如何用HAProxy代理sftp?
- By : Will
- Category : Load balancing
Load balancing
1 前言
一个问题,一篇文章,一出故事。
笔者今天需要实现HAProxy代理sftp,因此整理此文。
2 最佳实践
2.1 实践环境
HAProxy集群环境,
sftp服务环境,
2.2 配置代理
2.2.1 修改配置文件
vim /etc/haproxy/conf.d/sftp.cmdschool.org_115.cfg
加入如下配置,
listen sftp_115
bind 0.0.0.0:115
mode tcp
option tcplog
log /var/log/haproxy/haproxy.log local0 info
timeout connect 15m
timeout client 15m
timeout server 15m
server sftp.cmdschool.org 10.168.0.169:115 check
需要注意的是,参数“timeout connect”、“timeout client”、“timeout server”和“log”是有需要的,否则后面检查配置步骤会见到如下警告,
[WARNING] (110660) : config : missing timeouts for proxy 'sftp_115'. | While not properly invalid, you will certainly encounter various problems | with such a configuration. To fix this, please ensure that all following | timeouts are set to a non-zero value: 'client', 'connect', 'server'. [WARNING] (110660) : config : log format ignored for proxy 'sftp_115' since it has no log address. Warnings were found. Configuration file is valid
另外,以上部分参数如果不设置,登录一分钟会有以下提示,
sftp -P 115 'cmdschool.org\will'@sftp.cmdschool.org Password: Connected to sftp.cmdschool.org. sftp> ls myhome sftp> Connection to sftp.cmdschool.org closed by remote host.
2.2.2 检查配置
haproxy -c -f /etc/haproxy/conf.d
2.2.3 应用配置
systemctl reload haproxy.service systemctl status haproxy.service
参阅文档
======================
https://www.mail-archive.com/haproxy@formilux.org/msg23817.html
https://haproxy.formilux.narkive.com/EpMmLH3G/for-sftp-load-balancing
https://www.cnblogs.com/rongfengliang/p/10319205.html
https://jakec007.github.io/2021-03-09-load-balancing-ssh-with-haproxy/
https://docs.haproxy.org/2.2/configuration.html
https://www.haproxy.com/documentation/haproxy-configuration-tutorials/session-persistence/
https://www.haproxy.com/documentation/haproxy-configuration-tutorials/load-balancing/passive-ftp/
没有评论