user2743554

Asked: 2017-12-13 10:08:49 +0800 CST2017-12-13 10:08:49 +0800 CST 2017-12-13 10:08:49 +0800 CST

How to migrate an established HTTPS-session from one server to another?

There are many HTTPS-servers (Nginx or Haproxy or something else?):

single balancer,
and multiple workers.

Is it possible to migrate an established HTTPS session (with HTTP request headers already received) from balancer to worker?

Balancer should completely forget about this session.
Worker should receive the rest of HTTP request body and send HTTP response directly to client over SSL (omitting balancer).

This seems relatively trivial for plain HTTP because it's unencrypted, but seems a bit difficult for HTTPS because session-specific SSL handshake params should be (transparently for client):

Serialized by balancer,
Transferred to worker,
Deserialized by worker,
Applied by worker.

The nearest feature I've found is named "SSL connection mirroring" and is the part of F5 BIG-IP platform. It demonstrates that described problem is practically solvable. But it's (a) proprietary, (b) extremely high-priced and (c) failover-only solution, i.e. HA without LB.

How to migrate an established HTTPS-session from one server to another?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

How to migrate an established HTTPS-session from one server to another?

0 Answers