我有一个在 HAProxy 负载均衡器后面运行的 Java Web 应用程序,一些用户遇到身份验证错误,或者在连接时显示无效/用户密码错误,但在隐身模式下一切正常。这看起来像是一个粘性会话问题。以下是我的 haproxy 配置,感谢任何解决此问题的建议。
global
log stdout format raw local0 info
pidfile /run/haproxy.pid
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 60000
timeout client 50000
timeout server 50000
listen stats
bind *:1936
stats enable
stats uri /
stats hide-version
stats auth xxx:xxx
frontend http-frontend
bind *:80
bind *:443 ssl crt /server.pem
redirect scheme https if !{ ssl_fc }
mode http
default_backend http-backend
resolvers localdns
parse-resolv-conf
hold valid 5s
backend http-backend
mode http
balance roundrobin
default-server inter 2s fastinter 2s downinter 2s fall 3 rise 2
cookie JSESSIONID prefix
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
dynamic-cookie-key MYKEY
cookie SRVID insert dynamic
default-server resolvers localdns
option httpchk HEAD /ha/health HTTP/1.0
server-template webapp1 1 ${BACKEND_1} check fall 3 rise 2
server-template webapp2 1 ${BACKEND_2} check fall 3 rise 2