HAProxy-expert understanding the TCP Transparent mode (TProxy) needed

Avbrutt Lagt ut 7 år siden Betales ved levering
Avbrutt Betales ved levering

- I want to use HAProxy in front of my webserver(s) using TCP in transparent mode (TProxy)! (Yes, really!) How do I setup this for CentOS 7? All servers (haproxy and webservers) are in the same subnet. Is that a problem? I am in an evironment using NAT (by the outside router/firewall). Is that a problem?

- The default gw on my webservers will be the HAProxy, right? Anyway, is there a way to route only the webtraffic-answers through HAProxy while SSH and DNS are using the a different gw? This is essentail, because the web-machines contact other hosts to generate the content (e.g. DB) or get diretcly contacted from the monitoring tools.

- How do I block special IP/Nets using HAProxy.

- How do I block client after N concurrent connections?

- How do I see what's currently going on? (e.g. number of current connections, bandwidth of each connection, etc)

- How do I see logs?

- How do I reload the HAProxy config without loosing even one packet?

I don't like this idea: [login to view URL]

Is that possible for our usecase: [login to view URL]

I have this setup:

haproxy:

[login to view URL] public ip 1.2.3.32

[login to view URL] public ip 1.2.3.117

[login to view URL] public ip 1.2.3.118

web1

[login to view URL] public ip 1.2.3.87

[login to view URL] and :443

[login to view URL] and :443

web2

[login to view URL] public ip 1.2.3.98

[login to view URL] and :443

[login to view URL] and :443

I am able to SSH to 1.2.3.32, 1.2.3.87, 1.2.3.98.

Tcp traffic to port 80 and 443 to 1.2.3.117 and 1.2.3.118 will go to [login to view URL] or 10.26.0.118.

Now your job:

How to lb 1.2.3.117:80/[login to view URL] to [login to view URL] and [login to view URL] in transparent TCP mode? (Plus the other ports and IPs.)

You won't get access to my machines....

Linux Nettverksadministrasjon System Admin UNIX

Prosjekt-ID: #12293354

Om prosjektet

4 bud Eksternt prosjekt Aktiv 7 år siden

Tildelt til:

odessky

Hello! My name is Andrey. I'm from Odessa, Ukraine. I have right skills and great experience for begin working on your project just right now! You may show good reviews at my profile https://www.freelancer.com/u/odessk Mer

$150 USD på 3 dager
(231 omtaler)
6.8

4 frilansere byr i gjennomsnitt $194 for denne jobben

osmanbsd

Hi, What is your router/firewall device? Why its necessary for you to run HAProxy in transparent mode? Regards usman

$222 USD på 3 dager
(147 Omtaler)
7.5
sensorship

Hello Mate! I am expert Ubuntu 16.04 LTS Xenial Xerus security system admin, I will do HAProxy-expert understanding the TCP Transparent mode (TProxy) jobs as you said. I can start now. I hope you will enjoy working wit Mer

$250 USD på 0 dager
(0 Omtaler)
1.0