I want to use haproxy to deploy one ftp proxy server. Here's scene:
ftp client <---> ftp-proxy-server(ip:10.0.1.1) <---> ftp-server(ip:172.126.1.1)
ftp server listen on port 21 for control command, data port range [20100-20199]
I had haproxy config on ftp-proxy-server:
listen ftp-proxy-server 10.0.1.1:21
mode tcp
server ftp-server 172.126.1.1:21
listen ftp-proxy-server 10.0.1.1:20100-20199
mode tcp
server ftp-server 172.126.1.1:20100-20199
Here's the question, I can successfully login ftp service from ftp-client, but failed to execute ls command which output "connection refused" message. I guess the reason is port mapping from ftp-proxy-server to ftp-server is random. So when ftp-client get a reserved port(e.g. 20101), but ftp-proxy-server may map it to another port(e.g. 20109), which is not the port ftp-server assigned to ftp-client.
I am think of one solution that configured 100 listens, one listen to one port, but it's complex to write the configure file. Is'there a simply configuration option to map port one by one? Just like 10.0.1.1:20001 -> 172.126.1.1:20001, 10.0.1.1:20002 -> 172.126.1.1:20002.
Welcome any answer:)
You have to remove the port range from the server definition. The haproxy documentation shows that the same port from the source is used for the destination.
listen ftp-proxy-server 10.0.1.1:20100-20199
mode tcp
server ftp-server 172.126.1.1
For haproxy 1.5 on centos,
listen web *:8080-8090
mode tcp
server worker1 10.0.0.1
server worker2 10.0.0.2
For haproxy 1.7 on debian,
listen web
bind *:8080-8090
mode tcp
server worker1 10.0.0.1
server worker2 10.0.0.2
Related
Hi I'm trying to implement use TCP passthrough based on SNI. It works for SSL but it's not working for 80.
configuration is below:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
timeout client 30s
timeout server 30s
timeout connect 5s
frontend https
bind *:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
acl mytonicssl req_ssl_sni -i staging.mytonic.com
use_backend mytonic-ssl if mytonicssl
backend mytonic-ssl
mode tcp
balance roundrobin
stick-table type binary len 32 size 30k expire 30m
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
tcp-request inspect-delay 5s
tcp-request content accept if clienthello
tcp-response content accept if serverhello
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
option ssl-hello-chk
server server1 10.10.17.222:8443 check
frontend http
bind *:80
mode tcp
acl mytonic_http hdr_dom(host) -i staging.mytonic.com
use_backend mytonic_nonssl if mytonic_http
backend mytonic_nonssl
mode tcp
balance roundrobin
server server1 10.10.17.222:8080 check
If i added default backend then it works. But this is not the virtual host solution. My haproxy version is: HA-Proxy version 1.5.18 2016/05/10 any help is appreciated.
SNI is a TLS extension which contains the target hostname. Since it is a TLS extension it can only be used with SSL/TLS traffic. The matching mechanism with plain HTTP (i.e. no SSL/TLS) is the HTTP Host header. But to balance based on this header you need to use mode http (the default) and not mode tcp. See also How to divert traffic based on hostname using HAProxy?
I am using nginX
nginx version: nginx/1.4.6 (Ubuntu)
I have an app listening TCP on IPv4 port besides 80.
How I can to proxy/forward from domain on TCP 80 to this port.
What keywords should I find or nginx configurations?
Thanks
I think what you need is reverse proxy
Here is great tutorial how to forward connection from nginx to apache
This tutorial shows how to forward connection from nginx on port 80 to apache on port 8080
There are some options:
You can use ssh-forwarding:
plink <ssh user>#<server_ip> -pw <ssh pass> -L 0.0.0.0:<external port>:<target ip in internal network>:<target port in internal network>
Create VPN by OpenVPN for example
Check here - https://unix.stackexchange.com/questions/290223/how-to-configure-nginx-as-a-reverse-proxy-for-different-port-numbers
I have a jetty server running under port 8080 on VM. VM in its turn runs on remote server under port 10000. Is it legit to address it as http://someremote.org:10000:8080/request? Or should I use SSH somehow?
What I was looking for is called ssh tunneling. You make a tunnel from your port to remote's machine port like that:
ssh -p 10000 -L 18080:localhost:8080 user#remote.host.org
18080 here is port, that you use on your local machine in order to get to remote's 8080 port.
Why doesn't uWSGI listen on IPv6 interface, even if system is 100% IPv6 ready? As far as I could see there aren't parameters nor documentation covering this issue.
In your INI config file specify something like this
[uwsgi]
socket = [::]:your_port_number
Or from the CL,
./uwsgi -s [::]:your_port_number
The server shall now listen along all the interfaces (including IPv4, if the underlying OS supports dual stack TCP sockets)
I am using Ubuntu 12.04LTS 64 bit pc.JBOSS as my local pc server and i have a project which is using mysql as database and struts framework.I can easily access my project using
http://localhost:8080
but when I want to access my project using
https://localhost:8080
It shows an error.
The connection was interrupted
The connection to 127.0.0.1:8080 was interrupted while the page was loading.
I have also checked
$ sudo netstat -plntu | grep 8080
this command which output is
"tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 5444/java"
If i kill this process,my project also killed.
and i also mentioned u that my 80 port is free also.
Can you tell me what is the problem is occured for which I cannot access my project in my local pc using https.
Advance Thanks for helping.
SSL has to be on a different port. Here is the breakdown:
http:// watched on port, typically 80
https:// watched on a different port, typically 443
You need to RUN SSL on a different port.
Listen 8081
SSL VirtualHost
<VirtualHost *:8081>
# SSL Cert info here
....
</VirtualHost>
> service httpd restart