我们有一些开发人员希望使用HAProxy内置的404禁用选项来临时删除后台服务器以进行维护,例如代码推送。 目前,我们的后端configuration看起来像这样:
defaults mode http log global option httplog option dontlognull option forwardfor except 127.0.0.0/8 option redispatch option http-server-close retries 3 timeout http-request 10m timeout queue 1m timeout connect 10s timeout client 10m timeout server 10m timeout http-keep-alive 10s timeout check 10s timeout tunnel 4hrs maxconn 10000 frontend http_https_frontend bind 192.168.1.1:80 bind 192.168.1.1:443 ssl crt /etc/haproxy/ssl/cert.pem no-sslv3 maxconn 1024 # redirect all non-https requests to https reqadd X-Forwarded-Proto:\ https if { ssl_fc } reqadd X-Proto:\ SSL if { ssl_fc } redirect scheme https if !{ ssl_fc } # Set HSTS and secure all cookies acl secure dst_port eq 443 http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure # default backend for https requests default_backend server_backend backend server_backend http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk GET /proxy_health_check HTTP/1.1\r\nHost:\ http-check expect status 200 http-check disable-on-404 default-server inter 2s fall 5 rise 2 cookie SERVER-NODE-ID insert indirect nocache server Server1 Server1.domain.com:443 cookie 01 check ssl verify none inter 10000 server Server2 Server2.domain.com:443 cookie 02 check ssl verify none inter 10000 server Server3 Server3.domain.com:443 cookie 03 check ssl verify none inter 10000 server Server4 Server4.domain.com:443 cookie 04 check ssl verify none inter 10000 所以基本上它是健康检查/ proxy_health_check,当状态是200时,一切都很好,404时它处于维护模式,其他任何事情都是closures的。
但是,根据HAProxy的文档,持久连接保留在后端服务器上,当所有事情都处于启动状态时,这种连接是非常好的,但是在处于maint模式时,并不能完全“释放”后端的客户端。 我认为选项redispatch应该照顾这一点 – 我用这个错误?
基本上我想要两全其美 – 当一个后端启动时,我想要持续连接。 但是,当后端处于maint模式时,我希望这些连接“移动”到不同的活动后端。 那可能吗?
顺便说一句,我正在运行版本HAProxy v1.5.18。 提前致谢!