我正在尝试在我们的 2 节点 ha Artifactory 集群前面配置一个 haproxy 负载均衡器。我在这里使用页面作为指南:
https://jfrog.com/knowledge-base/how-to-configure-haproxy-with-artifactory/
但这是几年前为更旧版本的 haproxy(我正在运行 2.0.8)编写的,并且很多代码已被弃用。推荐的配置从错误开始。这里是:
# version 1.0
# History
# https://jfrog.com/knowledge-base/how-to-configure-haproxy-with-artifactory/
# —————————————————————————
# Features enabled by this configuration
# HA configuration
# port 80, 443 Artifactory GUI/API
#
# This uses ports to distinguish artifactory docker repositories
# port 443 docker-virtual (v2) docker v1 is redirected to docker-dev-local.
# port 5001 docker-prod-local (v1); docker-prod-local2 (v2)
# port 5002 docker-dev-local (v1); docker-dev-local2 (v2)
#
# Edit this file with required information enclosed in <…>
# 1. certificate and key
# 2. artifactory-host
# 3 replace the port numbers if needed
# —————————————————————————-
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
maxconn 4096
user haproxy
group haproxy
daemon
tune.ssl.default-dh-param 2048
stats socket /run/haproxy/admin.sock mode 660 level admin
defaults
log global
mode http
option httplog
option dontlognull
option redispatch
option forwardfor
option http-server-close
maxconn 4000
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats
bind *:2016
mode http
stats enable
stats uri /haproxy
stats hide-version
stats refresh 5s
stats realm Haproxy\ Statistics
frontend normal
bind *:80
bind *:443 ssl crt /etc/ssl/artifactory/cert.pem
mode http
option forwardfor
reqirep ^([^ :]*) /v2(.*$) 1 /artifactory/api/docker/docker-virtual/v22
reqadd X-Forwarded-Proto: https if { ssl_fc }
option forwardfor header X-Real-IP
default_backend normal
# Artifactory HA Configuration
# Using default failover interval – rise = 2; fall =3 3; interval – 2 seconds
backend normal
mode http
balance roundrobin
option httpchk OPTIONS /
option httpchk GET /api/system/ping HTTP/1.1\r\nHost:haproxy\r\n
option forwardfor
option http-server-close
appsession JSESSIONID len 52 timeout 3h
server platform-artifactory-ha-01 172.17.1.71:80 check fall 3 inter 3s rise 2
server platform-artifactory-ha-02 172.17.1.122:80 check fall 3 inter 3s rise 2
如果我运行
haproxy -f haproxy.cfg -c
我得到:[WARNING] 121/054551 (11113) : parsing [haproxy.cfg:55] : The 'reqirep' directive is deprecated in favor of 'http-request replace-header' and will be removed in next version.
[ALERT] 121/054551 (11113) : parsing [haproxy.cfg:55] : 'reqirep' : Expecting nothing, 'if', or 'unless', got '/v2(.*$)'.
[WARNING] 121/054551 (11113) : parsing [haproxy.cfg:56] : The 'reqadd' directive is deprecated in favor of 'http-request add-header' and will be removed in next version.
[ALERT] 121/054551 (11113) : parsing [haproxy.cfg:56] : 'reqadd' : Expecting nothing, 'if', or 'unless', got 'https'.
[ALERT] 121/054551 (11113) : parsing [haproxy.cfg:68] : 'appsession' is not supported anymore since HAProxy 1.6.
[ALERT] 121/054551 (11113) : Error(s) found in configuration file : haproxy.cfg
[ALERT] 121/054551 (11113) : Fatal errors found in configuration.
通过注释以下第 64 行和第 65 行,我已经能够启动 Artifactory :
# reqirep ^([^ :]*) /v2(.*$) 1 /artifactory/api/docker/docker-virtual/v22
# reqadd X-Forwarded-Proto: https if { ssl_fc }
并添加:
http-request set-header X-Forwarded-Proto https if { ssl_fc }
替换第 65 行
我还必须注释第 79 行才能让 haproxy 服务正常启动:
# appsession JSESSIONID len 52 timeout 3h
但是现在它在人们试图将 docker 插入注册表的情况下无法正常工作。
我必须想出编写第 79 行和第 64 行的新方法。但是我在文档中找不到正确的配置指令。
最佳答案
reqirep
关键字被吐在几个 http-request
指令。
您需要使用 http-request replace-path
.
我的建议,未经测试
# reqirep ^([^ :]*) /v2(.*$) 1 /artifactory/api/docker/docker-virtual/v22
http-request replace-path /v2(.*$) /artifactory/api/docker/docker-virtual/v22\1
正如 ALERT 消息所示,appsession 不再是 haproxy 的一部分。
我对粘性 cookies 的建议,未经测试。
backend normal
mode http
balance roundrobin
# this makes no sense option httpchk OPTIONS /
option httpchk GET /api/system/ping HTTP/1.1\r\nHost:haproxy\r\n
option forwardfor
option http-server-close
stick-table type string len 52 size 2m expire 3h
#appsession JSESSIONID len 52 timeout 3h
stick on cookie(JSESSIONID)
server platform-artifactory-ha-01 172.17.1.71:80 check fall 3 inter 3s rise 2
server platform-artifactory-ha-02 172.17.1.122:80 check fall 3 inter 3s rise 2
关于docker - 在 ha 神器集群前配置 haproxy 负载均衡器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61538346/