Haproxy

Haproxy可以做tcp转发，我们可以通过它来配置22端口的转发。这样，当主机的22端口不开放时，仍然可以ssh连接。

假设我们的haproxy所在主机的IP为10.142.232.161

yum安装

执行以下命令安装Haproxy

sudo yum -y install haproxy

修改配置文件

/etc/haproxy/haproxy.cfg

比如我们要通过主机的8161端口转发到本机的22端口，且通过haproxy的8162端口转到主机10.142.232.162的22端口，则可以设置为如下（注意是ssh部分的内容）

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
#    user        haproxy
#    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

# ssh
listen port8161
        bind :8161
        mode tcp
        server server150 10.142.232.161:22

listen port8162
        bind :8162
        mode tcp
        server server162 10.142.232.162:22

/usr/lib/systemd/system/haproxy.service

用以下的内容覆盖该文件

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed

[Install]
WantedBy=multi-user.target

PreviousNFS NextKeepalived

Last updated 5 years ago

Was this helpful?

修改配置文件

/etc/haproxy/haproxy.cfg

比如我们要通过主机的8161端口转发到本机的22端口，且通过haproxy的8162端口转到主机10.142.232.162的22端口，则可以设置为如下（注意是ssh部分的内容）

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
#    user        haproxy
#    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

# ssh
listen port8161
        bind :8161
        mode tcp
        server server150 10.142.232.161:22

listen port8162
        bind :8162
        mode tcp
        server server162 10.142.232.162:22

/usr/lib/systemd/system/haproxy.service

用以下的内容覆盖该文件

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed

[Install]
WantedBy=multi-user.target