HAProxy : ACL Settings (L4)2023/07/10 |
|
This is the ACL Setting example.
It's possible to use on Layer4 mode.
Refer to the official documents to see various usages.
⇒ https://www.haproxy.com/documentation/hapee/latest/onepage/#7.3.3
|
| [1] | |
| [2] | Configure HAProxy. By following settings, requests to [80] port is forwarded to the backend [10.0.0.31:80], requests to [3306] port is forwarded to the backend [10.0.0.51:3306], requests to [22] port is forwarded to the backend [10.0.0.52:22]. |
|
root@dlp:~#
vi /etc/haproxy/haproxy.cfg # add to the end frontend mariadb-in bind *:3306 # set ACL # destination port is [3306] acl dst_3306 dst_port 3306 # set action for ACL use_backend mariadb_node01 if dst_3306 backend mariadb_node01 server node01 10.0.0.51:3306 check frontend ssh-in bind *:22 acl dst_22 dst_port 22 use_backend ssh_node02 if dst_22 backend ssh_node02 server node02 10.0.0.52:22 check frontend http-in bind *:80 acl dst_80 dst_port 80 use_backend http_www if dst_80 backend http_www server www 10.0.0.31:80 check systemctl stop ssh mariadb apache2 root@dlp:~# systemctl restart haproxy |
| [3] | Verify working normally to access to the frontend HAproxy Server with each service ports. |
|
debian@client:~# mysql -u debian -p -h dlp.srv.world -e "show variables like 'hostname';" Enter password: +---------------+------------------+ | Variable_name | Value | +---------------+------------------+ | hostname | node01.srv.world | +---------------+------------------+debian@client:~# ssh debian@dlp.srv.world hostname debian@dlp.srv.world's password: node02.srv.worlddebian@client:~# curl http://dlp.srv.world/ www.srv.world |
| Sponsored Link |