Proxy

當伺服器可用時,HaProxy 為靜態文件隨機返回 503

  • February 4, 2019

HaProxy 隨機返回 503,即使肯定有可用的後端伺服器。後端正在正確地提供文件,因為它的訪問日誌顯示它總是返回 200 或 304。我正在摸不著頭腦,為什麼會這樣。奇怪的是它只發生在這個 css 文件上!

範例 503 日誌消息:

10 月 3 日 17:26:24 haproxy0-1 haproxy

$$ 2313 $$: xxxx:53265$$ 03/Oct/2018:17:26:24.187 $$https-in~ appName/apps-1.prod.companyName.com 0/0/-1/-1/1 503 213 - - CC– 22/22/16/8/0 0/0 {|} “GET /appName/resources/css/appName.css HTTP/1.1”

HaProxy 配置:

global
   log /dev/log    local0
   log /dev/log    local1 notice
   chroot /var/lib/haproxy
   stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
   stats timeout 30s
   user haproxy
   group haproxy
   daemon
   ca-base /etc/ssl/certs
   crt-base /etc/ssl/private
   ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS:!AES256
   ssl-default-bind-options force-tlsv12
   tune.ssl.default-dh-param 2048
   lua-load /etc/haproxy/cors.lua

defaults
   log global
   mode http
   option forwardfor
   option httplog
   option dontlognull
   option redispatch
   retries 3
   timeout http-request 20000
   timeout queue 20000
   timeout connect 20000
   timeout client 20000
   timeout server 20000
   timeout http-keep-alive 20000
   timeout check 500
   maxconn 3000
   errorfile 400 /etc/haproxy/errors/400.http
   errorfile 403 /etc/haproxy/errors/403.http
   errorfile 408 /etc/haproxy/errors/408.http
   errorfile 500 /etc/haproxy/errors/500.http
   errorfile 502 /etc/haproxy/errors/502.http
   errorfile 503 /etc/haproxy/errors/503.http
   errorfile 504 /etc/haproxy/errors/504.http

frontend https-in
   bind :443 ssl crt /etc/ssl/private/prod.companyName.com.pem alpn h2,http/1.1
   capture request header origin len 128
   capture request header access-control-request-headers len 128
   http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if !METH_OPTIONS { capture.req.hdr(0) -m reg -f /etc/haproxy/cors-origins.lst }
   http-request use-service lua.cors-response if METH_OPTIONS { capture.req.hdr(0) -m reg -f /etc/haproxy/cors-origins.lst }
   acl acl_appName path_beg /appName if !METH_OPTIONS
   use_backend appName if acl_appName
   default_backend no-match

backend appName
   reqadd X-Forwarded-Proto:\ https
   balance leastconn
   option httpchk GET /appName/haproxy.jsp HTTP/1.0
   server apps-1.prod.companyName.com apps-1.prod.companyName.com:8443 check ssl verify required ca-file /usr/local/share/ca-certificates/companyName-CA.crt
   server apps-3.prod.companyName.com apps-3.prod.companyName.com:8443 check ssl verify required ca-file /usr/local/share/ca-certificates/companyName-CA.crt

backend no-match
   http-request deny deny_status 404

listen stats
   bind localhost:9000
   mode http
   stats enable
   stats realm Haproxy\ Statistics
   stats uri /stats
   #stats admin if TRUE

感謝您的任何幫助!

這些可能是來自啟用了 RCWN(“Race Cache With Network”)的 Firefox 的請求:

“CC–”表示客戶端在與後端伺服器建立連接之前中止,這種情況發生在 Firefox 向 haproxy 發送 HTTP 請求然後立即關閉連接(因為它在其記憶體中找到響應)時。

火狐nsHttpChannel.cpp

// We will attempt to race the network vs the cache if we've found
// this entry in the cache index, and it has appropriate attributes
// (doesn't have alt-data, and has a small size)

另請參閱:networking#rcwn(在 Firefox 上)

引用自:https://serverfault.com/questions/933817