我有一个负载均衡器,后面有 3 个 Web 服务器(a、b 和 c),所有服务器都运行 apache 和 RHEL 8。我想做的事情相对简单 - 我想获取后面的盒子的 apache 服务器状态负载均衡器,通过 http://loadbalancer/a/server-status、http://loadbalancer/b/server-status 等。
使用 http://ipofbox:8000/server-status 直接访问这些框时,服务器状态工作正常
在负载均衡器的 httpd.conf 中,我有以下几行。
<VirtualHost *:80>
ProxyRequests off
#Start Proxy balancer block and define cluster
<Proxy balancer://thecluster>
BalancerMember http://172.31.19.205:8080
BalancerMember http://172.31.28.85:8080 loadfactor=3
BalancerMember http://172.31.28.49:8080
#weighted traffic byte count balancing
ProxySet lbmethod=bytraffic nofailover=off
</Proxy>
ProxyPass /worksa http://172.31.19.205:8080
ProxyPass /worksb http://172.31.28.85:8080
ProxyPass /worksc http://172.31.28.49:8080
ProxyPass /a http://172.31.19.205:8000
ProxyPass /b http://172.31.28.85:8000
ProxyPass /c http://172.31.28.49:8000
#pass through any other proxy requests
ProxyPass / balancer://thecluster/
#route traffic back through the cluster and act as a load balancer, ensure headers generated from any workers are modified to point to the load balancer, masking the backend web servers
#ProxyPassReverse / balancer://thecluster/
#balancer-manager GUI via port 80
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
#don't pass requests to the BM through to the cluster
ProxyPass /balancer-manager !
<Location "/~Alice">
AuthType Digest
AuthName "private"
AuthDigestDomain "/~Alice"
AuthDigestProvider file
AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
Require valid-user
</Location>
<Location "/~Bob">
AuthType Digest
AuthName "private"
AuthDigestDomain "/~Bob"
AuthDigestProvider file
AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
Require valid-user
</Location>
</VirtualHost>
<VirtualHost *:8000>
ProxyRequests off
#server-info GUI via port 8000
<Location /server-info>
SetHandler server-info
</Location>
#server-status GUI via port 8000
<Location /server-status>
SetHandler server-status
</Location>
<Location "/server-info">
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-info"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
<Location "/server-status">
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-status"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
</VirtualHost>
编辑:现在似乎已经通过了,但是这次我收到了 400 bad request。服务请求的后端服务器上的错误日志显示:
[auth_digest:error] [pid 9105:tid 139830629422848] [client ***.***.***.***:50720] AH01786: uri mismatch - </a/server-info/> does not match request-uri </server-info/>
似乎启用摘要身份验证后,从负载均衡器访问时会失败。在worksa上我有以下内容:
在worksa上我有以下内容:
<VirtualHost *:8000>
#balancer-manager GUI via port 8000
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
#Req 4.b
<Location "/server-info">
SetHandler server-info
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-info"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
# Req 4.a, Req 4.b
<Location "/server-status">
SetHandler server-status
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-status"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
</VirtualHost>
其次,当尝试访问http://loadbalancer/worksa/index.html时,我收到403禁止,worksa的访问日志如下所示
(13)Permission denied: file permissions deny server access: /var/www/html/index.html.
我在index.html上使用了chmod 0644,但它似乎没有帮助。
总之,http://loadbalancer/a/server-info 请求凭据然后返回 400 错误请求,而 http://loadbalancer/a/index.html 返回 403 禁止。
非常感谢。
答案1
将特定ProxyPass
指令移到平衡器之前,ProxyPass
然后平衡器将其他所有内容与 相匹配/
。并删除尾部斜杠。
这是第一个虚拟主机:
<VirtualHost *:80>
ProxyRequests off
#Start Proxy balancer block and define cluster
<Proxy balancer://thecluster>
BalancerMember http://172.31.27.155:8080
BalancerMember http://172.31.21.185:8080 loadfactor=3
BalancerMember http://172.31.28.201:8080
#weighted traffic byte count balancing
ProxySet lbmethod=bytraffic nofailover=off
</Proxy>
ProxyPass /worksa http://172.31.27.155:8080
ProxyPass /worksb http://172.31.21.185:8080
ProxyPass /worksc http://172.31.28.201:8080
# pass through balancer member
ProxyPass /a http://172.31.27.155:8000
ProxyPass /b http://172.31.21.185:8000
ProxyPass /c http://172.31.28.201:8000
# pass through any other proxy requests
ProxyPass / balancer://thecluster/
#route traffic back through the cluster and act as a load balancer, ensure headers generated from$
#ProxyPassReverse / balancer://thecluster/
</VirtualHost>
您可能需要调整后端的访问控制以防止出现“403 Forbidden”:
<Location /server-status>
SetHandler server-status
# limit to ip addresses, hosts or whatever you need
Require ip 172.31
</Location>