文档建议我可以为 TCP 后端设置 HTTP 检查。
我的后端的活跃度取决于405 Method Not allowed点击时的响应a-app.com/ap_service
我的配置如下:
frontend app-api
bind *:443
mode tcp
option tcplog
default_backend app-api_backend
backend app-api_backend
mode tcp
option httpchk GET /app_service HTTP/1.1
http-check expect status 405
server a a-app.com:443 resolvers dns verify none inter 1000 check
server b b-app.com:443 resolvers dns verify none inter 1000 check
然而,在日志中我得到:
Server app-api_backend/a is DOWN, reason: Layer7 invalid response, check duration: 1ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Server app-api_backend/b is DOWN, reason: Layer7 invalid response, check duration: 1ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
...
答案1
我认为您的问题在于,您希望 haproxy 发出 HTTPS 请求,猜测端口 443 在其上提供服务,而实际上option httpchk它只发出普通的 HTTP 请求。
除了 HTTPS 之外,还可以通过不同端口上的纯 HTTP 为您的应用提供服务,使其可用于 haproxy 节点,并使用 HTTP 进行检查。
参见示例haproxy 选项 httpchk文档:
# Relay HTTPS traffic to Apache instance and check service availability
# using HTTP request "OPTIONS * HTTP/1.1" on port 80.
backend https_relay
mode tcp
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
server apache1 192.168.1.1:443 check port 80
对于你来说,它可能是这样的:
backend app-api_backend
mode tcp
option httpchk GET /app_service HTTP/1.1
http-check expect status 405
server a a-app.com:443 resolvers dns verify none inter 1000 check port 80
server b b-app.com:443 resolvers dns verify none inter 1000 check port 80