Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Help with load balancer session configuration |
|
Author |
|
apachenewbie98
Joined: 04 Dec 2019 Posts: 2
|
Posted: Thu 05 Dec '19 12:25 Post subject: Help with load balancer session configuration |
|
|
Hello, i've been trying to set up a load-balancer in apache.
I am in a local network, and I have three PCs, one that I want to set up as a reverse proxy and two that are set up as nodes. All of them run Apache 2.4, windows 10 and php 7.3.6, and both of the nodes have their own copy of my PHP website and their own DB (both DBs replicate each other instantly, so the data is shared – also both nodes can be used stand-alone and reached by using their hostname or IP address)
As for the load balancer, it is up and running, but it does not work: the site is served and it switches in between nodes based on the load, but it does not create a session correctly, thus not allowing even to log-in into the site.
If the site is accessed through the load balancer and not directly thru typing one of the nodes’s name (because otherwise it works) it does not create a session correctly.
It seems that the load balancer cannot create a proper PHPSESSID session cookie - and only when two or more nodes are present, because if only one node remains because the other one is unavailable, the load balancer works and the session is created correctly.
And I think that a session cookie *does* get created – albeit incorrectly.
(I supposed that since the new user page is programmed to redirect to the index page in case it detects a logged user.. and the index page is programmed to boot a user back to the login page if it detects invalid permissions in the session cookie.
I have tried to mess with the Apache httpd.conf file in order to fix this, but to no avail; and as for the practical things I tried (I do not guarantee that they were applied correctly, since I am very much a novice in this field). For all of these tested I disabled every access control (i.e. anyone can access the proxy):
1) I tried to use ProxyPass with the stickysession attribute, as described in this link: https://serverfault.com/questions/949169/apache2-loadbalancer-with-sticky-session-only-sticky-for-get-not-post
2) I tried to use the ProxyPassReverseCookiePath and ProxyPassReverseCookieDomain directives, as described in this link: https://stackoverflow.com/questions/8676890/apache-proxypass-and-sessions
This is how the relevant .conf part looks like (I have commented all of the directives that I tried but did not work):
Code: |
ProxyRequests Off
#Header add Set-Cookie " PHPSESSID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy *>
#here there would be IP filtering, which I removed altogether for ease
</Proxy>
<Proxy balancer://myset>
BalancerMember "http://192.168.3.202:80" route=route1
BalancerMember "http://192.168.3.203:85" route=route2
ProxySet lbmethod=byrequests
#ProxySet stickysession= PHPSESSID
</Proxy>
ProxyPass /balancer-manager !
ProxyPass "/" "balancer://myset/"
ProxyPassReverse "/" "balancer://myset/"
#ProxyPassReverseCookiePath "balancer://myset/" "/"
#ProxyPassReverseCookieDomain "balancer://myset/" localhost
#ProxyPassReverseCookieDomain "balancer://myset/" "/”
|
Anyone has any idea on why the load balancer does not correctly create sessions? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
Posted: Wed 11 Dec '19 12:16 Post subject: |
|
|
On the ProxyPass set the sticky session
Code: |
ProxyPass "/" "balancer://myset/" stickysession=PHPSESSID nofailover=On |
See https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
The session cookie is not created by Apache, but in your case PHP has to create it.
Make sure session.name (php.ini) is the name as the stickysession in the apache config file.
if your PHP code does not create a session you might change session.auto_start = 0 to 1 (php.ini) |
|
Back to top |
|
apachenewbie98
Joined: 04 Dec 2019 Posts: 2
|
Posted: Thu 12 Dec '19 17:01 Post subject: |
|
|
Hello!
And, yes my website does create a session cookie; pretty much all of the functionality of the website depends on some variables that i store into the $_SESSION cookie itself - including the authorizations to get into the site (when i try to use the site without passing thru my load balancer -access to nodes and load balancer is unrestricted atm- everything works as intended).
And, yes, PHPSESSID it's the name i have in the .ini file, and i have auto start to 0 because i manually start the session each time with session_start().
And it works fine when there is only one node active in the balancer.. it's just that when there is more than one node active (i have two atm) it doesn't work for some reason.
Said cookies are created node-side tho, maybe that is a clue? |
|
Back to top |
|
|
|
|
|
|