On Sat, Nov 10, 2012 at 07:57:18AM +0100, Milan Babuskov wrote:
> Hi,
>
> I'm using 1.4.22 and I have a configuration like this:
>
> defaults
> mode http
> option httpchk
>
> frontend http-in
> bind 176.9.135.29:80
> default_backend l0
>
> backend l0
> balance roundrobin
> option forwardfor except 127.0.0.1 header X-Client # stunnel
> already adds the header
> option http-server-close
> server s0 127.0.0.1:5000 check inter 60000
>
> HAProxy sets the X-Client header, but instead of client's address it
> always contains the public address of the server (176.9.135.29)
>
> Any ideas why?
Yes, in fact it really sets the client's address, but here the client
is stunnel. Since you bound haproxy to 176.9.135.29, I'm fairly certain
that this is also the destinationaddress you put in your stunnel
configuration, and since it's a local address, stunnel binds to this
address to connect to the same. So the "option forwardfor" sees that
the source is not 127.0.0.1 and correctly adds it to the X-Client
header.
I suggest that you add a second "bind" line :
bind 127.0.0.1:80
and have stunnel forward the traffic to 127.0.0.1 instead.
Regards,
Willy
