如何让 Haproxy 遵循重定向?

tag-icon tag-icon haproxy redirection
如何让 Haproxy 遵循重定向?

使用此配置,我总是从 Haproxy 收到错误请求 (400) 响应。这是前端:

frontend http-in
    bind *:80
    mode http
    option httplog
    log debug
    acl cm-acl  hdr(host) cm-lab
    acl hue-acl hdr(host) hue-lab
    use_backend  cm if cm-acl
    use_backend  hue if hue-acl

这是后端:

backend cm
    #server cm lrc1i720.server.lan:7180
    server 01 toto1i720.server.lan:7180 check
    server 02 toto2i721.server.lan:7180 check backup

backend hue
    server 01 toto1i724.server.lan:8888 check
   # server 02 toto2i725.server.lan:8888 check backup

它适用于“cm”烘焙端,但不适用于“hue”后端。我猜它来自正在进行 302 重定向的 hue 服务器。所以我尝试直接设置 url 重定向的目标:

    server 01 toto1i724.server.lan:8888/accounts/login/ check

但我仍然收到 400 错误,请求错误。我该怎么做才能让 Haproxy 遵循重定向?或者还有其他方法吗?

编辑 :

我希望这是你所期望的。以下是日志(设置为调试,但绝对不够详细):

Nov 24 11:17:02 localhost haproxy[71630]: IP.IP.IP.IP:60497 [24/Nov/2017:11:17:02.604] http-in hue/01 2/0/0/4/6 400 652 - - ---- 3/1/0/1/0 0/0 "GET / HTTP/1.1"
Nov 24 11:17:02 localhost haproxy[71630]: IP.IP.IP.IP:60497 [24/Nov/2017:11:17:02.604] http-in hue/01 2/0/0/4/6 400 652 - - ---- 3/1/0/1/0 0/0 "GET / HTTP/1.1"

以下是 HTTP 查询标头和响应:

# curl -k -v https://hue-int/
* About to connect() to hue-int port 443 (#0)
*   Trying X.X.X.X...
* Connected to hue-int (X.X.X.X) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=vip-host1-host2.server.lan,[email protected],OU=TEST,O=company,L=VILLE,ST=VILLE,C=FR
*       start date: mai 19 07:15:22 2017 GMT
*       expire date: mai 19 07:15:22 2018 GMT
*       common name: vip-host1-host2.server.lan
*       issuer: CN=vip-host1-host2.server.lan,[email protected],OU=TEST,O=company,L=VILLE,ST=VILLE,C=FR
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: hue-int
> Accept: */*
>
< HTTP/1.1 400 BAD REQUEST
< Content-Length: 26
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.doubleclick.net *.mathjax.org data:;img-src 'self' *.google-analytics.com *.doubleclick.net http://*.tile.osm.org *.tile.osm.org *.gstatic.com data:;style-src 'self' 'unsafe-inline';connect-src 'self';child-src 'self' data:;object-src 'none'
< strict-transport-security: max-age=31536000; includeSubDomains
< Vary: Accept-Language
< Content-Language: en-us
< Date: Fri, 24 Nov 2017 10:44:48 GMT
< X-Frame-Options: SAMEORIGIN
< Content-Type: text/html
< audited: False
< Server: apache
<
* Connection #0 to host hue-int left intact

问候,

A。

答案1

@Antoine:如果后端服务无法识别 URL,通常会收到 400 状态代码。这可能由多种原因造成。

1) 请求/URL 因长度过长而被清除。2
) 请求/URL 中存在错误字符。

相关内容