
뒤에는 3개의 웹 서버(a, b, c)가 있고 모두 Apache와 RHEL 8을 실행하는 로드 밸런서가 있습니다. 내가 하고 싶은 일은 상대적으로 간단합니다. http://loadbalancer/a/server-status, http://loadbalancer/b/server-status를 통해 로드 밸런서 뒤에 있는 상자의 Apache 서버 상태를 가져오고 싶습니다. 등.
http://ipofbox:8000/server-status를 사용하여 상자에 직접 액세스하면 서버 상태가 제대로 작동합니다.
로드 밸런서의 httpd.conf에는 다음 줄이 있습니다.
<VirtualHost *:80>
ProxyRequests off
#Start Proxy balancer block and define cluster
<Proxy balancer://thecluster>
BalancerMember http://172.31.19.205:8080
BalancerMember http://172.31.28.85:8080 loadfactor=3
BalancerMember http://172.31.28.49:8080
#weighted traffic byte count balancing
ProxySet lbmethod=bytraffic nofailover=off
</Proxy>
ProxyPass /worksa http://172.31.19.205:8080
ProxyPass /worksb http://172.31.28.85:8080
ProxyPass /worksc http://172.31.28.49:8080
ProxyPass /a http://172.31.19.205:8000
ProxyPass /b http://172.31.28.85:8000
ProxyPass /c http://172.31.28.49:8000
#pass through any other proxy requests
ProxyPass / balancer://thecluster/
#route traffic back through the cluster and act as a load balancer, ensure headers generated from any workers are modified to point to the load balancer, masking the backend web servers
#ProxyPassReverse / balancer://thecluster/
#balancer-manager GUI via port 80
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
#don't pass requests to the BM through to the cluster
ProxyPass /balancer-manager !
<Location "/~Alice">
AuthType Digest
AuthName "private"
AuthDigestDomain "/~Alice"
AuthDigestProvider file
AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
Require valid-user
</Location>
<Location "/~Bob">
AuthType Digest
AuthName "private"
AuthDigestDomain "/~Bob"
AuthDigestProvider file
AuthUserFile "/etc/httpd-auth/digest_passwords_file2"
Require valid-user
</Location>
</VirtualHost>
<VirtualHost *:8000>
ProxyRequests off
#server-info GUI via port 8000
<Location /server-info>
SetHandler server-info
</Location>
#server-status GUI via port 8000
<Location /server-status>
SetHandler server-status
</Location>
<Location "/server-info">
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-info"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
<Location "/server-status">
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-status"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
</VirtualHost>
편집하다:지금은 지나간 것 같은데 이번에는 400불량요청을 받았습니다. 요청을 처리하는 백엔드 서버의 오류 로그에는 다음이 표시됩니다.
[auth_digest:error] [pid 9105:tid 139830629422848] [client ***.***.***.***:50720] AH01786: uri mismatch - </a/server-info/> does not match request-uri </server-info/>
다이제스트 인증이 활성화된 경우 로드 밸런서에서 액세스할 때 액세스가 실패하는 것 같습니다. Worksa에는 다음이 있습니다.
Worksa에는 다음이 있습니다.
<VirtualHost *:8000>
#balancer-manager GUI via port 8000
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
#Req 4.b
<Location "/server-info">
SetHandler server-info
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-info"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
# Req 4.a, Req 4.b
<Location "/server-status">
SetHandler server-status
AuthType Digest
AuthName "realm"
AuthDigestDomain "/server-status"
AuthDigestProvider file
AuthUserFile /etc/httpd-auth/digest_passwords_file
Require valid-user
</Location>
</VirtualHost>
둘째, http://loadbalancer/worksa/index.html에 액세스하려고 하면 403 Forbidden이 표시되고 worksa에 대한 액세스 로그는 다음과 같습니다.
(13)Permission denied: file permissions deny server access: /var/www/html/index.html.
index.html에서 chmod 0644를 사용했지만 도움이 되지 않는 것 같습니다.
요약하면, http://loadbalancer/a/server-info는 자격 증명을 요청하고 400 Bad Request를 반환하는 반면, http://loadbalancer/a/index.html은 403 Forbidden을 반환합니다.
매우 감사합니다.
답변1
ProxyPass
밸런서 앞에 특정 지침을 이동하면 ProxyPass
밸런서가 다른 모든 것과 일치합니다 /
. 후행 슬래시를 제거하십시오.
이것은 첫 번째 가상 호스트입니다.
<VirtualHost *:80>
ProxyRequests off
#Start Proxy balancer block and define cluster
<Proxy balancer://thecluster>
BalancerMember http://172.31.27.155:8080
BalancerMember http://172.31.21.185:8080 loadfactor=3
BalancerMember http://172.31.28.201:8080
#weighted traffic byte count balancing
ProxySet lbmethod=bytraffic nofailover=off
</Proxy>
ProxyPass /worksa http://172.31.27.155:8080
ProxyPass /worksb http://172.31.21.185:8080
ProxyPass /worksc http://172.31.28.201:8080
# pass through balancer member
ProxyPass /a http://172.31.27.155:8000
ProxyPass /b http://172.31.21.185:8000
ProxyPass /c http://172.31.28.201:8000
# pass through any other proxy requests
ProxyPass / balancer://thecluster/
#route traffic back through the cluster and act as a load balancer, ensure headers generated from$
#ProxyPassReverse / balancer://thecluster/
</VirtualHost>
"403 Forbidden"을 방지하려면 백엔드에서 액세스 제어를 조정해야 할 수도 있습니다.
<Location /server-status>
SetHandler server-status
# limit to ip addresses, hosts or whatever you need
Require ip 172.31
</Location>