HaProxy 1.7.9使用aclredirect

我使用keepalived在主/从configuration中有几个HA代理服务器。

最初,HA代理通过HTTP和HTTPS服务器的默认后端工作,但在过去的一年中,这些扩展的使用已经扩大,这是不工作的位。

最初,我们使用这个来使用leastconn将http和https请求引导到一堆web服务器,这很好。

不过,我们现在已经开始提供一些客户一些专用的托pipe。 我们仍然需要将他们的DNS指向我们的HA代理服务器,所以我使用haproxy cfg中的ACL来根据所请求的域名redirect请求。

我相信,使用行“acl host_ccp hdr(主机)www.example.com”

“use_backend CCP_S if host_ccp”

然后将使用称为CCPS的后端,并使用其中包含的服务器。

backend CCP_S balance leastconn option httpclose option forwardfor server CCP_Server aaa.bbb.ccc.ddd:80 check weight 1 

但是,它不适合我。

HTTPS非常相似。

如果我把服务器放在默认的后端区域,那么这个服务器是绝对有效的(只要这是这个区域唯一的服务器),但是会停止主服务器的工作。

目的是当有人放入一个特定的URL时,如果有匹配,haproxy将它发送到特定的服务器,或者如果没有匹配的话将它发送到默认的服务器组。

我非常肯定,这可以做,但我已经开始拉我(只剩下很less)的头发。

任何人都可以指出我正确的方向吗?

谢谢

斯图尔特

代码如下

 global # log /var/lib/haproxy/dev/log local0 debug # log /dev/log local0 #A log 127.0.0.1 local0 log /dev/log local0 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon stats socket /var/run/haproxy.socket level admin # Default SSL material locations # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http ##------------------------------------------------------------------- ## Enable stats for the whole of haproxy ##------------------------------------------------------------------- listen haproxystats bind 192.168.7.36:8090 mode http stats enable # Switch stats on stats hide-version # Don't display haproxy version stats uri /stats # URL to view stats stats refresh 3s # Automatically refresh the page for us frontend Public_ServerFarm bind 192.168.7.61:80 default_backend PublicWEB log /var/lib/haproxy/dev/log local0 debug acl host_ccp hdr(host) -i www.a.com a.com acl block_7 src 192.168.7.250 192.168.7.13 192.168.7.18 192.168.7.41 acl host_garageshoes hdr(host) -i www.b.co.uk b.co.uk acl host_u33c hdr(host) -i c.co.uk c.co.uk use_backend block_7_hosts if block_7 use_backend b if host_b use_backend CCP_Scaleway if host_ccp use_backend uchristmas if host_u33c backend garageshoes balance leastconn option httpclose option forwardfor server publicwebwoo01 192.168.7.42:80 check weight 1 backend CCP_Scaleway balance leastconn option httpclose option forwardfor server CCP_Server 100.101.102.103:80 check weight 1 backend uchristmas balance leastconn option httpclose option forwardfor server plat2_woo1 192.168.7.68:80 check weight 1 backend block_7_hosts option httpchk # Do HTTP checks, not just L4 option forwardfor header X-Client option httpclose option forwardfor balance leastconn ############################## LINUX SERVERS ############################## server PublicWebWoo02 192.168.7.19:80 check weight 1 server PublicWebWooAPI01 192.168.7.44:80 check weight 1 server PublicWebWooCCP 192.168.7.35:80 check weight 1 ############################################################################## backend PublicWEB option httpchk # Do HTTP checks, not just L4 option forwardfor header X-Client option httpclose option forwardfor balance leastconn mode http ############################## LINUX SERVERS ############################## server PublicWebWoo06 192.168.7.39:80 check weight 10 server PublicWebWoo07 192.168.7.40:80 check weight 10 server PublicWebWoo01 192.168.7.42:80 check weight 10 server PublicWebWoo03 192.168.7.59:80 check weight 10 ############################################################################## frontend Public_ServerFarmSSL bind 192.168.7.61:443 default_backend PublicWEBSSL option tcplog mode tcp log /var/lib/haproxy/dev/log local0 debug acl host_ccp_SSL hdr(host) -i www.a.com a.com acl block_7_SSL src 192.168.7.250 192.168.7.13 192.168.7.18 192.168.7.41 acl host_b_SSL hdr(host) -i www.b.co.uk b.co.uk acl host_u33c_SSL hdr(host) -i www.c.co.uk c.co.uk use_backend b_SSL if host_b_SSL use_backend block_7_hosts_SSL if block_7_SSL use_backend CCP_Scaleway_SSL if host_ccp_SSL use_backend uchristmas_SSL if host_u33c_SSL backend CCP_Scaleway_SSL balance leastconn option httpclose option forwardfor server CCP_Server 100.101.102.103:443 check weight 1 backend uchristmas_SSL balance leastconn option httpclose option forwardfor server plat2_woo1 192.168.7.68:443 check weight 1 backend PublicWEBSSL balance source option ssl-hello-chk mode tcp ############################## LINUX SERVERS SSL ############################## server PublicWebWoo06 192.168.7.39:443 check weight 10 server PublicWebWoo07 192.168.7.40:443 check weight 10 server PublicWebWoo01 192.168.7.42:443 check weight 10 server PublicWebWoo03 192.168.7.59:443 check weight 10 backend b_SSL balance leastconn option httpclose option forwardfor server publicwebwoo01 192.168.7.42:443 check weight 1 backend block_7_hosts_SSL balance leastconn option ssl-hello-chk mode tcp # option httpchk # Do HTTP checks, not just L4 # option forwardfor header X-Client option httpclose option forwardfor ############################## LINUX SERVERS ############################## server PublicWebWoo02 192.168.7.19:443 check weight 1 server PublicWebWooAPI01 192.168.7.44:443 check weight 1 server PublicWebWooCCP 192.168.7.35:443 check weight 1 ##############################################################################