Stream主动健康检查
1. 功能说明
stream主动健康检查功能等同于http主动健康检查,根据上游server类型不同主要分为TCP类型,UDP类型等。
2. 依赖模块
stream主动健康检查等同http主动健康检查,依赖模块:
load_module modules/njt_http_sendmsg_module.so;
load_module modules/njt_helper_health_check_module.so;3. 配置说明
3.1 API说明
upstream为TCP server:
查询全部tcp类型的健康检查列表:
GET http://ip+port/api/v1/hc/stcp/查询具体upstream名为backend的tcp类型的健康检查配置:
GET http://ip+port/api/v1/hc/stcp/backend向具体upstream名为backend添加tcp类型健康检查:
POST http://ip+port/api/v1/hc/stcp/backend删除具体upstream名为backend的tcp类型健康检查:
DELETE http://ip+port/api/v1/hc/stcp/backendupstream为UDP server:
查询全部udp类型的健康检查列表:
GET http://ip+port/api/v1/hc/sudp/查询具体upstream名为backend的udp类型的健康检查配置:
GET http://ip+port/api/v1/hc/sudp/backend向具体upstream名为backend添加udp类型健康检查:
POST http://ip+port/api/v1/hc/sudp/backend删除具体upstream名为backend的udp类型健康检查:
DELETE http://ip+port/api/v1/hc/sudp/backend格式说明健康检查配置项参数说明
{
"interval": "3s", #必填
"visit_interval": "2s",
"jitter": "1s", #必填
"timeout": "10s", #必填
"passes": 2, #必填
"fails": 1, #必填
"port": 13470
}| 配置项 | 必填 | 配置说明 |
|---|---|---|
| interval | 是 | 主动健康检查频率 (必填) |
| visit_interval | 否 | 健康检查时,如果指定的时间间隔内该server被客户端访问过,则该server跳过此次健康检查,interval > visit_interval |
| jitter | 是 | 设置健康检查项定时器最大偏差。防止所有检查项同时触发。 (必填) |
| timeout | 是 | 超时时间 (必填) |
| passes | 是 | server_body server 块内的指令集,每条指令用分号分隔。server_body内容可以为空。 |
| fails | 是 | 连续不通过fails次检测,更新peer为unhealthy状态 (必填) |
| port | 否 | 指定健康检查的端口,如果不指定,使用upstream中设置的端口 |
3.2 健康检查TCP配置方式
请求BODY
{
"interval": "3s",
"jitter": "1s",
"timeout": "10s",
"passes": 2,
"fails": 1,
"stream": { /* 开启四层健康检查 */
"send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */
"expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */
}
}
请求命令
curl -s http://127.0.0.1:8081/api/v1/hc/stcp/demo -XPOST -d '{"interval": "3s","jitter": "1s","timeout": "10s","passes": 2, "fails": 1,"stream": {"send": "zhao\\x6B\\x61\\x6E\\x67","expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you"}}'
返回
{
"code": 0,
"msg": "success"
}
参数说明:
stcp为四层健康检查配置的关键字,表示使用TCP协议
demo为对应下发的upstream的name
stream 为stream类型的上游健康检查指定参数。
stream.send为期望发送的文本,对于不可见字符,可使用16进制方式表示,格式为\\x[a-f0-9]{1,2},配置时可与普通文本串混合使用。
stream.expect 为期望收到的文件内容串,对于不可见字符,可使用16进制方式表示,\\x[a-f0-9]{1,2},配置时可与普通文本串混合使用3.3 健康检查TCP + TLS配置方式
请求BODY { "interval": "3s", "jitter": "1s", "timeout": "10s", "passes": 2, "fails": 1, "stream": { /* 开启四层健康检查 */ "send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */ "expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */ }, "ssl": { "enable": true, /* 是否启用TLS */ "ntls": true, /* 是否是国密算法 */ "ciphers":"ECC-SM2-SM4-CBC-SM3:ECDHE-SM2-WITH-SM4-SM3:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS" /* 支持算法 */ } } 请求命令 curl -s http://127.0.0.1:8081/api/v1/hc/stcp/demo -XPOST -d '{"interval": "3s","jitter": "1s","timeout": "10s","passes": 2, "fails": 1,"stream": {"send": "zhao\\x6B\\x61\\x6E\\x67","expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you"},"ssl": {"enable": true,"ntls": true,"ciphers":"ECC-SM2-SM4-CBC-SM3:ECDHE-SM2-WITH-SM4-SM3:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS" }}' 返回 { "code": 0, "msg": "success" } 参数说明: stcp 为四层健康检查配置的关键字,表示使用TCP协议 demo 为对应下发的upstream的name stream 意义同 “健康检查TCP配置方式” ssl TLS相关配置 ssl.enable 是否启tls,默认 false ssl.ntls 是否是国密算法. ssl.ciphers 支持的算法 默认"DEFAULT"
3.4 健康检查UDP配置方式
请求BODY
{
"interval": "3s",
"jitter": "1s",
