HAProxy Namebase路由转发到同一后端

时间:2017-06-21 07:06:51

标签: haproxy

当我点击 http://drappointment.mytonic.com 时,它会转到 mytonic_nonssl 后端。但根据配置,它应该转到 drappointment_nonssl 后端。

有任何配置问题???

HAProxy版本: 1.5.18

配置: 

global
log         127.0.0.1 local2
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
   timeout client 30s
   timeout server 30s
   timeout connect 5s

frontend https
   bind *:443
   mode tcp
   tcp-request inspect-delay 5s
   tcp-request content accept if { req_ssl_hello_type 1 }
   acl host_mytonicssl req_ssl_sni -i mytonic.com
   acl host_mytonicssl_www req_ssl_sni -i www.mytonic.com
   acl host_drappointmentssl req_ssl_sni -i drappointment.mytonic.com
   use_backend mytonic_ssl if host_mytonicssl
   use_backend mytonic_ssl if host_mytonicssl_www
   use_backend drappointment_ssl if host_drappointmentssl


backend mytonic_ssl
   mode tcp
   balance roundrobin
   stick-table type binary len 32 size 30k expire 30m
   acl clienthello req_ssl_hello_type 1
   acl serverhello rep_ssl_hello_type 2
   tcp-request inspect-delay 5s
   tcp-request content accept if clienthello
   tcp-response content accept if serverhello
   stick on payload_lv(43,1) if clienthello
   stick store-response payload_lv(43,1) if serverhello
   option ssl-hello-chk
   server server1 10.10.17.222:8443 check

 backend drappointment_ssl
   mode tcp
   balance roundrobin
   stick-table type binary len 32 size 30k expire 30m
   acl clienthello req_ssl_hello_type 1
   acl serverhello rep_ssl_hello_type 2
   tcp-request inspect-delay 5s
   tcp-request content accept if clienthello
   tcp-response content accept if serverhello
   stick on payload_lv(43,1) if clienthello
   stick store-response payload_lv(43,1) if serverhello
   option ssl-hello-chk
   server server1 10.10.17.222:5001 check

frontend http
   bind *:80
   mode http
   acl host_mytonic_http hdr_dom(host) -i mytonic.com
   acl host_mytonic_http_www hdr_dom(host) -i www.mytonic.com
   acl host_drappointment_http hdr_dom(host) -i drappointment.mytonic.com
   use_backend mytonic_nonssl if host_mytonic_http
   use_backend mytonic_nonssl if host_mytonic_http_www
   use_backend drappointment_nonssl if host_drappointment_http

backend mytonic_nonssl
   mode http
   balance roundrobin
   option httpclose
   option forwardfor
   server server1 10.10.17.222:8080 check

backend drappointment_nonssl
  mode http
  balance roundrobin
  option httpclose
  option forwardfor
  server server1 10.10.17.222:5000 check

1 个答案:

答案 0 :(得分:0)

Misconfigurarion。

hdr_dom是"域名匹配" - 它匹配与.分隔符的任何组合和/或字符串的任一端或两端完美对齐的任何内容。它找到与域名匹配的域名。

例如,这个:

hdr_dom(host) -i example.com

...匹配所有这些:

example.com
www.example.com
example.com.io
us-west-2.api.example.com

你的ACL:

acl host_mytonic_http hdr_dom(host) -i mytonic.com

...匹配drappointment.mytonic.com,因此...... 

use_backend mytonic_nonssl if host_mytonic_http

....是请求所采用的路径,因为它是通过引用ACL来评估Host头的第一条规则。使用第一场比赛。

尝试使用hdr()代替hdr_dom()

acl host_mytonic_http hdr(host) -i mytonic.com
相关问题
最新问题