Hi Aman,
On Mon, Apr 02, 2012 at 03:34:08PM -0700, Aman Gupta wrote:
> > OK just to be sure, you should *really* make your changes on 1.5-dev, not
> > 1.4. 1.4 is in deep maintenance mode and I don't intend to merge such
> > changes there, as every time I did I caused some regressions.
>
> I'm in process of porting my patch to 1.5. I don't particularly want
> to run 1.5 in production though, and it occurs to me that my patch is
> quite involved for what I'm trying to accomplish.
>
> My goal is essentially to have the remote ip of the upstream client
> available to my application (sitting behind haproxy). For http
> backends, I can use forwardfor and it works great. However, this
> specific service is raw tcp. I know I can use tproxy, but would prefer
> to avoid upgrading my kernel and setting up additional iptables rules.
>
> The idea with this patch was that the application could connect to
> haproxy to get events and use that data to figure out the upstream
> client's ip. This adds a lot of complexity though, so I'm trying to
> come up with alternatives. The only other obvious solution is to have
> haproxy prepend something to the tcp stream. In my case this will work
> fine, since I can modify my application to extract this from the
> stream before consuming the client data.
This is the principle of the PROXY protocol. The "send-proxy" server option
was added to 1.5-dev, but it's not in 1.4 though I have the patch to make
this possible. It requires very minor changes to the application and I know
that some people running FTP servers and SSL servers have modified them to
parse this line. The protocol was also already adopted by Stud and Stunnel.
The protocol is described here :
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
Please let me know whether you're interested, then I'll check where I left
the patch :-)
Willy
