GCP 外部 HTTP(S) 负载均衡器返回 502："backend_connection_closed_before_data_sent_to_client"

GCP上的My HTTP(S(External Load Balancer偶尔会返回响应，并返回错误代码502。

响应的原因如下：

jsonPayload: {
@type: "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry"
statusDetails: "backend_connection_closed_before_data_sent_to_client"
}

根据GCP文件，发生此类响应的原因如下：

后端意外关闭了与负载平衡器的连接在将响应代理到客户端之前。如果负载平衡器正在向另一个实体发送流量。其他实体可能是第三方负载平衡器，其TCP超时为比外部HTTP(S(负载均衡器的10分钟更短(600秒(超时。第三方负载平衡器可能正在运行在VM实例上。在上手动设置TCP超时(保持活动(目标服务超过600秒可能会解决此问题。

引用。

在我的负载均衡器的后端，我有一个GCP VM，它运行一个HAProxy服务器(v1.8(，配置如下：

global
log         /dev/log    local0
log         /dev/log    local1 notice
chroot      /var/lib/haproxy
pidfile     /var/run/rh-haproxy18-haproxy.pid
user        haproxy
group       haproxy
daemon
stats       socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
spread-checks  21
# Default SSL material locations
ca-base     /etc/ssl/certs
crt-base    /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
mode                    http
log                     global
option                  httplog
option                  dontlognull
option                  http-server-close
option                  redispatch
retries                 3
timeout http-request    10s
timeout queue           1m
timeout connect         10s
timeout client          1m
timeout server          1m
timeout http-keep-alive 10s
timeout check           10s
maxconn                 10000
balance                 roundrobin

frontend http-80
bind *:80
mode http
option httplog
default_backend www-80
backend www-80
balance roundrobin
mode http
option httpchk /haproxy_status
http-check expect status 200
rspidel ^Server:.*
rspidel ^server:.*
rspidel ^x-envoy-upstream-service-time:.*
server backendnode1 node-1:80 check port 8080 fall 3 rise 2 inter 1597
server backendnode2 node-2:80 check port 8080 fall 3 rise 2 inter 1597

frontend health-80
bind *:8080
acl backend_dead nbsrv(www-80) lt 1
monitor-uri /haproxy_status
monitor fail if backend_dead
listen stats # Define a listen section called "stats"
bind :9000 # Listen on localhost:9000
mode http
stats enable  # Enable stats page
stats hide-version  # Hide HAProxy version
stats realm Haproxy Statistics  # Title text for popup window
stats uri /haproxy_stats  # Stats URI
stats auth haproxy:pass  # Authentication credentials

#lastline

根据GCP文档，我们可以通过设置高于600秒(10分钟(的TCP保持活动值来消除502个错误。

他们提出了Apache和Nginx的值。

Web server software  Parameter          Default setting         Recommended setting
Apache               KeepAliveTimeout   KeepAliveTimeout 5      KeepAliveTimeout 620
nginx                keepalive_timeout  keepalive_timeout 75s;  keepalive_timeout 620s;

参考。

我不确定应该在HAProxy配置中更改什么超时值或配置，以将保持活动时间设置为600秒以上。

设置timeout http-keep-alive超过600秒是否有效？