我一直在CentOs服务器上使用HA-Proxy版本1.5.18,因为CentOS Linux 7将在不久的将来停产,我已经从CentOs升级到Red Hat,现在我的ref hat上的haproxy默认版本是2.4。 17、我将1.5.18版本的haproxy.cfg放在2.4.17版本中,并尝试使用systemctl start haproxy启动haproxy,但它没有启动。下面是我的 1.5.18 版本的 haproxy.cfg,它在 CentOs 上工作正常,但在 RedHat 上不行
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 5000
user haproxy
group haproxy
daemon
tune.maxrewrite 4096
tune.http.maxhdr 202
#tune.ssl.default-dh-param 2048
tune.ssl.default-dh-param 2048
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers AES256-SHA
#ssl-default-bind-ciphers PROFILE=SYSTEM
#ssl-default-server-ciphers PROFILE=SYSTEM
defaults
mode http
log global
option httplog
option forwardfor
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 10
timeout http-request 40s
timeout queue 1m
timeout connect 40s
timeout client 1m
timeout server 1m
timeout http-keep-alive 60s
timeout check 50s
maxconn 5000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
#frontend main *:5000
frontend xyzabc
#frontend localnodes
bind *:443 ssl crt /home/ssl/kccb-new.pem
mode http
option httplog
capture request header X-Forwarded-For len 20
capture request header authorization len 80
capture request header X-Client-Auth len 80
capture request header User-Agent len 400
capture request header Host len 150
capture request header Accept-Language len 10
log-format "%{+Q}o\client_address=\%{+Q}[capture.req.hdr(0)],client_port=\%cp,server_address=\%si,server_port=\%sp,status=\%ST"
http-response add-header Access-Control-Allow-Origin *
http-response add-header X-Forwarded-For %{+Q}[capture.req.hdr(0)]
rspadd Access-Control-Expose-Headers:\ *
rspadd Access-Control-Allow-Headers:\ *
rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Credentials:\ true if { capture.req.hdr(0) -m found }
rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Request-Headers,\ Authorization if { capture.req.hdr(0) -m found }
acl url_kccb_mb path_beg /mb/
use_backend kccb_backend if url_kccb_mb
acl url_sys_ha path_beg /sys/ha/
use_backend sys_ha if url_sys_ha
backend kccb_backend
balance roundrobin
option forwardfor
# http-request set-header X-Client-IP %[src]
http-request set-header X-Forwarded-For %{+Q}[capture.req.hdr(0)]
http-request replace-header ^([^\ :]*)\ /mb/(.*) \1\ /mbkccbxt/\2
server kccb_mb 10.0.101.100:5000 check #maxconn 10000
backend sys_ha
balance roundrobin
http-request replace-header ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
server sys-ha 127.0.0.1:8936 check
使用“systemctl start haproxy”启动 haproxy 时,出现以下错误
parsing [/etc/haproxy/haproxy.cfg:95] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:96] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:97] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:98] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
parsing [/etc/haproxy/haproxy.cfg:99] : The 'rspadd' directive is not supported anymore since HAProxy 2.>
我在网上做了一些研究来寻找错误的解决方案,发现自 HAProxy 2.1 以来不再支持“reqrep”指令。并且必须使用“http-request Replace-header”来代替。所以我用“http-request Replace-header”替换“reqrep”并尝试启动 haproxy 出现以下错误:
parsing [/etc/haproxy/haproxy.cfg:95] : error detected in frontend 'xyzabc' while parsing 'http-r>
我不是 haproxy 专业人士,但我必须完成此任务,任何人都可以帮助我解决此错误吗?
我在周末做了一些更多的研究,找到了解决方案,在较新的 HAPROXY 版本(>=2.*)中,不再支持 rspadd 和 reqrep,rspadd 需要替换为“http-response add-header”,并且必须删除反斜杠
来自:
rspadd Access-Control-Expose-Headers:\ *
至:
http-response add-header Access-Control-Expose-Headers *
同样需要将 reqrep 替换为“http-request replacement-path”
来自:
reqrep ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
致:
http-request replace-path ^([^\ :]*)\ /sys/ha/(.*) \1\ /\2
进行上述更改后,我重新启动了 haproxy,它启动没有任何问题并且按预期工作,这对于将 haproxy 1.* 升级到 haproxy 2.* 的用户会有帮助