Shulou(Shulou.com)06/01 Report--

There is more HTTP/SSH reuse on the network, but in the actual environment, when using HAPROXY to do IIS load balancing, we also need to use port 80 to use the remote desktop management server.

Recently, Wireshark grabbed the packet and found the header field of TPKT, and finally successfully realized the reuse of RDP protocol:

Note: usually RDP uses TPKT as its transport protocol, and TPKT runs on top of TCP. When used to transmit RDP, the TCP port used is 3389 instead of the normal TPKT port.

References:

Http://blog.csdn.net/kevin_bobolkevin/article/details/50790967

TPKT communication description

Https://wenku.baidu.com/view/9f509844e2bd960591c67723.html

The final configuration file is as follows:

Global

Daemon

User haproxy

Group haproxy

Maxconn 49985

Log 127.0.0.1 local0

Log 127.0.0.1 local1 notice

# tune.ssl.default-dh-param 2048

Defaults

Mode tcp

Log global

Log 127.0.0.1 local0 err

Option tcplog

Option dontlog-normal

Timeout connect 10s

Timeout queue 30s

Timeout client 15m

Timeout client-fin 15m

Timeout server 15m

Timeout tunnel 12h

Listen monitor

Bind *: 8888

# listening port

Mode http

# 7-tier mode of http

Log global

Log 127.0.0.1 local0 err

Maxconn 5

Option httplog

Stats enable

Stats uri /

Stats refresh 15s

Timeout connect 10s

Timeout queue 30s

Timeout client 30s

Timeout server 30s

Listen http

Bind *: 80

Maxconn 800

Timeout client 1h

Tcp-request inspect-delay 2s

Acl is_http req.payload (0BE3)-m bin 474554 504f53 505554 44454c

Acl is_ssh req.payload (0BE3)-m bin 535348

Acl is_rdp req.payload (0BE3)-m bin 030000

Tcp-request content accept if is_http

# use_backend http if is_http

Use_backend ssh if is_ssh

Use_backend rdp if is_rdp

# listening port

Option tcpka

# whether the client is allowed to send tcp keepalive packets has nothing to do with the keepalive of http

# option redispatch

# whether to allow session reassignment after failure will cause flashbacks due to the session id change of the returned K/3CLOUD system. The possible reason is that the server has an exception or the transmission has an exception.

Option abortonclose

# automatically end the links that have been processed for a long time in the current queue when the server load is high

# tcp-request inspect-delay 30s

Hash-type consistent

Balance roundrobin

Stick-table type ip size 10240k expire 24h

Stick on src

Server server01 192.168.90.121:80 weight 100 check agent-check agent-port 3333 minconn 0 maxconn 250 on-marked-down shutdown-sessions

Server server02 192.168.90.122:80 weight 100 check agent-check agent-port 3333 minconn 0 maxconn 250 on-marked-down shutdown-sessions

Backend ssh

Mode tcp

Timeout server 1h

Server server-ssh 192.168.90.126:22

Backend rdp

Mode tcp

Timeout server 1h

Server server-mstsc 192.168.90.121:3389

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.