我有一个非常具体的业务需求,需要嵌入式设备在一组自定义后端服务器前发出初始 HTTP 请求并通过 HA 代理接收 HTTP 响应。然后,在它通过 HA 代理建立的同一个套接字上,在套接字的剩余生命周期(通常会持续几天)内通过自定义 TCP 协议(protocol)进行通信。
我最初的想法是 http-tunnel HA 代理上的选项将非常适合此,即使它已被弃用。具体来说,它指出:
Option "http-tunnel" disables any HTTP processing past the first request and
the first response. This is the mode which was used by default in versions
1.0 to 1.5-dev21. It is the mode with the lowest processing overhead, which
is normally not needed anymore unless in very specific cases such as when
using an in-house protocol that looks like HTTP but is not compatible, or
just to log one request per client in order to reduce log size. Note that
everything which works at the HTTP level, including header parsing/addition,
cookie processing or content switching will only work for the first request
and will be ignored after the first response.
frontend _front_http
mode http
bind :80
option httplog
option http-tunnel
use_backend default_sleep-server_8080
default_backend _error404
backend default_sleep-server_8080
mode http
option forwardfor
option http-tunnel
http-response set-header Strict-Transport-Security "max-age=15768000"
server srv001 10.244.0.80:8080 weight 1 check inter 2s
server srv002 10.244.0.81:8080 weight 1 check inter 2s
server srv003 10.244.0.82:8080 weight 1 check inter 2s
defaults
log global
maxconn 2000
option redispatch
option dontlognull
option http-server-close
option http-keep-alive
timeout client 50s
timeout client-fin 50s
timeout connect 5s
timeout http-keep-alive 1m
timeout http-request 5s
timeout queue 5s
timeout server 50s
timeout server-fin 50s
timeout tunnel 1h
no option http-server-close
http-tunnel为前端或后端打开。我尝试过的任何方法都遇到了同样的问题。初始 HTTP 请求/响应按预期工作(即,命中 HA 代理前端,被转发到后端,后端制作一个响应,该响应被发送到客户端,套接字保持打开状态)。但是,对于我的客户端在现有套接字上发送的后续数据包,这些数据包直接发送到 HTTP 服务器,但永远不会转发到后端服务器。我已经使用 TCP Dump 验证了这一点——我看到的只是 TCP 数据包到达前端端口,从来没有任何响应发送回客户端或将这些数据包转发到其他地方。
我的 http-tunnel 设置有问题吗?还是我在这里使用了完全错误的选项?我知道可能还有其他工具可以更好地实现这一点,但对于特定领域的目的,能够使用 HA 代理会很棒。
最佳答案
从文档链接
Warning : Because it cannot work in HTTP/2, this option is deprecated and it
is only supported on legacy HTTP frontends. In HTX, it is ignored and a
warning is emitted during HAProxy startup.
no option http-use-htx在前端。正如上面提到的那样,不推荐使用此选项,这意味着 2.1 及更高版本不存在此选项,AFAIK。
关于sockets - 如何在 HA 代理中使用 http-tunnel 在同一套接字上支持 HTTP 然后 TCP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62849833/