Haproxy:错误请求没有日志,但 200 次请求可以

tag-icon tag-icon linux networking proxy load-balancing haproxy
Haproxy:错误请求没有日志,但 200 次请求可以

我有一台装有 Ubuntu 16.04.6 + Haproxy 1.6.3 的机器(我知道它很旧但是它就是这样)正在向后端服务器发送流量。

当我打开统计页面 /haproxy?abc 时,我可以看到 Error > Req 的数量一直在增长,它约占所有请求的 10-15%。屏幕截图上的 7 389:haproxy 统计

但我在日志中找不到任何错误!
而且我确实可以在 /var/log/haproxy.log 中看到很多状态为 200 的请求

我有以下 /etc/haproxy/haproxy.conf

global
  maxconn 100000
  user haproxy
  group haproxy
  stats socket /run/haproxy/haproxy1.sock mode 660 level admin process 1
  stats socket /run/haproxy/haproxy2.sock mode 660 level admin process 2
  nbproc 2
  cpu-map 1 0
  cpu-map 2 1
  log /dev/log local0
  tune.maxrewrite  16384
  tune.bufsize     32768

defaults
  log global
  mode http
  option dontlognull
  option httplog
  option http-keep-alive
  option forwardfor
  option http-buffer-request
  retries 3
  option redispatch
  timeout http-request 30s
  timeout queue 1m
  timeout connect 10s
  timeout client 30s
  timeout server 30s
  timeout http-keep-alive 31s
  timeout check 10s
  maxconn 300000

frontend main
  bind *:80
  bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3
  log-format "%ci:%cp [%tr] %HM %ST %HU body:%[capture.req.hdr(0)]"
  mode http
  option http-keep-alive
  stats enable
  stats uri /haproxy?abc
  stats realm Strictly\ Private
  stats auth xxxxx:yyyyyyyy
  declare capture request len 40000
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  http-request capture req.body id 0
  http-response set-log-level err if { status 400:499 }
  acl  is_backend1  dst_port      80
  acl  is_backend1  dst_port      443
  use_backend     backend1    if  is_backend1
  default_backend   backend1

backend backend1
  mode http
  option forwardfor
  option httpchk HEAD /api/monitor
  http-check expect status 200
  http-request add-header X-Forwarded-For %[src]
  http-request add-header X-Real-Ip %[src]
  balance roundrobin
  maxconn 300000
  server xxxxxxxx 10.x.x.x:80 maxconn 100000 check inter 5000
  server yyyyyyyy 10.y.y.y:80 maxconn 100000 check inter 5000

我还有以下 /etc/rsyslog.d/49-haproxy.conf

$AddUnixListenSocket /var/lib/haproxy/dev/log

# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~

/var/log/haproxy.log 中的日志看起来像这样:

May 18 19:50:34 xxxxxxxx haproxy[4912]: xx.xxx.xx.x:32985 [] POST 200 /url/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/json body:{"url":"https://.............................................:[{".........................."}
May 18 19:50:08 xxxxxxxx haproxy[4913]: zz.zz.zzz.zzz:1802 [] OPTIONS 200 /url/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/json body:-
May 18 19:50:37 yyyyyyyy haproxy[4912]: yyy.yy.yy.yyy:21554 [] POST 200 /url/5a9ea5a0225f7d0004c70045/5ae0a5c0da5fdd00042f78f5/json body:{"url":"https://.............................................:[{".........................."}

请帮我找到那些错误请求:)

谢谢!

答案1

额外的诊断表明,如果我禁用健康检查,错误就会消失。我发现,为了能够查看健康检查的日志,您需要单独启用该功能:

option log-health-checks

我会尝试这个和其他一些技巧并编辑这个答案,但很有可能健康检查问题就是我需要研究的问题。

相关内容