docker - 在 ha 神器集群前配置 haproxy 负载均衡器

标签 docker artifactory haproxy

我正在尝试在我们的 2 节点 ha Artifactory 集群前面配置一个 haproxy 负载均衡器。我在这里使用页面作为指南:

https://jfrog.com/knowledge-base/how-to-configure-haproxy-with-artifactory/

但这是几年前为更旧版本的 haproxy(我正在运行 2.0.8)编写的,并且很多代码已被弃用。推荐的配置从错误开始。这里是:

# version 1.0
# History
# https://jfrog.com/knowledge-base/how-to-configure-haproxy-with-artifactory/
# —————————————————————————
# Features enabled by this configuration
# HA configuration
# port 80, 443  Artifactory GUI/API
#
# This uses ports to distinguish artifactory docker repositories
# port 443  docker-virtual (v2) docker v1 is redirected to docker-dev-local.
# port 5001 docker-prod-local (v1); docker-prod-local2 (v2)
# port 5002 docker-dev-local (v1); docker-dev-local2 (v2)
#
# Edit this file with required information enclosed in <…>
# 1. certificate and key
# 2. artifactory-host
# 3  replace the port numbers if needed
# —————————————————————————-
global
    log 127.0.0.1   local0
    chroot /var/lib/haproxy
    maxconn 4096
    user haproxy
    group haproxy
    daemon
    tune.ssl.default-dh-param 2048
    stats socket /run/haproxy/admin.sock mode 660 level admin

defaults
    log global
    mode http
    option  httplog
    option  dontlognull
    option  redispatch
    option  forwardfor
    option  http-server-close
    maxconn 4000
    timeout connect 5000
    timeout client 50000
    timeout server 50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

listen stats
  bind *:2016
  mode http
  stats enable
  stats uri /haproxy
  stats hide-version
  stats refresh 5s
  stats realm Haproxy\ Statistics

frontend normal
    bind *:80
    bind *:443 ssl crt /etc/ssl/artifactory/cert.pem
    mode http
    option forwardfor
    reqirep ^([^ :]*) /v2(.*$) 1 /artifactory/api/docker/docker-virtual/v22
    reqadd X-Forwarded-Proto: https if { ssl_fc }
    option forwardfor header X-Real-IP
    default_backend normal

# Artifactory HA Configuration
# Using default failover interval – rise = 2; fall =3 3; interval – 2 seconds
backend normal
    mode http
    balance roundrobin
    option httpchk OPTIONS /
    option httpchk GET /api/system/ping HTTP/1.1\r\nHost:haproxy\r\n
    option forwardfor
    option http-server-close
    appsession JSESSIONID len 52 timeout 3h
    server platform-artifactory-ha-01 172.17.1.71:80 check fall 3 inter 3s rise 2
    server platform-artifactory-ha-02 172.17.1.122:80 check fall 3 inter 3s rise 2

如果我运行 haproxy -f haproxy.cfg -c我得到:
[WARNING] 121/054551 (11113) : parsing [haproxy.cfg:55] : The 'reqirep' directive is deprecated in favor of 'http-request replace-header' and will be removed in next version.
[ALERT] 121/054551 (11113) : parsing [haproxy.cfg:55] : 'reqirep' : Expecting nothing, 'if', or 'unless', got '/v2(.*$)'.
[WARNING] 121/054551 (11113) : parsing [haproxy.cfg:56] : The 'reqadd' directive is deprecated in favor of 'http-request add-header' and will be removed in next version.
[ALERT] 121/054551 (11113) : parsing [haproxy.cfg:56] : 'reqadd' : Expecting nothing, 'if', or 'unless', got 'https'.
[ALERT] 121/054551 (11113) : parsing [haproxy.cfg:68] : 'appsession' is not supported anymore since HAProxy 1.6.
[ALERT] 121/054551 (11113) : Error(s) found in configuration file : haproxy.cfg
[ALERT] 121/054551 (11113) : Fatal errors found in configuration.

通过注释以下第 64 行和第 65 行,我已经能够启动 Artifactory :
    #    reqirep ^([^ :]*) /v2(.*$) 1 /artifactory/api/docker/docker-virtual/v22
    #    reqadd X-Forwarded-Proto: https if { ssl_fc }

并添加:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
替换第 65 行

我还必须注释第 79 行才能让 haproxy 服务正常启动:
   # appsession JSESSIONID len 52 timeout 3h

但是现在它在人们试图将 docker 插入注册表的情况下无法正常工作。

我必须想出编写第 79 行和第 64 行的新方法。但是我在文档中找不到正确的配置指令。

最佳答案

reqirep关键字被吐在几个 http-request指令。
您需要使用 http-request replace-path .

我的建议,未经测试

# reqirep ^([^ :]*) /v2(.*$) 1 /artifactory/api/docker/docker-virtual/v22
http-request replace-path /v2(.*$) /artifactory/api/docker/docker-virtual/v22\1

正如 ALERT 消息所示,appsession 不再是 haproxy 的一部分。

我对粘性 cookies 的建议,未经测试。
backend normal
  mode http
  balance roundrobin
  # this makes no sense option httpchk OPTIONS /
  option httpchk GET /api/system/ping HTTP/1.1\r\nHost:haproxy\r\n
  option forwardfor
  option http-server-close

  stick-table type string len 52 size 2m expire 3h

  #appsession JSESSIONID len 52 timeout 3h
  stick on cookie(JSESSIONID) 

  server platform-artifactory-ha-01 172.17.1.71:80 check fall 3 inter 3s rise 2
  server platform-artifactory-ha-02 172.17.1.122:80 check fall 3 inter 3s rise 2

关于docker - 在 ha 神器集群前配置 haproxy 负载均衡器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61538346/

上一篇:docker - 私有(private) docker 注册表中的自动最新标签

下一篇:python-3.x - 如何从使用DockerOperator执行的容器内部获取日志?

相关文章:

docker - 如何启动MariaDB并保持其运行基于Centos的Docker镜像

gradle 发布未拾取 Artifactory : "Task has not declared any outputs despite executing actions."

tomcat - 负载均衡 Geonetwork Tomcat + HAProxy

haproxy - ubuntu中haproxy的配置?

sockets - docker 运行 Jenkins ,套接字连接超时

python - 如何使用 SQLAlchemy 连接 Windows 10 中 Docker 上的 Postgres 数据库?

docker - 如何在Docker内部运行交互式脚本

docker - Artifactory 专业许可证 - NFS

artifactory - 如何在 Artifactory 中获取特定的属性值

rewrite - 如何使用 HAProxy 将 domain.com 重写为 www.domain.com?

©2024 IT工具网  联系我们