如何在不将请求传递到Web服务器的情况下使用HAProxy发送响应 [英] How to send a response with HAProxy without passing the request to web servers

问题描述

由于 CORS （跨源资源共享），服务器正在接收成千上万个 OPTIONS 请求。现在，每个选项请求都被发送到其中一个服务器，这是有点浪费，知道HAProxy可以添加 CORS 头本身没有web服务器的帮助。

 前端https-in 
 ... 
 use_backend cors_headers如果METH_OPTIONS 
 ... 
 
 backend cors_headers 
 rspadd Access-Control-Allow-Origin：\ https://www.example.com 
 rspadd访问控制 - 最大年龄：\ 31536000 
  

然而，为了这个工作，我需要在 cors_headers 后端指定至少一个活动服务器服务器仍将接收请求。

如何在后端中处理请求，而无需指定任何服务器？

解决方案

如何将请求传播到服务器，同时向浏览器发送响应并保持连接活动？要做到这一点，唯一的方法是在HAProxy 1.5.14是手动触发503错误（没有服务器可用来处理请求），并设置错误页面到具有自定义CORS头文件。

 后端cors_headers 
错误文件503 /path/to/custom/file.http 
  

file.http 应包含所需的标题和最后两个空行

  HTTP / 1.1 200 OK 
 Access-Control-Allow-Origin：https://www.example.com 
 Access- Max-Age：31536000 
 Content-Length：0 
 Cache-Control：private 
 
 
< REMOVE THIS LINE COMPLETELY> 
  

此方法有几个限制：

• 在发送CORS标头之前没有办法检查原点，因此您必须拥有允许起源的静态列表，否则您必须允许所有起点



• 缺少动态标题：您不能执行

  
  
  

  http-response set-header Date％[date（），http_date]

或设置 Expires b
$ b

注意：如果您随时间动态更新HTTP文件，要将更改应用于HAProxy，您必须重新启动它。它可以是正常重新启动或硬重新启动，在这两种情况下，新文件将被加载，缓存和立即提供。

The server is receiving thousands of OPTIONS requests due to CORS (Cross-Origin Resource Sharing). Right now, every options request is being sent to one of the servers, which is a bit wasteful, knowing that HAProxy can add the CORS headers itself without the help of a web server.

frontend https-in
    ...
    use_backend cors_headers if METH_OPTIONS
    ...

backend cors_headers
    rspadd Access-Control-Allow-Origin:\ https://www.example.com
    rspadd Access-Control-Max-Age:\ 31536000

However for this to work I need to specify at least one live server in cors_headers backend and that server will still receive the requests.

How can I handle the request in the backend without specifying any servers? How can I stop the propagation of the request to servers, while sending the response to the browser and keeping the connection alive?

解决方案

The only way to do this is in the HAProxy 1.5.14 is by manually triggering the 503 error (no servers available to handle the request) and setting the error page to the file with custom CORS headers.

backend cors_headers
    errorfile 503 /path/to/custom/file.http

The file.http should contain the desired headers and 2 empty lines at the end

HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://www.example.com
Access-Control-Max-Age: 31536000
Content-Length: 0
Cache-Control: private


<REMOVE THIS LINE COMPLETELY>

This "method" has a couple of limitations:

• there is no way to check the origin before sending the CORS headers, so you will either have to have a static list of allowed origins or you will have to allow all origins

• lack of dynamic headers: you can't do

  http-response set-header Date %[date(),http_date]

or set Expires header.

Note: if you are updating the HTTP file dynamically over time, to apply the changes to the HAProxy you will have to restart it. It can be a graceful restart or a hard restart, in either case the new file will be loaded, cached and served immediately.

这篇关于如何在不将请求传递到Web服务器的情况下使用HAProxy发送响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！