Hi all,
I’m looking for a way to prevent failback when 1 node in my backend goes down.
I have this backend conf with my SSO instances (keycloak)
backend auth_identity
acl acl_auth_identity_pages path_beg /js/ /realms/ /resources/ /robots.txt
acl acl_auth_identity_master_realm path_beg /realms/master
acl acl_auth_identity_check_pages path_reg -i ^\/realms\/.*\/health\/check.*
acl acl_sso_staging_metrics_pages path_reg -i ^\/realms\/.*\/metrics
http-request deny if acl_auth_identity_master_realm
http-request deny if acl_auth_identity_check_pages
http-request deny if acl_sso_staging_metrics_pages
http-request allow if acl_auth_identity_pages
http-request deny
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Real-IP %[src]
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-response set-header X-XSS-Protection "1; mode=block"
mode http
option forwardfor except 127.0.0.1
balance roundrobin
cookie AUTH_SESSION_ID prefix nocache
server auth-1 auth-1:8080 check maxconn 32 cookie auth-1
server auth-2 auth-2:8080 check maxconn 32 cookie auth-2
For example,
auth-1 and auth-2 are on loadbalancing roundrobin
when auth-1 goes down, all traffic is send to auth-2.
But when auth-1 goes back alive, I don’t want send traffic to it. Only a manual action can reactive it.
is it possible to do that please ?
I use HA-Proxy version 2.2.9-2+deb11u3
thanks in advance
1 post - 1 participant