haproxy and ssh reverse proxy ‘duo’: linking 2 separate client server

Today we are trying to solve a tricky problem. A client and a server are located in private networks, but somehow they need to communicate.

Segregated Network: Client — Server

To solve it, we need 3 items: a public accessible server, ssh reverse port forwarding and haproxy for reverse proxy.

Our scenario:

Network Diagram

1. Create an application running at port 8082 at Server [B]

#Simple Flask Application:hello.py
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello_world():
    return "<p>Hello, World!</p>"
#Execute the application
export FLASK_APP=hello
flask run --host=0.0.0.0 --port=8082

2. Create Reverse Tunnel between Public Server [C] and Server [B]

@Server[B]
ssh -R 8081:localhost:8082 juniarto@publicserver
@PublicServer[C]
#At this point you can test the connection.
#You should be able to reach Server[B]
wget http://localhost:8081

3. Install haproxy at Server[C]

#install haproxy
sudo apt install haproxy
#haproxy configuration, add the followings:
frontend http_front
   bind *:81
   stats uri /haproxy?stats
   default_backend http_back
backend http_back
   balance roundrobin
   server localhost 127.0.0.1:8081 check

4. Now client[A] can connect to Server[B] through Server[C]

@Client[A]
Launch browser: http://publicserver:81