Haproxy & iOS

I’ve followed John Joyce guide http://john-joyce.com/xojo-and-load-balancing-with-haproxy/ to setup Haproxy to load balance a Xojo Web App, during testing what I’ve found is it works successfully if using a PC but if I try it on a iPhone or iPad it doesn’t route the requests through to the same node causing a real mess.

Anyone have any ideas what might be causing this, here is a copy of the log showing the request from an iPhone, I’ve not tried it on a Android device.

The web app is loaded into an iFrame now if I load the page directly everything works fine it’s only a issue on iOS when using an iFrame which I don’t have a option not to.

Mar 25 19:05:44 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15689 [25/Mar/2015:19:05:44.184] http-in scb/node1 20/0/0/53/73 200 3377 - - --NI 3/3/2/3/0 0/0 "GET / HTTP/1.1" Mar 25 19:05:44 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15689 [25/Mar/2015:19:05:44.258] http-in scb/node2 196/0/0/17/213 404 451 - - --NI 3/3/2/1/0 0/0 "GET /AD0107AC99A0FC252C422E34796491A0/styles.css HTTP/1.1" Mar 25 19:05:44 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15690 [25/Mar/2015:19:05:44.574] http-in scb/node1 10/0/0/39/49 304 205 - - --NI 5/5/3/3/0 0/0 "GET /framework/pagestop.png HTTP/1.1" Mar 25 19:05:44 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15691 [25/Mar/2015:19:05:44.574] http-in scb/node2 20/0/0/32/52 304 205 - - --NI 5/5/2/1/0 0/0 "GET /framework/framework.js HTTP/1.1" Mar 25 19:05:45 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15689 [25/Mar/2015:19:05:44.472] http-in scb/node1 824/0/0/29/853 200 7582 - - --NI 5/5/4/4/0 0/0 "GET /framework/appicon128.png HTTP/1.1" Mar 25 19:05:45 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15691 [25/Mar/2015:19:05:44.626] http-in scb/node2 678/0/0/54/732 304 205 - - --NI 5/5/3/1/0 0/0 "GET /framework/pointer.png HTTP/1.1" Mar 25 19:05:45 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15690 [25/Mar/2015:19:05:44.624] http-in scb/node1 681/0/0/54/735 304 205 - - --NI 5/5/2/3/0 0/0 "GET /framework/dimmer.png HTTP/1.1" Mar 25 19:05:45 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15692 [25/Mar/2015:19:05:45.384] http-in scb/node2 11/0/0/25/36 404 476 - - --NI 6/6/2/1/0 0/0 "POST /AD0107AC99A0FC252C422E34796491A0/comm/event/Event.OrientationChanged HTTP/1.1" Mar 25 19:05:45 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15690 [25/Mar/2015:19:05:45.359] http-in scb/node2 136/0/0/53/189 404 457 - - --NI 6/6/3/1/0 0/0 "GET /AD0107AC99A0FC252C422E34796491A0/comm/serverevent HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15689 [25/Mar/2015:19:05:45.324] http-in scb/node1 140/0/0/437/871 200 75393 - - --NI 6/6/2/3/0 0/0 "POST /AD0107AC99A0FC252C422E34796491A0/comm/event/Event.Open HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15690 [25/Mar/2015:19:05:45.548] http-in scb/node2 887/0/0/32/919 404 462 - - --NI 6/6/4/1/0 0/0 "GET /_files/7489-9435-7427-6655-3311/HoldingBoardSSLogo.png HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15691 [25/Mar/2015:19:05:45.358] http-in scb/node1 1095/0/0/26/1121 200 3524 - - --NI 6/6/3/4/0 0/0 "GET /AD0107AC99A0FC252C422E34796491A0/files/6983-9108-0319-3363-3473/source.html HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15692 [25/Mar/2015:19:05:45.420] http-in scb/node2 1074/0/0/26/1100 404 466 - - --NI 6/6/3/1/0 0/0 "POST /AD0107AC99A0FC252C422E34796491A0/comm/event/VRaYl9ON.shown HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15694 [25/Mar/2015:19:05:46.663] http-in scb/node1 11/0/0/32/43 200 154 - - --NI 8/8/4/4/0 0/0 "POST /AD0107AC99A0FC252C422E34796491A0/comm/event/AmBwaWaT.shown HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15695 [25/Mar/2015:19:05:46.683] http-in scb/node2 21/0/0/21/42 404 466 - - --NI 8/8/3/1/0 0/0 "POST /AD0107AC99A0FC252C422E34796491A0/comm/event/KQkb1GkM.Shown HTTP/1.1" Mar 25 19:05:46 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15689 [25/Mar/2015:19:05:46.194] http-in scb/node1 230/0/0/41/569 200 326900 - - --NI 8/8/2/3/0 0/0 "GET /_files/8990-8980-8619-3156-2518/Background.png HTTP/1.1" Mar 25 19:05:47 localhost haproxy[3618]: xxx.xxx.xxx.xxx:15690 [25/Mar/2015:19:05:46.466] http-in scb/node1 549/0/0/38/587 200 154 - - --NI 8/8/2/3/0 0/0 "POST /AD0107AC99A0FC252C422E34796491A0/comm/event/Event.Resized HTTP/1.1"

This is how it should look.

Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:46595 [25/Mar/2015:19:16:23.362] http-in scb/node1 0/0/0/36/36 200 3398 - - --VN 7/7/3/4/0 0/0 "GET / HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:46595 [25/Mar/2015:19:16:23.399] http-in scb/node1 85/0/0/40/125 200 14190 - - --VN 8/8/4/5/0 0/0 "GET /F8761A402481A0EFB8827B56975527DD/styles.css HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:39174 [25/Mar/2015:19:16:23.521] http-in scb/node1 0/0/0/37/37 304 205 - - --VN 8/8/3/4/0 0/0 "GET /framework/framework.js HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:39174 [25/Mar/2015:19:16:23.559] http-in scb/node1 53/0/0/29/82 304 205 - - --VN 8/8/4/5/0 0/0 "GET /framework/dimmer.png HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:46595 [25/Mar/2015:19:16:23.524] http-in scb/node1 87/0/0/58/145 304 205 - - --VN 10/10/5/6/0 0/0 "GET /framework/pagestop.png HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:47010 [25/Mar/2015:19:16:23.653] http-in scb/node1 0/0/0/59/59 304 205 - - --VN 10/10/4/5/0 0/0 "GET /framework/loadprogress.png HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:49018 [25/Mar/2015:19:16:23.659] http-in scb/node1 0/0/0/53/53 304 205 - - --VN 10/10/3/4/0 0/0 "GET /framework/appicon128.png HTTP/1.1" Mar 25 19:16:23 localhost haproxy[3618]: xxx.xxx.xxx.xxx:46595 [25/Mar/2015:19:16:23.670] http-in scb/node1 165/0/0/45/210 304 205 - - --VN 10/10/3/4/0 0/0 "GET /framework/pointer.png HTTP/1.1" Mar 25 19:16:24 localhost haproxy[3618]: xxx.xxx.xxx.xxx:46595 [25/Mar/2015:19:16:23.880] http-in scb/node1 166/0/0/440/651 200 75379 - - --VN 9/9/4/5/0 0/0 "POST /F8761A402481A0EFB8827B56975527DD/comm/event/Event.Open HTTP/1.1" Mar 25 19:16:24 localhost haproxy[3618]: xxx.xxx.xxx.xxx:46595 [25/Mar/2015:19:16:24.530] http-in scb/node1 117/0/0/36/153 200 3524 - - --VN 7/7/6/7/0 0/0 "GET /F8761A402481A0EFB8827B56975527DD/files/3788-2515-8304-8084-5841/source.html HTTP/1.1" Mar 25 19:16:24 localhost haproxy[3618]: xxx.xxx.xxx.xxx:47010 [25/Mar/2015:19:16:23.712] http-in scb/node1 936/0/0/37/973 200 154 - - --VN 7/7/5/6/0 0/0 "POST /F8761A402481A0EFB8827B56975527DD/comm/event/WHyEGeAU.shown HTTP/1.1" Mar 25 19:16:24 localhost haproxy[3618]: xxx.xxx.xxx.xxx:49018 [25/Mar/2015:19:16:23.712] http-in scb/node1 936/0/0/44/980 200 154 - - --VN 7/7/4/5/0 0/0 "POST /F8761A402481A0EFB8827B56975527DD/comm/event/K5pi8l92.shown HTTP/1.1" Mar 25 19:16:24 localhost haproxy[3618]: xxx.xxx.xxx.xxx:45856 [25/Mar/2015:19:16:24.693] http-in scb/node1 0/0/0/31/31 200 450 - - --VN 8/8/4/5/0 0/0 "POST /F8761A402481A0EFB8827B56975527DD/comm/event/O75QhTZF.Shown HTTP/1.1"

Below is my Config

[code]#---------------------------------------------------------------------

Global settings

#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the ‘-r’ option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------

common defaults that all the ‘listen’ and ‘backend’ sections will

use if not designated in their block

#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 5s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 2000

#---------------------------------------------------------------------

main frontend which proxys to the backends

#---------------------------------------------------------------------
frontend http-in
bind 192.168.9.1:8190

    acl is_myapp1 hdr_end(host) -i myapp.domain.com

    use_backend scb if is_myapp1
    default_backend scb

#---------------------------------------------------------------------

round robin balancing between the various backends

#---------------------------------------------------------------------
backend scb
option httpchk OPTIONS /
option forwardfor
option http-server-close
cookie serverid insert indirect nocache
server node1 127.0.0.1:8081 check cookie node1
server node2 127.0.0.1:8082 check cookie node2[/code]

What is your setting in iOS under Settings > Safari > Block Cookies?

Allow from Websites I Visit

Are the iframe and the webpage that loads it both on the same domain - or on different domains?

different domain

I’m just changing it to sub domain of the same domain now to see what happens.

My guess is that the site that loads the iFrame and the iFrame are on different domains. If that is the case then you are running into a 3rd party cookie situation which is blocked as a security feature by default in Safari. This would be a problem even for the sessionID cookie that xojo uses. one workaround would be to first send the user directly to a url in your app that sets a sessionID and serverID cookie, then redirects the user to the page that serves the iframe (the cookies should persist, although I have not tried this myself). Let me know if this makes any sense to you.

J

That might help - also, as a test, set safari to accept all cookies, try it again and let me know what happens.

All Cookies worked, so changed it back to the default (Allow from Websites I Visit)

I now have the iframe on www.domain.com and the app on app.domain.com:20000 and it all seems to be working okay now, tried it on the iOS Simulator after I cleared cookies and cache etc.

The 3rd party cookie situation didn’t click until you pointed out that option in iOS.

Great!