Haproxy
Haproxy可以做tcp转发,我们可以通过它来配置22端口的转发。这样,当主机的22端口不开放时,仍然可以ssh连接。
假设我们的haproxy所在主机的IP为10.142.232.161
yum安装
执行以下命令安装Haproxy
sudo yum -y install haproxy
修改配置文件
/etc/haproxy/haproxy.cfg
比如我们要通过主机的8161端口转发到本机的22端口,且通过haproxy的8162端口转到主机10.142.232.162的22端口,则可以设置为如下(注意是ssh部分的内容)
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
# user haproxy
# group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
# ssh
listen port8161
bind :8161
mode tcp
server server150 10.142.232.161:22
listen port8162
bind :8162
mode tcp
server server162 10.142.232.162:22
/usr/lib/systemd/system/haproxy.service
用以下的内容覆盖该文件
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
[Install]
WantedBy=multi-user.target
Last updated
Was this helpful?