HAProxy:多个网站,但其中只有一个需要使用所有后端
HAProxy: multiple websites, but only one of them needs to use ALL backends
我目前有一个 HAproxy 负载均衡器设置,带有 2 个后端,总共 3 个网站。其中一个网站需要一个额外的服务器(一个新的后端,后端#3),但其他网站不必使用这个后端。有什么办法吗?可悲的是,我无法使用文档解决这个问题。配置已添加。新后端将是 .77。谢谢!
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
maxconn 2000
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
# use 7 of 8 cores, bind stats to the 7th. We want one core for OS and stuff :)
nbproc 7
cpu-map 1 1
cpu-map 2 2
cpu-map 3 3
cpu-map 4 4
cpu-map 5 5
cpu-map 6 6
cpu-map 7 7
stats bind-process 7
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats 192.168.3.78:1936
stats enable
stats uri /
frontend www-http
bind 1.2.3.4:80
bind 192.168.3.78:80
reqadd X-Forwarded-Proto:\ http
bind-process 1
default_backend www-backend
frontend www-https
bind 1.2.3.4:443 ssl crt /etc/ssl/private/1.full-pem crt /etc/ssl/private/2.full-pem crt /etc/ssl/private/3.full-pem
reqadd X-Forwarded-Proto:\ https
option forwardfor
bind-process 2 3 4 5 6
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
cookie SERVERID insert indirect nocache
server www-1 192.168.3.75:80 check cookie www-1
server www-2 192.168.3.74:80 check cookie www-2
关于单词 "backend" 的注释:您在问题中使用它来描述将接收转发请求的服务。为了避免混淆,我将在这里使用 server,backend 将是一组 server(以匹配 HAProxy 术语)。
你需要两个 backend 块,一个有两个 server 另一个有三个。在您的 frontend 中,使用主机名选择正确的主机名:
frontend www-http
[...]
acl host_website3 hdr(host) -i website3.com # match the new website
use_backend www-backend-with3 if host_website3 # send it to the correct backend
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
cookie SERVERID insert indirect nocache
server www-1 192.168.3.75:80 check cookie www-1
server www-2 192.168.3.74:80 check cookie www-2
backend www-backend-with3 # new backend here
redirect scheme https if !{ ssl_fc }
cookie SERVERID insert indirect nocache
server www-1 192.168.3.75:80 check cookie www-1
server www-2 192.168.3.74:80 check cookie www-2
server www-3 192.168.3.77:80 check cookie www-3 # with a new server here
我目前有一个 HAproxy 负载均衡器设置,带有 2 个后端,总共 3 个网站。其中一个网站需要一个额外的服务器(一个新的后端,后端#3),但其他网站不必使用这个后端。有什么办法吗?可悲的是,我无法使用文档解决这个问题。配置已添加。新后端将是 .77。谢谢!
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
maxconn 2000
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
# use 7 of 8 cores, bind stats to the 7th. We want one core for OS and stuff :)
nbproc 7
cpu-map 1 1
cpu-map 2 2
cpu-map 3 3
cpu-map 4 4
cpu-map 5 5
cpu-map 6 6
cpu-map 7 7
stats bind-process 7
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
option http-server-close
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats 192.168.3.78:1936
stats enable
stats uri /
frontend www-http
bind 1.2.3.4:80
bind 192.168.3.78:80
reqadd X-Forwarded-Proto:\ http
bind-process 1
default_backend www-backend
frontend www-https
bind 1.2.3.4:443 ssl crt /etc/ssl/private/1.full-pem crt /etc/ssl/private/2.full-pem crt /etc/ssl/private/3.full-pem
reqadd X-Forwarded-Proto:\ https
option forwardfor
bind-process 2 3 4 5 6
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
cookie SERVERID insert indirect nocache
server www-1 192.168.3.75:80 check cookie www-1
server www-2 192.168.3.74:80 check cookie www-2
关于单词 "backend" 的注释:您在问题中使用它来描述将接收转发请求的服务。为了避免混淆,我将在这里使用 server,backend 将是一组 server(以匹配 HAProxy 术语)。
你需要两个 backend 块,一个有两个 server 另一个有三个。在您的 frontend 中,使用主机名选择正确的主机名:
frontend www-http
[...]
acl host_website3 hdr(host) -i website3.com # match the new website
use_backend www-backend-with3 if host_website3 # send it to the correct backend
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
cookie SERVERID insert indirect nocache
server www-1 192.168.3.75:80 check cookie www-1
server www-2 192.168.3.74:80 check cookie www-2
backend www-backend-with3 # new backend here
redirect scheme https if !{ ssl_fc }
cookie SERVERID insert indirect nocache
server www-1 192.168.3.75:80 check cookie www-1
server www-2 192.168.3.74:80 check cookie www-2
server www-3 192.168.3.77:80 check cookie www-3 # with a new server here