GCP上的My HTTP(S(External Load Balancer偶尔会返回响应,并返回错误代码502。
响应的原因如下:
jsonPayload: {
@type: "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry"
statusDetails: "backend_connection_closed_before_data_sent_to_client"
}
根据GCP文件,发生此类响应的原因如下:
后端意外关闭了与负载平衡器的连接在将响应代理到客户端之前。如果负载平衡器正在向另一个实体发送流量。其他实体可能是第三方负载平衡器,其TCP超时为比外部HTTP(S(负载均衡器的10分钟更短(600秒(超时。第三方负载平衡器可能正在运行在VM实例上。在上手动设置TCP超时(保持活动(目标服务超过600秒可能会解决此问题。
引用。
在我的负载均衡器的后端,我有一个GCP VM,它运行一个HAProxy服务器(v1.8(,配置如下:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
pidfile /var/run/rh-haproxy18-haproxy.pid
user haproxy
group haproxy
daemon
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
spread-checks 21
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 10000
balance roundrobin
frontend http-80
bind *:80
mode http
option httplog
default_backend www-80
backend www-80
balance roundrobin
mode http
option httpchk /haproxy_status
http-check expect status 200
rspidel ^Server:.*
rspidel ^server:.*
rspidel ^x-envoy-upstream-service-time:.*
server backendnode1 node-1:80 check port 8080 fall 3 rise 2 inter 1597
server backendnode2 node-2:80 check port 8080 fall 3 rise 2 inter 1597
frontend health-80
bind *:8080
acl backend_dead nbsrv(www-80) lt 1
monitor-uri /haproxy_status
monitor fail if backend_dead
listen stats # Define a listen section called "stats"
bind :9000 # Listen on localhost:9000
mode http
stats enable # Enable stats page
stats hide-version # Hide HAProxy version
stats realm Haproxy Statistics # Title text for popup window
stats uri /haproxy_stats # Stats URI
stats auth haproxy:pass # Authentication credentials
#lastline
根据GCP文档,我们可以通过设置高于600秒(10分钟(的TCP保持活动值来消除502个错误。
他们提出了Apache和Nginx的值。
Web server software Parameter Default setting Recommended setting
Apache KeepAliveTimeout KeepAliveTimeout 5 KeepAliveTimeout 620
nginx keepalive_timeout keepalive_timeout 75s; keepalive_timeout 620s;
参考。
我不确定应该在HAProxy配置中更改什么超时值或配置,以将保持活动时间设置为600秒以上。
设置timeout http-keep-alive超过600秒是否有效?
默认情况下,您版本的HAProxy应该启用keep-alive选项,但我在配置文件中没有看到相应的行;
要启用它,您需要在defaults部分中添加option http-keep-alive行,这样它就会看起来像这样:
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
option http-keep-alive
要检查它是否工作,请按照本网站的说明进行操作。
你也可以在SO:上找到有用的这些线程
如何使HA代理保持
如何在haproxy中保持活力?