Haproxy和间歇503问题
我在一个VirtualBox虚拟机(Boot2docker)中使用Haproxy 1.5.14,在那里它加载的资源间歇性地显示503没有任何真正的韵或原因,这在集群启动时尤其如此。
集群看起来像这样,1端口80和443到2后端分别服务于静态资源和websocket的东西。
HAProxy的
- FE(前端,用于静态资源)
- BE(后端,用于websocket连接)
例如,前端服务的静态资产可能是
http://img.gdocker.com/haproxy/back.png
尽pipe前端服务器正在运行,并没有什么改变,刷新和看铬debugging器,我会看到无数的状态503或OK 200 304,但它不是决定性的。 它可以从503到OK返回到503,在任何资产上。 当直接连接到networking服务器时,资产返回正常,所以看起来像haproxy。
我能想到的最好的办法是健康检查工作不正常,FE / BE服务器被暂时从haproxy的内部名单中删除,但这没有任何意义,它检查每半秒,我可以看到haproxy是发送由FE / BEterminal输出窗口返回,按预期每半秒钟一次。
如果我看一下haproxy统计报告,我可以看到服务器周期性地来来去去,闪烁着,尽pipe在terminal窗口haproxy仍在调用健康检查没有间隙,服务器正在按预期返回它们。
附件是目前使用的haproxyconfiguration,任何帮助表示赞赏。
#--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # #log 127.0.0.1 local2 # log /lnl_zoom_shared/log local0 # log /lnl_zoom_shared/log local1 notice chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # SSL #ca-base /etc/ssl #crt-base /etc/ssl ca-base /myproject_shared/SECURITY/local.dev.myproject.com/ crt-base /myproject_shared/SECURITY/local.dev.myproject.com/ tune.ssl.default-dh-param 1024 # turn on stats unix socket #stats socket /var/lib/haproxy/stats # Exposes the stat socket so we can manage the proxy through node.js stats socket /tmp/haproxy.sock level admin #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option http-server-close option http-pretend-keepalive option dontlognull option redispatch option contstats option forwardfor except 127.0.0.0/8 retries 3 backlog 10000 timeout client 25s timeout connect 10s timeout server 25s #long timeoutfor websocket connections timeout tunnel 3600s timeout http-keep-alive 1s timeout http-request 15s timeout queue 30s timeout tarpit 60s default-server inter 3s rise 2 fall 3 #timeout check 10s maxconn 256 #--------------------------------------------------------------------- # Haproxy's internal stats on the servers below: password protected #--------------------------------------------------------------------- stats enable stats auth admin:myadminpassword stats uri /haproxy stats refresh 5s #--------------------------------------------------------------------- # #--------------------------------------------------------------------- frontend public # HTTP bind *:80 # Redirect all HTTP traffic to HTTPS redirect scheme https if !{ ssl_fc } # HTTPS # Example with CA certificate bundle # bind :443 ssl crt cert.pem ca-file bundle.crt # Example without CA certification bunch bind *:443 ssl crt /myproject_shared/SECURITY/local.dev.myproject.com/local.dev.myproject.com.pem acl url_static_BE path_beg -i /BE /primus use_backend BE if url_static_BE # FRONT END (aka FE) STATIC ASSETS SERVER # if path is a static asset, assume the front end server to handle it acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js .html .ico use_backend FE if url_static # GIT HOOKS for UPDATE on the git repo changes acl url_githook path_beg -i /gitupdate use_backend HACNTL if url_githook #BACK END (aka BE) default_backend BE #--------------------------------------------------------------------- # controller for haproxy #--------------------------------------------------------------------- backend HACNTL # Tell the backend that this is a secure connection, # even though it's getting plain HTTP. option forwardfor http-request add-header X-Forwarded-Proto https if { ssl_fc } server SELF 127.0.0.1:3300 #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend FE # Tell the backend that this is a secure connection, # even though it's getting plain HTTP. option forwardfor http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk GET /haproxy/getstatus option httpchk HEAD / balance roundrobin #server FE1 11.22.33.44:8000 maxconn 256 server FE_172.17.0.2 172.17.0.2:8000 maxconn 256 check inter 500ms #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend BE # Tell the backend that this is a secure connection, # even though it's getting plain HTTP. option forwardfor http-request add-header X-Forwarded-Proto https if { ssl_fc } #http-request set-header X-Custom-Header %[url] #http-request set-header Connection upgrade #http-request set-header Upgrade websocket option httpchk GET /haproxy/getstatus cookie SRVNAME insert nocache balance roundrobin server BE_172.17.0.3 172.17.0.3:8888 maxconn 256 cookie BE_172.17.0.3 check inter 500ms 而不是一个绝对的修复,允许每个服务器一次启动一个已经解决了现在的问题。 基本上在Docker运行命令之间添加一个睡眠