使用阿里云ECS绑定弹性公网IP搭建反向代理服务器

一.业务需求

公司线下业务的需要访问某个业务网站，但是公司的互联网出口IP地址为对端安全设备封堵，为规避此问题，在阿里云搭建反向代理服务器，通过反向代理转发到目标业务，解决不能访问的问题。

二.处理方式

1.在阿里云申请购买ECS虚拟机

2.在阿里云购买弹性公网IP地址，并绑定到ECS主机，也可以使用nat网关或者负载均衡SLB端口映射的方式，实现通过公网地址访问到ECS的代理软件的监听端口。

3.ECS虚拟机上安装haproxy代理软件，使用tcp或者http模式反向代理。

具体的haproxy的配置文件如下：

#---------------------------------------------------------------------# Example configuration for a possible web application. See the# full configuration options online.## http://haproxy.1wt.eu/download/1.4/doc/configuration.txt##---------------------------------------------------------------------#---------------------------------------------------------------------# Global settings#---------------------------------------------------------------------global# to have these messages end up in /var/log/haproxy.log you will# need to:## 1) configure syslog to accept network log events. This is done# by adding the '-r' option to the SYSLOGD_OPTIONS in# /etc/sysconfig/syslog## 2) configure local2 events to go to the /var/log/haproxy.log# file. A line like the following can be added to# /etc/sysconfig/syslog## local2.* /var/log/haproxy.log#log 127.0.0.1 local2chroot/var/lib/haproxypidfile/var/run/haproxy.pidmaxconn4000user haproxygroup haproxydaemon# turn on stats unix socketstats socket /var/lib/haproxy/stats#---------------------------------------------------------------------# common defaults that all the 'listen' and 'backend' sections will# use if not designated in their block#---------------------------------------------------------------------defaultsmodehttplog globaloption httplogoption dontlognulloption http-server-closeoption forwardfor except 127.0.0.0/8option redispatchretries 3timeout http-request 10stimeout queue 1mtimeout connect 10stimeout client1mtimeout server1mtimeout http-keep-alive 10stimeout check 10smaxconn 30000#---------------------------------------------------------------------# main frontend which proxys to the backends#---------------------------------------------------------------------#frontend main *:5000# acl url_static path_beg -i /static /images /javascript /stylesheets# acl url_static path_end -i .jpg .gif .png .css .js# use_backend staticif url_static# default_backend app#---------------------------------------------------------------------# static backend for serving up images, stylesheets and such#---------------------------------------------------------------------#backend static# balanceroundrobin# serverstatic 127.0.0.1:4331 check#---------------------------------------------------------------------# round robin balancing between the various backends#---------------------------------------------------------------------#backend app# balanceroundrobin# server app1 127.0.0.1:5001 check# server app2 127.0.0.1:5002 check# server app3 127.0.0.1:5003 check# server app4 127.0.0.1:5004 checklisten fpsquid01bind *:9999mode tcpbalance leastconnserver web01 tysl.henan.:443 check inter 500 rise 1 fall 2

4.公司线下业务的软件配置阿里云代理的公网地址和端口