HAProxy : ACL Settings (L4)2023/03/07 |
This is the ACL Setting example.
It's possible to use on Layer4 mode.
Refer to the official documents to see various usages.
⇒ https://www.haproxy.com/documentation/hapee/latest/onepage/#7.3.3
|
[1] | |
[2] | Configure HAProxy. By following settings, requests to [80] port is forwarded to the backend [10.0.0.31:80], requests to [3306] port is forwarded to the backend [10.0.0.51:3306], requests to [22] port is forwarded to the backend [10.0.0.52:22]. |
[root@dlp ~]#
vi /etc/haproxy/haproxy.cfg # add to the end frontend mariadb-in bind *:3306 # set ACL # destination port is [3306] acl dst_3306 dst_port 3306 # set action for ACL use_backend mariadb_node01 if dst_3306 backend mariadb_node01 server node01 10.0.0.51:3306 check frontend ssh-in bind *:22 acl dst_22 dst_port 22 use_backend ssh_node02 if dst_22 backend ssh_node02 server node02 10.0.0.52:22 check frontend http-in bind *:80 acl dst_80 dst_port 80 use_backend http_www if dst_80 backend http_www server www 10.0.0.31:80 check systemctl stop sshd mariadb httpd [root@dlp ~]# systemctl restart haproxy |
[3] | Verify working normally to access to the frontend HAproxy Server with each service ports. |
[alma@client ~]$ mysql -u alma -p -h dlp.srv.world -e "show variables like 'hostname';" Enter password: +---------------+------------------+ | Variable_name | Value | +---------------+------------------+ | hostname | node01.srv.world | +---------------+------------------+[alma@client ~]$ ssh alma@dlp.srv.world hostname alma@dlp.srv.world's password: node02.srv.world[alma@client ~]$ curl http://dlp.srv.world/ www.srv.world |
Sponsored Link |