当我进行以下配置时(名称和 IP 都是虚构的),一个有趣的问题出现了。
背景:
route 1 - 10.10.10.10 is an IPSec tunnel
route 2 - 20.20.20.20 to the Internet
original service URL (nginx) - https://testscb.com - work
Virtual apache server (another machine, not mine) DNS - testscb.local.com
I want to make sure that if the main route 1 is unavailable, all traffic goes to route 2. And when the communication channel is restored, it goes back to route 1.
我的设置:
/etc/hosts
10.10.10.10 testw1.com testscb1.com
20.20.20.20 testw2.com testscb2.com
端口 443 开放
traceroute to testscb1.com (10.10.10.10), 30 hops max, 60 byte packets
7 testscb1.com (10.10.10.10) 2.955 ms 2.985 ms 2.839 ms
traceroute to testscb2.com (20.20.20.20), 30 hops max, 60 byte packets
4 testscb2.com (20.20.20.20) 1.731 ms 1.834 ms 2.244 ms
/etc/httpd/virtual_host/testscb.conf
<VirtualHost *:80>
ServerName testscb.local.com
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
#ProxyHCExpr gdown {%{REQUEST_STATUS} =~ /^[5]/}
# BalanceMember in /etc/hosts
<Proxy "balancer://testscb">
BalancerMember https://testscb1.com hcmethod=HEAD hcexpr=ok234 hcinterval=20 hcuri=/test hcfails=4 hcpasses=4
BalancerMember https://testscb2.com hcmethod=HEAD hcexpr=ok234 hcinterval=20 hcuri=/test hcfails=4 hcpasses=4 status=+H
ProxySet stickysession=JSESSIONID
ProxySet lbmethod=heartbeat
</Proxy>
ProxyPass "/" "balancer://testscb/"
ProxyPassReverse "/" "balancer://testscb/"
<Location "/">
ProxyPass "https://testscb.com/"
ProxyPassReverse "https://testscb.com/"
AllowOverride None
Order Deny,Allow
Deny from All
Allow from All
</Location>
LogLevel debug
ErrorLog /var/log/httpd/testscb-error_log
CustomLog /var/log/httpd/testscb-access_log combined
</VirtualHost>
apachectl 优雅
httpd.service Active:活动(正在运行)
测试:我使用来自 apache 服务器机器的 curl。
卷曲-v-khttps://testscb1.com/
* Mark bundle as not supporting multiuse
<
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host testscb1.com left intact
卷曲-v-khttps://testscb2.com/
* Mark bundle as not supporting multiuse
<
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host testscb2.com left intact
使用 curl 时的 tcpdump 确认交换正在进行中。
从我的电脑通过 curl 发送请求。
卷曲-v-khttp://testscb.local.com/
* Mark bundle as not supporting multiuse
<
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host testscb.local.com left intact
但我注意到路由 2 被使用了。虽然它应该是备用的(参见 tcpdump)。
更有趣的是,我正在转弯,以测试通信链路故障:
ip ro add 20.20.20.20 via 127.0.0.1
现在 curl -v -khttps://testscb2.com/出现错误“端口 443:连接超时”。
当我从我的电脑发送请求时 curl -v -khttp://testscb.local.com/
我还收到“端口 443:连接超时”。
我不明白为什么要涉及路线 2,感觉路线 1 对于 apache 来说并不存在。
我将非常感激您的建议。谢谢。