Docker部署haproxy

部署:


docker run -d --name haproxy \ -p 80:80 \ -p 443:443 \ -p 2222:2222 \ -p 9090:9090 \ --restart=always \ -v /home/haproxy:/usr/local/etc/haproxy \ haproxy:alpine

/home/haproxy下的配置文件名必须为:haproxy.cfg

配置参考:


global #daemon log 127.0.0.1 local0 log 127.0.0.1 local1 notice maxconn 4096 defaults mode http maxconn 2000 log global option dontlognull option http-server-close option redispatch retries 3 timeout connect 5s timeout client 50s timeout server 50s listen stats bind *:9090 balance mode http stats enable stats uri /stats stats auth admin:password frontend in_http_80 bind *:80 mode http default_backend backend_http acl is_1 hdr_beg(host) -i example.com use_backend backend_sz if is_1 frontend in_https_443 bind *:443 mode tcp default_backend backend_https frontend in_http_da bind *:2222 mode http default_backend backend_da backend backend_http balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk HEAD / HTTP/1.1\r\nHost:localhost server node1 199.99.99.81:80 check backend backend_sz balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk HEAD / HTTP/1.1\r\nHost:localhost server node2 199.99.99.82:8888 check backend backend_da mode http server srv1 199.99.99.81:2222 check backend backend_https mode tcp server srv2 199.99.99.81:443 check

此配置用于反代Directadmin,注意,后端要把Haproxy的IP置于白名单,一处是防火墙的白名单,根据防火墙设置;

另外一处是Directadmin的白名单,位于/usr/local/directadmin/data/admin/ip_whitelist

参考:https://help.directadmin.com/item.php?id=306

否则因为恶意扫描,反代的IP会被后端Ban。

如果后端需要获取真实IP,参考这里:

发表评论

电子邮件地址不会被公开。 必填项已用*标注