我正在尝试HAProxy进行TCP负载平衡.连接在单个IP上进入端口X,然后HAProxy使用"leastconn"平衡方法将这些连接平衡到后端,以保持连接数均匀.这是在Ubuntu 10.04 x64上.
我已经将内核配置中的file-max调高到700,000.我已经将每个进程的ulimit调高到大约400,000.我已经将haproxy配置中的maxconn调到了200,000.它报告看到这个maxconn罚款:
show info
Name: HAProxy
Version: 1.3.22
Release_date: 2009/10/14
Nbproc: 1
Process_num: 1
Pid: 1355
Uptime: 0d 4h38m46s
Uptime_sec: 16726
Memmax_MB: 0
Ulimit-n: 400013
Maxsock: 400013
Maxconn: 200000
Maxpipes: 0
CurrConns: 1113
PipesUsed: 0
PipesFree: 0
Tasks: 1113
Run_queue: 1
node: XXXXX
这个前端负载均衡5个后端系统.但是,当每个后端达到400个会话时,它只是平衡停止平衡,并且只是推迟了其他连接.我可以用"smax"统计数据看到这一点.您将注意到每个会话的最大会话数为400,并且最大会话总数为2000:
show stat
#
pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,
protoa,FRONTEND,,,958,2000,2000,12624,6230219,6445523,0,0,0,,,,,OPEN,,,,,,,,,1,1,0,,,,0,0,0,406,
protoa,XXX1672,0,0,191,400,,3222,1249403,1286659,,0,,221,0,664,0,no check,1,1,0,,,,,,1,1,1,,2559,,2,0,,198,
protoa,XXX1674,0,0,192,400,,3106,1242103,1289247,,0,,178,0,535,0,no check,1,1,0,,,,,,1,1,2,,2572,,2,0,,171,
protoa,XXX1707,0,0,193,400,,3043,1266305,1305311,,0,,164,0,492,0,no check,1,1,0,,,,,,1,1,3,,2551,,2,0,,161,
protoa,XXX1782,0,0,189,400,,3046,1236790,1282690,,0,,204,0,619,0,no check,1,1,0,,,,,,1,1,4,,2429,,2,0,,190,
protoa,XXX1851,0,0,193,400,,3060,1235618,1281616,,0,,189,0,570,0,no check,1,1,0,,,,,,1,1,5,,2490,,2,0,,180,
protoa,BACKEND,0,0,958,2000,2000,12624,6230219,6445523,0,0,,956,0,2880,0,UP,5,5,0,,0,17645,0,,1,1,0,,12601,,1,0,,406,
protob,FRONTEND,,,4,6,2000,28,15204,15726,0,0,0,,,,,OPEN,,,,,,,,,1,2,0,,,,0,0,0,2,
protob,XXX1672,0,0,2,2,,5,2313,2322,,0,,0,0,0,0,no check,1,1,0,,,,,,1,2,1,,5,,2,0,,1,
protob,XXX1674,0,0,0,2,,5,3520,3803,,0,,0,0,0,0,no check,1,1,0,,,,,,1,2,2,,5,,2,0,,1,
protob,XXX1707,0,0,0,2,,8,3303,3214,,0,,0,0,0,0,no check,1,1,0,,,,,,1,2,3,,8,,2,0,,1,
protob,XXX1782,0,0,1,2,,5,3529,3745,,0,,0,0,0,0,no check,1,1,0,,,,,,1,2,4,,5,,2,0,,1,
protob,XXX1851,0,0,1,1,,5,2539,2642,,0,,0,0,0,0,no check,1,1,0,,,,,,1,2,5,,5,,2,0,,1,
protob,BACKEND,0,0,4,6,2000,28,15204,15726,0,0,,0,0,0,0,UP,5,5,0,,0,17645,0,,1,2,0,,28,,1,0,,2,
这种限制来自哪里?我真的想把数十万个连接吸引到这个haproxy实例中.(机器有网络,CPU和RAM跟上)
我已将haproxy配置为将路径"/ rawman"重定向到我的服务器上的端口8080.它第一次工作,但是一旦我访问默认站点,它就会停止工作.默认站点在带有mod_rewrite的apache上运行,并且它正在捕获无效请求(使用codeigniter),因此当我访问http://mysite.com/rawman?foo=bar时,我没有看到重定向的站点,而是看到了默认站点.
This is my haproxy config:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend http_proxy
bind 0.0.0.0:8090
acl is_ast path_beg /rawman
use_backend ast if is_ast
default_backend mysite
backend ast
server ast 0.0.0.0:8080
backend mysite
server local 0.0.0.0:80
haproxy如何处理静态文件(如.css,.js,.jpeg)?当我使用配置文件时,浏览器会说:
503服务不可用
没有服务器可用于处理此请求。
这是我的配置:
global
daemon
group root
maxconn 4000
pidfile /var/run/haproxy.pid
user root
defaults
log global
option redispatch
maxconn 65535
contimeout 5000
clitimeout 50000
srvtimeout 50000
retries 3
log 127.0.0.1 local3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
listen dashboard_cluster :8888
mode http
stats refresh 5s
balance roundrobin
option httpclose
option tcplog
#stats realm Haproxy \ statistic
acl url_static path_beg -i /static
acl url_static path_end -i .css .jpg …假设我在localhost:9000上运行tcp服务器,在localhost:8000上运行HTTP服务器.HTTP服务器公开URL"/ healthz",如果tcp服务器正常,则返回200;如果tcp服务器不健康,则返回500.也就是说,执行:
curl localhost:9000/healthz
将返回状态200或状态500,具体取决于tcp服务器的运行状况.
