From ae8c3cf779db480c4fa70a8d9c7fcca1dc0a8466 Mon Sep 17 00:00:00 2001
From: Zaiming Shi <zmstone@gmail.com>
Date: Sat, 15 May 2021 21:57:22 +0200
Subject: [PATCH] chore(ci): make use of haproxy mqtt sticky session

---
 .ci/docker-compose-file/haproxy/haproxy.cfg | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/.ci/docker-compose-file/haproxy/haproxy.cfg b/.ci/docker-compose-file/haproxy/haproxy.cfg
index 9e4762f0c..4361ccadb 100644
--- a/.ci/docker-compose-file/haproxy/haproxy.cfg
+++ b/.ci/docker-compose-file/haproxy/haproxy.cfg
@@ -11,6 +11,7 @@ global
     tune.ssl.default-dh-param 2048
     ssl-default-bind-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
     # Enable the HAProxy Runtime API
+    # e.g. echo "show table emqx_tcp_back" | sudo socat stdio tcp4-connect:172.100.239.4:9999
     stats socket :9999 level admin expose-fd listeners
 
 ##----------------------------------------------------------------
@@ -61,6 +62,8 @@ frontend emqx_tcp
    mode tcp
    option tcplog
    bind *:1883
+   # Reject connections that have an invalid MQTT packet
+   # tcp-request content reject unless { req.payload(0,0), mqtt_is_valid }
    default_backend emqx_tcp_back
 
 frontend emqx_ws
@@ -71,7 +74,13 @@ frontend emqx_ws
 
 backend emqx_tcp_back
     mode tcp
-    balance static-rr
+
+    # Create a stick table for session persistence
+    stick-table type string len 32 size 100k expire 30m
+
+    # Use ClientID / client_identifier as persistence key
+    stick on req.payload(0,0),mqtt_field_value(connect,client_identifier)
+
     server emqx-1 node1.emqx.io:1883 check-send-proxy send-proxy-v2
     server emqx-2 node2.emqx.io:1883 check-send-proxy send-proxy-v2
 
@@ -99,7 +108,7 @@ frontend emqx_wss
 backend emqx_ssl_back
     mode tcp
     balance static-rr
-    server emqx-1 node1.emqx.io:1883 check-send-proxy send-proxy-v2-ssl-cn 
+    server emqx-1 node1.emqx.io:1883 check-send-proxy send-proxy-v2-ssl-cn
     server emqx-2 node2.emqx.io:1883 check-send-proxy send-proxy-v2-ssl-cn
 
 backend emqx_wss_back