HAProxy四层负载使用
场景:
针对有特殊访问的应用场景,比如数据库,好处是配置软件时,数据库的地址那一栏写成 haproxy代理固定的地址,数据库的地址不用写死
Memcache
Redis
MySQL
RabbitMQ
四层负载示例
redis 的代理
listen redis-port
bind 192.168.1.101:6379
mode tcp
balance leastconn
server server1 192.168.1.104:6379 check
server server2 192.168.1.103:6379 check backup
ACL示例-四层访问控制
listen redis-port
bind 192.168.1.101:6379
mode tcp
balance leastconn
acl invalid_src src 192.168.1.0/24 192.168.1.102
tcp-request connection reject if invalid_src
server server1 192.168.1.104:6379 check
server server2 192.168.1.103:6379 check backup
验证
root@z2:~# redis-cli -h 192.168.1.101
192.168.1.101:6379> info
Error: Connection reset by peer
注意:tcp-request acl 加入到7层的设置中,依然会被拒绝
listen web_host
bind 192.168.1.101:80
mode http
balance roundrobin
log global
option httplog
acl invalid_src src 192.168.0.0/24 192.168.1.102
tcp-request connection reject if invalid_src
default_backend default_web
backend static_path_host
mode http
server web1 192.168.1.104 check inter 2000 fall 3 rise 5
backend default_web
mode http
server web1 192.168.1.103:80 check inter 2000 fall 3 rise 5
root@z2:~# curl 192.168.1.101
curl: (56) Recv failure: Connection reset by peer
root@z5:~# curl 192.168.1.101
103 index