Hi Christophe, Use the HAProxy box in transparent mode: HAProxy will get connected to your application server using the client IP. In your backend, just add the line: source 0.0.0.0 usesrc clientip
Bear in mind that in such configuration, the default gateway of your server must be the HAProxy box. Or you have to configure PBR on your network. Stunnel can be used in front of HAProxy to uncrypt the traffic. But if your main issue is to get the client IP, then it won't help you unless you setup transparent mode as explained above. cheers On Thu, Nov 3, 2011 at 10:00 PM, Christophe Rahier <christo...@qualifio.com> wrote: > Hello, > > My config of HAProxy is: > > --> CUT <-- > global > log 192.168.0.2 local0 > log 127.0.0.1 local1 notice > maxconn 10240 > defaults > log global > option dontlognull > retries 2 > timeout client 35s > timeout server 90s > timeout connect 5s > timeout http-keep-alive 10s > > listen WebPlayer-Farm 192.168.0.2:80 > mode http > option httplog > balance source > #balance leastconn > option forwardfor > stats enable > option http-server-close > server Player4 192.168.0.13:80 check > server Player3 192.168.0.12:80 check > server Player1 192.168.0.10:80 check > server Player2 192.168.0.11:80 check > server Player5 192.168.0.14:80 check > option httpchk HEAD /checkCF.cfm HTTP/1.0 > > listen WebPlayer-Farm-SSL 192.168.0.2:443 > mode tcp > option ssl-hello-chk > balance source > server Player4 192.168.0.13:443 check > server Player3 192.168.0.12:443 check > server Player1 192.168.0.10:443 check > server Player2 192.168.0.11:443 check > server Player5 192.168.0.14:443 check > > listen Manager-Farm 192.168.0.2:81 > mode http > option httplog > balance source > option forwardfor > stats enable > option http-server-close > server Manager1 192.168.0.60:80 check > server Manager2 192.168.0.61:80 check > server Manager3 192.168.0.62:80 check > option httpchk HEAD /checkCF.cfm HTTP/1.0 > > listen Manager-Farm-SSL 192.168.0.2:444 > mode tcp > option ssl-hello-chk > balance source > server Manager1 192.168.0.60:443 check > server Manager2 192.168.0.61:443 check > server Manager3 192.168.0.62:443 check > > listen info 192.168.0.2:90 > mode http > balance source > stats uri / > > > --> CUT <-- > > The problem with SSL is that the IP address that I get to the web server > is the IP address of the loadbalancer and not the original IP address. > > This is a big problem for me and it's essential that I can have the > "right" IP address. > > How can I do, is it possible? I've heard of stunnel but I don't > understand how to use it. > > Thank you in advance for your help, > > Christophe > >
