如何在 HAProxy 中设置 TCP 后端的 HTTP 检查?

如何在 HAProxy 中设置 TCP 后端的 HTTP 检查?

文档建议我可以为 TCP 后端设置 HTTP 检查。

我的后端的活跃度取决于405 Method Not allowed点击时的响应a-app.com/ap_service

我的配置如下:

frontend app-api
    bind *:443
    mode tcp

    option tcplog
    default_backend app-api_backend


backend app-api_backend
    mode tcp
    option httpchk GET /app_service HTTP/1.1
    http-check expect status 405
    server a a-app.com:443  resolvers dns verify none inter 1000  check
    server b b-app.com:443  resolvers dns verify none inter 1000  check

然而,在日志中我得到:

Server app-api_backend/a is DOWN, reason: Layer7 invalid response, check duration: 1ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Server app-api_backend/b is DOWN, reason: Layer7 invalid response, check duration: 1ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
...

答案1

我认为您的问题在于,您希望 haproxy 发出 HTTPS 请求,猜测端口 443 在其上提供服务,而实际上option httpchk它只发出普通的 HTTP 请求。

除了 HTTPS 之外,还可以通过不同端口上的纯 HTTP 为您的应用提供服务,使其可用于 haproxy 节点,并使用 HTTP 进行检查。

参见示例haproxy 选项 httpchk文档:

    # Relay HTTPS traffic to Apache instance and check service availability
    # using HTTP request "OPTIONS * HTTP/1.1" on port 80.
    backend https_relay
        mode tcp
        option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
        server apache1 192.168.1.1:443 check port 80

对于你来说,它可能是这样的:

    backend app-api_backend
        mode tcp
        option httpchk GET /app_service HTTP/1.1
        http-check expect status 405
        server a a-app.com:443  resolvers dns verify none inter 1000 check port 80
        server b b-app.com:443  resolvers dns verify none inter 1000 check port 80

相关内容