Synopsis

Your application uses both HTTP and HTTPS, depending on the pages.
SSL encryption is achieved by your backend server directly.
You want your user to get connected to the same backend for both protocols.

Configuration

This configuration has to be applied on Layer7 (haproxy) tab of the ALOHA.

Whatever protocol used on first request, your client IP will be associated to a backend and inserted in a sticky table.

global
  stats socket ./haproxy.stats level admin

frontend ft_http
  bind :80
  mode http
  default_backend bk_http

frontend ft_https
  bind :443
  mode tcp
  default_backend bk_https

backend bk_http
  mode http
  balance roundrobin
  stick on src table bk_https
  default-server inter 1s
  server s1 192.168.1.1:80 check id 1
  server s2 192.168.1.2:80 check id 2

backend bk_https
  mode tcp
  balance roundrobin
  stick-table type ip size 200k expire 30m
  stick on src
  default-server inter 1s
  server s1 192.168.1.1:443 check id 1
  server s2 192.168.1.2:443 check id 2

Result:

echo "show table https" | socat unix-connect:./haproxy.stat stdio
# table: https, type: ip, size:204800, used:2
0x1fea474: key=192.168.1.250 use=0 exp=1764443 server_id=1
0x2014a24: key=192.168.1.251 use=0 exp=1798278 server_id=2

Links

SHARE THIS ARTICLE