Proxy
當伺服器可用時,HaProxy 為靜態文件隨機返回 503
HaProxy 隨機返回 503,即使肯定有可用的後端伺服器。後端正在正確地提供文件,因為它的訪問日誌顯示它總是返回 200 或 304。我正在摸不著頭腦,為什麼會這樣。奇怪的是它只發生在這個 css 文件上!
範例 503 日誌消息:
10 月 3 日 17:26:24 haproxy0-1 haproxy
$$ 2313 $$: xxxx:53265$$ 03/Oct/2018:17:26:24.187 $$https-in~ appName/apps-1.prod.companyName.com 0/0/-1/-1/1 503 213 - - CC– 22/22/16/8/0 0/0 {|} “GET /appName/resources/css/appName.css HTTP/1.1”
HaProxy 配置:
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon ca-base /etc/ssl/certs crt-base /etc/ssl/private ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AES256 ssl-default-bind-options force-tlsv12 tune.ssl.default-dh-param 2048 lua-load /etc/haproxy/cors.lua defaults log global mode http option forwardfor option httplog option dontlognull option redispatch retries 3 timeout http-request 20000 timeout queue 20000 timeout connect 20000 timeout client 20000 timeout server 20000 timeout http-keep-alive 20000 timeout check 500 maxconn 3000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend https-in bind :443 ssl crt /etc/ssl/private/prod.companyName.com.pem alpn h2,http/1.1 capture request header origin len 128 capture request header access-control-request-headers len 128 http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if !METH_OPTIONS { capture.req.hdr(0) -m reg -f /etc/haproxy/cors-origins.lst } http-request use-service lua.cors-response if METH_OPTIONS { capture.req.hdr(0) -m reg -f /etc/haproxy/cors-origins.lst } acl acl_appName path_beg /appName if !METH_OPTIONS use_backend appName if acl_appName default_backend no-match backend appName reqadd X-Forwarded-Proto:\ https balance leastconn option httpchk GET /appName/haproxy.jsp HTTP/1.0 server apps-1.prod.companyName.com apps-1.prod.companyName.com:8443 check ssl verify required ca-file /usr/local/share/ca-certificates/companyName-CA.crt server apps-3.prod.companyName.com apps-3.prod.companyName.com:8443 check ssl verify required ca-file /usr/local/share/ca-certificates/companyName-CA.crt backend no-match http-request deny deny_status 404 listen stats bind localhost:9000 mode http stats enable stats realm Haproxy\ Statistics stats uri /stats #stats admin if TRUE感謝您的任何幫助!
這些可能是來自啟用了 RCWN(“Race Cache With Network”)的 Firefox 的請求:
“CC–”表示客戶端在與後端伺服器建立連接之前中止,這種情況發生在 Firefox 向 haproxy 發送 HTTP 請求然後立即關閉連接(因為它在其記憶體中找到響應)時。
// We will attempt to race the network vs the cache if we've found // this entry in the cache index, and it has appropriate attributes // (doesn't have alt-data, and has a small size)另請參閱:networking#rcwn(在 Firefox 上)