我有一个简单的设置,可将HAProxy设置为可通过IPSec VPN使用的后端服务器。当我使用Curl直接连接到后端服务器时,请求成功通过,但是当我在VPN上使用HAProxy到同一后端时,请求被丢弃,并显示503错误。从日志来看,似乎连接被过早中止,但是我无法解释原因。另外,当我使用Internet上可用的远程服务器作为不涉及VPN的后端时,这两个请求均有效。我是否缺少通过VPN的HAProxy的特定配置或内容?
注意:我没有为后端设置任何健康检查
HAProxy配置:
defaults
mode http
# option httplog
log global #use log set in the global config
log-format \"[Lo:%ci/%cp; Re:%si/%sp] [Proxy - %bi:%bp/%fi:%fp] [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r\"
option dontlognull
option http-keep-alive
option forwardfor except 127.0.0.0/8
option redispatch
retries 2
timeout http-request 10s #maximum allowed time to wait for a complete HTTP request
timeout queue 10s #maximum time to wait in the queue for a connection slot to be free
timeout connect 5s #maximum time to wait for a connection attempt to a server to succeed
timeout client 5s #minimum time for inactivity on client side
timeout server 5s #maximum inactivity time on the server side
timeout http-keep-alive 30s #maximum allowed time to wait for a new HTTP request to appear
timeout check 10s
maxconn 5000
##-----------------------------------------------------
## API Requests
##-----------------------------------------------------
## frontend to proxy HTTP callbacks coming from App servers to VPN Server
frontend api_requests
mode http
bind 10.132.2.2:80
bind 127.0.0.1:80
default_backend testbed
## backend to proxy HTTP requests from App Servers to VPN Server
backend testbed
balance roundrobin
server broker 196.XXX.YYY.136:80
在流量日志中捕获的条目,用于尝试通过VPN失败:
May 30 09:15:10 localhost haproxy[22844]: [Lo:127.0.0.1/56046; Re:196.XXX.YYY.136/80] [Proxy - :0/127.0.0.1:80] [30/May/2019:09:15:10.285] api_requests testbed/broker 0/0/-1/-1/0 503 212 - - SC-- 1/1/0/0/2 0/0 "POST /request HTTP/1.1"
导致Curl请求被接受但HAProxy专门针对VPN连接的代理请求被丢弃的问题可能是什么?有人遇到过类似的问题吗?