HAProxy 504 网关超时 Exchange 2016

tag-icon tag-icon exchange load-balancing reverse-proxy haproxy exchange-2016
HAProxy 504 网关超时 Exchange 2016

我一直在尝试使用 HAProxy 作为我的 2 个 Exchange 2016 邮件服务器的代理和负载均衡器。每当我访问 HAProxy 服务器的 IP 时,都会收到“504 网关超时”错误。我尝试更改配置,但没有成功。这是我现在使用的配置:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

#---------------------------------------------------------------------
# Stripped down config
#---------------------------------------------------------------------

frontend exchange
    bind *:80
    default_backend exchange_servers

backend exchange_servers
    balance roundrobin
    server EXCHANGE1 192.168.80.140:443 check
    server EXCHANGE2 192.168.80.141:443 check

以下是 Haproxy 统计页面: Haproxy 统计页面:

答案1

错误在于需要将其设置为“mode tcp”以将其设置为 L4 代理而不是 L7 代理。以下是更新后的工作配置:

 global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
    option  forwardfor
    option  redispatch
#   option  contstats
    retries  3
        timeout connect 5000
        timeout client  15m
        timeout server  15m
    timeout http-request 10s
    timeout queue 1m
    timeout http-keep-alive 10s
    timeout check 10s
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

listen stats 
    bind :1936
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /haproxy_stats
    stats auth Username:Password

#---------------------------------------------------------------------
# Stripped down config
#---------------------------------------------------------------------

frontend exchange
    bind *:80
    bind *:443
    mode tcp
    default_backend exchange_servers

backend exchange_servers
    mode tcp
    balance roundrobin
    server EXCHANGE1 192.168.80.140:443 check
    server EXCHANGE2 192.168.80.141:443 check

相关内容