{"id":3336,"date":"2023-02-01T09:16:26","date_gmt":"2023-02-01T14:16:26","guid":{"rendered":"https:\/\/dft.wiki\/?p=3336"},"modified":"2023-09-13T17:02:51","modified_gmt":"2023-09-13T21:02:51","slug":"using-haproxy-to-loadbalance-tcp-connections","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=3336","title":{"rendered":"Using HAProxy to Loadbalance SOCKS5 Connections"},"content":{"rendered":"<p><strong>HAProxy<\/strong> (High Availability Proxy) is an open-source, TCP and HTTP load balancer used to distribute incoming connections across multiple backend servers. It is widely used for its high performance, reliability, and scalability.<\/p>\n<p>It is capable of handling and forwarding incoming requests based on various load balancing algorithms, such as Round Robin, Least Connections, Source IP Hash, URI Hash, URL Parameter Hash, Static Round Robin, and First Available and terminate SSL\/TLS connections (offloading), content caching, compression, request and response rewriting, health checks, and detailed logging.<\/p>\n<p>Loadbalancing SOCKS5 connections over multiple other SOCKS5 proxies is a way to maximize the performance when using Open Proxy Servers for example. Checkout a frequently updated list of servers at [<a href=\"https:\/\/github.com\/TheSpeedX\/PROXY-List\">Link<\/a>].<\/p>\n<p><strong>COMPARISON<\/strong> (basic and superficial based on my experience)<\/p>\n<ul>\n<li><strong>Apache<\/strong>\n<ul>\n<li>It is a fully flagged web server that is also capable of running WAF (e.g. <code>modsecurity<\/code>) plus working as a reverse proxy.<\/li>\n<\/ul>\n<\/li>\n<li><strong>NGINX<\/strong>\n<ul>\n<li>It is also a fully flegged web server but lighter than Apache.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Varnish<\/strong>\n<ul>\n<li>Super powerful reverse proxy technology for offloading backend web applications by caching and encryption termination.<\/li>\n<\/ul>\n<\/li>\n<li><strong>HAProxy<\/strong>\n<ul>\n<li>A proxy capable of load balancing not only HTTP\/HTTPS but also any TCP and UDP traffic.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Note:<\/strong> many could argue that most of the features are common to all of the solutions mentioned above, and it is true. But that is how I prefer to use them for.<\/p>\n<hr \/>\n<p><strong>INSTALLATION<\/strong><\/p>\n<pre>sudo apt update &amp;&amp; sudo apt upgrade -y\r\nsudo apt install haproxy -y\r\nsudo cp \/etc\/haproxy\/haproxy.cfg \/etc\/haproxy\/haproxy.cfg.bkp\r\nsudo nano \/etc\/haproxy\/haproxy.cfg<\/pre>\n<hr \/>\n<p><strong>LOADBALACING TCP TRAFFIC<\/strong><\/p>\n<p>For the following example the SOCKS5 Loadbalancer will listen on port 1080 of all interfaces. It will forward each new connection (in a round-robin fashion) to one of the SOCKS4 proxy servers (in this case on local host ports 9050 to 9059).<\/p>\n<pre>global\r\n    log 127.0.0.1 local0\r\n    log 127.0.0.1 local1 notice\r\n    maxconn 4096\r\n    user haproxy\r\n    group haproxy\r\n\r\ndefaults\r\n    log global\r\n    mode <strong>tcp<\/strong>\r\n    option <strong>tcp<\/strong>log\r\n    option dontlognull\r\n    timeout connect 5000\r\n    timeout client 50000\r\n    timeout server 50000\r\n\r\nlisten socks5\r\n    bind :<strong>1080<\/strong>\r\n    mode <strong>tcp<\/strong>\r\n    balance <strong>roundrobin<\/strong>\r\n    server server0 127.0.0.1:9050\r\n    server server1 127.0.0.1:9051\r\n    server server2 127.0.0.1:9052\r\n    server server3 127.0.0.1:9053\r\n    server server4 127.0.0.1:9054\r\n    server server5 127.0.0.1:9055\r\n    server server6 127.0.0.1:9056\r\n    server server7 127.0.0.1:9057\r\n    server server8 127.0.0.1:9058\r\n    server server9 127.0.0.1:9059<\/pre>\n<pre>sudo systemctl restart haproxy<\/pre>\n<p><strong>Note:<\/strong> as one may guess, this SOCKS5 Loadbalancer can be used to distribute the traffic to a Tor connection over multiple circuits. It requires the Tor service to be configured to listen on multiple ports and run as a daemon.<\/p>\n<pre>sudo nano \/etc\/tor\/torrc<\/pre>\n<pre>...\r\nSocksPort 0.0.0.0:9050\r\nSocksPort 0.0.0.0:9051\r\nSocksPort 0.0.0.0:9052\r\nSocksPort 0.0.0.0:9053\r\nSocksPort 0.0.0.0:9054\r\nSocksPort 0.0.0.0:9055\r\nSocksPort 0.0.0.0:9056\r\nSocksPort 0.0.0.0:9057\r\nSocksPort 0.0.0.0:9058\r\nSocksPort 0.0.0.0:9059\r\n...\r\nRunAsDaemon 1\r\n...<\/pre>\n<pre>sudo nano \/lib\/systemd\/system\/tor.service<\/pre>\n<pre>...\r\nExecStart=\/usr\/sbin\/tor -f \/etc\/tor\/torrc\r\n...<\/pre>\n<hr \/>\n<p><strong>BONUS<\/strong><\/p>\n<p>On the following example a different syntax in being used. Instead of a single block, two blocks are being used. One for the frontend and another to the backend.<\/p>\n<pre>frontend <strong>http-inbound-traffic<\/strong>\r\n        bind :80\r\n        mode <strong>http<\/strong>\r\n        default_backend <strong>apache-servers<\/strong>\r\n\r\nbackend <strong>apache-servers<\/strong>\r\n        mode <strong>http<\/strong>\r\n        balance leastconn\r\n        server apache1 10.1.1.100\r\n        server apache2 10.1.1.200:8080<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>HAProxy (High Availability Proxy) is an open-source, TCP and HTTP load balancer used to distribute [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3336","post","type-post","status-publish","format-standard","hentry","category-ccna"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3336"}],"version-history":[{"count":13,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3336\/revisions"}],"predecessor-version":[{"id":3803,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/3336\/revisions\/3803"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}