On 11 January 2018 at 00:03, Imam Toufique <techie...@gmail.com> wrote: > So, I have everything in the listen section commented out: > > frontend main > bind :2200 > default_backend sftp > timeout client 5d > > > #listen stats > # bind *:2200 > # mode tcp > # maxconn 2000 > # option redis-check > # retries 3 > # option redispatch > # balance roundrobin > > #use_backend sftp_server > backend sftp > balance roundrobin > server web 10.0.15.21:2200 check weight 2 > server nagios 10.0.15.15:2200 check weight 2 > > Is that what I need, right?
I suspect you won't need to have your *backend*'s ports changed to 2200. Your SSH server on those machines is *probably* also your SFTP server. I don't recall if you can serve a different/sync'd host key per port in sshd, but this might be a reason to run a different daemon on a higher port as you're doing. As an aside, it's not clear why you're trying to do this. You've already hit the host-key-changing problem, and unless you have a *very* specific use case, your users will hit the "50% of the time I connect, my files have gone away" problem soon. So you've probably got to solve the shared-storage problem on your backends ... which turns them in to stateless SFTP-to-FS servers. In my opinion adding haproxy as a TCP proxy in your architecture adds very little, if anything. If I were you, I'd strongly consider just sync'ing the same host key to each server, putting their IPs in a low-TTL DNS record, and leaving haproxy out of the setup. J