我可以通过身份验证与HAProxy和socket.io进行粘性会话吗? [英] Can I have sticky sessions with HAProxy and socket.io with authentication?
问题描述
我有几个在HAProxy下运行身份验证的socket.io实例,我需要强制将身份验证请求和套接字连接转到同一个实例.我已基于此SO问题的答案设置了HAProxy,并作了如下修改:所以:
I have several instances of socket.io with authentication running under HAProxy and I need to force that the authentication request and the socket connection go to the same instance. I've set up HAProxy based on this answer to a SO question with some modifications as so:
global
maxconn 4096 # Total Max Connections. This is dependent on ulimit
nbproc 2
defaults
mode http
frontend all 0.0.0.0:80
timeout client 86400000
default_backend www_backend
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket hdr_beg(Host) -i ws
use_backend socket_backend if is_websocket
backend www_backend
balance url_param sessionId
option forwardfor # This sets X-Forwarded-For
timeout server 30000
timeout connect 4000
server server1 localhost:8081 weight 1 maxconn 1024 check
server server2 localhost:8082 weight 1 maxconn 1024 check
server server3 localhost:8083 weight 1 maxconn 1024 check
backend socket_backend
balance url_param sessionId
option forwardfor # This sets X-Forwarded-For
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server server1 localhost:8081 weight 1 maxconn 1024 check
server server2 localhost:8082 weight 1 maxconn 1024 check
server server3 localhost:8083 weight 1 maxconn 1024 check
我尝试使用url_param(其中sessionId是在身份验证调用和websocket连接中传递的querystring参数)和source作为平衡选项,但似乎HAProxy似乎仅允许这些选项用于HTTP连接,因此对于它们忽略它们实际的websocket连接.结果是,有时auth请求和套接字连接最终会在不同的服务器中,这对于我们的应用程序是不可接受的.
I've tried url_param (where sessionId is a querystring parameter passed in both the authentication call and the websocket connection) and source as the balance options but it seems as if HAProxy only allows these options for HTTP connections and so ignores them for the actual websocket connection. The result is that sometimes the auth request and the socket connection end up in different servers, which is unacceptable for our application.
是否可以通过某种方式实现所需的行为?
Is there some way to have this desired behavior?
推荐答案
我以这种方式使用基于cookie的平衡:
I use cookie based balancing in this way:
backend socketio
mode http
cookie SIO insert
server sock1 127.0.0.1:8001 cookie 001
server sock2 127.0.0.1:8002 cookie 002
这篇关于我可以通过身份验证与HAProxy和socket.io进行粘性会话吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!