Haproxy Simple Usage

Reference:
http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#2.5

No introduce, no advanced usage, also no tutor for how to install, just config to implement proxy.

The case there is so easy so you can get sense of achivement quickly.

My Goal

If I type ssh username@127.0.0.1 -p80 at vps1(127.0.0.1), it’ll connect to vps2(123.123.123.123:22)!

Conditions

  1. vps1’s port 80 is open
  2. vps2’s port 22 is open
  3. haproxy was installed in vps1(127.0.0.1)

Configuration

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

defaults
log global
mode http
# option httplog
# option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend tcp-33-front
bind *:33
mode tcp
default_backend tcp-33-back

backend tcp-33-back
mode tcp
server tcp-33 123.123.123.123:22 check

listen test
bind *:80
mode tcp
server centos 123.123.123.123:22 check port 22 inter 5000 fall 5

Then, run the command below to verify the syntex is right.

haproxy  -f /etc/haproxy/haproxy.cfg -c

No error occur, yeap, run it!

haproxy  -f /etc/haproxy/haproxy.cfg

Now, you can run ssh -p33 vagrant@127.0.0.1 or ssh -p80 vagrant@127.0.0.1 to connect to vps2(123.123.123.123) on ssh:22.

Simple Working Principle

This is core config:

frontend tcp-33-front
bind *:33
mode tcp
default_backend tcp-33-back

backend tcp-33-back
mode tcp
server tcp-33 123.123.123.123:22 check

listen test
bind *:80
mode tcp
server centos 123.123.123.123:22 check port 22 inter 5000 fall 5

also, you can just use one part of it!

listen style: All access to port 80 data will go to 22!

listen test
bind *:80
mode tcp
server centos 123.123.123.123:22 check port 22 inter 5000 fall 5

OR

All access to port 33 data will go to 22!

frontend tcp-33-front
bind *:33
mode tcp
default_backend tcp-33-back

backend tcp-33-back
mode tcp
server tcp-33 123.123.123.123:22 check

haproxy process look up: ps -ef | grep haproxy .

EOF

0%