Tag Archives: persistence

Send user to the same backend for both HTTP and HTTPS

Synopsis

Your application uses both HTTP and HTTPS, depending on the pages.
SSL encryption is achieved by your backend server directly.
You want your user to get connected to the same backend for both protocols.

Configuration

This configuration has to be applied on Layer7 (haproxy) tab of the Aloha.

Whatever protocol used on first request, your client IP will be associated to a backend and inserted in a sticky table.

global
  stats socket ./haproxy.stats level admin

frontend ft_http
	bind :80
	mode http
	default_backend bk_http

frontend ft_https
	bind :443
	mode tcp
	default_backend bk_https

backend bk_http
	mode http
	balance roundrobin
	stick on src table bk_https
	default-server inter 1s
	server s1 192.168.1.1:80 check id 1
	server s2 192.168.1.2:80 check id 2

backend bk_https
	mode tcp
	balance roundrobin
	stick-table type ip size 200k expire 30m
	stick on src
	default-server inter 1s
	server s1 192.168.1.1:443 check id 1
	server s2 192.168.1.2:443 check id 2

Result:

echo "show table https" | socat unix-connect:./haproxy.stat stdio
# table: https, type: ip, size:204800, used:2
0x1fea474: key=192.168.1.250 use=0 exp=1764443 server_id=1
0x2014a24: key=192.168.1.251 use=0 exp=1798278 server_id=2

Links