我的 HAProxy 1.5 负载均衡器偶尔会从任一后端节点收到 504 错误。504 错误仅特定于 Woocommerce /checkout。/checkout 端点调用服务器端的支付网关,Woocommerce 捕获支付状态并将用户重定向到感谢页面。
在 Woocommerce 管理中,有来自同一客户的重复订单。我怀疑这可能是由于一个节点超时并将请求传递给下一个节点,而交易仍在第一个节点上待处理。
以下是 504 错误的示例。似乎有 8 分钟的等待时间(16:51 - 16:43)。
Apr 1 16:43:47 LB1 haproxy[31955]: 115.66.152.19:28289 [01/Apr/2017:16:43:00.738] www-http m-backend/node2 46183/0/0/191/46374 200 1538 - - ---- 2/2/0/0/0 0/0 {http://<clientDomain>/checkout/} "POST /checkout/?wc-ajax=checkout HTTP/1.1"
Apr 1 16:52:05 LB1 haproxy[31955]: 115.66.152.19:11502 [01/Apr/2017:16:52:05.984] www-http m-backend/node2 0/0/0/5/5 200 202 - - ---- 3/3/1/1/0 0/0 {http://<clientDomain>/checkout/} "GET /favicon.ico HTTP/1.1"
Apr 1 16:52:09 LB1 haproxy[31955]: 115.66.152.19:43861 [01/Apr/2017:16:51:09.123] www-http m-backend/node1 0/0/1/-1/60002 504 195 - - sH-- 2/2/0/0/0 0/0 {http://<clientDomain>/checkout/} "POST /checkout/?wc-ajax=checkout HTTP/1.1"
另一个例子:
Mar 31 13:05:04 LB1 haproxy[31955]: 222.164.62.123:52201 [31/Mar/2017:13:05:04.157] www-http m-backend/node2 0/0/1/142/143 200 1364 - - ---- 4/4/0/0/0 0/0 {http://<clientDomain>/checkout/} "POST /checkout/?wc-ajax=checkout HTTP/1.1"
Mar 31 13:06:18 LB1 haproxy[31955]: 222.164.62.123:52201 [31/Mar/2017:13:05:04.301] www-http m-backend/node1 14684/0/0/-1/74685 504 195 - - sH-- 0/0/0/0/0 0/0 {http://<clientDomain>/checkout/} "POST /checkout/?wc-ajax=checkout HTTP/1.1"
两对重复订单:
mysql> select * from wp_posts where ID in (468,469,470,471);
+-----+-------------+---------------------+---------------------+--------------+-----------------------------------------+--------------+---------------+----------------+-------------+---------------------+-----------------------------+---------+--------+---------------------+---------------------+-----------------------+-------------+---------------------------------------------------------------------+------------+----------------+----------------+---------------+
| ID | post_author | post_date | post_date_gmt | post_content | post_title | post_excerpt | post_status | comment_status | ping_status | post_password | post_name | to_ping | pinged | post_modified | post_modified_gmt | post_content_filtered | post_parent | guid | menu_order | post_type | post_mime_type | comment_count |
+-----+-------------+---------------------+---------------------+--------------+-----------------------------------------+--------------+---------------+----------------+-------------+---------------------+-----------------------------+---------+--------+---------------------+---------------------+-----------------------+-------------+---------------------------------------------------------------------+------------+----------------+----------------+---------------+
| 468 | X | 2017-03-31 21:09:24 | 2017-03-31 13:09:24 | | Order – March 31, 2017 @ 09:09 PM | | wc-processing | open | closed | order_58de5501aeffb | order-mar-31-2017-0109-pm | | | 2017-03-31 21:09:24 | 2017-03-31 13:09:24 | | 0 | http://<clientDomain>/?post_type=shop_order&p=468 | 0 | shop_order | | 2 |
| 469 | X | 2017-03-31 21:10:01 | 2017-03-31 13:10:01 | | Order – March 31, 2017 @ 09:10 PM | | wc-processing | open | closed | order_58de5527335c1 | order-mar-31-2017-0109-pm-2 | | | 2017-03-31 21:10:01 | 2017-03-31 13:10:01 | | 0 | http://<clientDomain>/?post_type=shop_order&p=469 | 0 | shop_order | | 2 |
| 470 | X | 2017-04-02 00:55:21 | 2017-04-01 16:55:21 | | Order – April 2, 2017 @ 12:55 AM | | wc-processing | open | closed | order_58dfdb75c2b0a | order-apr-01-2017-0455-pm | | | 2017-04-02 00:55:21 | 2017-04-01 16:55:21 | | 0 | http://<clientDomain>/?post_type=shop_order&p=470 | 0 | shop_order | | 2 |
| 471 | X | 2017-04-02 00:56:28 | 2017-04-01 16:56:28 | | Order – April 2, 2017 @ 12:56 AM | | wc-processing | open | closed | order_58dfdbba98bce | order-apr-01-2017-0456-pm | | | 2017-04-02 00:56:28 | 2017-04-01 16:56:28 | | 0 | http://<clientDomain>/?post_type=shop_order&p=471 | 0 | shop_order | | 2 |
+-----+-------------+---------------------+---------------------+--------------+-----------------------------------------+--------------+---------------+----------------+-------------+---------------------+-----------------------------+---------+--------+---------------------+---------------------+-----------------------+-------------+---------------------------------------------------------------------+------------+----------------+----------------+---------------+
haproxy配置文件
global
log /dev/log local0
log /dev/log local1 notice
#chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
maxconn 3000
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
timeout connect 5000
timeout client 50000
timeout server 50000
stats enable
stats uri /stats
stats realm Haproxy\ Statistics
stats auth <user>:<password>
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend www-http
bind *:80
bind *:443 ssl crt /home/lb1/ssl_certs/cert1.pem
reqadd X-Forwarded-Proto:\ http
timeout client 1m
default_backend m-backend
capture request header Referer len 64
backend m-backend
balance roundrobin
timeout connect 10s
timeout server 1m
server node1 node1:80 check
server node2 node2:80 check
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }