Crushftp Behind HaProxy

Hi.

I’m tryng to set ftp (with explocit tls), ftps (implicit tls) and sftp with crushftp java software Behind HaProxy

Here is my haproxy configuration

frontend ftp
        bind *:2121
        bind *:20000-20998
        mode tcp
        option tcplog
        default_backend share-ftp

frontend ftps
        bind *:2990
        bind *:30000-30998
        mode tcp
        option tcplog
        default_backend share-ftps

frontend sftp
        bind *:2122
        mode tcp
        option tcplog
        default_backend share-sftp

backend share-ftp
        mode tcp
        server rzv-app01-ftp rzv-app01-ftp.rozzano.diennea.lan check send-proxy-v2 port 2121

backend share-ftps
        mode tcp
        server rzv-app01-ftp rzv-app01-ftp.rozzano.diennea.lan check send-proxy-v2 port 2990

backend share-sftp
        mode tcp
        server rzv-app01-ftp rzv-app01-ftp.rozzano.diennea.lan check send-proxy-v2 port 2122

port 21 and 990 ar forwarded to 2121 and 2990, respectively, via iptables.

On the ftp server i’ve setup passive port ranges matching the haproxy configuration for ftp and ftps, and external ip address.

i’ve even enabled support for proxy protocol.

What Works:

• sftp
• plain ftp if i connect to port 2121

what dosen’t work:

• ftp if i connect to port 21
• ftp with explicit tls
• ftps implicit tls

Someone can give mi a hint?

1 post - 1 participant

Read full topic