How to Relay Shadowsocks (TCP) with HAProxy

haproxy

Edit

HAProxy is free and open-source software written in C[1] that provides high availability, load balancing, and application-layer proxying based on TCP and HTTP.
HAProxy is especially suitable for heavily loaded web sites, which often require session persistence or Layer 7 processing. Running on modern hardware, HAProxy can fully support tens of thousands of concurrent connections. Its operating model also allows it to be integrated easily and securely into your existing architecture,
while protecting your web servers from being exposed directly to the network.
HAProxy implements an event-driven, single-process model that supports very large numbers of concurrent connections. Multi-process or multithreaded models are constrained by memory limits, system scheduler limits, and ubiquitous locking, and can rarely handle thousands of concurrent connections. The event-driven model avoids these issues because it implements all of these tasks in user space (User-Space), where resource and time management are better.
The drawback of this model is that on multi-core systems, such programs usually scale poorly. That is why they must be optimized so that
each CPU cycle does more work.
Well-known websites including GitHub, Bitbucket[3], Stack Overflow[4], Reddit, Tumblr, Twitter[5][6], and Tuenti[7], as well as Amazon Web Services, use HAProxy.

Relay Instructions

Suppose your local computer is A, the haproxy server is B, and the Shadowsocks server is C. A
can of course connect directly to C, but as mentioned above, your local network often lacks sufficient international bandwidth, so the actual available speed is not very fast. Suppose B
is a server in a domestic data center. Generally speaking, the bandwidth of a data center server is much greater than that of your local network. A connects to B, and then B connects to C
to relay the traffic. In this way, although the cost increases somewhat, it can significantly improve the network bandwidth situation.

Supported systems

This script supports: CentOS, Debian, Ubuntu

Installation method

Log in as root to the server used for relaying and run the following command:

  1. # Debian/Ubuntu systems:
  2. aptget y install haproxy
  3. # Centos systems:
  4. yum y install haproxy

The configuration directory is

/etc/haproxy/haproxy.cfg

Change the file contents to the following

 global

defaults
log global
mode tcp
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000

frontend ss-in
bind *:6666
default_backend ss-out

backend ss-out
server server1 66.66.66.666 maxconn 20480

 

bind is the port to be forwarded

66.66.66.666 is the IP to be forwarded to

If you want multiple ports,
you can change bind *:6666 to bind *:10000-65000 so that ports between 10000 and 65000 can now be forwarded. Use the command

Start haproxy

service  haproxy start

Restart

service  haproxy   restart

Stop

service  haproxy stop

Possible issues

If iptable or firewalld is installed on CentOS 6 or 7 and the port is blocked

A direct way to handle it is to use:

Disable iptables

service iptables stop

Disable firewalld

service firewalld stop

You can also open the port in the firewall rules and then restart the haproxy server.

Leave a Comment

Your email address will not be published. Required fields are marked *

中文 EN
🚀

RedGate VPN

免费节点太挤太慢?
升级高速稳定专线

立即体验 →

告别卡顿

RedGate VPN
全球高速节点

免费下载 →
Scroll to Top