Iptables – lvs vs haproxy vs ? for hostname based forwarding

forwardinghaproxyhostnameiptablesldirectord

i'd like to forward incoming traffic on 80 to various ports based on the hostname.

previously on serverfault i've seen solutions that uses ldirectord, just iptables, haproxy, and other proxy servers.

considering that i'm looking for simply proxying, what would be the pro's and con's of ldirectord vs haproxy vs perhaps some pure iptables based solution?

Best Answer

LVS is a layer 4 focused product, it doesn't peek up into layer 7 sections of the packet to decode http headers, so it cannot make decisions based on them. Similarly for iptables you'd have to find some http module and have it be a tcp proxy and... lets just say it'd be an obscure hack if you got it working.

So in that case your x vs. y decision is more or less made for you, ha-proxy. Also comparably lightweight to ha-proxy would be "pound".

Related Solutions

Ubuntu – How to divert traffic based on hostname using HAProxy

Here is an example:

frontend http
        bind 0.0.0.0:80
        default_backend www
        # NAT static host names and static paths in other hostnames to a different backend
        acl host_static hdr_beg(host) -i static.
        acl url_static  path_beg         /static
        use_backend static if host_static or url_static

backend www
        balance roundrobin
        server  qa1 10.177.1.81:80
        server  qa2 10.177.1.45:80

backend static
        balance roundrobin
        server  media1 10.177.0.86:80

Iptables port forwarding with restrictions on some

Change

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8088 -j DNAT --to 10.0.0.A:80

to jump to a user-user defined chain that implements your acls. E.g.,

iptables -t nat -N foo
iptables -t nat -A foo --source 192.168.0.0/24 -j RETURN
iptables -t nat -A foo -j REJECT

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8088 -j foo

Edit:

iptables -N foo
iptables -A foo --source 192.168.0.0/24 -j RETURN
iptables -A foo -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 8088 -j foo

You design your packet filtering completely ignoring any NAT you are doing.

Best Answer

Related Solutions

Ubuntu – How to divert traffic based on hostname using HAProxy

Iptables port forwarding with restrictions on some

Related Topic