我在 VirtualBox VM (Boot2docker) 中使用 Haproxy 1.5.14,其中它加载的 Assets 间歇性地显示 503,没有任何真正的韵律或原因,尤其是在集群启动时。
集群看起来像这样,1 个前端带有端口 80 和 443 到 2 个后端分别为静态资源和 websocket 内容提供服务。
代理
例如,前端服务的静态 Assets 可能是
https://local.dev.myproject.com/assets/images/back.png
尽管前端服务器已启动,但没有任何变化,点击刷新并查看 chrome 调试器,我会看到许多状态 503 或 OK 200 304,但这不是确定性的。对于任何 Assets ,它可以从 503 到 OK 再回到 503。当直接连接到网络服务器时, Assets 返回正常,因此似乎与 haproxy 有关。
我能想到的最好结果是健康检查工作不正常,FE/BE 服务器被暂时从 haproxy 的内部名册中删除,但这没有意义,它每半秒检查一次,我可以看到调用 haproxy 是发送由 FE/BE 终端输出窗口返回,按预期每半秒一次。
如果我查看 haproxy 统计报告,我可以看到服务器周期性地来来去去,闪烁,尽管在终端窗口中 haproxy 仍在无间隙地调用健康检查并且服务器按预期返回它们。
附件是我正在使用的当前 haproxy 配置,任何帮助表示赞赏。
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
#log 127.0.0.1 local2
# log /lnl_zoom_shared/log local0
# log /lnl_zoom_shared/log local1 notice
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# SSL
#ca-base /etc/ssl
#crt-base /etc/ssl
ca-base /myproject_shared/SECURITY/local.dev.myproject.com/
crt-base /myproject_shared/SECURITY/local.dev.myproject.com/
tune.ssl.default-dh-param 1024
# turn on stats unix socket
#stats socket /var/lib/haproxy/stats
# Exposes the stat socket so we can manage the proxy through node.js
stats socket /tmp/haproxy.sock level admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option http-server-close
option http-pretend-keepalive
option dontlognull
option redispatch
option contstats
option forwardfor except 127.0.0.0/8
retries 3
backlog 10000
timeout client 25s
timeout connect 10s
timeout server 25s
#long timeoutfor websocket connections
timeout tunnel 3600s
timeout http-keep-alive 1s
timeout http-request 15s
timeout queue 30s
timeout tarpit 60s
default-server inter 3s rise 2 fall 3
#timeout check 10s
maxconn 256
#---------------------------------------------------------------------
# Haproxy's internal stats on the servers below: password protected
#---------------------------------------------------------------------
stats enable
stats auth admin:myadminpassword
stats uri /haproxy
stats refresh 5s
#---------------------------------------------------------------------
#
#---------------------------------------------------------------------
frontend public
# HTTP
bind *:80
# Redirect all HTTP traffic to HTTPS
redirect scheme https if !{ ssl_fc }
# HTTPS
# Example with CA certificate bundle
# bind :443 ssl crt cert.pem ca-file bundle.crt
# Example without CA certification bunch
bind *:443 ssl crt /myproject_shared/SECURITY/local.dev.myproject.com/local.dev.myproject.com.pem
acl url_static_BE path_beg -i /BE /primus
use_backend BE if url_static_BE
# FRONT END (aka FE) STATIC ASSETS SERVER
# if path is a static asset, assume the front end server to handle it
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js .html .ico
use_backend FE if url_static
# GIT HOOKS for UPDATE on the git repo changes
acl url_githook path_beg -i /gitupdate
use_backend HACNTL if url_githook
#BACK END (aka BE)
default_backend BE
#---------------------------------------------------------------------
# controller for haproxy
#---------------------------------------------------------------------
backend HACNTL
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server SELF 127.0.0.1:3300
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend FE
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk GET /haproxy/getstatus
option httpchk HEAD /
balance roundrobin
#server FE1 11.22.33.44:8000 maxconn 256
server FE_172.17.0.2 172.17.0.2:8000 maxconn 256 check inter 500ms
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend BE
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
#http-request set-header X-Custom-Header %[url]
#http-request set-header Connection upgrade
#http-request set-header Upgrade websocket
option httpchk GET /haproxy/getstatus
cookie SRVNAME insert nocache
balance roundrobin
server BE_172.17.0.3 172.17.0.3:8888 maxconn 256 cookie BE_172.17.0.3 check inter 500ms
最佳答案
虽然不是绝对的修复,但允许每个服务器一次启动一个已经解决了现在的问题。基本上在 docker run 命令之间添加 sleep
关于docker - Haproxy 和间歇性 503 问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31777114/