HAProxy for HTTP and HTTPS (except HTTPS UDP)

This commit is contained in:
Oracle Public Cloud User 2024-08-07 14:25:14 +00:00
parent ed50f66d9a
commit dc2fc245c9
4 changed files with 71 additions and 5 deletions

View file

@ -8,8 +8,8 @@ ORIGINAL_DESTINATION_IP="10.0.0.104"
FORWARD_TO_IP="10.0.100.10" FORWARD_TO_IP="10.0.100.10"
RULES=( RULES=(
"25:25" "25:25"
"80:80" "53:53"
"443:443" "53:53/udp"
"2222:2222" "2222:2222"
) )

View file

@ -9,8 +9,6 @@ FORWARD_TO_IP="10.0.100.20"
RULES=( RULES=(
"53:5300" "53:5300"
"53:5300/udp" "53:5300/udp"
"80:8000"
"443:4430"
"443:4430/udp" "443:4430/udp"
"22:22" "22:22"
"3478:3478" "3478:3478"

View file

@ -1,7 +1,14 @@
# NAT Rules for the Fixed IPv4 Provider # HAProxy Rules for the Fixed IPv4 Provider
In case I don't have a fixed IPv4 address, I use these rules to route the services through a fixed IPv4 provider like Oracle Cloud. In case I don't have a fixed IPv4 address, I use these rules to route the services through a fixed IPv4 provider like Oracle Cloud.
## Pre-Requesites
* Install HAProxy on the server : `sudo dnf install -y haproxy`
* Copy the configuration file: `sudo cp /home/opc/bin/NAT/haproxy.cfg /etc/haproxy/haproxy.cfg`
* Enable the service: `sudo systemctl enable --now haproxy`
* Open the ad-hoc ports (bound from haproxy.cfg) in the firewall, for instance: `sudo firewall-cmd --add-port=80/tcp --permanent`
## IP Addresses in Use ## IP Addresses in Use
| Public IP (Oracle) | Internal IP (Oracle) | Wireguard client IP | Description | | Public IP (Oracle) | Internal IP (Oracle) | Wireguard client IP | Description |

61
haproxy.cfg Normal file
View file

@ -0,0 +1,61 @@
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
option tcplog
mode tcp
log global
option http-server-close
timeout connect 10s
timeout client 1m
timeout server 1m
# HTTPS
frontend https
bind :443
acl dst_fastlight dst 10.0.0.104
acl dst_norrsken dst 10.0.0.143
use_backend https_fastlight if dst_fastlight
use_backend https_norrsken if dst_norrsken
backend https_fastlight
balance roundrobin
server fastlight 10.0.100.10:443 send-proxy
backend https_norrsken
balance roundrobin
server norrsken 10.0.100.20:4430 send-proxy
# HTTP
frontend http
bind :80
acl dst_fastlight dst 10.0.0.104
acl dst_norrsken dst 10.0.0.143
use_backend http_fastlight if dst_fastlight
use_backend http_norrsken if dst_norrsken
backend http_fastlight
balance roundrobin
server fastlight 10.0.100.10:80 send-proxy
backend http_norrsken
balance roundrobin
server norrsken 10.0.100.20:8000 send-proxy