Exchange

HAProxy 504 網關超時交換 2016

  • September 4, 2018

我一直在嘗試將 HAProxy 用作我的 2 個 Exchange 2016 郵件伺服器的代理和負載平衡器。每當我點擊 HAProxy 伺服器的 IP 時,我都會收到“504 網關超時”錯誤。我嘗試過更改配置,但沒有奏效。這是我現在使用的配置:

global
   log /dev/log    local0
   log /dev/log    local1 notice
   chroot /var/lib/haproxy
   stats socket /run/haproxy/admin.sock mode 660 level admin
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

   # Default SSL material locations
   ca-base /etc/ssl/certs
   crt-base /etc/ssl/private

   # Default ciphers to use on SSL-enabled listening sockets.
   # For more information, see ciphers(1SSL). This list is from:
   #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
   ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
   ssl-default-bind-options no-sslv3

defaults
   log global
   mode    http
   option  httplog
   option  dontlognull
       timeout connect 5000
       timeout client  50000
       timeout server  50000
   errorfile 400 /etc/haproxy/errors/400.http
   errorfile 403 /etc/haproxy/errors/403.http
   errorfile 408 /etc/haproxy/errors/408.http
   errorfile 500 /etc/haproxy/errors/500.http
   errorfile 502 /etc/haproxy/errors/502.http
   errorfile 503 /etc/haproxy/errors/503.http
   errorfile 504 /etc/haproxy/errors/504.http

#---------------------------------------------------------------------
# Stripped down config
#---------------------------------------------------------------------

frontend exchange
   bind *:80
   default_backend exchange_servers

backend exchange_servers
   balance roundrobin
   server EXCHANGE1 192.168.80.140:443 check
   server EXCHANGE2 192.168.80.141:443 check 

這是 Haproxy 統計頁面: Haproxy 統計頁面:

錯誤是需要將其設置為“mode tcp”才能將其設置為 L4 代理而不是 L7 代理。這是更新的工作配置:

global
   log /dev/log    local0
   log /dev/log    local1 notice
   chroot /var/lib/haproxy
   stats socket /run/haproxy/admin.sock mode 660 level admin
   stats timeout 30s
   user haproxy
   group haproxy
   daemon

   # Default SSL material locations
   ca-base /etc/ssl/certs
   crt-base /etc/ssl/private

   # Default ciphers to use on SSL-enabled listening sockets.
   # For more information, see ciphers(1SSL). This list is from:
   #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
   ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
   ssl-default-bind-options no-sslv3

defaults
   log global
   mode    http
   option  httplog
   option  dontlognull
   option  forwardfor
   option  redispatch
#   option  contstats
   retries  3
       timeout connect 5000
       timeout client  15m
       timeout server  15m
   timeout http-request 10s
   timeout queue 1m
   timeout http-keep-alive 10s
   timeout check 10s
   errorfile 400 /etc/haproxy/errors/400.http
   errorfile 403 /etc/haproxy/errors/403.http
   errorfile 408 /etc/haproxy/errors/408.http
   errorfile 500 /etc/haproxy/errors/500.http
   errorfile 502 /etc/haproxy/errors/502.http
   errorfile 503 /etc/haproxy/errors/503.http
   errorfile 504 /etc/haproxy/errors/504.http

listen stats 
   bind :1936
   mode http
   stats enable
   stats hide-version
   stats realm Haproxy\ Statistics
   stats uri /haproxy_stats
   stats auth Username:Password

#---------------------------------------------------------------------
# Stripped down config
#---------------------------------------------------------------------

frontend exchange
   bind *:80
   bind *:443
   mode tcp
   default_backend exchange_servers

backend exchange_servers
   mode tcp
   balance roundrobin
   server EXCHANGE1 192.168.80.140:443 check
   server EXCHANGE2 192.168.80.141:443 check

引用自:https://serverfault.com/questions/928177