On 23 October 2012 00:21, IT_Contact <[email protected]> wrote: > Hi, > My apache access logs on the servers that sit behind my HAproxy server all > show the IP of the HAproxy server as the source/client IP. What am I > missing in my config?
Well, despite the fact you haven't shown it to us (!), I can confidently say "nothing" :-) What you're describing is the default, normal HAProxy behaviour. HAProxy terminates the HTTP connection from the client, and initiates another connection to the backend from the HAProxy machine. Hence Apache sees the IP of this secondary connection. If you need the client's IP at the origin, you have a few options AFAIK. In ascending order of difficulty/complexity: 1a) Make HAProxy pass on the client IP in a de facto standard header (X-Forwarded-For) and make your application understand this header. Read the "option forwardfor" section of http://haproxy.1wt.eu/download/1.4/doc/configuration.txt *fully* ! 1b) Do the same HAProxy-side change as #1a, but instead of teaching the application about X-Forwarded-For, teach Apache about it, using mod_rpaf (or your HTTPd's equivalent). 2) Use HAProxy in TPROXY mode, as per http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/ . I have personally stayed away from this complexity thus far, and have no experience with it. It does look like significant extra work for minimal gain, IMHO. YMMV. 3) There's the /possibility/ of using the PROXY protocol, but I have no idea if Apache speaks it. It would require a dev version of HAProxy in the 1.5 branch. See http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol-v2-draft-20120621.txt Cheers, Jonathan -- Jonathan Matthews // Oxford, London, UK
