堆栈内存溢出
  简体   繁体   English

HAProxy和LXD容器-基于裸域,特定子域和所有其他子域的路由

[英]HAProxy and LXD Containers - Route based on naked domain, specific sub-domain and all other sub-domains

 原文  2018-04-17 10:08:35       linux/ load/ containers/ haproxy/ lxd

问题描述

I have tried searching for a similar solution to the problem I am having, but could not find anything. 我曾尝试寻找类似的解决方案来解决我遇到的问题,但找不到任何东西。

I have setup some LXD containers, one is HAProxy which is recieving port 80 traffic from the host's public IP address. 我已经设置了一些LXD容器,其中一个是HAProxy,它从主机的公共IP地址接收端口80的流量。 HAProxy thens sends the traffic to the correct container depending on the domain. 然后,HAProxy根据域将流量发送到正确的容器。

The issue I am having is, even though I have set The domain_specific_subdomain ACL rule for subdomain.example.com , the other domain_root ACL rule takes precedant. 我遇到的问题是,即使我为subdomain.example.com设置了domain_specific_subdomain ACL规则,另一个domain_root ACL规则也要优先。

Containers: 容器:

  • lxd-container-web1: Use if root domain, or any other subdomain, eg (www., dev.) 'example.com' lxd-container-web1:如果是根域或任何其他子域,例如(www。,dev。)'example.com',则使用
  • lxd-container-web2: Use only if this specific subdomain 'subdomain.example.com' lxd-container-web2:仅在此特定子域“ subdomain.example.com”使用

Question: How can I have this so the naked domain example.com and all other subdomains (eg www., dev., etc) go to this backend backend_web1 except for subdomain.example.com which should go to the: backend_web2 backend. 问题:我该如何处理,以便裸域example.com和所有其他子域(例如www。,dev。等)转到该后端backend_web1除了subdomain.example.com应该转到: backend_web2后端。

This is my config file: 这是我的配置文件: 

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        option   forwardfor
        option   http-server-close
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http


# Frontend
frontend www_frontend
        bind *:80     # Bind to port 80 (www) on the container


        # Covers naked domain and all subdomains
        acl domain_root hdr(host) -i example.com

        # Specific sub-domain
        acl domain_specific_subdomain hdr(host) -i subdomain.example.com


        # Redirect the connection to the proper server cluster, depending on the match.
        use_backend backend_web1 if domain_root
        use_backend backend_web2 if domain_specific_subdomain


# Domain dependent containers
backend backend_web1
        balance leastconn

        # We set the X-Client-IP HTTP header. This is useful if we want the web server to know the real client IP.
        http-request set-header X-Client-IP %[src]

        # This backend, named here "backend_web1", directs to container "lxd-container-web1.lxd" (hostname).
        server web1 lxd-container-web1:80 check

backend backend_web2
        balance leastconn
        http-request set-header X-Client-IP %[src]
        server web2 lxd-container-web2.lxd:80 check

1 个解决方案

解决方案1
 0 已采纳  2018-04-18 23:27:17

From the haproxy docs: 从haproxy文档中:

There may be as many "use_backend" rules as desired. 可能有许多所需的“ use_backend”规则。 All of these rules are evaluated in their declaration order, and the first one which matches will assign the backend. 所有这些规则均按照其声明顺序进行评估,第一个匹配的规则将分配后端。

So if you switch the use_backend line ordering, it should work. 因此,如果您切换use_backend行的顺序,它应该可以工作。 

    # Redirect the connection to the proper server cluster, depending on the match.
    use_backend backend_web2 if domain_specific_subdomain
    use_backend backend_web1 if domain_root

Or better yet, maybe default_backend would be better here: 或者更好,也许default_backend在这里会更好: 

    # Use backend_web2 if ACL matches
    use_backend backend_web2 if domain_specific_subdomain

    # Otherwise, default to backend_web1
    default_backend backend_web1

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Nginx:子域配置文件 - Nginx : Sub-domain config file https子域没有使用htaccess正确重定向 - https Sub-Domain not redirecting correctly with htaccess 创建脚本,该脚本将基于Webform中的值构建子域(linux / whm / cpanel) - Create script that will build sub-domain (linux/whm/cpanel) based on the values from webform 如何设置仅对一个域/子域有效的mod_security规则? - How to setup mod_security rules only valid for one domain/sub-domain? 如何将动态子域别名与apache服务器上的子文件夹匹配 - How to match dynamic sub-domain alias to sub-folder on apache server 将非 www 重定向到 www,但保持其他子域完好无损 - Redirecting non-www to www, but keeping other sub-domains intact 是否可以使用远程主机上不存在的子域来设置ssh反向隧道? - Is it possible to set up an ssh reverse tunnel using a non existent sub-domain on the remote host? NginX作为HTTPS反向代理的多个子域? - NginX as HTTPS reverse proxy for multiple sub-domains? 如果某些参数不为空,则将HTTP POST请求重定向到另一个子域 - Redirect HTTP POST request to another sub-domain if some parameter is not empty 尝试为 Virtual Min 中的子域请求 SSL 证书时出错 - Get Error when trying to request SSL certificate for a sub-domain in Virtual Min
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM