我在 HAProxy 中有两个后端(b1、b2)位于同一个前端(f1)后面,根据主机名进行路由。我可以从我的笔记本电脑建立到 b1 和 b2 的 websocket,但是如果我尝试从 b1(通过 f1)建立到 b2 的 websocket,我会收到 1006 错误(异常关闭 - 意外 EOF)。从 b1 ping b2 成功。这是我的配置:
frontend f1
bind 192.168.1.1:443 name 192.168.1.1:443 ssl crt-list /var/etc/haproxy/ReverseProxyHTTP.crt_list
mode http
log global
option httplog
option http-keep-alive
option forwardfor
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl b1 var(txn.txnhost) -m beg -i b1
acl b2 var(txn.txnhost) -m beg -i b2
acl hdr_connection_upgrade hdr(Connection) -i upgrade
acl hdr_upgrade_websocket hdr(Upgrade) -i websocket
use_backend b1ws if b1 hdr_connection_upgrade hdr_upgrade_websocket
use_backend b1 if b1
use_backend b2 if b2
backend b1ws
mode http
id 119
log global
stick-table type ip size 50k expire 30m
stick on src
balance source
timeout connect 30000
timeout server 30000
retries 3
server s1 192.168.1.2:443 id 101 ssl verify none resolvers globalresolvers
backend b1
mode http
id 117
log global
stick-table type ip size 50k expire 30m
stick on src
balance source
timeout connect 30000
timeout server 30000
retries 3
server s1 192.168.1.2:443 id 101 ssl verify none resolvers globalresolvers alpn h2,http/1.1
backend b2
mode http
id 120
log global
stick-table type ip size 50k expire 30m
stick on src
balance source
timeout connect 30000
timeout server 30000
retries 3
timeout tunnel 3600s
server s2 192.168.1.3:443 id 101 ssl verify none resolvers globalresolvers
注意:b1 和 b1ws 指向相同的服务器和端口,但 b1 更倾向于使用 http2 进行 grpc。如果存在 websocket 标头,则将使用 b1ws。