HAproxy 冻结/崩溃/停止接受连接

HAproxy 冻结/崩溃/停止接受连接

我看到过与我的问题类似的帖子,但似乎没有一个与我的情况相关。过去 3 个月,我的 HAproxy 配置大致相同,没有遇到任何问题。服务器受 2 个防火墙保护,无法从互联网访问(防火墙配置为允许从我的 HQ IP 进行 http/s 访问)。上周,我将其开放给全世界,进行了大量压力测试,一切似乎都正常。测试完成后几个小时,我的前端服务器没有响应,甚至无法加载统计页面。

检查我的监控系统没有显示任何高 CPU、RAM 或带宽。虽然统计页面没有加载,但我从 SNMP 监控系统监控统计页面,可以看到整个 HAproxy 服务器的最大并发连接数约为 700,甚至还不到全局 maxconn 10000(fullconn 也是 10000)。

重新启动 HAproxy 服务暂时解决了该问题,因为几个小时后该问题再次出现。

我目前安装了 HAproxy 1.5.3,尽管我读过http://www.haproxy.org/download/1.5/src/CHANGELOG我不确定这个问题是否在后续版本中得到解决。

任何关于此问题的帮助都将受到欢迎。

这是我的配置:

global
log             127.0.0.1       local0
   chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     10000
    user        haproxy
    group       haproxy
    daemon
    tune.ssl.default-dh-param 2048

stats socket /etc/haproxy/haproxysock level admin
stats socket /var/run/haproxy.stat mode 666

#---------------------------------------------------------------------
Defaults
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         5s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 10000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:80
bind site1.app.company.com:443 ssl crt /etc/haproxy/ssl/app/apppublic.pem no-sslv3
bind site2.company.com:443 ssl crt /etc/haproxy/ssl/public.pem no-sslv3
bind site3.company.net:443 ssl crt /etc/haproxy/ssl/net.pem no-sslv3
redirect scheme https code 301 if !{ ssl_fc }

        acl rule1  hdr_dom(host) -i site1.app.company.com
        use_backend site1 if rule1
    acl rule2  hdr_dom(host) -i site2.company.com
    use_backend site2 if rule2
    acl rule3  hdr_dom(host) -i site3.company.net
    use_backend site3 if rule3

    default_backend             site1

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend site1
mode http
    fullconn                 10000
    balance     roundrobin
option httpclose
option forwardfor
cookie SERVERID insert indirect nocache
    server  Server1   1.1.1.1:443 cookie A check ssl verify none
    server  Server2   2.2.2.1:443 cookie B check ssl verify none

backend wwwsest
mode http
    fullconn                 10000
    balance     roundrobin
option httpclose
option forwardfor
cookie SERVERID insert indirect nocache
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]
    server  Server1   1.1.1.2:443 cookie A check ssl verify none inter 3000 fall 2 rise 2
    server  Server2   2.2.2.2:443 cookie B check ssl verify none inter 3000 fall 2 rise 2

backend internalst
mode http
    fullconn                 10000
    balance     roundrobin
option httpclose
option forwardfor
cookie SERVERID insert indirect nocache
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]
    server Server1   10.0.0.1:443 cookie A check ssl verify none inter 3000 fall 2 rise 2
    server Server2   10.0.0.2:443 cookie B check ssl verify none inter 3000 fall 2 rise 2

#Statistics server:
listen stats *:1936
bind *:1936 ssl crt /etc/haproxy/ssl/app/apppublic.pem
    stats enable
    stats uri /
    stats hide-version
    stats refresh 30s
    stats auth admin:********     

相关内容