We’ve been using Willy Tarreau’s HAProxy to load balance our internal web apps, Intranet, CRM etc for a couple of years now, its rock solid. Recently in an attempt to make better use of hardware we decided to move our internal WSS (Windows SharePoint Services) sites onto the webfarm aswell.
I installed WSS on each server in the farm, I hooked up the new SharePoint sites instances to the existing SQL backend database. When pointing IE directly at the sites running on each server I was able to access them ok, but when going via HAProxy no content was returned.
Turned out this was due to Sharepoint using NTLM to authenticate users, pretty usefull here as it allows people using Internet Explorer to access the sites without having to login again.
Previously in our HAProxy config we had “option httpclose” set in the default section, this ensured every request was rewritten and the sticky cookie added, a side effect of this was that it broke HTTP Keep-Alive’s that are needed for NTLM.
To get around this I moved the httpclose statement out of the default section and added to all the backends except the SharePoint one. Here’s a simplified version of our config now:
global
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 777
defaults
mode http
option forwardfor
log 127.0.0.1 local0 notice
timeout connect 9000
timeout client 150000
timeout server 60000
backend sharepoint
balance roundrobin
option redispatch
cookie SERVERID insert nocache
server farmsvr1 192.168.0.1 cookie wf1 weight 30 check
server farmsvr2 192.168.0.2 cookie wf2 weight 30 check
server farmsvr3 192.168.0.3 cookie wf3 weight 30 check
backend othersites
balance roundrobin
option redispatch
option httpclose
cookie SERVERID insert nocache
server farmsvr1 192.168.0.1 cookie wf1 weight 30 check
server farmsvr2 192.168.0.2 cookie wf2 weight 30 check
server farmsvr3 192.168.0.3 cookie wf3 weight 30 check
frontend httpid
bind :80
acl hosts_sharepoint hdr_end(host) -i it-sharepoint.local
acl hosts_sharepoint hdr_end(host) -i it-sharepoint.local:80
acl hosts_sharepoint hdr_end(host) -i hr-sharepoint.local
acl hosts_sharepoint hdr_end(host) -i hr-sharepoint.local:80
acl hosts_other hdr_end(host) -i crm.local
acl hosts_other hdr_end(host) -i crm.local:80
acl hosts_other hdr_end(host) -i intranet.local
acl hosts_other hdr_end(host) -i intranet.local:80
use backend sharepoint if hosts_sharepoint
use backend othersites if hosts_other
