好吧,我一直试图找出这个问题一段时间了,但没有结果。所以我们在负载均衡器后面有一个aws ec2实例和一个分配给负载均衡器的aws free ssl。在我们的ec2实例中,我们有一个apache web服务器监听端口1338,一个websocket服务器(使用棘轮)监听端口8080。在我们使用HAProxy和这个配置之间
global
log 127.0.0.1 local0
maxconn 10000
user haproxy
group haproxy
daemon
defaults
mode http
log global
option httplog
retries 3
backlog 10000
timeout client 30s
timeout connect 30s
timeout server 30s
timeout tunnel 3600s
timeout http-keep-alive 1s
timeout http-request 15s
frontend public
bind *:80
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend ws if is_websocket #is_websocket_server
default_backend www
backend ws
option forwardfor # This sets X-Forwarded-For
timeout queue 5000
timeout server 5000
timeout connect 5000
server ws1 127.0.0.1:8080
backend www
timeout server 30s
server www1 127.0.0.1:1338
所以一切似乎都在工作,除了web套接字服务器。当我尝试连接时,连接是成功的,但大约50-60秒后,连接关闭,就好像用户离开了页面一样。这只会在使用https时发生。问题是,在我们的httpd.conf中,我们有一个mod_rewrite,将所有http连接重定向到https。
另一个问题是,我们有websocket php客户端脚本,我们用它来连接到websocket服务器,这样我们就可以从php脚本发送通知,但是当我使用主机127.0.0.1和端口8080时,客户端无法连接到服务器。在没有ssl和haproxy的情况下进行本地测试时,一切都运行良好。我就是不知道问题出在哪里。是我的HAProxy配置还是我需要在aws负载均衡器中更改一些东西?
编辑这些是haproxy的日志。我刚注意到另一件事。我不断发送消息到套接字服务器,客户端没有断开连接,所以如果每30秒后继续发送虚拟消息到服务器,一切似乎都工作正常,但我仍然无法理解为什么这个问题只有在使用HTTPS时才会出现
Oct 26 16:49:31 localhost haproxy[7831]: 172.31.51.17:18222 [26/Oct/2016:16:49:31.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:49:35 localhost haproxy[7831]: 172.31.16.211:6536 [26/Oct/2016:16:49:35.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:49:41 localhost haproxy[7831]: 172.31.51.17:18227 [26/Oct/2016:16:49:41.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:49:42 localhost haproxy[7831]: 172.31.18.111:22978 [26/Oct/2016:16:49:42.769] public www/www1 0/0/0/126/126 302 1040 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Oct 26 16:49:45 localhost haproxy[7831]: 172.31.16.211:6537 [26/Oct/2016:16:49:45.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:49:46 localhost haproxy[7831]: 172.31.62.174:22616 [26/Oct/2016:16:49:46.025] public www/www1 0/0/0/120/120 302 1038 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Oct 26 16:49:51 localhost haproxy[7831]: 172.31.51.17:18230 [26/Oct/2016:16:49:51.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:49:55 localhost haproxy[7831]: 172.31.16.211:6540 [26/Oct/2016:16:49:55.311] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:01 localhost haproxy[7831]: 172.31.51.17:18236 [26/Oct/2016:16:50:01.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:05 localhost haproxy[7831]: 172.31.16.211:6545 [26/Oct/2016:16:50:05.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:11 localhost haproxy[7831]: 172.31.51.17:18240 [26/Oct/2016:16:50:11.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:12 localhost haproxy[7831]: 172.31.18.111:22992 [26/Oct/2016:16:50:12.791] public www/www1 0/0/0/124/124 302 1038 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Oct 26 16:50:15 localhost haproxy[7831]: 172.31.16.211:6548 [26/Oct/2016:16:50:15.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:16 localhost haproxy[7831]: 172.31.62.174:22626 [26/Oct/2016:16:50:16.056] public www/www1 0/0/0/120/120 302 1034 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
Oct 26 16:50:21 localhost haproxy[7831]: 172.31.51.17:18241 [26/Oct/2016:16:50:21.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:25 localhost haproxy[7831]: 172.31.16.211:6551 [26/Oct/2016:16:50:25.311] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 1/1/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:25 localhost haproxy[7831]: 172.31.18.111:22952 [26/Oct/2016:16:49:23.912] public ws/ws1 750/0/0/65/61448 101 314 - - ---- 0/0/0/0/0 0/0 "GET /socket/ HTTP/1.1"
Oct 26 16:50:31 localhost haproxy[7831]: 172.31.51.17:18244 [26/Oct/2016:16:50:31.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 0/0/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:35 localhost haproxy[7831]: 172.31.16.211:6556 [26/Oct/2016:16:50:35.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 0/0/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:41 localhost haproxy[7831]: 172.31.51.17:18246 [26/Oct/2016:16:50:41.913] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 0/0/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:42 localhost haproxy[7831]: 172.31.18.111:22998 [26/Oct/2016:16:50:42.814] public www/www1 0/0/0/154/154 302 1034 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"
Oct 26 16:50:45 localhost haproxy[7831]: 172.31.16.211:6557 [26/Oct/2016:16:50:45.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 0/0/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:46 localhost haproxy[7831]: 172.31.62.174:22632 [26/Oct/2016:16:50:46.087] public www/www1 0/0/0/132/133 302 1034 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"
Oct 26 16:50:51 localhost haproxy[7831]: 172.31.51.17:18252 [26/Oct/2016:16:50:51.914] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 0/0/0/0/0 0/0 "<BADREQ>"
Oct 26 16:50:55 localhost haproxy[7831]: 172.31.16.211:6560 [26/Oct/2016:16:50:55.312] public public/<NOSRV> -1/-1/-1/-1/0 400 187 - - CR-- 0/0/0/0/0 0/0 "<BADREQ>"
你需要配置隧道的超时时间,因为websockets创建了一个隧道,所以你只需要在你的配置中添加:
timeout tunnel 2m
timeout client-fin 1s
haproxy文档:https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-timeout%20tunnel
timeout client-fin虽然不是强制性的,但似乎很重要,正如他们的文档中所描述的:
由于此超时通常与长连接一起使用,通常设置"timeout client-fin"也是个好主意。处理客户端突然从网络上消失的情况确认关闭,或发送关闭但不确认挂起数据了。这可能发生在存在防火墙的有损网络中,并且通过在FIN_WAIT中存在大量会话来检测状态。
PS:我知道这是一个古老的答案,但我刚刚遇到这个问题,这是第一个结果。