Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

health-check for https 健康检查 #1958

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

health-check for https 健康检查 #1958

wants to merge 2 commits into from

Conversation

hankai17
Copy link

@hankai17
health-check for https 健康检查
3ce471a 
health-check for https 健康检查
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

1 similar comment
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@zhuy25
Copy link

zhuy25 commented Jan 8, 2025
edited
Loading

我编译后的配置文件是这样:

upstream e14a2559 {
        sticky expires=1h;
        server 10.0.0.14:443 weight=1 max_fails=5;
        check interval=5000 rise=1 fall=2 timeout=5000 type=https server_name=panzy.shop;
        check_http_send "HEAD / HTTP/1.0\r\n\r\n";
        check_http_expect_alive http_1xx;
        keepalive 320;
}

然后在10.0.0.14上拉起nginx,nginx的两个server块第一个有server_name,return内容是100,第二个没有,return内容是200:

    server {
        underscores_in_headers on;
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name panzy.shop;
        ssl_certificate   /root/cert/xxx;
        ssl_certificate_key /root/cert/xxx;
        location / {
            return 100 "this is dev2 port 443 shop";
        }
    }
    server {
        underscores_in_headers on;
        listen 443 ssl;
        listen [::]:443 ssl;
        ssl_certificate   /root/cert/xxx;
        ssl_certificate_key /root/cert/xxx;
        location / {
            return 200 "this is dev2 port 443 shop";
        }
    }

我发现https健康检查并没有生效,10.0.0.14上nginx的access.log显示是第二个server块接收的请求:
[08/Jan/2025:17:11:56 +0800] "HEAD / HTTP/1.0" 200 0
即server_name=panzy.shop并没有生效。

最后我是在check_http_send里写上Host才生效的:

upstream e14a2559 {
        sticky expires=1h;
        server 10.0.0.14:443 weight=1 max_fails=5;
        check interval=5000 rise=1 fall=2 timeout=5000 type=https;
        check_http_send "HEAD / HTTP/1.1\r\nHost:panzy.shop\r\n\r\n";
        check_http_expect_alive http_1xx;
        keepalive 320;
    }

access.log是这样:
[08/Jan/2025:18:44:50 +0800] "HEAD / HTTP/1.1" 100 0

@zhuy25
Copy link

zhuy25 commented Jan 10, 2025

这个commit做https健康检查不校验证书吗?我的后端使用了一个过期的证书,健康检查结果还是正常的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hankai17 @CLAassistant @zhuy25