Reference: http://cbonte.github.io/haproxy-dconv/1.9/configuration.html#2.5
No introduce, no advanced usage, also no tutor for how to install, just config to implement proxy.
The case there is so easy so you can get sense of achivement quickly.
My Goal
If I type ssh username@127.0.0.1 -p80 at vps1(127.0.0.1), it’ll connect to vps2(123.123.123.123:22)!
Conditions
- vps1’s port 80 is open
- vps2’s port 22 is open
- haproxy was installed in vps1(127.0.0.1)
Configuration
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
defaults
log global
mode http
# option httplog
# option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend tcp-33-front
bind *:33
mode tcp
default_backend tcp-33-back
backend tcp-33-back
mode tcp
server tcp-33 123.123.123.123:22 check
listen test
bind *:80
mode tcp
server centos 123.123.123.123:22 check port 22 inter 5000 fall 5
Then, run the command below to verify the syntex is right.
haproxy -f /etc/haproxy/haproxy.cfg -c
No error occur, yeap, run it!
haproxy -f /etc/haproxy/haproxy.cfg
Now, you can run ssh -p33 vagrant@127.0.0.1 or ssh -p80 vagrant@127.0.0.1 to connect to vps2(123.123.123.123) on ssh:22.
Simple Working Principle
This is core config:
frontend tcp-33-front
bind *:33
mode tcp
default_backend tcp-33-back
backend tcp-33-back
mode tcp
server tcp-33 123.123.123.123:22 check
listen test
bind *:80
mode tcp
server centos 123.123.123.123:22 check port 22 inter 5000 fall 5
also, you can just use one part of it!
listen style: All data access to port 80 will pass to 22!
listen test
bind *:80
mode tcp
server centos 123.123.123.123:22 check port 22 inter 5000 fall 5
OR
All data access to port 33 will pass to 22!
frontend tcp-33-front
bind *:33
mode tcp
default_backend tcp-33-back
backend tcp-33-back
mode tcp
server tcp-33 123.123.123.123:22 check
haproxy process look up: ps -ef | grep haproxy .
Bind ports!
Reference: http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#bind
It is possible to specify a list of address:port combinations delimited by commas. There is no fixed limit to the number of addresses and ports which can be listened on in a frontend, as well as there is no limit to the number of “bind” statements in a frontend.
SO, YOU CAN WRITE frontend like this:
bind :33, :44
bind 10.0.0.1:55, 10.0.0.1:66
EOF