CentOS Stream 9
Sponsored Link

HAProxy : ACL Settings (L4)2022/03/22

 
This is the ACL Setting example.
It's possible to use on Layer4 mode.
Refer to the official documents to see various usages.
⇒ https://www.haproxy.com/documentation/hapee/latest/onepage/#7.3.3
[1]
[2] Configure HAProxy.
By following settings, requests to [80] port is forwarded to the backend [10.0.0.31:80],
requests to [3306] port is forwarded to the backend [10.0.0.51:3306],
requests to [22] port is forwarded to the backend [10.0.0.52:22].
[root@dlp ~]#
vi /etc/haproxy/haproxy.cfg
# add to the end
frontend mariadb-in
        bind *:3306
        # set ACL
        # destination port is [3306]
        acl dst_3306 dst_port 3306

        # set action for ACL
        use_backend mariadb_node01 if dst_3306

backend mariadb_node01
        server node01 10.0.0.51:3306 check

frontend ssh-in
        bind *:22
        acl dst_22 dst_port 22
        use_backend ssh_node02 if dst_22

backend ssh_node02
        server node02 10.0.0.52:22 check

frontend http-in
        bind *:80
        acl dst_80 dst_port 80
        use_backend http_www if dst_80

backend http_www
        server www 10.0.0.31:80 check

[root@dlp ~]#
systemctl stop sshd mariadb httpd

[root@dlp ~]#
systemctl restart haproxy

[3] Verify working normally to access to the frontend HAproxy Server with each service ports.
[cent@client ~]$
mysql -u cent -p -h dlp.srv.world -e "show variables like 'hostname';"

Enter password:
+---------------+------------------+
| Variable_name | Value            |
+---------------+------------------+
| hostname      | node01.srv.world |
+---------------+------------------+

[cent@client ~]$
ssh cent@dlp.srv.world hostname

cent@dlp.srv.world's password:
node02.srv.world

[cent@client ~]$
curl http://dlp.srv.world/

www.srv.world
Matched Content