@itcanvas wrote:
Currently working on using my current Haproxy server as a single outbound IP address. Currently it is only used as an inbound load balancer. I am setup in AWS, three subnets (different AZ's) and those same servers it is listening to blanace to, I would like to route traffic back out of the HA server so only a single static IP address would need to be whitelisted.
I have been reading on TPROXY, but would this resolve the NAT needs for outbound traffic? Thanks for any assistance!
Below is my config and I am running HA 1.5.12 -
==============
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
daemondefaults
log global
option dontlognull
retries 3
option redispatch
maxconn 40096
timeout connect 5000
timeout client 240000
timeout server 240000
option http-server-close
option log-health-checkslisten httpproxy 0.0.0.0:80
mode http
option forwardfor
option httplogSTATS
stats enable stats hide-version stats scope . stats uri /haproxyadmin?stats stats realm Proxy\ Statistics stats auth admin:haproxy!canvasHEALTH CHECKS
option httpchk GET /someindex.html HTTP/1.1\r\nHost:\ site.site.com http-check expect ! rstatus ^5 # Accept all 2XX and 3XX errors considering 5XX errors to fail health. default-server inter 3s fall 3 rise 2 server hostname.com 10.0.1.2:80 check server hostname.com 10.0.2.2:80 check server hostname.com 10.0.3.2:80 check tcp-request content reject if { src -f /etc/haproxy/blocked.lst }listen httpsproxy 0.0.0.0:443
mode tcp
option ssl-hello-chk
option tcplog
balance leastconnHEALTH CHECKS
option httpchk GET /someindex.html HTTP/1.1\r\nHost:\ site.site.com http-check expect ! rstatus ^5 # Accept all 2XX and 3XX errors considering 5XX errors to fail health. default-server inter 3s fall 3 rise 2 server hostname.com 10.0.1.2:443 send-proxy check server hostname.com 10.0.2.2:443 send-proxy check server hostname.com 10.0.3.2:443 send-proxy check tcp-request content reject if { src -f /etc/haproxy/blocked.lst }==============
Posts: 1
Participants: 1