需求:简单的4层(SSH)和7层(HTTP)反向代理
架设环境:CentOS 8
安装

> sudo dnf install haproxy

配置

> sudo vim /etc/haproxy/haproxy.cfg

以下是关键修改部分

global ... maxconn 20480 ulimit-n 65535 ...

default ... stats uri /haproxy?stats # 查看haproxy的状态,地址http://<haproxy_ip>/haproxy?stats ...

定义7层HTTP转发

frontend sdc bind *:80 # define acl for different streamset data controller server acl sdc1-policy hdr_dom(host) -i sdc1.3rd.pla95929 acl sdc2-policy hdr_dom(host) -i sdc2.3rd.pla95929 # back end for acl use_backend server_sdc1 if sdc1-policy use_backend server_sdc2 if sdc2-policy # send X-Forwarded-For header option forwardfor except 127.0.0.0/8

backend server_sdc1 server srv sdc1:18630 check backend server_sdc2 server srv sdc2:18630 check

sdc1和sdc2在haproxy的/etc/hosts有记录,也可以直接写ip,srv为自定义的名字

定义4层TCP转发

listen ssh-sdc1 mode tcp option tcplog tcp-request inspect-delay 5s bind *:2201 server node sdc1:22 check listen ssh-sdc2 mode tcp option tcplog tcp-request inspect-delay 5s bind *:2202

4层反代不能通过检查host来配置acl策略,只能使用端口绑定方式实现