stackoom
  简体   繁体   中英

HAProxy with SSL (https) and Sticky Session

 原文  2012-08-21 05:00:27       apache/ ssl/ nginx/ haproxy

Question

I need to setup Load balancer as an alternative for ELB for Amazon as they have issue in connection timeout.

Currently, Im using HAProxy and it works normally. However, I need to use SSL for users who wants to connect in https (port 443) to the backend apache servers plus sticky session.

What will be the configuration would looks like? I heard that HAProxy doesn't support SSL in native and can use stunnel or nginx / apache to handle the SSL termination.

I would appreciate anyone to share their knowledge and experiences.

Thanks. James

2 answers

solution1
 1  2013-12-23 15:17:23

To http use something like that. Change the XXX.XXX.XXX.XXX to your IP address. 

listen  example-cluster XXX.XXX.XXX.XXX:80
        mode    http
        stats   enable
        stats   auth    user:password
        stick store-request src
        stick-table type ip size 200k expire 2m
        balance source
        cookie  JSESSIONID prefix
        option  httplog
        option  httpclose
        option  forwardfor
        option  persist
        option  redispatch
        option  httpchk HEAD    /check.txt      HTTP/1.0
        server  example-webl XXX.XXX.XXX.XXX:80 cookie A check
        server  example-web2 XXX.XXX.XXX.XXX:80 cookie B check
        server  example-web3 XXX.XXX.XXX.XXX:80 cookie C check
        server  example-web4 XXX.XXX.XXX.XXX:80 cookie D check
        server  example-web5 XXX.XXX.XXX.XXX:80 cookie E check

To your SSL use the mode tcp with balance source: 

listen  example-cluster-ssl XXX.XXX.XXX.XXX:443
        mode   tcp
        reqadd X-Forwarded-Proto:\ https
        stick  store-request src
        stick-table type ip size 200k expire 2m
        option persist
        option redispatch
        option ssl-hello-chk
        balance source
        server  example-webl XXX.XXX.XXX.XXX:443 check
        server  example-web2 XXX.XXX.XXX.XXX:443 check
        server  example-web3 XXX.XXX.XXX.XXX:443 check
        server  example-web4 XXX.XXX.XXX.XXX:443 check
        server  example-web5 XXX.XXX.XXX.XXX:443 check

Another way is your upgrade your haproxy to version 1.5, in that version have support to ssl but isn't stable yet.

solution2
 0  2012-08-25 07:31:02

Take a look at the Stud project on github, which combines extremely well with haproxy, is very performant, scalable, and uses very little resource. Many users are switching to it right now because it's simple and efficient.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Haproxy “send-proxy” unknown protocol — speaking not SSL to HTTPS port? haproxy ssl keeps failing haproxy - how can i transfer the https traffic? Force redirection to HTTPS with query params by HAProxy HAProxy with SSL passthrough to multiple domains with multiple backends AS3: Sockets & HTTPS/SSL HAProxy - Redirect traffic of one domain to https and other domains to http only Apache handeling SSL requests and passing them through to HAproxy How to configure Codeigniter for HTTPS (SSL)? Force SSL HTTPS for subdomain with .htaccess
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM