我有一个非常特殊的业务需求,需要嵌入式设备在一组自定义后端服务器前通过HA Proxy发出初始HTTP请求并接收HTTP响应。然后,在它通过HA代理建立的同一个套接字上,在套接字的剩余寿命(通常会持续几天(内通过自定义TCP协议进行通信。
我最初的想法是,HA Proxy上的http隧道选项将非常适合这种情况,尽管它已被弃用。具体而言,它指出:
Option "http-tunnel" disables any HTTP processing past the first request and
the first response. This is the mode which was used by default in versions
1.0 to 1.5-dev21. It is the mode with the lowest processing overhead, which
is normally not needed anymore unless in very specific cases such as when
using an in-house protocol that looks like HTTP but is not compatible, or
just to log one request per client in order to reduce log size. Note that
everything which works at the HTTP level, including header parsing/addition,
cookie processing or content switching will only work for the first request
and will be ignored after the first response.
因此,我尝试将HA代理服务器设置为使用http隧道模式。以下是我尝试过的简化配置:
frontend _front_http
mode http
bind :80
option httplog
option http-tunnel
use_backend default_sleep-server_8080
default_backend _error404
backend default_sleep-server_8080
mode http
option forwardfor
option http-tunnel
http-response set-header Strict-Transport-Security "max-age=15768000"
server srv001 10.244.0.80:8080 weight 1 check inter 2s
server srv002 10.244.0.81:8080 weight 1 check inter 2s
server srv003 10.244.0.82:8080 weight 1 check inter 2s
defaults
log global
maxconn 2000
option redispatch
option dontlognull
option http-server-close
option http-keep-alive
timeout client 50s
timeout client-fin 50s
timeout connect 5s
timeout http-keep-alive 1m
timeout http-request 5s
timeout queue 5s
timeout server 50s
timeout server-fin 50s
timeout tunnel 1h
no option http-server-close
我还试着只为前端或后端打开http-tunnel。
我尝试过的任何方法都会遇到同样的问题。初始的HTTP请求/响应按预期工作(即,到达HA代理前端,转发到后端,后端制作一个响应,发送到客户端,套接字保持打开(。但是,对于我的客户端在现有套接字上发送的后续数据包,这些数据包直接发送到HTTP服务器,但从未转发到后端服务器。我已经使用TCP Dump验证了这一点——我看到的只是到达前端端口的TCP数据包,从未将任何响应发送回客户端或将这些数据包转发到其他地方。
我的http隧道设置有问题吗?还是我在这里使用了完全错误的选项?我知道可能还有其他工具可以更好地实现这一点,但对于特定领域的目的,能够使用HA Proxy将是一件很棒的事情。
从文档链接
Warning : Because it cannot work in HTTP/2, this option is deprecated and it
is only supported on legacy HTTP frontends. In HTX, it is ignored and a
warning is emitted during HAProxy startup.
我会尝试在前端设置no option http-use-htx。
正如上面提到的,这是一个不推荐使用的选项,这意味着2.1及以上版本不存在这个选项,AFAIK。