thingsboard的集群部署通过docker-compose方式部署时没有出现任何问题,但是使用portainer(docker swarm)方式进行部署时haproxy服务报"getsockopt failed strangely: Operation not permitted"错误信息,具体哪里出了错没有具体提示信息,在thingsboard github社区也发了帖子最终该项目开发人员没有给出方案,无奈自己选择了其他方案,不再使用thingsboard官网给出的xalauc/haproxy-certbot:1.7.9镜像,选择了haproxy:1.7.12镜像解决了这个问题,具体docker-compose相关配置如下所示:
haproxy:
restart: always
image: haproxy:1.7.12
deploy:
placement:
constraints: # 添加条件约束
- node.labels.server==tb
ports:
- "80:80"
- "443:443"
- "1883:1883"
- "9999:9999"
cap_add:
- NET_ADMIN
privileged: true
volumes:
- /home/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
environment:
HTTP_PORT: 80
HTTPS_PORT: 443
MQTT_PORT: 1883
FORCE_HTTPS_REDIRECT: "false"
links:
- tb-core1
- tb-core2
- tb-rule-engine1
- tb-rule-engine2
- tb-web-ui1
- tb-mqtt-transport1
- tb-mqtt-transport2
- tb-http-transport1
haproxy.cfg做了精简,删去了https部分,如下所示:
#HA Proxy Config
global
ulimit-n 500000
maxconn 99999
maxpipes 99999
tune.maxaccept 500
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
defaults
log global
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
timeout tunnel 1h # timeout to use with WebSocket and CONNECT
default-server init-addr none
#enable resolving throught docker dns and avoid crashing if service is down while proxy is starting
resolvers docker_resolver
nameserver dns 127.0.0.11:53
listen stats
bind *:9999
stats enable
stats hide-version
stats uri /stats
stats auth admin:admin@123
listen mqtt-in
bind *:${MQTT_PORT}
mode tcp
option clitcpka # For TCP keep-alive
timeout client 3h
timeout server 3h
option tcplog
balance leastconn
server tbMqtt1 tb-mqtt-transport1:1883 check inter 5s resolvers docker_resolver resolve-prefer ipv4
server tbMqtt2 tb-mqtt-transport2:1883 check inter 5s resolvers docker_resolver resolve-prefer ipv4
frontend http-in
bind *:${HTTP_PORT}
option forwardfor
reqadd X-Forwarded-Proto:\ http
acl transport_http_acl path_beg /api/v1/
acl letsencrypt_http_acl path_beg /.well-known/acme-challenge/
acl tb_api_acl path_beg /api/ /swagger /webjars /v2/ /static/rulenode/ /oauth2/ /login/oauth2/
use_backend letsencrypt_http if letsencrypt_http_acl
use_backend tb-http-backend if transport_http_acl
use_backend tb-api-backend if tb_api_acl
default_backend tb-web-backend
backend letsencrypt_http
server letsencrypt_http_srv 127.0.0.1:8080
backend tb-web-backend
balance leastconn
option tcp-check
option log-health-checks
server tbWeb1 tb-web-ui1:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
server tbWeb2 tb-web-ui2:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
http-request set-header X-Forwarded-Port %[dst_port]
backend tb-http-backend
balance leastconn
option tcp-check
option log-health-checks
server tbHttp1 tb-http-transport1:8081 check inter 5s resolvers docker_resolver resolve-prefer ipv4
server tbHttp2 tb-http-transport2:8081 check inter 5s resolvers docker_resolver resolve-prefer ipv4
backend tb-api-backend
balance source
option tcp-check
option log-health-checks
server tbApi1 tb-core1:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
server tbApi2 tb-core2:8080 check inter 5s resolvers docker_resolver resolve-prefer ipv4
http-request set-header X-Forwarded-Port %[dst_port]