必须每隔几分钟重新启动Haproxy

时间:2018-01-11 12:45:32

标签: haproxy

(Ubuntu 16.04,6核,24GB Ram,Haproxy 1.8.0) 我已经阅读了很多关于haproxy的简单性,所以我们进行了设置,进行了一些基本的测试/负载测试,看起来很不错。昨晚投入生产,事情看起来不错,直到我们开始获得生产流量。我必须每隔几分钟重启haproxy b / c网站就停止响应。统计网站没有向我显示任何看起来令人担忧的统计数据,而且机器几乎没有使用任何资源。

基本上我们看到的是 - 我们重新启动haproxy,一切运行良好,然后几分钟后我们必须重新启动它(在生产负载下)。 查看统计信息页面,我看到后端有大约50,000个会话,然后就会停止工作。

这是我的配置,您可以查看它并帮助我了解我应该如何调整它?

global

        log 127.0.0.1:22514 local2 debug
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3
        tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option http-server-close
        timeout connect 50000000
        timeout client  50000000
        timeout server  50000000
        maxconn 80000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend loadbalanced_main
    log global
    bind *:80
    mode http
    redirect scheme https if !{ ssl_fc }
    acl web1 hdr(host) -i -m sub 1.a.com
    acl web2 hdr(host) -i -m sub 2.a.com
    acl web3 hdr(host) -i -m sub 3.a.com
    use_backend ordweb1 if web1
    use_backend ordweb2 if web2
    use_backend ordweb3 if web3
    default_backend loadbalanced_nodes

frontend loadbalanced_main_ssl
        log global
        bind *:443 ssl crt /etc/ssl/private/a.com.pem crt /etc/ssl/private/b.com.pem
        reqadd X-Forwarded-Proto:\ https
        acl web1 hdr(host) -i -m sub 1.a.com
        acl web1 hdr(host) -i -m sub 1.b.com
        acl web2 hdr(host) -i -m sub 2.a.com
        acl web2 hdr(host) -i -m sub 2.b.com
        acl web3 hdr(host) -i -m sub 3.a.com
        acl web3 hdr(host) -i -m sub 3.b.com
        use_backend ordweb1 if web1
        use_backend ordweb2 if web2
        use_backend ordweb3 if web3
        default_backend loadbalanced_nodes

backend ordweb1
    mode http
    redirect scheme https if !{ ssl_fc }
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server ordweb1 10.154.18.100:80 cookie check

backend ordweb2
    mode http
    redirect scheme https if !{ ssl_fc }
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server ordweb2 10.154.18.8:80 cookie check

backend ordweb3
    mode http
    redirect scheme https if !{ ssl_fc }
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server ordweb3 10.154.18.9:80 cookie check

backend loadbalanced_nodes
    mode http
    redirect scheme https if !{ ssl_fc }
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    cookie SRV insert indirect nocache
    server ordweb1 10.154.18.100:80 check cookie ordweb1
    server ordweb2 10.154.18.8:80 check cookie ordweb2
    server ordweb3 10.154.18.9:80 check cookie ordweb3

listen stats
        bind *:1936
        stats enable
        stats uri /
        stats hide-version
        stats auth nope:blah

0 个答案:

没有答案