On Wed, Jul 16, 2014 at 6:34 PM, Dennis Jacobfeuerborn <[email protected]> wrote: > On 16.07.2014 15:31, Nicolas Zedde wrote: >>> -----Original Message----- >>> From: Dennis Jacobfeuerborn [mailto:[email protected]] >>> Sent: Wednesday, July 16, 2014 1:22 PM >>> To: [email protected] >>> Subject: Re: Load balancing FTP with HAProxy behind a firewall >>> >>> Have you considered using SFTP instead? It's more secure and doesn't suffer >>> from the data channel issue so its easier to handle and most if not all FTP >>> GUI >>> clients out there (Filezilla, WinSCP, etc.) on the various platforms also >>> support >>> SFTP out of the box. >>> If you are using ProFTPd on the server its fairly trivial to setup >>> including key >>> support in addition to passwords and chroot. >>> >>> FTP still seems to be the default these days even though as a protocol >>> its...problematic. In 99% of case when someone asks for FTP access I >>> recommend SFTP instead and this works fine for people. FTP really should be >>> retired. >>> >>> Regards, >>> Dennis >> >> Hi, >> >> SFTP looks like a smart idea to discard the FTP problems. I'll give it a try. >> Now I still have to find a way to redirect my ftp users to the correct >> server using a single public ip / port. >> Thank you for your help anyway. > > Since neither FTP nor SFTP support the concept of virtual hosts the only > way I see which could work is using SFTP with client certificates. If > you provide every user with a client certificate you could match the > certificates common name using "ssl_f_s_dn(CN)" in haproxy and then > select a backend based on the value. > > Regards, > Dennis >
Nice solution :) Otherwise, one TCP port per "virtual host" :) Baptiste
