Hi Christophe,

On 03.11.2011 22:00, Christophe Rahier wrote:
Hello,

 My config of HAProxy is:

--> CUT <--

[snipp]

--> CUT <--

The problem with SSL is that the IP address that I get to the web server is the IP address of the loadbalancer and not the original IP address.

 This is a big problem for me and it's essential that I can have the
"right" IP address.

 How can I do, is it possible? I've heard of stunnel but I don't
understand how to use it.

 Thank you in advance for your help,

you must use

http://www.stunnel.org/static/stunnel.html
protocol = proxy

in stunnel and use 'accept-proxy' in haproxy

http://haproxy.1wt.eu/git?p=3Dhaproxy.git;a=3Dblob;f=3Ddoc/configuration.tx=
t;h=3D8aeeb272d0aeca7477bbb634b52181121122b865;hb=3DHEAD#l1580

as bind option

http://haproxy.1wt.eu/git?p=3Dhaproxy.git;a=3Dblob;f=3Ddoc/configuration.tx=
t;h=3D8aeeb272d0aeca7477bbb634b52181121122b865;hb=3DHEAD#l1453

and the 'option forwardfor'

http://haproxy.1wt.eu/git?p=3Dhaproxy.git;a=3Dblob;f=3Ddoc/configuration.tx=
t;h=3D8aeeb272d0aeca7477bbb634b52181121122b865;hb=3DHEAD#l3111

haproxy fill automatically the client ip into X-Forwarded-For
header field.

I assume this from the doc.
Please can you tell us if this is right?

Hth

Aleks

PS: do you have received my answer on the stunnel list?

Reply via email to