Love My Love

HAProxy Simple Usage

2019.08.24

Reference: http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#2.5

No introduce, no advanced usage, also no tutor for how to install, just config to implement proxy.

The case there is so easy so you can get sense of achivement quickly.

My Goal

If I type ssh username@127.0.0.1 -p80 at vps1(127.0.0.1), it’ll connect to vps2(123.123.123.123:22)!

Conditions

  1. vps1’s port 80 is open
  2. vps2’s port 22 is open
  3. haproxy was installed in vps1(127.0.0.1)

Configuration

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

defaults
    log global
    mode    http
    # option    httplog
    # option    dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend tcp-33-front
    bind    *:33
    mode    tcp
    default_backend tcp-33-back

backend tcp-33-back
    mode    tcp
    server  tcp-33  123.123.123.123:22 check

listen test
    bind *:80
    mode tcp
    server centos 123.123.123.123:22 check port 22 inter 5000 fall 5

Then, run the command below to verify the syntex is right.

haproxy  -f /etc/haproxy/haproxy.cfg -c

No error occur, yeap, run it!

haproxy  -f /etc/haproxy/haproxy.cfg

Now, you can run ssh -p33 vagrant@127.0.0.1 or ssh -p80 vagrant@127.0.0.1 to connect to vps2(123.123.123.123) on ssh:22.

Simple Working Principle

This is core config:

frontend tcp-33-front
    bind    *:33
    mode    tcp
    default_backend tcp-33-back

backend tcp-33-back
    mode    tcp
    server  tcp-33  123.123.123.123:22 check

listen test
    bind *:80
    mode tcp
    server centos 123.123.123.123:22 check port 22 inter 5000 fall 5

also, you can just use one part of it!

listen style: All data access to port 80 will pass to 22!

listen test
    bind *:80
    mode tcp
    server centos 123.123.123.123:22 check port 22 inter 5000 fall 5

OR

All data access to port 33 will pass to 22!

frontend tcp-33-front
    bind    *:33
    mode    tcp
    default_backend tcp-33-back

backend tcp-33-back
    mode    tcp
    server  tcp-33  123.123.123.123:22 check

haproxy process look up: ps -ef | grep haproxy .

Bind ports!

Reference: http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#bind

It is possible to specify a list of address:port combinations delimited by commas. There is no fixed limit to the number of addresses and ports which can be listened on in a frontend, as well as there is no limit to the number of “bind” statements in a frontend.

SO, YOU CAN WRITE frontend like this:

bind :33, :44
bind 10.0.0.1:55, 10.0.0.1:66

EOF

发表评论