我对 haproxy 有以下配置
frontend ft_ssl_vip
bind *:443
# bind 10.0.0.10:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend bk_ssl_default
#using SNI for routing
backend bk_ssl_default
mode tcp
# Define hosts
acl benlearnscode req_ssl_sni -i benlearnscode.com
acl apphost2 req_ssl_sni -i apphost2.com
## figure out which one to use
# use_backend benlearnscode if host_benlearnscode
# use_backend apphost2 if host_apphost2
use-server server1 if benlearnscode
use-server server2 if apphost2
#---------------------------------------------------------------------
# Back end does TCP forwarding to the application server listening on port 443
#---------------------------------------------------------------------
option ssl-hello-chk
server server1 18.217.229.105:443
server server2 216.128.246.130:443
如果用户访问 benlearnscode.com,他们就会转到服务器 1。如果用户访问 apphost2.com,他们应该会转到服务器 2。如果两个后端服务器都正常运行,则此方法可行。但是,如果其中一个服务器宕机,则不会出错,只会将其发送到另一个服务器。例如,如果服务器 1 宕机,而用户转到https://benlearnscode.com,那么该用户最终将进入 apphost 2 后端,又名服务器 2。在这种情况下,我怎样才能让它出错而不是进入错误的服务器?
答案1
我总是在前端分离主机 ACL,例如
frontend ft_ssl_vip
bind *:443
# bind 10.0.0.10:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
# Define hosts
acl benlearnscode req_ssl_sni -i benlearnscode.com
acl apphost2 req_ssl_sni -i apphost2.com
#using SNI for routing
use_backend Server1 if benlearnscode
use_backend Server2 if apphost2
default_backend bk_ssl_default
backend bk_ssl_default
mode tcp
## Default / catch all
backend Server1
mode tcp
option ssl-hello-chk
server server1 18.217.229.105:443
backend Server2
mode tcp
option ssl-hello-chk
server server2 216.128.246.130:443