Re: Newbie SSL Question

From: Michael Nguyen <michaeln#twentyten.org>
Date: Sat, 17 Nov 2007 14:27:40 -0800


Aleksandar Lazic wrote:
> 1.) DNS round round is not a good ha solution, from my point of view.
Right. I actually agree with you here, but it's sort of the best way I have available to have two haproxy instances. If one goes down, then only half of the users are screwed while we scramble to correct DNS and get another one up.
> 2.) Hm, and the 8 Servers have the same cookie line, right?! How should
> haproxy decide which server he should use if all server have the
> same cookie line?
>
> If not, please can you send us your haproxy config ;-)
No, they have different cookie lines. Here's the config.


global 
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        maxconn 4096
        chroot /usr/share/haproxy
        uid 99
        gid 99
        daemon

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen  saweb 0.0.0.0:80
        balance roundrobin
        cookie ServerID insert nocache indirect
        appsession JSESSIONID len 12 timeout 10800000
        server  web_1 10.253.27.114:80 cookie web01 check inter 2000 
rise 2 fall 5
        server  web_2 10.253.27.144:80 cookie web02 check inter 2000 
rise 2 fall 5
        server  web_3 10.253.61.222:80 cookie web03 check inter 2000 
rise 2 fall 5
        server  web_4 10.253.26.17:80 cookie web04 check inter 2000 rise 
2 fall 5
        server  web_5 10.253.27.161:80 cookie web05 check inter 2000 
rise 2 fall 5
        server  web_6 10.253.25.157:80 cookie web06 check inter 2000 
rise 2 fall 5
        server  web_7 10.253.26.49:80 cookie web07 check inter 2000 rise 
2 fall 5
        server  web_8 10.253.26.4:80 cookie web08 check inter 2000 rise
2 fall 5

listen sawebssl 0.0.0.0:443 

       mode tcp
       balance roundrobin
       cookie ServerID insert nocache indirect
       appsession JSESSIONID len 12 timeout 10800000
       server  web_1 10.253.27.114:443 cookie web01 check inter 2000 
rise 2 fall 5
       server  web_2 10.253.27.144:443 cookie web02 check inter 2000 
rise 2 fall 5
       server  web_3 10.253.61.222:443 cookie web03 check inter 2000 
rise 2 fall 5
       server  web_4 10.253.26.17:443 cookie web04 check inter 2000 rise 
2 fall 5
       server  web_5 10.253.27.161:443 cookie web05 check inter 2000 
rise 2 fall 5
       server  web_6 10.253.25.157:443 cookie web06 check inter 2000 
rise 2 fall 5
       server  web_7 10.253.26.49:443 cookie web07 check inter 2000 rise 
2 fall 5
       server  web_8 10.253.26.4:443 cookie web08 check inter 2000 rise
2 fall 5

Thanks for helping with this, guys.

Michael Received on 2007/11/17 23:27

This archive was generated by hypermail 2.2.0 : 2007/11/18 00:15 CET