我正在运行HAproxy 1.8并尝试使用棒表跟踪一般计数器,但每次被ACL调用它都不会返回true。
我的期望是;一旦计数器超过5,ACL将导致它转到不同的后端。可能出现什么问题?
# default block configs are set to http settings
frontend my_service
bind *:80
tcp-request inspect-delay 5s
acl bad_request sc0_get_gpc0(my_service_bk) gt 5
use_backend my_service_bad_bk if bad_request
default_backend my_service
backend my_service_bad_bk
errorfile 503 /etc/haproxy/429.http
backend my_service
http-request track-sc0 req.fhdr(X-My-Service)
http-response sc-inc-gpc0 if { status gt 399 }
stick-table type string len 350 size 10m expire 10m store gpc0
balance roundrobin
server .....
server .....
我查看了棒表统计数据,并在6次请求后显示:
0x7f2279cdsa42: key=test use=0 exp=278850 gpc0=6
它仍将它发送到错误的后端(my_service)
答案 0 :(得分:0)
移动stick-table和acls我想出了一个解决方案。在sc0_get_gpc0
stick-table似乎可以从backend获得正确的内容
以下是工作代码的样子:
# default block configs are set to http settings
frontend my_service
bind *:80
tcp-request inspect-delay 5s
http-request track-sc0 req.fhdr(X-My-Service)
stick-table type string len 350 size 10m expire 10m store gpc0
default_backend my_service
backend my_service
http-response sc-inc-gpc0 if { status gt 399 }
acl bad_request sc0_get_gpc0(my_service) gt 5
use-server bad_request if bad_reqest
balance roundrobin
server bad_request localhost:9090 weight 0
# normal app servers below this without weight 0
server .....
frontend bad_requests
bind localhost:9090
default_backend my_service_bad
backend my_service_bad
errorfile 503 /etc/haproxy/429.http
在后端执行此操作的关键是将weight 0用于仅提供错误代码和响应的服务器。如果未激活ACL,则weight 0的服务器将不会用于流量。