP
If the solution is intended for traffic burst, Isn't it safe to assume that
most clients will be new which appsession/cookie doesn't know about?
New clients will automatically be preferred to go to newly added servers as new
servers will have least active connections.
I don't think any special
'hash-type' seems like it could work.
It also depends on how persistence sessions is affected by the hash-type. Is
the persistence sessions overriding this
and still going to the same backend server or will it be redistributed?
/E
-Original Message-
From: David Birdsong
Hi Erik,
Let me give you a few information, I don't know if it will help.
Appsession is not resilient on HAProxy reload.
Which means that since you reload after updating configuration, then
all session will be re-dispatched.
You can use stick-table too, sticking on cookie is doable easily with
On 2011-11-07 21:32, Erik Torlen wrote:
If you get a burst against 3 active backend servers they will take
care of all the request and connections. The clients that are active
will then get a persistence sessions against 1 of these 3 servers. It
will take ~5min to scale up a new server so
Thank you Baptiste, seems like it should work then out-of-the-box when using
appsession.
On Haproxy reload the sessions should be cleared and then clients would be
replicated to new servers.
/E
-Original Message-
From: Baptiste [mailto:bed...@gmail.com]
Sent: den 7 november 2011
On Mon, Nov 7, 2011 at 9:48 PM, Erik Torlen erik.tor...@apicasystem.com wrote:
Thank you Baptiste, seems like it should work then out-of-the-box when using
appsession.
On Haproxy reload the sessions should be cleared and then clients would be
replicated to new servers.
Actually, the
What would you recommend if we wanted to have all our three haproxy instances
loadbalance in the same way.
And still make use of persistence when the client is using one of the haproxy
instances?
E.g Having the client come to the same backend on both haproxy srv1, srv2 and
srv3.
Could we
You should take care to not overload your backend servers in the first place
Yes, that is what we are trying to achieve using autoscaling of the backend
servers :)
I would have like to use the maxconns against backend but we did not have time
to tune this before the release.
Generally, I
On Mon, Nov 7, 2011 at 10:05 PM, Erik Torlen
erik.tor...@apicasystem.com wrote:
What would you recommend if we wanted to have all our three haproxy instances
loadbalance in the same way.
And still make use of persistence when the client is using one of the haproxy
instances?
E.g Having the
Is 'hash-type consistent' the way to go using hash algorithm? Map-based sounds
pretty good as well?
Consistent:
In order to get the same distribution on multiple load balancers, it is
important that all servers have the same IDs.
Something like this?
Balance source
hash-type map-based
/E
It would be great to see these changes merged in.
Willy, any thoughts?
--
Name: Joseph A. Williams
Email: j...@joetify.com
Blog: http://www.joeandmotorboat.com/
Twitter: http://twitter.com/williamsjoe
On Tuesday, September 27, 2011 at 6:28 PM, Simon Horman wrote:
On Mon, Sep 19, 2011 at
Thanks Vincent for the link. That is exactly what I was looking for. However
the configuration they provided does not work out of the box. My knowledge in
HAProxy is less than two days old. So if you or anyone else can tell me what
the following errors mean, I will appreciate it a lot.
First
Hi,
The configuration is for HAProxy 1.5-something :)
cheers
On Tue, Nov 8, 2011 at 3:00 AM, Mir Islam mis...@mirislam.com wrote:
Thanks Vincent for the link. That is exactly what I was looking for. However
the configuration they provided does not work out of the box. My knowledge in
23 matches
Mail list logo