Centos7 haproxy单端口多服务小记

摘要

由于特殊情况,需访问内网只有特定端口开放访问(类似端口隧道穿透),需要单端口多服务(本文为ssh与RDP),故在DMZ主机上配置haproxy

步骤记录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# 设置服务器静态IP

ip a
#1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
#    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
#    inet 127.0.0.1/8 scope host lo
#       valid_lft forever preferred_lft forever
#    inet6 ::1/128 scope host
#       valid_lft forever preferred_lft forever
#2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
#    link/ether 6c:2b:59:e9:7a:3a brd ff:ff:ff:ff:ff:ff
#    inet 192.168.1.198/24 brd 192.168.1.255 scope global noprefixroute enp0s31f6
#       valid_lft forever preferred_lft forever
#    inet6 fe80::bd61:b8e9:81e7:f862/64 scope link noprefixroute
#       valid_lft forever preferred_lft forever

vi /etc/sysconfig/network-scripts/ifcfg-enp0s31f6
#TYPE="Ethernet"
#PROXY_METHOD="none"
#BROWSER_ONLY="no"
#BOOTPROTO="static"
#DEFROUTE="yes"
#IPV4_FAILURE_FATAL="no"
#IPV6INIT="yes"
#IPV6_AUTOCONF="yes"
#IPV6_DEFROUTE="yes"
#IPV6_FAILURE_FATAL="no"
#IPV6_ADDR_GEN_MODE="stable-privacy"
#NAME="enp0s31f6"
#UUID="7f4de36a-30ba-446e-81bd-ffd2892996fd"
#DEVICE="enp0s31f6"
#ONBOOT="yes"
#IPADDR=192.168.1.198
#NETMASK=255.255.255.0
#GATEWAY=192.168.1.1
#DNS1=192.168.1.1

service network restart
ping www.baidu.com

#haproxy配置

yum update
yum install haproxy

cd /etc/haproxy/
cp haproxy.cfg haproxy.cfg.bak
echo "" > haproxy.cfg

vi haproxy.cfg
#global
#log 127.0.0.1 local2
#chroot /var/lib/haproxy
#pidfile /var/run/haproxy.pid
#maxconn 4000
#user haproxy
#group haproxy
#daemon
#stats socket /var/lib/haproxy/stats
#
#defaults
#log global
#mode tcp
#option tcplog
#option dontlognull
#timeout http-request 2h
#timeout queue 1m
#timeout connect 2h
#timeout client 2h
#timeout server 2h
#timeout http-keep-alive 10s
#timeout check 10s
#maxconn 3000
#
#frontend all_frontend
#bind 0.0.0.0:5924
#mode tcp
#tcp-request inspect-delay 5s
#tcp-request content accept if { req.payload(0,7) -m bin 5353482d322e30 } # SSH identification
#use_backend ssh_backend if { req.payload(0,7) -m bin 5353482d322e30 } # SSH identification
#use_backend rdp_backend
#
#backend ssh_backend
#mode tcp
#server ssh_server 192.168.1.198:22 check
#
#backend rdp_backend
#mode tcp
#server rdp_server 192.168.1.3:3389 check

haproxy -c -f /etc/haproxy/haproxy.cfg    # 检查配置文件
systemctl restart haproxy    #重启服务
systemctl status haproxy -l    #查看服务状态

# 如果failed,且原因是无法绑定空端口,尝试关闭SELinux
# 如果无法访问,且nc debug不通,可能是防火墙问题,可先关闭防火墙进行测试