从 Nginx 反向代理回来后,Haproxy 不会转到写入后端

从 Nginx 反向代理回来后,Haproxy 不会转到写入后端

我正在使用 haproxy 和 nginx 来平衡负载并保护(通过 nginx 中的 naxsi)我的 Web 服务器。Haproxy 工作正常,但当我通过 nginx 发送它时,它会将所有内容默认为默认后端,而不是检查我们的 Webmail 后端。在 nginx 错误和访问日志中,它显示了正确的主机名,但它仍然被发送到 default_backend bk_comweb,而不是 use_backend bk_webmail。我错过了一些东西,但无法透过树木看到森林,任何帮助都将不胜感激!

haproxy.conf 重要行:


frontend ft_protection
        bind 10.0.5.15:80
        mode http
        option http-server-close
        #DDOS protection
        #Use General Purpose Couter (gpc) 0 in SC1 as a global abuse counter
        #Monitors the number of request sent by an IP over a period of 10 seconds
        stick-table type ip size 1m expire 1m store gpc0,http_req_rate(10s),http_err_rate(10s)
        tcp-request connection track-sc1 src
        tcp-request connection reject if { sc1_get_gpc0 gt 0 }
        #Abuser means more than 100reqs/10s
        acl abuse sc1_http_req_rate gt 100
        acl kill sc1_inc_gpc0 gt 10
        acl save sc1_clr_gpc0 ge 0
        tcp-request connection accept if !abuse save
        tcp-request connection reject if abuse kill
        default_backend bk_protection

backend bk_protection mode http option http-server-close #If the source IP generated 10 or more http request over the defined period, #flag the IP as abuser on the frontend acl abuse sc1_http_err_rate gt 10 acl kill sc1_inc_gpc0 gt 0 tcp-request content reject if abuse kill server waf1 10.0.5.3:81 maxconn 10000 check

frontend ft_web bind 10.0.6.3:81 mode http option http-server-close acl webmail hdr(host) -i newwebmail.example.com acl comwebmail hdr_beg(host) -i webmail use_backend bk_webmail if webmail or comwebmail default_backend bk_comweb

nginx.conf:


http {
 include        /etc/nginx/naxsi_core.rules;
 include        mime.types;
 server_names_hash_bucket_size 128;

sendfile on; keepalive_timeout 65; tcp_nodelay on;

gzip on; gzip_disable "MSIE [1-6].(?!.*SV1)";

server { proxy_set_header Proxy-Connection ""; listen 10.0.5.3:81;

location / { include /etc/nginx/test.rules; proxy_pass http://10.0.6.3:81/; }

error_page 403 /403.html; location = /403.html { root /opt/nginx/html; internal; }

location /RequestDenied { return 403; } } }

答案1

已解决:我需要将 proxy_set_header Host $host; 添加到服务器部分。

相关内容