Amazon-Web-Services
503 ALB 健康檢查 HAProxy
我在 Amazon ALB(應用程序負載均衡器)後面有一個 HAProxy,http/80 執行狀況檢查正常,但 https/443 給了我 503,即使該站點可用且正常
這是我在 HAProxy 日誌中看到的內容:
4/26/2018 3:19:47 AMApr 26 00:19:47 localhost haproxy[4494]: 172.30.139.183:31696 [26/Apr/2018:00:19:47.961] 443~ 443/<NOSRV> -1/-1/-1/-1/4 503 213 - - SC-- 2/0/0/0/0 0/0 "GET / HTTP/1.1"
這是我的 HAProxy 配置:
global ssl-default-bind-options no-sslv3 log 10.42.74.144:5000 local0 log 127.0.0.1:8514 local0 chroot /var/lib/haproxy daemon group haproxy maxconn 4096 maxpipes 1024 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m user haproxy defaults log global option httplog mode http timeout connect 5000 timeout server 160000 timeout client 160000 option httpclose option forceclose errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http maxconn 4096 option forwardfor option http-server-close option redispatch retries 3 resolvers rancher nameserver dnsmasq 169.254.169.250:53 listen default bind *:42 frontend 9765 bind *:9765 ssl crt /etc/haproxy/certs/current/example.com.pem ssl crt /etc/haproxy/certs/current mode http acl 9765_test_example_com__host hdr(host) -i test.example.com acl 9765_test_example_com__host hdr(host) -i test.example.com:9765 use_backend 9765_test_example_com_ if 9765_test_example_com__host frontend 80 bind *:80 mode http default_backend 80_ frontend 5600 bind *:5600 ssl crt /etc/haproxy/certs/current/example.com.pem ssl crt /etc/haproxy/certs/current mode http acl 5600_elk_test_example_com__host hdr(host) -i elk.test.example.com acl 5600_elk_test_example_com__host hdr(host) -i elk.test.example.com:5600 use_backend 5600_elk_test_example_com_ if 5600_elk_test_example_com__host frontend 443 bind *:443 ssl crt /etc/haproxy/certs/current/example.com.pem ssl crt /etc/haproxy/certs/current http-request set-src hdr(x-forwarded-for) http-request set-src hdr(x-real-ip) mode http acl 443_xyz_test_example_com_api_v3_host hdr(host) -i xyz.test.example.com acl 443_xyz_test_example_com_api_v3_host hdr(host) -i xyz.test.example.com:443 acl 443_xyz_test_example_com_api_v3_path path_beg -i /api/v3 use_backend 443_xyz_test_example_com_api_v3 if 443_xyz_test_example_com_api_v3_host 443_xyz_test_example_com_api_v3_path acl 443_xyz_test_example_com_demo_host hdr(host) -i xyz.test.example.com acl 443_xyz_test_example_com_demo_host hdr(host) -i xyz.test.example.com:443 acl 443_xyz_test_example_com_demo_path path_beg -i /demo use_backend 443_xyz_test_example_com_demo if 443_xyz_test_example_com_demo_host 443_xyz_test_example_com_demo_path acl 443_xyz_test_example_com_guard_host hdr(host) -i xyz.test.example.com acl 443_xyz_test_example_com_guard_host hdr(host) -i xyz.test.example.com:443 acl 443_xyz_test_example_com_guard_path path_beg -i /guard use_backend 443_xyz_test_example_com_guard if 443_xyz_test_example_com_guard_host 443_xyz_test_example_com_guard_path acl 443_xyz_test_example_com_docs_host hdr(host) -i xyz.test.example.com acl 443_xyz_test_example_com_docs_host hdr(host) -i xyz.test.example.com:443 acl 443_xyz_test_example_com_docs_path path_beg -i /docs use_backend 443_xyz_test_example_com_docs if 443_xyz_test_example_com_docs_host 443_xyz_test_example_com_docs_path acl 443_xyz_test_example_com__host hdr(host) -i xyz.test.example.com acl 443_xyz_test_example_com__host hdr(host) -i xyz.test.example.com:443 use_backend 443_xyz_test_example_com_ if 443_xyz_test_example_com__host acl 443_abc_test_example_com_settings_host hdr(host) -i abc.test.example.com acl 443_abc_test_example_com_settings_host hdr(host) -i abc.test.example.com:443 acl 443_abc_test_example_com_settings_path path_beg -i /settings use_backend 443_abc_test_example_com_settings if 443_abc_test_example_com_settings_host 443_abc_test_example_com_settings_path acl 443_abc_test_example_com__host hdr(host) -i abc.test.example.com acl 443_abc_test_example_com__host hdr(host) -i abc.test.example.com:443 use_backend 443_abc_test_example_com_ if 443_abc_test_example_com__host acl 443_mb_test_example_com__host hdr(host) -i mb.test.example.com acl 443_mb_test_example_com__host hdr(host) -i mb.test.example.com:443 use_backend 443_mb_test_example_com_ if 443_mb_test_example_com__host acl 443_fgh_test_example_com__host hdr(host) -i fgh.test.example.com acl 443_fgh_test_example_com__host hdr(host) -i fgh.test.example.com:443 use_backend 443_fgh_test_example_com_ if 443_fgh_test_example_com__host acl 443_test_example_com__host hdr(host) -i