HaProxy make SSH routing possible

Author: olethanh

packaging/aleph-vm/etc/haproxy/haproxy-aleph.cfg

@@ -82,15 +82,16 @@ frontend ft_http
 
 # Frontend for SSH and other TCP traffic
 frontend ft_ssh
-    bind :::2222 v4v6
-    #ssl crt /etc/haproxy/certs/ssl.pem
+    bind :::2222 v4v6 ssl crt /etc/haproxy/certs/
     mode tcp
 
-    # For SSH connections, we need a different approach
-    # For this example, assume connections to port 22 go to fixed backends based on client source
-    #tcp-request content set-var(sess.dst) ssl_fc_sni
+    # example ssh command
+    # /usr/bin/ssh -o ProxyCommand="openssl s_client -quiet  -connect echo.agot.be:2222 -servername echo.agot.be" -l ubuntu dummyName
+    # see https://www.haproxy.com/blog/route-ssh-connections-with-haproxy#route-ssh-connections-with-haproxy
+
+    log-format "SSH %ci:%cp %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq dst:%[var(txn.sni)] "
+    tcp-request content set-var(txn.sni) ssl_fc_sni
     use_backend bk_ssh
-    #default_backend bk_default_ssl
 
 # Dynamic backends that will be populated with servers at runtime
 backend bk_ssl
@@ -100,8 +101,8 @@ backend bk_ssl
     # For HTTPS - Use SNI
    acl server_found var(txn.sni),lower,map(/etc/haproxy/https_domains.map) -m found
    use-server %[var(txn.sni),lower,map(/etc/haproxy/https_domains.map)] if server_found
-    use-server fallback_local unless server_found
-    server fallback_local 127.0.0.1:4443 send-proxy
+   use-server fallback_local unless server_found
+   server fallback_local 127.0.0.1:4443 send-proxy
 
 backend bk_ssh
     mode tcp