Haproxy多个后端访问相同的路径

Question

我有4个Java应用程序在我的服务器上运行，2个主要& 2个subapps，我需要通过Haproxy访问。

APP1 ---->侦听TCP：8442在app1.domain.org subapp1 ----访问>侦听TCP：9001，并与路径访问app1.domain.org/abc

app2 ---->在tcp上监听：8444在app2.domain.org上访问 subapp2 ---->在tcp：9000上监听并且用路径访问app2.domain.org/abc

所以子应用都使用相同的路径访问

我无法让Haproxy将请求路由到正确的子应用程序。使用包含的配置访问主应用程序工作正常，但取决于use_backend语句的顺序，所有子应用程序请求都被路由到相同的后端（其首先列出）。如果我重新排序ACL的话，没有任何区别。好像ACL不正确匹配入站请求。

任何帮助表示赞赏！

我的配置：

global 
    log localhost local1 
    log-send-hostname server-hostname 
    maxconn 1024     
    user root     
    group root     
    daemon      
    pidfile /var/run/haproxy.pid 
    ssl-default-bind-options no-sslv3 no-tls-tickets 

defaults 
    log global     
    mode http     
    option dontlognull   
    option forwardfor   
    no option http-server-close 
    no option accept-invalid-http-request 
    timeout client 600s      
    timeout client-fin 10s     
    timeout server 600s      
    stats enable 
    stats auth user:password 
    stats uri /haproxyStats 

listen admin 
    mode http 
    bind *:8080 
    stats enable 
    stats hide-version 
    stats realm Haproxy\ Statistics 
    stats uri/
    stats auth user:password 

frontend http-in 
    bind *:80       
    acl invalid_src src   0.0.0.0/7 224.0.0.0/3 
    acl invalid_src src_port  0:1023    
    http-request deny if invalid_src      
    option tcplog      
    log-format %ci\ %f\ %b\ %ST\ %{+Q}r\ %Tr 
    redirect scheme https code 301 if !{ ssl_fc } 

frontend https-in 
    bind *:443 ssl crt /etc/haproxy/ssl.cert   
    mode http 

    acl test_sapp path_beg -i /abc 
    acl test_sapp hdr(host) -m dom -i *app2.domain.com* 

    acl prod_sapp path_beg -i /abc 
    acl prod_sapp hdr(host) -m dom -i *app1.domain.com* 

    acl test_app1 hdr_end(host) -i app2.domain.com 
    acl prod_app1 hdr_end(host) -i app1.domain.com 

    acl invalid_src src   0.0.0.0/7 224.0.0.0/3 
    acl invalid_src src_port  0:1023    
    http-request deny if invalid_src 
    option tcplog 
    log-format %r 
    reqadd X-Forwarded-Proto:\ https     

    use_backend sapp-test if test_sapp 
    use_backend sapp-prod if prod_sapp 

    use_backend app-prod if prod_app1 
    use_backend app-test if test_app1 

    timeout client 600s     
    timeout client-fin 10s    

backend app-prod 
    balance leastconn 
    option httpclose 
    option forwardfor 
    server prod-web-node 127.0.0.1:8442 cookie A check 
    timeout server 600s     

backend app-test 
    option httpclose 
    option forwardfor 
    server test-web-node 127.0.0.1:8444 cookie A check 
    timeout server 600s     

backend sapp-prod 
    balance leastconn 
    option httpclose 
    option forwardfor 
    server prod-mdr-node 127.0.0.1:9001 cookie A check 
    timeout server 600s     

backend sapp-test 
    balance leastconn 
    option httpclose 
    option forwardfor 
    server test-mdr-node 127.0.0.1:9000 cookie A check 
    timeout server 600s 

Answer 1

这是未经测试，但我认为这https-in前端应该工作：

frontend https-in 
    bind *:443 ssl crt /etc/haproxy/ssl.cert   
    mode http 

    acl prod_domain hdr(host) -i app1.domain.com 
    acl test_domain hdr(host) -i app2.domain.com 

    acl sub_app path_beg -i /abc 

    acl invalid_src src   0.0.0.0/7 224.0.0.0/3 
    acl invalid_src src_port  0:1023    
    http-request deny if invalid_src 
    option tcplog 
    log-format %r 
    reqadd X-Forwarded-Proto:\ https     

    use_backend sapp-test if sub_app test_domain 
    use_backend sapp-prod if sub_app prod_domain 

    use_backend app-prod if prod_domain 
    use_backend app-test if test_domain 

    timeout client 600s     
    timeout client-fin 10s 

的关键是在后端，如果两者只能选择use_backend sapp-test和use_backend sapp-prod线sub_app acl 和test_domain/prod_domain acl是正确的。否则它会回退到app-prod或app-test后端。

希望能帮到:)