Hi. I'm running HAProxy 1.5-dev19, and seeing a weird issue. Was curious if anyone has seen this before or if perhaps my config is just wrong.
I have `option forwardfor header X-Real-IP` set for all my backends, but for some (not all) requests, the header is not sent. I can see the following in ngrep (4x dots at the end are \r\n\r\n, the end of the request): T 172.16.15.28:46784 -> 172.16.14.26:9100 [AP] GET /assets/application-1a163d807985dac0d994594ef2558571.css HTTP/1.1..Host: gist.github.com..Connection: keep-alive..Accept: text/css,*/*;q=0.1.. User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; SGH-I747M Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.90 Mobile Safari/53 7.36..Referer: https://gist.github.com/zzzzzzz/1111111..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cooki e: logged_in=no; _gist_session=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.... # T 172.16.15.28:46784 -> 172.16.14.26:9100 [AP] GET /assets/application-1a163d807985dac0d994594ef2558571.css HTTP/1.1..Host: gist.github.com..Connection: keep-alive..Accept: text/css,*/*;q=0.1.. User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; SGH-I747M Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.90 Mobile Safari/53 7.36..Referer: https://gist.github.com/Zzzzzzzzzzz/1111111..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en-GB,en-US;q=0.8,en;q=0.6..Cooki e: logged_in=no; _gist_session=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.... # In my nginx logs (where the traffic is being routed), I can see the same issue, the same requests coming are listed from my load balancer and not the original peer (while other requests appear fine). Here is my haproxy config: ###################### global user haproxy group haproxy daemon maxconn 16384 pidfile /var/run/haproxy.pid stats socket /var/run/haproxy.sock level admin defaults balance roundrobin mode http retries 3 maxconn 4096 option redispatch contimeout 300000 clitimeout 1200000 srvtimeout 1200000 listen ssl-front mode tcp bind 192.30.252.97:443 ssl crt zzzzzz.key # add headers needed by various apps to detect SSL-ness reqadd X-Forwarded-Proto:\ https if { ssl_fc } reqadd X-Proto:\ SSL if { ssl_fc } # Reject non HTTP traffic tcp-request inspect-delay 5s tcp-request content accept if HTTP tcp-request content reject server http-via-ssl 127.0.0.1:8090 send-proxy listen http-front bind 192.30.252.97:80 redirect scheme https if !{ ssl_fc } listen http-via-ssl bind 127.0.0.1:8090 accept-proxy acl garage hdr_end(host) -i garage.github.com acl spider-skull-island hdr_end(host) -i spider-skull-island.github.com acl machine-room hdr_end(host) -i machine-room.github.com acl codeload hdr_end(host) -i codeload.github.com acl nodeload hdr_end(host) -i nodeload.github.com acl gist hdr_end(host) -i gist.github.com acl github_com hdr_end(host) -i github.com use_backend garage if garage use_backend spider-skull-island if spider-skull-island use_backend machine-room if machine-room use_backend codeload if codeload use_backend codeload if nodeload use_backend github_com if gist use_backend github_com if github_com default_backend github_com listen git 192.30.252.97:9418 mode tcp balance roundrobin server github-fe101-cp1-prd github-fe101-cp1-prd:1023 send-proxy check server github-fe102-cp1-prd github-fe102-cp1-prd:1023 send-proxy check server github-fe103-cp1-prd github-fe103-cp1-prd:1023 send-proxy check server github-fe104-cp1-prd github-fe104-cp1-prd:1023 send-proxy check listen ssh 192.30.252.97:22 mode tcp balance roundrobin server github-fe101-cp1-prd github-fe101-cp1-prd:222 send-proxy check server github-fe102-cp1-prd github-fe102-cp1-prd:222 send-proxy check server github-fe103-cp1-prd github-fe103-cp1-prd:222 send-proxy check server github-fe104-cp1-prd github-fe104-cp1-prd:222 send-proxy check backend github_com balance roundrobin option forwardfor header X-Real-IP server github-fe101-cp1-prd github-fe101-cp1-prd:9100 check server github-fe102-cp1-prd github-fe102-cp1-prd:9100 check server github-fe103-cp1-prd github-fe103-cp1-prd:9100 check server github-fe104-cp1-prd github-fe104-cp1-prd:9100 check backend garage balance roundrobin option forwardfor header X-Real-IP server github-staff2-cp1-prd github-staff2-cp1-prd:9100 check backend spider-skull-island balance roundrobin option forwardfor header X-Real-IP server github-staff3-cp1-prd github-staff3-cp1-prd:9100 check backend machine-room balance roundrobin option forwardfor header X-Real-IP server github-staff4-cp1-prd github-staff4-cp1-prd:9100 check backend codeload balance uri option forwardfor header X-Real-IP timeout http-request 7200000 option httpchk GET /_ping HTTP/1.1\r\nHost:\ codeload.github.com server github-arch1-cp1-prd github-arch1-cp1-prd:9999 check server github-arch2-cp1-prd github-arch2-cp1-prd:9999 check listen githubctl 0.0.0.0:8086 stats uri / stats auth github:XXXXXXXXXXXXXXXXXXXX stats hide-version listen monitoring 0.0.0.0:8087 mode health ###################### Cheers, -sjg
