Hello!
Anyone has not answered yet for my e-mail its sad ! Is there some kind of haproxy developer mailing list where the development versions are subject of disscussion.
I have configured a Cisco CSS devices and had some experiences about them. Then I thinked that I try HAproxy development versioon that supports stiky SSL and I installed debian 6.0.1 x86_64 into VMware ESXi vitrualmahine and installed HAproxy 1.5-dev6 . After that I tried to create HAproxy configuration
that uses sticky SSL sessions and try to start Haproxy i had following terror message
root#haproxy:# /usr/local/sbin/haproxy -f /etc/haproxy/haproxy.conf
[ALERT] 101/163223 (1993) : Proxy 'https': type of pattern not usable with type of stick-table 'https'.
[ALERT] 101/163223 (1993) : Proxy 'https': type of pattern not usable with type of stick-table 'https'.
[ALERT] 101/163223 (1993) : Fatal errors found in configuration.
and haproxy demon do not start.
If understand correctly I do not need to use tunnel to use SSL sticky sessioon configurations. My SSL sticky sessioon configuration originates
form HAproxy 1.5-dev documention folder file configuration.txt example # Learn SSL session ID from both request and response and create affinity
I would be pleased if any one could explain is it a bug of the HAproxy development version or is it my configuration problem !
Lauri Adamson
AS Andmevara
My haproxy.config content is following :
global
user haproxy
group haproxy
stats socket /tmp/haproxy
daemon
defaults
contimeout 500
clitimeout 500
srvtimeout 500
listen stats :1936
mode http stats enable stats hide-version stats scope . stats realm Haproxy\ Statistics stats uri / stats stats auth Username:Password
listen http 10.1.0.44:80
mode tcp
balance leastconn
maxconn 10000 server web1 10.244.129.1:80 check server web2 10.244.129.2:80 check
listen https 10.1.0.44:443
mode tcp
balance leastconn
maxconn 10000
# maximum SSL session ID length is 32 bytes.
stick-table type binary len 32 size 30k expire 30m
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
# use tcp content accepts to detects ssl client and server
hello.
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
# no timeout on response inspect delay by default.
tcp-response content accept if serverhello
# SSL session ID (SSLID) may be present on a client or server
hello.
# Its length is coded on 1 byte at offset 43 and its value
starts
# at offset 44.
# Match and learn on request if client hello.
stick on payload_lv(43,1) if clienthello
# Learn on response if server hello.
stick store-response payload_lv(43,1) if serverhello
server web1 10.244.129.1:443 check
server web2 10.244.129.2:443 check Received on 2011/05/09 07:41
This archive was generated by hypermail 2.2.0 : 2011/05/09 07:45 CEST