简介

也许有的时候,尤其是在和第三方打交道的时候,我们会遇到这么一种情况,我们需要控制私网里面的ssh服务,但是我们还有http甚至openvpn的需求,但是对方只是给我们一个端口。也许haproxy可以帮我们。

配置

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats

#defaults 
#    mode tcp
#    client timeout 2s
#    server timeout 2s
 #   connect timeout 2s

frontend ssl
mode tcp
bind 0.0.0.0:22 name frontend-ssl
option tcplog
tcp-request inspect-delay 2s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content accept if HTTP
use_backend ssh if !{ req.ssl_hello_type 1 } { payload(0,7) -m bin 5353482d322e30 }
use_backend openvpn if !{ req.ssl_hello_type 1 } !{ req.len 0 }
#use_backend ssh if !{ req.ssl_hello_type 1 } { req.len 0 }
use_backend localnginx if HTTP
use_backend main-ssl if { req.ssl_hello_type 1 }

backend openvpn
mode tcp
server openvpn-localhost 127.0.0.1:9000
timeout server 100h

backend ssh
mode tcp
server ssh-localhost 127.0.0.1:60022
timeout server 100h

backend main-ssl
mode tcp
server main-ssl 127.0.0.1:8443
timeout server 100h

backend localnginx
mode http
server default 127.0.0.1:80
timeout server 100h
option forwardfor header sdf1haiwai
option forwardfor
Copyright © opschina.org 2017 with zzlyzq@gmail.com all right reserved,powered by Gitbook该文件修订时间: 2017-07-11 11:32:48

results matching ""

    No results matching ""