HAProxy不转发到后端节点-显示503服务不可用

编程问答 2022-06-07

问题描述

你好,同花异草,

我的OpenStack环境中有2个Nginx Web服务器。 我正在尝试使用HAProxy设置负载平衡。 Ubuntu 18是所有服务器上的操作系统。

将后端IP添加认配置。当我尝试通过浏览器连接到我的LB时,我得到:

“ 503服务不可用”

到目前为止我所知道的:

  • 当我直接连接到后端时就可以使用它们。
  • 我在OpenStack GUI中打开了正确的端口
  • 我检查了HAProxy日志并发现以下内容

Oct 20 13:04:30 HA_Proxy haproxy[2361]: [ALERT] 293/130430 (2361) : Starting frontend haproxynode: cannot bind socket [91.250.78.208:80]
Oct 20 13:04:30 HA_Proxy haproxy[2361]: Proxy backendnodes started.
Oct 20 13:04:30 HA_Proxy haproxy[2361]: Proxy backendnodes started.
Oct 20 13:04:30 HA_Proxy haproxy[2361]: Proxy stats started.
Oct 20 13:04:30 HA_Proxy haproxy[2361]: Proxy stats started.
Oct 20 13:05:27 HA_Proxy haproxy[2399]: Proxy haproxynode started.
Oct 20 13:05:27 HA_Proxy haproxy[2399]: Proxy haproxynode started.
Oct 20 13:05:27 HA_Proxy haproxy[2399]: Proxy backendnodes started.
Oct 20 13:05:27 HA_Proxy haproxy[2399]: Proxy backendnodes started.
Oct 20 13:05:27 HA_Proxy haproxy[2399]: Proxy stats started.
Oct 20 13:05:27 HA_Proxy haproxy[2402]: Server backendnodes/node1 is DOWN,reason: Layer4 connection problem,info: "Connection refused",check duration: 0ms. 1 active and 0 backup servers left. 0 sessions acti$

我不知道该如何处理“无法绑定套接字”消息,也许它在配置中有所作用:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more @R_557_4045@ion,see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend haproxynode
    bind *:80
    mode http
    default_backend backendnodes

backend backendnodes
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server node1 192.168.0.77:8080 check
    server node2 192.168.0.76:8080 check

listen stats
    bind :32700
    stats enable
    stats uri /
    stats hide-version
    stats auth someuser:password

有人知道我还可以检查解决该问题吗?

还请注意,我从八月开始学徒制,几乎没有任何负载平衡或网络服务器的经验=(

解决方法

如果收到cannot bind socket错误消息,请尝试运行以下命令

setsebool -P haproxy_connect_any=1

否则,请终止要使用的端口上正在运行的服务,然后重新启动haproxy

$fuser -k <your_port>/tcp

$sudo systemctl restart haproxy

,

我将后端的端口设置为8080,但应该是80。解决了问题