haproxy ssh haproxy单端口绑定ssh openvpn服务 - Linux - 服务器之家

服务器之家

专注于服务器技术!
当前位置:首页 > 服务器系统 > Linux

haproxy ssh haproxy单端口绑定ssh openvpn服务

发布时间:2017-04-30 来源:服务器之家

假如某种环境下,我们只有一个映射端口,122 > 22 ,但是我们的服务除了ssh还有openvpn,怎么办呢?
我们可以采用ngrok,也可以采用haproxy对流量进行分流:

" hljs cs">#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
frontend ssl
mode tcp
bind 0.0.0.0:22 name frontend-ssl
option tcplog
tcp-request inspect-delay 2s
tcp-request content accept if { req.ssl_hello_type 1 }
tcp-request content accept if HTTP
use_backend main-ssl if { req.ssl_hello_type 1 }
#use_backend localnginx if HTTP
use_backend openvpn if !{ req.ssl_hello_type 1 } !{ req.len 0 }
use_backend ssh if !{ req.ssl_hello_type 1 } { req.len 0 }
#use_backend localnginx if HTTP
use_backend localnginx
backend openvpn
mode tcp
server openvpn-localhost 127.0.0.1:9000
backend ssh
mode tcp
server ssh-localhost 127.0.0.1:60022
backend main-ssl
mode tcp
server main-ssl 127.0.0.1:8443
backend localnginx
mode tcp
server default 127.0.0.1:80

备注:
1. ssh服务假如22正在工作,可以/usr/sbin/sshd -f sshd2.conf打出一个60022的端口
2. 如果机器重启,那么上面的60022也就不存在了,可以修改/etc/ssh/sshd_config,将端口进行修改。另外,可以有多个Port 指令,ssh会监听所有配置的Port指令。

遗留问题:
1. 没有对http流量也进行分离成功。