堆棧內存溢出
  簡體   English   中英

使用 haproxy 的重定向過多

[英]Too many redirects with haproxy

 原文  2020-07-27 01:56:18       amazon-web-services/ kubernetes/ haproxy

問題描述

我使用 haproxy 作為負載均衡器 pod,pod 收到的請求來自 NLB。 hsproxy pod 收到的請求被發送到為流量提供服務的 nginx webserver pod。 此配置適用於 http 和 https。 我的想法是重定向 web-dev.xxxx.com。ssl 證書位於 NLB

{
    apiVersion: "v1",
    kind: "ConfigMap",
    metadata: {
        name: "haproxy-config",
        namespace: "xxxx",
    },
    data: {
"haproxy.cfg":
"# This configuration use acl's to distinguish between url's passwd and then route
# them to the right backend servers. For the backend servers to handle it correctly, you
# need to setup virtual hosting there as well, on whatever you use, tomcat, nginx, apache, etc.
# For this to work with SSL, put pound before HAproxy and use a configuration file similar to
# https://gist.github.com/1984822 to get it working

global
    log stdout format raw local0
    maxconn 4096
    stats socket /var/run/haproxy.sock mode 660 level admin
    pidfile /var/run/haproxy.pid

defaults
    log global
    mode http
    option httplog
    option dontlognull
    option forwardfor except 127.0.0.1
    retries 3
    option redispatch
    maxconn 2000
    timeout connect 5000
    timeout client 50000
    timeout server 50000

# status page.
listen stats
    bind :8000
    mode http
    stats enable
    stats hide-version
    stats uri /stats

frontend http-in
    bind *:80 accept-proxy

    # http-request set-header X-Client-IP %[src]

    # Capturing specific request headers
    capture request header x-wap-msisdn len 64
    capture request header x-wap-imsi len 64
    capture request header Host len 64
    capture request header User-Agent len 64

    #### Setup virtual host routing
    # haproxy-dev.xxxx.com
    acl is_haproxy_stats hdr_end(host) -i haproxy-dev.xxxx.com
    use_backend haproxy-stats if is_haproxy_stats

    # ACL for api-dev.xxxx.com
    acl is_api hdr_end(host) -i api-dev.xxxx.com
    http-request set-header X-Forwarded-Proto https if is_api
    use_backend api if is_api

    # ACL for he.web-dev.xxxx.com
    acl is_he_web hdr_beg(host) -i he.web-dev.xxxx.com

    # ACL for he-dev.xxxx.com
    acl is_he hdr_beg(host) -i he-dev.xxxx.com

    # ACL for path begins with /projects
    acl is_products_uri path -i -m beg /products

    # ACL redirect for he.web-dev.xxxx.com/projects
    http-request redirect location https://web-dev.xxxx.com/products/?msisdn=%[req.hdr(x-wap-msisdn)] code 301 if is_he_web is_products_uri

    # ACL redirect for he-dev.xxxx.com/products
    http-request redirect location https://web-dev.xxxx.com/products/?msisdn=%[req.hdr(x-wap-msisdn)] code 301 if is_he is_products_uri

    # ACL redirect for he-dev.xxxx.com
    http-request redirect location https://web-dev.xxxx.com?msisdn=%[req.hdr(x-wap-msisdn)] code 301 if is_he

    # ACL redirect for he.web-dev.xxxx.com
    http-request redirect location https://web-dev.xxxx.com?msisdn=%[req.hdr(x-wap-msisdn)] code 301 if is_he_web

    # ACL for web-dev.xxxx.com
    acl is_web hdr_beg(host) -i web-dev.xxxx.com
    redirect scheme https if { hdr(Host) -i web-dev.xxxx.com } !{ ssl_fc }
    use_backend web if is_web

    default_backend api

 frontend web-dev.xxxx.com-https
    bind *:9000 accept-proxy

    # HSTS
    http-request set-header X-Forwarded-For %[src]
    http-request set-header X-Forwarded-Proto https

    default_backend web   

    backend haproxy-stats
      balance roundrobin
      option redispatch
      option httpchk GET /stats HTTP/1.1
      option httpclose
      option forwardfor
      server haproxy haproxy-stats.x:8000 check inter 10s

    backend api
      balance roundrobin
      option redispatch
      option httpchk GET /ping/rails?haproxy HTTP/1.0\\r\\nUser-agent:\\ HAProxy
      option httpclose
      option forwardfor
      server foo-rails foo-rails.xxxx:80 check inter 10s

    backend web
      balance roundrobin
      option redispatch
      cookie SERVERID insert nocache indirect
      option httpchk GET /nginx_status HTTP/1.0
      option httpclose
      option forwardfor
      http-response set-header X-XSS-Protection 1
      http-response set-header X-Frame-Options DENY
      http-response set-header X-Content-Type-Options nosniff
      http-response set-header Strict-Transport-Security max-age=31536000;includeSubDomains;preload
      server foo foo.xxxx:80 check inter 10s
",
   }
}

1 個解決方案

解決方案1
 1  2020-07-27 02:08:50

你的問題似乎在這里。

redirect scheme https if { hdr(Host) -i web-dev.xxxx.com } !{ ssl_fc }

流量在端口 80 上進入 HAProxy,因此ssl_fc永遠不會匹配。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 登錄Keycloak時發生太多重定向錯誤 AWS CloudFront err_too_many_redirects AWS WordPress ERR_TOO_MANY_REDIRECTS AWS Cloudfront 重定向 TOO_MANY 次 AWS Amplify 連接到 GoDaddy - 文檔不清楚 - 重定向太多次 auth0 + passport.js超過1個實例的重定向過多 AWS 網絡負載均衡器、Nginx、重定向過多 AWS 負載均衡器 ERR_TOO_MANY_REDIRECTS 解決ecs中docker容器中使用php時重定向過多的錯誤 將第二個 ec2 實例添加到目標組導致“重定向過多”錯誤(重定向循環)
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM