On 16.07.2014 15:31, Nicolas Zedde wrote: >> -----Original Message----- >> From: Dennis Jacobfeuerborn [mailto:[email protected]] >> Sent: Wednesday, July 16, 2014 1:22 PM >> To: [email protected] >> Subject: Re: Load balancing FTP with HAProxy behind a firewall >> >> Have you considered using SFTP instead? It's more secure and doesn't suffer >> from the data channel issue so its easier to handle and most if not all FTP >> GUI >> clients out there (Filezilla, WinSCP, etc.) on the various platforms also >> support >> SFTP out of the box. >> If you are using ProFTPd on the server its fairly trivial to setup including >> key >> support in addition to passwords and chroot. >> >> FTP still seems to be the default these days even though as a protocol >> its...problematic. In 99% of case when someone asks for FTP access I >> recommend SFTP instead and this works fine for people. FTP really should be >> retired. >> >> Regards, >> Dennis > > Hi, > > SFTP looks like a smart idea to discard the FTP problems. I'll give it a try. > Now I still have to find a way to redirect my ftp users to the correct server > using a single public ip / port. > Thank you for your help anyway.
Since neither FTP nor SFTP support the concept of virtual hosts the only way I see which could work is using SFTP with client certificates. If you provide every user with a client certificate you could match the certificates common name using "ssl_f_s_dn(CN)" in haproxy and then select a backend based on the value. Regards, Dennis
