HAProxy 未记录所有请求

tag-icon tag-icon logging haproxy
HAProxy 未记录所有请求

我已经在 Ubuntu 14.04 上设置了 HAProxy,并在 Ubuntu 14.04 和 Apache2 上运行单独的后端服务器。

执行请求时,并非所有请求都会被记录。即使在调试模式下运行 HAProxy,它也不会在终端上显示所有请求。

我有一个包含图像的 index.html。使用 Google Chrome 请求该页面时,我可以在检查器中看到总共请求了 3 个文件(index.html、header.gif 和 favicon.ico)。

然而,HAProxy 只会记录对 index.html 的实际请求,如果我非常快速地重新加载页面,它甚至不会记录对 index.html 的所有请求。

我确实尝试使用 socat 进行调试,但通过这种方式没有记录任何错误。我确实尝试将日志格式设置为 tcplog,但这也没有帮助,并非所有请求都已记录。

我究竟做错了什么?

rsyslogd 配置:

$ModLoad imudp
$UDP服务器地址 127.0.0.1
$UDP服务器运行 514

local0.*-/var/log/haproxy/haproxy.log

& ~

HAProxy 配置:

全球的
  日志 127.0.0.1 local0
  日志发送主机名
  守护进程
  最大连接数 256
  统计套接字/tmp/haproxy

默认值
  记录全局
  超时连接5000ms
  客户端超时50000ms
  服务器超时50000ms

前端 http-in
  模式 http
  选项 httplog
  #绑定到所有ip的9200端口
  绑定 0.0.0.0:80
  default_backend http-out

后端http输出
  模式 http
  平衡最小连接数
  服务器 web2 xxx.xxx.xxx.xxx:80

haproxy 日志

  9 月 17 日 14:38:16 front2.xxx.net haproxy[5436]: xxx.xxx.xxx.xxx:61745 [17/Sep/2015:14:38:06.771] http-in http-in/ -1/-1/-1/-1/10000 400 187 - - CR-- 2/2/0/0/0 0/0 “”
  9 月 17 日 14:38:16 front2.xxx.net haproxy[5436]: xxx.xxx.xxx.xxx:61744 [17/Sep/2015:14:38:06.771] http-in http-out/web2 0/0/1/2/10001 200 23198 - - ---- 1/1/0/0/0 0/0 “GET /index.html HTTP/1.1”
  9 月 17 日 14:38:26 front2.xxx.net haproxy[5436]: xxx.xxx.xxx.xxx:61746 [17/Sep/2015:14:38:06.772] http-in http-in/ -1/-1/-1/-1/20000 400 187 - - CR-- 0/0/0/0/0 0/0 “”

apache2 日志

  registered.xxx.net:80 185.92.61.11 - - [17/Sep/2015:14:38:06 +0200] "GET /index.html HTTP/1.1" 200 1192 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,如 Gecko) Chrome/45.0.2454.93 Safari/537.36"
  registered.xxx.net:80 185.92.61.11 - - [17/Sep/2015:14:38:06 +0200] "GET /header.gif HTTP/1.1" 200 4145 "http://xxx.xxx.xxx.xxx/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,如 Gecko) Chrome/45.0.2454.93 Safari/537.36"
  registered.xxx.net:80 185.92.61.11 - - [17/Sep/2015:14:38:06 +0200] "GET /favicon.ico HTTP/1.1" 200 17861 "http://xxx.xxx.xxx.xxx/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,如 Gecko) Chrome/45.0.2454.93 Safari/537.36"

答案1

对于 1.5-dev22 之前的所有 HAProxy 版本,在 中使用时mode httptunnel如果未指定其他“子模式”,则它会在“子模式”下工作。我意识到 HAProxy 中实际上没有“子模式”,但我不确定该如何称呼它。文档只使用‘模式’这个词,但我发现这更加令人困惑......

无论如何,在tunnel“子模式”仅处理第一个请求和响应,其余内容不做任何分析就直接转发。不应使用此模式,因为它会给日志记录和 HTTP 处理带来很多麻烦。

从 1.5-dev22 开始,默认的“子模式”已从 更改为tunnelkeep alive这意味着所有请求和响应都将被处理,并且连接在响应和新请求之间保持打开但处于空闲状态。

option http-keep-alive可以通过在前端和后端中使用、option http-tunneloption httpclose和关键字option http-server-close来更改此设置option forceclose,有效模式(或“子模式”)已在文档中列出。在第 4 节下,有一个表格,其中显示了有效的“子模式”,该模式基于在用于特定连接的前端和后端中设置的选项。

为了完整起见,这里是文档的相关部分,包括表格及其各种“子模式”,因为它在撰写本文时存在(1.5.14):

In HTTP mode, the processing applied to requests and responses flowing over
a connection depends in the combination of the frontend's HTTP options and
the backend's. HAProxy supports 5 connection modes :

  - KAL : keep alive ("option http-keep-alive") which is the default mode : all
    requests and responses are processed, and connections remain open but idle
    between responses and new requests.

  - TUN: tunnel ("option http-tunnel") : this was the default mode for versions
    1.0 to 1.5-dev21 : only the first request and response are processed, and
    everything else is forwarded with no analysis at all. This mode should not
    be used as it creates lots of trouble with logging and HTTP processing.

  - PCL: passive close ("option httpclose") : exactly the same as tunnel mode,
    but with "Connection: close" appended in both directions to try to make
    both ends close after the first request/response exchange.

  - SCL: server close ("option http-server-close") : the server-facing
    connection is closed after the end of the response is received, but the
    client-facing connection remains open.

  - FCL: forced close ("option forceclose") : the connection is actively closed
    after the end of the response.

The effective mode that will be applied to a connection passing through a
frontend and a backend can be determined by both proxy modes according to the
following matrix, but in short, the modes are symmetric, keep-alive is the
weakest option and force close is the strongest.

                          Backend mode

                | KAL | TUN | PCL | SCL | FCL
            ----+-----+-----+-----+-----+----
            KAL | KAL | TUN | PCL | SCL | FCL
            ----+-----+-----+-----+-----+----
            TUN | TUN | TUN | PCL | SCL | FCL
 Frontend   ----+-----+-----+-----+-----+----
   mode     PCL | PCL | PCL | PCL | FCL | FCL
            ----+-----+-----+-----+-----+----
            SCL | SCL | SCL | FCL | SCL | FCL
            ----+-----+-----+-----+-----+----
            FCL | FCL | FCL | FCL | FCL | FCL

相关内容