Synopsis

Your application uses both HTTP and HTTPS, depending on the pages.
SSL encryption is achieved by your backend server directly.
You want your user to get connected to the same backend for both protocols.

Configuration

This configuration has to be applied on Layer7 (haproxy) tab of the Aloha.

Whatever protocol used on first request, your client IP will be associated to a backend and inserted in a sticky table.
[sourcecode language=”text”]
global
stats socket ./haproxy.stats level admin

frontend ft_http
bind :80
mode http
default_backend bk_http

frontend ft_https
bind :443
mode tcp
default_backend bk_https

backend bk_http
mode http
balance roundrobin
stick on src table bk_https
default-server inter 1s
server s1 192.168.1.1:80 check id 1
server s2 192.168.1.2:80 check id 2

backend bk_https
mode tcp
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
default-server inter 1s
server s1 192.168.1.1:443 check id 1
server s2 192.168.1.2:443 check id 2
[/sourcecode]

Result:

echo "show table https" | socat unix-connect:./haproxy.stat stdio
# table: https, type: ip, size:204800, used:2
0x1fea474: key=192.168.1.250 use=0 exp=1764443 server_id=1
0x2014a24: key=192.168.1.251 use=0 exp=1798278 server_id=2

Links