我在VirtualBox VM(Boot2docker)中使用Haproxy 1.5.14,其中间歇性加载的资产显示503而没有任何真正的押韵或原因,在群集启动时尤其如此。
集群看起来像这样,1个前端有80个端口,443到2个后端分别为静态资源和websocket东西提供服务。
Haproxy
例如,前端提供的静态资产可能是
https://local.dev.myproject.com/assets/images/back.png
尽管前端服务器正在运行,并且没有任何变化,但是点击刷新并查看chrome调试器,我将看到许多状态503或OK 200 304,但它不是确定的。任何资产都可以从503到OK再到503。当直接连接到网络服务器时,资产返回正常,所以它似乎与haproxy有关。
我能想到的最好的结果是健康状况检查没有正常工作,而且正在从haproxy的内部名册暂时删除FE / BE服务器,但这并不合理#&#t# 39;每隔半秒检查一次,我可以看到haproxy正在发送的呼叫由FE / BE终端输出窗口返回,每隔半秒就按预期返回。
如果我查看haproxy统计报告,我可以看到服务器定期来来去去,闪烁,尽管在终端窗口中haproxy仍然无间隙地调用运行状况检查,服务器按预期返回它们。
附件是我目前正在使用的haproxy配置,感谢任何帮助。
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
#log 127.0.0.1 local2
# log /lnl_zoom_shared/log local0
# log /lnl_zoom_shared/log local1 notice
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# SSL
#ca-base /etc/ssl
#crt-base /etc/ssl
ca-base /myproject_shared/SECURITY/local.dev.myproject.com/
crt-base /myproject_shared/SECURITY/local.dev.myproject.com/
tune.ssl.default-dh-param 1024
# turn on stats unix socket
#stats socket /var/lib/haproxy/stats
# Exposes the stat socket so we can manage the proxy through node.js
stats socket /tmp/haproxy.sock level admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option http-server-close
option http-pretend-keepalive
option dontlognull
option redispatch
option contstats
option forwardfor except 127.0.0.0/8
retries 3
backlog 10000
timeout client 25s
timeout connect 10s
timeout server 25s
#long timeoutfor websocket connections
timeout tunnel 3600s
timeout http-keep-alive 1s
timeout http-request 15s
timeout queue 30s
timeout tarpit 60s
default-server inter 3s rise 2 fall 3
#timeout check 10s
maxconn 256
#---------------------------------------------------------------------
# Haproxy's internal stats on the servers below: password protected
#---------------------------------------------------------------------
stats enable
stats auth admin:myadminpassword
stats uri /haproxy
stats refresh 5s
#---------------------------------------------------------------------
#
#---------------------------------------------------------------------
frontend public
# HTTP
bind *:80
# Redirect all HTTP traffic to HTTPS
redirect scheme https if !{ ssl_fc }
# HTTPS
# Example with CA certificate bundle
# bind :443 ssl crt cert.pem ca-file bundle.crt
# Example without CA certification bunch
bind *:443 ssl crt /myproject_shared/SECURITY/local.dev.myproject.com/local.dev.myproject.com.pem
acl url_static_BE path_beg -i /BE /primus
use_backend BE if url_static_BE
# FRONT END (aka FE) STATIC ASSETS SERVER
# if path is a static asset, assume the front end server to handle it
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js .html .ico
use_backend FE if url_static
# GIT HOOKS for UPDATE on the git repo changes
acl url_githook path_beg -i /gitupdate
use_backend HACNTL if url_githook
#BACK END (aka BE)
default_backend BE
#---------------------------------------------------------------------
# controller for haproxy
#---------------------------------------------------------------------
backend HACNTL
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server SELF 127.0.0.1:3300
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend FE
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk GET /haproxy/getstatus
option httpchk HEAD /
balance roundrobin
#server FE1 11.22.33.44:8000 maxconn 256
server FE_172.17.0.2 172.17.0.2:8000 maxconn 256 check inter 500ms
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend BE
# Tell the backend that this is a secure connection,
# even though it's getting plain HTTP.
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
#http-request set-header X-Custom-Header %[url]
#http-request set-header Connection upgrade
#http-request set-header Upgrade websocket
option httpchk GET /haproxy/getstatus
cookie SRVNAME insert nocache
balance roundrobin
server BE_172.17.0.3 172.17.0.3:8888 maxconn 256 cookie BE_172.17.0.3 check inter 500ms
答案 0 :(得分:0)
虽然不是绝对修复,但允许每个服务器一次启动一个已经解决了现在的问题。基本上在docker run命令之间添加一个睡眠