我希望HAProxy使用localhost:8000/healthz作为tcp服务器的运行状况检查.那可能吗?
我无法添加后端服务器,因为运行状况检查失败并显示日志消息
服务器mule/muleapp的运行状况检查失败,原因:Layer4连接问题,信息:"常规套接字错误(权限被拒绝)",检查持续时间:0ms,状态:0/2 DOWN.
然而,我能够远程登录到相同的IP和主机.并添加其他后端工作.我没看到什么是权限问题.我的配置非常简单
backend mule
balance roundrobin
server muleapp x.x.x.x:64006 check
(用任意数字代替x).我在HTTP模式下运行.应该注意,连接到本地TCPMon端口也不起作用 - 但是没有运行状况检查日志语句.
根据(详细)主题,使用Keepalived&HAProxy作为HA网络服务器loadbalancer与纯粹的keepalived解决方案相比,有什么优势吗?
我已经配置了HAProxy(1.5.4,但我也试过1.5.14)来平衡TCP模式两个服务器在5672端口上暴露AMQP协议(WSO2 Message Broker).客户端通过HAProxy创建并使用与AMQP服务器的永久连接.
我已经更改了客户端和服务器TCP keepalive超时,设置net.ipv4.tcp_keepalive_time = 120(CentOS 7).
在HAProxy中,我将超时客户端/服务器设置为200秒(> 120秒的keepalive数据包)并使用选项clitcpka.
然后我开始使用wireshark并嗅探所有tcp流量:在客户端的最后一个请求之后,tcp keepalived数据包在120秒后定期发送,但在客户端的最后一次请求后200秒后连接被关闭(因此忽略keepalived包).
配置下方:
haproxy.conf
global
log 127.0.0.1 local3
maxconn 4096
user haproxy
group haproxy
daemon
debug
listen messagebroker_balancer 172.19.19.91:5672
mode tcp
log global
retries 3
timeout connect 5000ms
option redispatch
timeout client 200000ms
timeout server 200000ms
option tcplog
option clitcpka
balance leastconn
server s1 172.19.19.79:5672 check inter 5s rise 2 fall 3
server s2 172.19.19.80:5672 check inter 5s rise 2 fall 3
当我打开我的http代理服务器的haproxy统计报告页面时,我看到如下内容:
Cum. connections: 280073
Cum. sessions : 3802
Cum. HTTP requests: 24245
我没有在配置中使用'appsession'和任何其他与cookie相关的命令.那么'会话'在这里意味着什么?
我想haproxy通过这个顺序识别http会话:
我对吗?
我们有一个java web服务器,可以通过h2c(HTTP/2明文)提供内容
我们希望将使用h2(即SSL上的标准HTTP/2)建立的代理连接反向到h2c中的java服务器.
在nginx上启用HTTP/2非常简单,处理传入的h2连接工作正常.
我们如何告诉nginx使用h2c代替连接而不是http/1.1?
注意:非nginx解决方案可能是可以接受的
server {
listen 443 ssl http2 default_server;
server_name localhost;
ssl_certificate /opt/nginx/certificates/???.pem;
ssl_certificate_key /opt/nginx/certificates/???.pk8.key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8080/; ## <---- h2c here rather than http/1.1
}
}
结论 (2016年6月)
这可以使用haproxy使用配置文件来完成,如下所示.
查询(HttpServletRequest) req.getProtocol()清楚回报HTTP/2.0
global
tune.ssl.default-dh-param 1024
defaults
timeout connect 10000ms
timeout client 60000ms
timeout server 60000ms
frontend fe_http
mode http
bind *:80
# Redirect to https
redirect scheme https code 301
frontend fe_https
mode …发布后,我们开始在生产应用程序中随机获得ERR_SPDY_PROTOCOL_ERROR.当我们得到它时,我们刷新浏览器几次,错误就消失了.我们无法真正重现错误,但我们设法捕获详细的chrome网络日志.请求的详细信息如下所示.
如果你知道我的意思,我希望得到别人的反馈或帮助,因为这是我希望自己不是开发人员的问题之一......
PS所涉及的技术都标记在这里.我们在后端使用react和后端的asp.net/servicestack.我们使用haproxy作为负载均衡器.我们只通过chrome看到此错误.
89365: URL_REQUEST https://api-domain.com/some/path?page=1&pageSize=10 Start Time: 2019-01-15 11:11:15.029 t=255420 [st= 0] +REQUEST_ALIVE [dt=10068]
--> priority = "MEDIUM"
--> url = "https://api-domain.com/some/path?page=1&pageSize=10" t=255421 [st= 1] NETWORK_DELEGATE_BEFORE_URL_REQUEST [dt=0] t=255421 [st= 1]
+URL_REQUEST_START_JOB [dt=10066]
--> load_flags = 17216 (DO_NOT_SAVE_COOKIES | DO_NOT_SEND_AUTH_DATA | DO_NOT_SEND_COOKIES | MAYBE_USER_GESTURE)
--> method = "GET"
--> url = "https://api-domain.com/some/path?page=1&pageSize=10" t=255421 [st= 1] NETWORK_DELEGATE_BEFORE_START_TRANSACTION [dt=0] t=255421 [st= 1] HTTP_CACHE_GET_BACKEND [dt=0] t=255421 [st= 1] HTTP_CACHE_OPEN_ENTRY [dt=0] t=255421 [st= 1] HTTP_CACHE_ADD_TO_ENTRY [dt=0] t=255421 [st= 1] HTTP_CACHE_READ_INFO [dt=0] t=255421 [st= 1] …