HAProxy with SSL and sticky sessions

ssl haproxy round-robin sticky-sessions

Solution 1:

I would suggest doing all your SSL processing in HAProxy and using the proxy protocol (send-proxy and accept-sslproxy) so client information gets passed from the ssl processor to the frontend+backend. That looks something like:

listen ssl-proxy
    bind 1.2.3.4:443 ssl crt /etc/ssl/mycert.pem npn http/1.1
    mode tcp
    bind-process 2 3 4
    server http 127.0.0.1:80 send-proxy

frontend dev
    #Do whatever you want here since it is http
    mode http
    bind 1.2.3.4:80 name dev
    bind 127.0.0.1:80 accept-proxy name accept-sslproxy
    bind-process 1

    acl is_ssl dst_port 443
    reqadd X-Forwarded-Proto:\ https if is_ssl
    default_backend my_backend

backend my_backend
    mode http
    #Do whatever you want here since it is http

Solution 2:

Sticky sessions are IP-based, so different browsers will still go to the same backend because the source IP address remains the same.

Related

Why is my server using so much memory?
Enable HTTP DELETE requests on Apache server
Kubernetes, Docker and vm.max_map_count
Microsoft Azure Backup - Where are the Logs?
Add a header depending on the proxied response code with apache
Apache Config: RSA server certificate CommonName (CN) ... NOT match server name?
Automatically make user local administrator on their computer through GPO?
Postfix - specify interface to deliver outbound mail on
Run remote command with putty
Apache HSTS exception for some virtual hosts
Running some benchmarks using ab, and tomcat starts to really slow down
Postfix Whitelist before recipient restrictions