Reflection for Secure IT Gateway - Administrator’s Guide > Reflection Gateway System Administration > Ensuring High Availability of Reflection Gateway Services > Sample HAProxy Configuration

Sample HAProxy Configuration

The sample configuration files shown here provide examples of configuration for two HAProxy load balancers. The proxy shown for use in the internal network supports both Jobs and Transfer sites. The proxy in the DMZ handles connections from Transfer Site users; it is not required for Jobs.

For a visual representation of proxy configuration, see the diagrams in Ensuring High Availability of Reflection Gateway Services.

Sample Proxy configuration in the internal network

This example shows settings to forward requests to two identically configured Gateway Administrator servers from browsers (port 9490), the Reflection Hub service (port 9186), and the Reflection Transfer Server service (port 9190).

global    
  log 127.0.0.1   local0
  log 127.0.0.1   local1 notice
  maxconn 2384

frontend www-GA-https 
  bind :9490
  mode tcp
  default_backend www-GA-backend

frontend www-HUB-to-GA-https 
  bind :9186
  mode tcp
  default_backend www-HUB-to-GA-backend

frontend www-XFER-to-GA-https 
  bind :9190
  mode tcp
  default_backend www-XFER-to-GA-backend

backend www-GA-backend 
   mode tcp
   balance roundrobin
   stick-table type ip size 200k expire 30m
   stick on src
   default-server inter 1s
   server GA1-HTTPS 10.10.10.333:9490 check id 1
   server GA2-HTTPS 10.10.10.444:9490 check id 2

backend www-HUB-to-GA-backend 
   mode tcp
   balance roundrobin
   default-server inter 1s
   server GA1-HUB 10.10.10.333:9186 check id 1
   server GA2-HUB 10.10.10.444:9186 check id 2

backend www-XFER-to-GA-backend 
   mode tcp
   balance roundrobin
   default-server inter 1s
   server GA1-XFER 10.10.10.333:9190 check id 1
   server GA2-XFER 10.10.10.444:9190 check id 2

Sample Proxy configuration in the DMZ

This example shows sample settings to forward connections from Transfer Site users to two identically configured Reflection Gateway Proxy servers. Connections from the Reflection Transfer Client require forwarding of both HTTPS (port 9492) and SSH (port 22). Connections from alternate SFTP client requires forwarding of SSH only.

global    
  log 127.0.0.1   local0
  log 127.0.0.1   local1 notice
  maxconn 2384

frontend www-Transfer-Client-https 
  bind :9492
  mode tcp
  default_backend www-transfer-client-backend

frontend www-ssh-proxy 
  bind :22
  mode tcp
  default_backend www-ssh-proxy-backend

backend www-transfer-client-backend 
  mode tcp
  balance roundrobin
  stick-table type ip size 200k expire 30m
  stick on src
  default-server inter 1s
  server GP1-HTTPS 10.10.10.111:9492 check id 1
  server GP2-HTTPS 10.10.10.222:9492 check id 1

backend www-ssh-proxy-backend 
   mode tcp
   balance roundrobin
   stick-table type ip size 200k expire 30m
   stick on src
   default-server inter 1s
   server GP1-SSH 10.10.10.111:22 check id 1
   server GP2-SSH 10.10.10.222:22 check id 1

Related Topics