使用Ha Proxy负载均衡docker swarm

时间:2016-12-24 01:04:54

标签: docker tomcat7 haproxy docker-swarm

我在AWS上有一个Docker Swarm集群,我正在尝试使用HAProxy进行负载均衡。我在VPC背后的设置看起来与此类似:

haproxy_server 10.10.0.10
docker_swarm_master1 10.10.0.12
docker_swarm_master2 10.10.0.13
docker_swarm_worker3 10.10.0.14

我唯一的Tomcat容器目前在master_1上,下面是我当前的HAProxy config文件:

global
log 127.0.0.1    local0
    log 127.0.0.1    local0 notice
    chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

defaults
log global
mode    http
option  httplog
option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
maxconn 2000

frontend servers
    bind *:80
    bind *:8443 ssl crt /etc/haproxy/certs/ssl.pem
    default_backend hosts



backend hosts
     mode http
     balance roundrobin
     option httpchk OPTIONS /
     option forwardfor
     option http-server-close
     server swarm  10.10.0.12:8443 check inter 5000

当我从HAProxy服务器执行以下操作时,我能够在webapps目录中看到index.html页面:

curl -k https://10.10.0.12:8443/docs/index.html

但是当我在下面尝试以下curl命令时,我得到503服务器不可用错误

curl -k https://10.10.0.10:8443/docs/index.html

任何人都知道我做错了什么?我花了半天的时间没有用。

修改

curl -XOPTIONS -vk https://10.10.0.10:8443/docs/index.html

* Trying 10.10.0.10...
* Connected to 10.10.0.10 (10.10.0.10) port 8443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification SKIPPED
*    server certificate status verification SKIPPED
*    common name: *.secreturl.com (does not match '10.10.0.10')
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: OU=Domain Control Validated,CN=*.secreturl.com
*    start date: Sat, 27 Jun 2016 16:39:39 GMT
*    expire date: Tue, 11 Jun 2020 18:09:38 GMT
*    issuer: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - G2
*    compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS / HTTP/1.1
> Host: 10.10.0.10:8443
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 503 Service Unavailable
< Cache-Control: no-cache
< Connection: close
< Content-Type: text/html
<
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>
* Closing connection 0

curl -XOPTIONS -vk https://10.10.0.12:8443/docs/index.html

* Trying 10.10.0.12...
* Connected to 10.10.0.12 (10.10.0.12) port 8443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification SKIPPED
*    server certificate status verification SKIPPED
*    common name: *.secreturl.com (does not match '10.10.0.10')
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: OU=Domain Control Validated,CN=*.secreturl.com
*    start date: Sat, 27 Jun 2016 16:39:39 GMT
*    expire date: Tue, 11 Jun 2020 18:09:38 GMT
*    issuer: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - G2
*    compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS / HTTP/1.1
> Host: 10.10.0.12:8443
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
< Content-Length: 0
< Date: Sat, 24 Dec 2016 18:39:27 GMT
<
* Connection #0 to host 10.10.0.12 left intact

1 个答案:

答案 0 :(得分:0)

如果您获得503 Service Not Available,那么您的健康检查将失败。

从您的配置中,HAProxy将使用OPTIONS http://10.10.0.12:8443/,它将失败:您的后端接受HTTPS连接。要解决此问题,请告诉HAProxy使用HTTPS:

 server swarm  10.10.0.12:8443 check inter 5000 ssl verify none

注意:您可以使用

启用统计信息页面 
listen haproxy_admin
  bind 127.0.0.1:22002
  mode http
  stats enable
  stats uri /

这应该可以帮助您调试更多问题。

修改

统计信息页面显示L7STS/404,这是HAProxy获取的http代码。在您测试https://10.10.0.12:8443/时,HAProxy目前会检查https://10.10.0.12:8443/docs/index.html。也许你应该在支票中使用这个网址:

option httpchk OPTIONS /docs/index.html
相关问题
最新问题