HAProxy for HTTP and HTTPS (except HTTPS UDP)
This commit is contained in:
Oracle Public Cloud User
parent
ed50f66d9a
commit
dc2fc245c9
4 changed files with 71 additions and 5 deletions
|
|
@ -8,8 +8,8 @@ ORIGINAL_DESTINATION_IP="10.0.0.104"
|
||||||
FORWARD_TO_IP="10.0.100.10"
|
FORWARD_TO_IP="10.0.100.10"
|
||||||
RULES=(
|
RULES=(
|
||||||
"25:25"
|
"25:25"
|
||||||
"80:80"
|
"53:53"
|
||||||
"443:443"
|
"53:53/udp"
|
||||||
"2222:2222"
|
"2222:2222"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,8 +9,6 @@ FORWARD_TO_IP="10.0.100.20"
|
||||||
RULES=(
|
RULES=(
|
||||||
"53:5300"
|
"53:5300"
|
||||||
"53:5300/udp"
|
"53:5300/udp"
|
||||||
"80:8000"
|
|
||||||
"443:4430"
|
|
||||||
"443:4430/udp"
|
"443:4430/udp"
|
||||||
"22:22"
|
"22:22"
|
||||||
"3478:3478"
|
"3478:3478"
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,14 @@
|
||||||
# NAT Rules for the Fixed IPv4 Provider
|
# HAProxy Rules for the Fixed IPv4 Provider
|
||||||
|
|
||||||
In case I don't have a fixed IPv4 address, I use these rules to route the services through a fixed IPv4 provider like Oracle Cloud.
|
In case I don't have a fixed IPv4 address, I use these rules to route the services through a fixed IPv4 provider like Oracle Cloud.
|
||||||
|
|
||||||
|
## Pre-Requesites
|
||||||
|
|
||||||
|
* Install HAProxy on the server : `sudo dnf install -y haproxy`
|
||||||
|
* Copy the configuration file: `sudo cp /home/opc/bin/NAT/haproxy.cfg /etc/haproxy/haproxy.cfg`
|
||||||
|
* Enable the service: `sudo systemctl enable --now haproxy`
|
||||||
|
* Open the ad-hoc ports (bound from haproxy.cfg) in the firewall, for instance: `sudo firewall-cmd --add-port=80/tcp --permanent`
|
||||||
|
|
||||||
## IP Addresses in Use
|
## IP Addresses in Use
|
||||||
|
|
||||||
| Public IP (Oracle) | Internal IP (Oracle) | Wireguard client IP | Description |
|
| Public IP (Oracle) | Internal IP (Oracle) | Wireguard client IP | Description |
|
||||||
|
|
|
||||||
61
haproxy.cfg
Normal file
61
haproxy.cfg
Normal file
|
|
@ -0,0 +1,61 @@
|
||||||
|
global
|
||||||
|
log 127.0.0.1 local2
|
||||||
|
|
||||||
|
chroot /var/lib/haproxy
|
||||||
|
pidfile /var/run/haproxy.pid
|
||||||
|
maxconn 4000
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
daemon
|
||||||
|
|
||||||
|
# turn on stats unix socket
|
||||||
|
stats socket /var/lib/haproxy/stats
|
||||||
|
|
||||||
|
# utilize system-wide crypto-policies
|
||||||
|
ssl-default-bind-ciphers PROFILE=SYSTEM
|
||||||
|
ssl-default-server-ciphers PROFILE=SYSTEM
|
||||||
|
|
||||||
|
defaults
|
||||||
|
option tcplog
|
||||||
|
mode tcp
|
||||||
|
log global
|
||||||
|
option http-server-close
|
||||||
|
timeout connect 10s
|
||||||
|
timeout client 1m
|
||||||
|
timeout server 1m
|
||||||
|
|
||||||
|
# HTTPS
|
||||||
|
frontend https
|
||||||
|
bind :443
|
||||||
|
|
||||||
|
acl dst_fastlight dst 10.0.0.104
|
||||||
|
acl dst_norrsken dst 10.0.0.143
|
||||||
|
|
||||||
|
use_backend https_fastlight if dst_fastlight
|
||||||
|
use_backend https_norrsken if dst_norrsken
|
||||||
|
|
||||||
|
backend https_fastlight
|
||||||
|
balance roundrobin
|
||||||
|
server fastlight 10.0.100.10:443 send-proxy
|
||||||
|
|
||||||
|
backend https_norrsken
|
||||||
|
balance roundrobin
|
||||||
|
server norrsken 10.0.100.20:4430 send-proxy
|
||||||
|
|
||||||
|
# HTTP
|
||||||
|
frontend http
|
||||||
|
bind :80
|
||||||
|
|
||||||
|
acl dst_fastlight dst 10.0.0.104
|
||||||
|
acl dst_norrsken dst 10.0.0.143
|
||||||
|
|
||||||
|
use_backend http_fastlight if dst_fastlight
|
||||||
|
use_backend http_norrsken if dst_norrsken
|
||||||
|
|
||||||
|
backend http_fastlight
|
||||||
|
balance roundrobin
|
||||||
|
server fastlight 10.0.100.10:80 send-proxy
|
||||||
|
|
||||||
|
backend http_norrsken
|
||||||
|
balance roundrobin
|
||||||
|
server norrsken 10.0.100.20:8000 send-proxy
|
||||||
Loading…
Reference in a new issue