"timeout": "10s",
"passes": 2,
"fails": 1,
"stream": { /* 开启四层健康检查 */
"send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */
"expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */
}
}
请求命令
curl -s http://127.0.0.1:8081/api/v1/hc/sudp/tmux -XPOST -d '{"interval": "3s","jitter": "1s","timeout": "10s","passes": 2, "fails": 1, "stream": {"send": "zhao\\x6B\\x61\\x6E\\x67","expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you"}}'
返回
{
"code": 0,
"msg": "success"
}
参数说明:
sudp为四层健康检查配置的关键字
tmux为对应下发的upstream的name
stream 意义同 “健康检查TCP配置方式”
UDP方式不支持TLS
请求命令
curl -s http://127.0.0.1:8081/api/v1/hc/sudp/demo -XPOST -d '{"interval": "3s","jitter": "1s","timeout": "10s","passes": 2, "fails": 1,"stream": {"send": "zhao\\x6B\\x61\\x6E\\x67","expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you"},"ssl": {"enable": true,"ntls": true,"ciphers":"ECC-SM2-SM4-CBC-SM3:ECDHE-SM2-WITH-SM4-SM3:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS" }}'
返回
{
"code": 14,
"msg": "UDP does not support tls"
}4. 调用样例
4.1 增加新的stream,TCP健康检查
请求
POST http://127.0.0.1:8081/api/v1/hc/stcp/demo
Content-Type: application/json
{
"interval": "3s",
"jitter": "1s",
"timeout": "10s",
"passes": 2,
"fails": 1,
"stream": {
"send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */
"expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */
},
"ssl": {
"enable": false
}
}返回值
HTTP/1.1 200 OK
Server: njet/1.23.1
Date: Fri, 10 Feb 2023 13:06:24 GMT
Content-Type: application/json
Content-Length: 37
Connection: keep-alive
{
"code": 0,
"msg": "success"
}4.2 增加新的stream,UDP健康检查
请求
POST http://127.0.0.1:8081/api/v1/hc/sudp/demo
Content-Type: application/json
{
"interval": "3s",
"jitter": "1s",
"timeout": "10s",
"passes": 2,
"fails": 1,
"stream": {
"send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */
"expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */
},
"ssl": {
"enable": false
}
}返回值
HTTP/1.1 200 OK
Server: njet/1.23.1
Date: Fri, 10 Feb 2023 13:06:24 GMT
Content-Type: application/json
Content-Length: 37
Connection: keep-alive
{
"code": 0,
"msg": "success"
}4.3 stream健康检查标密SSL配置
请求
POST http://127.0.0.1:8081/api/v1/hc/stcp/demos
Content-Type: application/json
{
"interval": "3s",
"jitter": "1s",
"timeout": "10s",
"passes": 2,
"fails": 1,
"stream": {
"send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */
"expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */
},
"ssl": {
"enable": true,
"ntls": false
}返回
HTTP/1.1 200 OK
Server: njet/1.23.1
Date: Mon, 13 Feb 2023 07:35:27 GMT
Content-Type: application/json
Content-Length: 37
Connection: keep-alive
{
"code": 0,
"msg": "success"
}4.4 stream健康检查国密SSL配置
请求
POST http://127.0.0.1:8081/api/v1/hc/stcp/demos
Content-Type: application/json
{
"interval": "3s",
"jitter": "1s",
"timeout": "10s",
"passes": 2,
"fails": 1,
"stream": {
"send": "zhao\\x6B\\x61\\x6E\\x67", /* 期望发送的文本 */
"expect": "\\x74\\x68\\x61\\x6E\\x6B\\x20you" /* 期望收到的文本 */
},
"ssl": {
"enable": true,
"ntls": true,
"ciphers":"ECC-SM2-SM4-CBC-SM3:ECDHE-SM2-WITH-SM4-SM3:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!RC4:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS"
}
}返回
HTTP/1.1 200 OK
Server: njet/1.23.1
Date: Mon, 13 Feb 2023 07:35:27 GMT
Content-Type: application/json
Content-Length: 37
Connection: keep-alive
{
"code": 0,
"msg": "success"
}