书接上回:https://hostloc.com/thread-893990-1-1.html 原理如下:http://cbonte.github.io/haproxy-dconv/2.5/configuration.html#7.3.6 代码如下:其实就是简单的把http的mode改成tcp,hdr函数会自动适应。
- global
- log /dev/log local0
- log /dev/log local1 notice
- chroot /var/lib/haproxy
- stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
- stats timeout 30s
- user haproxy
- group haproxy
- daemon
-
- # Default SSL material locations
- ca-base /etc/ssl/certs
- crt-base /etc/ssl/private
-
- # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
- ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
- ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
- ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
-
- defaults
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 50000
- timeout client 50000
- timeout server 50000
- maxconn 50000
- errorfile 400 /etc/haproxy/errors/400.http
- errorfile 403 /etc/haproxy/errors/403.http
- errorfile 408 /etc/haproxy/errors/408.http
- errorfile 500 /etc/haproxy/errors/500.http
- errorfile 502 /etc/haproxy/errors/502.http
- errorfile 503 /etc/haproxy/errors/503.http
- errorfile 504 /etc/haproxy/errors/504.http
-
-
- frontend http_frontend
- mode tcp
- option httplog
- bind *:31006
- option forwardfor
- acl host_sjc hdr_dom(host) -i sjc.com
- acl host_tyo hdr_dom(host) -i tyo.com
-
- use_backend http_sjc if host_sjc
- use_backend http_tyo if host_tyo
-
-
- backend http_sjc
- mode tcp
- option httplog
- option forwardfor
- server sjc 024.AP.POP.BIGAIRPORT.NET:12356
-
- backend http_tyo
- mode tcp
- option httplog
- option forwardfor
- server tyo 034.AP.POP.BIGAIRPORT.NET:12356
复制代码
仍有疑问: 1、这样做是否相对于7层转发更有性能优势? 2、如何进一步优化haproxy的性能? |