Hello Malreddy,

Below is a working VIP I have created on our loadbalancer.org appliance
which will do what you want without the ACL and

With regard the ACL, You will not be able to do some of this in TCP Mode

https://www.haproxy.com/doc/aloha/7.0/haproxy/acls.html

listen stfp
    bind 192.168.100.100:8022 transparent
    mode tcp
    balance leastconn
    stick on src
    stick-table type ip size 10240k expire 30m peers loadbalancer_replication
    server backup 127.0.0.1:9081 backup  non-stick
    option redispatch
    option abortonclose
    maxconn 40000
    server sftp-1 192.168.100.101:22  weight 100  check port 22 inter
4000  rise 2  fall 2  minconn 0  maxconn 0  on-marked-down
shutdown-sessions



Regards

Andrew Smalley

Loadbalancer.org Ltd.



On 18 October 2016 at 15:16, <malreddy.t...@abinnovative.com> wrote:

> Hi Andrew,
>
>
>
> We need High availability for SFTP
>
>
>
>
>
> Haproxy installed in server with ip (1.2.3.4)
>
>
>
> for this IP several clients are mapped as mentioned below
>
>
>
> client1.hh.com mapped to IP 1.2.3.4
>
> client2.hh.com mapped to IP 1.2.3.4
>
> client3.hh.com mapped to IP 1.2.3.4
>
>
>
>
>
> *For client1 the associated sftp servers are sftp1,sftp2,sftp3.*
>
>
>
>
>
> When request comes from *client1.hh.com <http://client1.hh.com>*, then it
> should be serviced by any of the sftp servers associated to this client i.e
> sftp1 or sftp2 or sftp3.
>
>
>
>
>
> To achieve this, below is the haproxy.cfg
>
>
>
>
>
> listen sftp-server
> bind :2121
> mode tcp
> maxconn 2000
> option redis-check
> retries 3
> option redispatch
> #checking if the request is coming from client1
> *acl devclient1 ssl_fc_sni_reg -i devclient1.healthhub.net.in
> <http://devclient1.healthhub.net.in>*
> #req.ssl_sni ssl_fc_sni_reg
> balance roundrobin
>
> *use_backend srvs_devclient1 if devclient1*
>
>
>
>
>
> *backend srvs_devclient1*
>
>
> * balance roundrobin*
> * server ftp01 172.31.10.247:22 <http://172.31.10.247:22> check weight 2*
> * server ftp02 172.31.10.156:22 <http://172.31.10.156:22> check weight 2*
>
>
>
> But when I try to transfer file i'm getting exception as connection closed
> by foreign client.
>
> I'm able to transfer file to sftp server directly(sftp1) which is up and
> running, but through haproxy it's not working.
>
>
>
> Kindly suggest how to fetch the servername from which the request is
> coming so that I can map that particular client to the associated sftp
> servers.
>
>
>
> More over if any of sftp server is down, haproxy should route the request
> to any of the associated sftp servers which are up.
>
>
>
> Eg: sftp1 is down, haproxy proxy should able to route the request to sftp2
> or sftp3 which are up and running.
>
>
>
> Requesting you to assist us to resolve the issue.
>
>
>
>
>
> Thanks in advance.
>
>
>
>
>
>
>
> -----Original Message-----
> From: "Andrew Smalley" <asmal...@loadbalancer.org>
> Sent: Thursday, October 6, 2016 7:43pm
> To: "vi...@abinnovative.com" <vi...@abinnovative.com>
> Cc: "Lukas Tribus" <lu...@gmx.net>, "HAProxy" <haproxy@formilux.org>,
> malreddy.t...@abinnovative.com
> Subject: Re: HaProxy for SFTP load balancing
>
> If you want a connect to port check you can use the below example
>
> listen sftp bind 192.168.100.100:8022 transparent mode http balance
> leastconn option forwardfor if-none stick on hdr(X-Forwarded-For,-1)
> stick on src stick-table type string len 64 size 10240k expire 30m peers
> loadbalancer_replication server backup 127.0.0.1:9081 backup non-stick
> option http-keep-alive option redispatch option abortonclose maxconn 40000
> server RIP_ 192.168.100.0:80 weight RIP_Name check port 8022 inter 4000
> rise 2 fall 2 minconn 100 maxconn 0 on-marked-down shutdown-sessions
>
> Of if you wish to define an external file to use then something like below
> will work.
>
> listen sftp bind 192.168.100.100:8022 transparent mode http balance
> leastconn option forwardfor if-none stick on hdr(X-Forwarded-For,-1)
> stick on src stick-table type string len 64 size 10240k expire 30m peers
> loadbalancer_replication server backup 127.0.0.1:9081 backup non-stick
> option external-check external-check command /var/lib/loadbalancer.org/
> check/sftp_check.sh option http-keep-alive option redispatch option
> abortonclose maxconn 40000 server RIP_ 192.168.100.0:80 weight RIP_Name
> check inter 4000 rise 2 fall 2 minconn 100 maxconn 0 on-marked-down
> shutdown-sessions
>
>
> I hope this helps?
>
>
> Regards
>
> Andrew Smalley
>
> Loadbalancer.org Ltd.
>
>
> On 6 October 2016 at 15:07, vi...@abinnovative.com <vi...@abinnovative.com
> > wrote:
>
>> We gave, that doesn't works.
>>
>>
>> Vijay
>>
>>
>> On 06-10-2016 07:34 PM, Lukas Tribus wrote:
>>
>> Hi Vijay,
>>
>>
>> enable health-checks, by adding the "check" keyword to both your server
>> configuration lines.
>>
>>
>> Lukas
>>
>>
>>
>>
>>
>> --
>> *Thanks*
>> *Vijay*
>>
>

Reply via email to