我可以通过身份验证与HAProxy和socket.io进行粘性会话吗? [英] Can I have sticky sessions with HAProxy and socket.io with authentication?

查看:93
本文介绍了我可以通过身份验证与HAProxy和socket.io进行粘性会话吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有几个在HAProxy下运行身份验证的socket.io实例,我需要强制将身份验证请求和套接字连接转到同一个实例.我已基于此SO问题的答案设置了HAProxy,并作了如下修改:所以:

I have several instances of socket.io with authentication running under HAProxy and I need to force that the authentication request and the socket connection go to the same instance. I've set up HAProxy based on this answer to a SO question with some modifications as so:

global
    maxconn     4096 # Total Max Connections. This is dependent on ulimit
    nbproc      2

defaults
    mode        http

frontend all 0.0.0.0:80
    timeout client 86400000
    default_backend www_backend
    acl is_websocket hdr(Upgrade) -i WebSocket
    acl is_websocket hdr_beg(Host) -i ws

    use_backend socket_backend if is_websocket

backend www_backend
    balance url_param sessionId
    option forwardfor # This sets X-Forwarded-For
    timeout server 30000
    timeout connect 4000
    server server1 localhost:8081 weight 1 maxconn 1024 check
    server server2 localhost:8082 weight 1 maxconn 1024 check
    server server3 localhost:8083 weight 1 maxconn 1024 check

backend socket_backend
    balance url_param sessionId
    option forwardfor # This sets X-Forwarded-For
    timeout queue 5000
    timeout server 86400000
    timeout connect 86400000
    server server1 localhost:8081 weight 1 maxconn 1024 check
    server server2 localhost:8082 weight 1 maxconn 1024 check
    server server3 localhost:8083 weight 1 maxconn 1024 check

我尝试使用url_param(其中sessionId是在身份验证调用和websocket连接中传递的querystring参数)和source作为平衡选项,但似乎HAProxy似乎仅允许这些选项用于HTTP连接,因此对于它们忽略它们实际的websocket连接.结果是,有时auth请求和套接字连接最终会在不同的服务器中,这对于我们的应用程序是不可接受的.

I've tried url_param (where sessionId is a querystring parameter passed in both the authentication call and the websocket connection) and source as the balance options but it seems as if HAProxy only allows these options for HTTP connections and so ignores them for the actual websocket connection. The result is that sometimes the auth request and the socket connection end up in different servers, which is unacceptable for our application.

是否可以通过某种方式实现所需的行为?

Is there some way to have this desired behavior?

推荐答案

我以这种方式使用基于cookie的平衡:

I use cookie based balancing in this way:

backend socketio
    mode http
    cookie SIO insert
    server sock1 127.0.0.1:8001 cookie 001
    server sock2 127.0.0.1:8002 cookie 002

这篇关于我可以通过身份验证与HAProxy和socket.io进行粘性会话吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