Haproxy 로드 밸런서가 centos7에서 작동하지 않습니다.

tag-icon tag-icon https load-balancer haproxy
Haproxy 로드 밸런서가 centos7에서 작동하지 않습니다.

Centos 7에서 HAproxy 로드 밸런서를 설정하려고 하는데 작동할 수 없습니다. 서비스에서는 실행 중이라고 하는데 통계 페이지가 열리지 않고 어디로도 연결되지 않습니다. 내가 하려는 것은 이를 로드 밸런서로 사용하여 https로 보호되는 첫 번째 또는 두 번째 서버로 트래픽을 이동하는 것입니다. HAproxy 자체는 https로 보호할 필요가 없으며 현재는 그렇지 않습니다. 현재 다음과 같은 구성이 있습니다.

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#--------------------------------------------------------------------- global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log 127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#--------------------------------------------------------------------- defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000
    stats enable
        stats auth haproxy:haproxy
        stats uri /haproxy
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#--------------------------------------------------------------------- frontend  front
        redirect scheme https code 301 if !{ ssl_fc }
        bind *:80
        mode http
        default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#--------------------------------------------------------------------- backend app
    mode http
    balance     roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1rnHost:localhost
    server s1 192.168.14.65:443 check
    server s2  192.168.14.200:443 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#--------------------------------------------------------------------- listen stats *:8080
        mode http
        log global
        maxconn 10
        clitimeout 100s
        srvtimeout 100s
        contimeout 100s
        timeout queue 100s

stats refresh 30s stats show-node

로그에는 다음 내용만 표시됩니다.

Aug 21 16:06:00 localhost haproxy[11177]: Proxy front started.
Aug 21 16:06:00 localhost haproxy[11177]: Proxy app started.
Aug 21 16:10:08 localhost haproxy[11275]: Proxy front started.
Aug 21 16:10:08 localhost haproxy[11275]: Proxy app started.
Aug 21 16:10:08 localhost haproxy[11275]: Proxy stats started.

...하지만 더 이상 유용한 것은 없습니다. 서비스가 실행 중일 때 구성 파일에 설명된 IP 주소 중 하나로 이동하면 아무 것도 얻지 못합니다(시간 초과).

또한 시간 초과를 제거하려고 시도했지만 도움이 되지 않았습니다. 시간 초과 없이 다음 메시지를 받았습니다.

Aug 21 16:52:27 localhost haproxy[11413]: Server app/s1 is DOWN, reason: Layer7 invalid response, info: "<15><03><03>", check duration: 399ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Aug 21 16:52:28 localhost haproxy[11413]: Server app/s2 is DOWN, reason: Layer7 invalid response, info: "<15><03><03>", check duration: 227ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

어떤 아이디어가 있나요?

답변1

이제 작동하게 됐어요. 주요 원인은 centos7이 실행하는 방화벽으로 인해 필요한 모든 포트를 차단했습니다. 또한 구성을 약간 수정해야 하므로 ssh 백엔드로 전달됩니다. 최종 구성은 다음과 같았습니다.

[root@rimilb ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log 127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    maxconn                 3000
    stats enable
        stats auth haproxy:haproxy
        stats uri /haproxy
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  front
        bind 192.168.14.251:80
        reqadd X-Forwarded-Proto:\ http
        default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend app
    balance     roundrobin
    server s1 192.168.14.65:443 weight 1 maxconn 100 check ssl verify none
    server s2  192.168.14.200:443 weight 1 maxconn 100 check ssl verify none

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
listen stats *:8080
        mode http
        log global
        maxconn 10
        clitimeout 100s
        srvtimeout 100s
        contimeout 100s
        timeout queue 100s

stats refresh 30s
stats show-node

관련 정보