test.example.com acl 443_test_example_com__host hdr(host) -i test.example.com:443 use_backend 443_test_example_com_ if 443_test_example_com__host acl 443_www_test_example_com__host hdr(host) -i www.test.example.com acl 443_www_test_example_com__host hdr(host) -i www.test.example.com:443 use_backend 443_www_test_example_com_ if 443_www_test_example_com__host backend 9765_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server c0abff8ff53e7eb0c2871da1d52fc51d0efc5065 10.42.31.29:80 cookie c0abff8ff53e7eb0c2871da1d52fc51d0efc5065 backend 80_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server 4492af01cd1d23a2c4e3d9243cb4e50d09162edf 10.42.55.231:80 cookie 2dd1d23a291dfc49201c2e4afb4e50d033ce6449 backend 5600_elk_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto timeout check 2000 cookie idsession insert domain test.example.com mode http server 23ff4a32aec3cafa9d1fdc8a6591cfc83c8b45cd 10.42.211.19:5600 check port 5600 inter 2000 rise 2 fall 3 cookie 23ff4a32aec3cafa9d1fdc8a6591cfc83c8b45cd backend 443_xyz_test_example_com_api_v3 acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server 5f9f2d6d447d598916598880d9389e0170e7e3aa 10.42.68.211:3000 cookie 5f9f2d6d447d598916598880d9389e0170e7e3aa backend 443_xyz_test_example_com_demo acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server fa74d3cf56e66212ec875e0b92c2b670fb99754f 10.42.0.89:80 cookie fa74d3cf56e66212ec875e0b92c2b670fb99754f backend 443_xyz_test_example_com_guard acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto timeout check 60000 option httpchk GET "/guard/health" "HTTP/1.1\r\nHost: xyz.test.example.com" cookie idsession insert domain test.example.com mode http server e0c95be63cd81c7671748b7ff8d96e86e3d0b0a8 10.42.208.41:80 check port 80 inter 2000 rise 2 fall 3 cookie e0c95be63cd81c7671748b7ff8d96e86e3d0b0a8 backend 443_xyz_test_example_com_docs acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server b40feb86b28112d96aa8af75544dfea594ef32c1 10.42.21.153:80 cookie b40feb86b28112d96aa8af75544dfea594ef32c1 backend 443_xyz_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto timeout check 60000 option httpchk GET "/health" "HTTP/1.1\r\nHost: xyz.test.example.com" cookie idsession insert domain test.example.com mode http server 002c117a2eab4ec0accf6343fc48c16896f301f3 10.42.5.159:80 check port 80 inter 2000 rise 2 fall 3 cookie 002c117a2eab4ec0accf6343fc48c16896f301f3 backend 443_abc_test_example_com_settings acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto timeout check 60000 option httpchk GET "/settings/health" "HTTP/1.1\r\nHost: abc.test.example.com" cookie idsession insert domain test.example.com mode http server c702bff8af5259921616ccaab19cf87b78490fbc 10.42.84.238:80 check port 80 inter 2000 rise 2 fall 3 cookie c702bff8af5259921616ccaab19cf87b78490fbc backend 443_abc_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto timeout check 60000 option httpchk GET "/health" "HTTP/1.1\r\nHost: abc.test.example.com" cookie idsession insert domain test.example.com mode http server 871fdd922c10878663616084dca6df63574c0103 10.42.249.170:80 check port 80 inter 2000 rise 2 fall 3 cookie 871fdd922c10878663616084dca6df63574c0103 backend 443_mb_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server 928e481473de26ee572194a9885ed29281cc50ca 10.42.223.173:8080 cookie 928e481473de26ee572194a9885ed29281cc50ca backend 443_fgh_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto timeout check 60000 option httpchk GET "/health" "HTTP/1.1\r\nHost: fgh.test.example.com" cookie idsession insert domain test.example.com mode http server 6d9f03cdd2515fbe025d0d688d043e34ec45ffcc 10.42.248.45:80 check port 80 inter 2000 rise 2 fall 3 cookie 6d9f03cdd2515fbe025d0d688d043e34ec45ffcc backend 443_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server 1ea4383c9540dfd7b8e913fbf26f86aeee952c3e 10.42.137.206:80 cookie 1ea4383c9540dfd7b8e913fbf26f86aeee952c3e backend 443_www_test_example_com_ acl forwarded_proto hdr_cnt(X-Forwarded-Proto) eq 0 acl forwarded_port hdr_cnt(X-Forwarded-Port) eq 0 http-request add-header X-Forwarded-Port %[dst_port] if forwarded_port http-request add-header X-Forwarded-Proto https if { ssl_fc } forwarded_proto cookie idsession insert domain test.example.com mode http server 1ea4383c9540dfd7b8e913fbf26f86aeee952c3e 10.42.137.206:80 cookie 1ea4383c9540dfd7b8e913fbf26f86aeee952c3e
謝謝!
您需要
default_backend
為您的frontend 443