我有一个用例,其中SaaS的用户需要来自服务器的出站连接来自与该用户相对应的自定义IP。我正在努力想办法做到这一点。
在此示例中,有3个用户,1个服务器和3个自定义IP,分别表示为0.0.0.0。每个客户的出站请求必须来自其IP,但是处理是在单个服务器上完成的:
User 1 requests --> server 1 --> outbound data to different destination in new TCP request coming from 0.0.0.1
User 2 requests --> server 1 --> outbound data to different destination in new TCP request coming from 0.0.0.2
User 3 requests --> server 1 --> outbound data to different destination in new TCP request coming from 0.0.0.3
我关于如何管理此问题的理论思想是为每个客户配置一台服务器作为转发代理,例如HAproxy或Squid。然后,当请求进入我的Nodejs应用程序时,它将选择与该用户相对应的代理,并通过该代理代理请求。
听起来不错,还是我想念的还有更好的方法?
编辑:该问题仅对正向代理感兴趣。反向代理不在此问题的范围内。
关于注释:当您想从一台服务器连接到客户时,实际上这仅意味着http出站请求/连接。因此,如果您需要这样的HTTP库:https://github.com/request/request并设置
localAddress - local interface to bind for network connections.
根据您的源IP的参数。因此实际上,您是从单台服务器连接到客户的arbitray IP。
Customer 1 => Loadbalancer => Server 1 (sends ok response) => Server 1 starts a new onnection to the customer with 0.0.0.1.
但是,重要的是,您要在负载均衡器所在的主机上执行响应(使用客户指定的IP)。如果该主机已分配了该IP,则只能从该IP发送请求。
Cust1 LB 1.Connection from User. Answered with OK
+---> IP +---> server
Cust2 0.0.0.1 1.1.1.1 2.Server does processing
^ 0.0.0.2 +
| .... |
| | 3.Server has completed processing and sends response to customer
| +----------+ | by connecting to your own proxy with the paylod to send to the customer. the payload must contain the ip it should send the data to, as well as the "real/actutal" data. Or you can pass the ip in custom http headers.
|Listening:| |
+--------+ |2.2.2.2 |<----+
|out: |
|0.0.0.1 |
|0.0.0.2 |
|... |
+----------+
4. Your proxy does an outgoing connection to the customer and sends your data/paylod it received.
Your proxy:
1. Needs to be running on your LB-Host (to share the IPS)
2. Listing on arbitrary port and IP like http://2.2.2.2:8811/rest/connecttocustomer (but not on the ones already taken by LB)
3. Your proxy uses an HTTP Library and connects to your sutomer http.request(dest=4.4.4.4, source=0.0.0.1, "send this data")
4. Your proxy is a simple nodejs App that as an API (see 2.) and then does the outgoing request to the customer (see 3.).
You can implement it as a dump proxy that only listens on an api form incoming requests from your server and then connects (with a new request) to your customer (as above). but you can also implement it more complex as some kind of queue/async system and outbound notifcation system (so it might contain more logic).