HAproxy 1.5.8如何配置基于Cookie的粘性? [英] HAproxy 1.5.8 How do I configure Cookie based stickiness?

查看:157
本文介绍了HAproxy 1.5.8如何配置基于Cookie的粘性?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们的应用程序需要基于cookie的粘性会话,因此我们想使用HAproxy来平衡IIS服务器场中的传入流量。

Our application requires cookie based sticky sessions, so we want to use HAproxy to balance incoming traffic towards a farm of IIS servers.

我们正在使用以下配置,似乎可以在实验室中正常工作(循环工作正常,并且保留了会话),但是在应用于3k并发用户的生产环境中时失败:

We are using the following config which seems to work on the lab (round-robin working fine and session preserved), but fails when applied in producion with more that 3k concurrent users:

frontend Front_http

frontend Front_http

bind :80
mode http
default_backend backend_http
stats enable
capture cookie ASP.NET_SessionId len 32
maxconn 10000

前端Front_https

frontend Front_https

mode http
default_backend backend_https
bind *:443 ssl crt /etc/haproxy/cert.pem 
capture cookie ASP.NET_SessionId len 32
maxconn 10000

后端backend_http

backend backend_http

 balance roundrobin
 option forwardfor
 stick-table type ip size 20k expire 5m
 appsession ASP.NET_SessionId len 64 timeout 5m request-learn prefix
 server Server_1 192.168.10.81:80 cookie Server_1
 server Server_2 192.168.10.81:80 cookie Server_2
 server Server_3 192.168.10.81:80 cookie Server_3

后端backend_https

backend backend_https

 balance roundrobin
 option forwardfor
 stick-table type ip size 20k expire 5m
 appsession ASP.NET_SessionId len 64 timeout 5m request-learn prefix
 server Server_1 192.168.10.81:80 cookie Server_1 ssl verify none
 server Server_2 192.168.10.81:80 cookie Server_2 ssl verify none
 server Server_3 192.168.10.81:80 cookie Server_3 ssl verify none
 http-request set-header X-Forwarded-Port %[dst_port]
 http-request add-header X-Forwarded-Proto https if { ssl_fc }

从HAProxy 1.5.8文档中,我了解基于cookie的粘性是通过命令 appsession实现的,但我不了解其他命令所扮演的角色,例如捕获 cookie或 stick-table,那么在使用appsession时,它们是否完全必要?谁能帮助我了解它们的工作原理,并建议您是否发现我们的配置有问题。

From the HAProxy 1.5.8 documentation I understand cookie based stickiness is achieved with command "appsession", but I don't understand the role other commands play, like "capture cookie" or "stick-table", are they necessary at all when using appsession? Can anyone help me understand how they work, and advise if you detect anything wrong with our config.

推荐答案

首先,可以您解释什么不起作用或当前配置面临哪些问题?

First of all, could you explain what "does not work" or which problems are you facing with your current configuration?

当前配置中存在一些问题:
-appsession粘性不会抵抗重新加载。这意味着在每次重新加载HAProxy
之后,粘性都会丢失-您可能在SSL后端输入错误,因为您要将SSL流量转发到端口80,该端口与用于清除HTTP的端口相同。

There are a few issues in your current configuration: - appsession stickness does not resist to a reload. It means stickiness is lost after each reload of HAProxy - you may have a typo in your SSL backend, since you're forwarding SSL traffic to port 80, which is the same port you used for clear HTTP.

HAProxy支持多种基于cookie的持久性。

HAProxy allows many ways to do cookie based persistence.


  • cookie插入: HAProxy会自行设置cookie:

  • cookie insertion: HAProxy set up itself a cookie:

backend mybk
  [...]
  cookie SERVERID insert indirect nocache
  [...]
  server s1 10.0.0.1:80 check cookie s1
  server s2 10.0.0.2:80 check cookie s2


  • cookie前缀:HAProxy使用一个现有的cookie(通常是应用程序cookie),并以服务器名称作为其前缀:

  • cookie prefix: HAProxy uses an existing cookie 'usually application one) and prefix its value by the server name:

    backend mybk
  [...]
  cookie ASP.NET_SessionId prefix nocache
  [...]
  server s1 10.0.0.1:80 check cookie s1
  server s2 10.0.0.2:80 check cookie s2


  • stick table:HAProxy学习和使用应用程序在Cookie上,而无需对其进行修改:

  • stick table: HAProxy learn and use the application cookie, without modifying it:

    backend mybk
  [...]
  stick-table type string len 64 size 100k expire 15m
  stick store-response res.cookie(ASP.NET_SessionId)
  stick match req.cookie(ASP.NET_SessionId)
  [...]
  server s1 10.0.0.1:80 check 
  server s2 10.0.0.2:80 check


    • 注意:您应使用peers部分使2个HAProxy之间的数据保持同步,并在重新加载配置时使用
    注意2:expire参数应与您的应用程序cookie超时匹配

    Note: you should use a peers section to keep the data synchronized between 2 HAProxys and when reloading the configuration Note2: the expire parameter should match your application cookie timeout

    最后但并非最不重要的是,HAProxy会在您的日志行中报告有关基于cookie的持久性的标志(理解一个带有cookie关键字的标志)。
    这样,您将知道请求的状态(是否有cookie,是否有效等)以及HAProxy采取的操作(插入新的cookie等)

    Last but not least, HAProxy will report you flags about cookie based persistence (understand the one with the cookie keyword) in your log lines. That way, you'll know the status of the request (was there a cookie, was it valid, etc...) and the action taken by HAProxy (insert a new cookie, etc...)

    您可以在此博客页面上查看有关HAProxy的更多信息:
    http://blog.haproxy.com/2012/03/29/load-balancing-affinity-持久性粘性会话,您需要知道什么/

    You can have a look at this blog page to get more information about HAProxy: http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/

    Baptiste

    这篇关于HAproxy 1.5.8如何配置基于Cookie的粘性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    查看全文
    相关文章
    其他开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