haproxy无限页刷新循环

Question

在不同的主机上，IIS web服务器上有两个相同的站点，对它们的访问是在两个端口443和9000上打开的，如果我在haproxy中打开两个主机，那么当打开站点页面时，就会发生无休止的页面刷新周期。如果禁用其中一个捕获项或将权重指定为srv1权重100 srv2权重0，则可以正常工作。我怎么才能解决这个问题？我的haproxy配置：

global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2
#    log /dev/log    local0
#    log /dev/log    local1 notice
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     10000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats mode 666 level user

    ssl-default-bind-options no-sslv3
    ssl-default-bind-ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4
    # ssl-server-verify none

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    #option http-server-close
    #option forwardfor       except 127.0.0.0/8
    #option                  redispatch
    retries                 10
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          150s
    timeout http-keep-alive 65s
    timeout check           10s
    maxconn                 10000
    log-format "%{+Q}o\ client = %ci:%cp, server = %si:%sp path = %HU, status = %ST, %b, t_простоя = %Ti, t_отклика = %Tr, t_сеанса = %Tt, request = %r, byte = %B"

frontend stats

   bind *:8404
   http-request use-service prometheus-exporter if { path /metrics }
   no log
   stats enable
   stats uri /stats
   stats refresh 10s
   stats auth adm:123

frontend http
    bind *:80
    mode http
    redirect scheme https if !{ ssl_fc }

frontend https
    bind *:443 ssl crt /etc/haproxy/tls/haproxy.pem alpn h2,http/1.1
    bind *:9000 ssl crt /etc/haproxy/tls/haproxy.pem alpn h2,http/1.1
    option              forwardfor
    option              http-keep-alive
    http-request add-header X-Forwarded-Proto https
    http-request set-header X-Client-IP %[src]

    errorloc 404 https://xxxx.com/500
    errorloc 500 https://xxxx.com/500
    errorloc 503 https://xxxx.com/500
    errorloc 504 https://xxxx.com/500

    use_backend https if { hdr(host) -i xxxx.com }
    use_backend 9000 if { hdr(host) -i xxxx.com:9000 }


backend https
    balance roundrobin
    server srv1 192.168.1.11:443 check cookie srv1 weight 80 ssl verify none
    server srv2 192.168.1.111:443 check cookie srv2 weight 20  ssl verify none

backend 9000
    balance roundrobin
    server srv1 192.168.1.11:9000 check cookie srv1 weight 80 ssl verify none
    server srv2 192.168.1.111:9000 check cookie srv2 weight 20 ssl verify none

Answer 1

您正在使用" cookie“策略进行负载平衡，但无法设置此cookie：

balance roundrobin
server srv1 192.168.1.11:443 check cookie srv1 weight 80 ssl verify none
server srv2 192.168.1.111:443 check cookie srv2 weight 20  ssl verify none

因此，客户端与两个服务器进行交替通信。这不适合IIS (和/或底层技术)。

只需告诉HAProxy使用/设置的cookie。例如，一个名为SERVERID的cookie：

balance roundrobin
cookie SERVERID insert indirect nocache
server srv1 192.168.1.11:443 check cookie srv1 weight 80 ssl verify none
server srv2 192.168.1.111:443 check cookie srv2 weight 20  ssl verify none

• 如果客户端已经有SERVERID cookie，则HAProxy将流量发送到相应的服务器；如果客户端没有SERVERID cookie，则
• ，则HAProxy选择并指示客户端到Set-Cookie: SERVERID=s1，例如.

。

来源：https://www.haproxy.com/blog/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/