0

我有一个在 HAProxy 负载均衡器后面运行的 Java Web 应用程序,一些用户遇到身份验证错误,或者在连接时显示无效/用户密码错误,但在隐身模式下一切正常。这看起来像是一个粘性会话问题。以下是我的 haproxy 配置,感谢任何解决此问题的建议。

  global
    log stdout format raw local0 info
    pidfile /run/haproxy.pid
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3
    tune.ssl.default-dh-param 2048

defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 60000
    timeout client  50000
    timeout server  50000

listen stats
    bind *:1936
    stats enable
    stats uri /
    stats hide-version
    stats auth xxx:xxx

frontend http-frontend
    bind *:80
    bind *:443 ssl crt /server.pem
    redirect scheme https if !{ ssl_fc }
    mode http
    default_backend http-backend

resolvers localdns
    parse-resolv-conf
    hold valid 5s

backend http-backend
    mode http
    balance roundrobin
    default-server inter 2s fastinter 2s downinter 2s fall 3 rise 2
    cookie JSESSIONID prefix

    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    dynamic-cookie-key MYKEY
    cookie SRVID insert dynamic
    default-server resolvers localdns
    option httpchk HEAD /ha/health HTTP/1.0
    server-template webapp1 1 ${BACKEND_1} check fall 3 rise 2
    server-template webapp2 1 ${BACKEND_2} check fall 3 rise 2
4

0 回答 0