Haproxy实现443端口的复用
转载备份一篇,443端口的复用,Haproxy实现443端口的复用。主要是利用了haproxy 的sni协议分析,可以根据协议和域名转发到对应的端口。
详细配置如下。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
global log 127.0.0.1 local3 log 127.0.0.1 local3 info maxconn 65535 chroot /usr/share/haproxy user nobody group nogroup daemon nbproc 2 defaults log global option tcplog option dontlognull #option originalto maxconn 65535 timeout connect 500000 timeout client 500000 timeout server 500000 frontend tls-ssl mode tcp bind :443 bind :::443 tcp-request inspect-delay 3s tcp-request content accept if { req.ssl_hello_type 1 } # ACL configure acl 0_www req_ssl_sni -i abc1.def.ghi acl 1_ocserv req_ssl_sni -i abc2.def.ghi acl 2_ssh_payload payload(0,7) -m bin 5353482d322e30 # Backend choice use_backend nginx if 0_www { req.ssl_hello_type 1 } use_backend ocserv if 1_ocserv use_backend ocserv if { req.ssl_hello_type 1 } use_backend openssh if 2_ssh_payload use_backend openssh if !{ req.ssl_hello_type 1 } { req.len 0 } use_backend tunnel if !{ req.ssl_hello_type 1 } !{ req.len 0 } # backend nginx #mode tcp option ssl-hello-chk server webserver 127.0.0.1:4443 backend ocserv #mode tcp timeout server 8h server sslvpn 127.0.0.1:4500 backend tunnel #mode tcp timeout server 2h server ss 127.0.0.1:512 backend openssh #mode tcp timeout server 3h server openssh 127.0.0.1:22 # origin blog:https://blog.phoenixxie.xyz/ |