I recently upgraded my apache servers to run in Ubuntu 12 from an older version of Centos. Two f the new servers are getting the source IP just fine, but one is not. This is my setup:
haproxy.cfg: global # Port 514, the standard syslog port, is the default log 127.0.0.1 local0 # emerg alert crit err warning notice info debug log 127.0.0.1 local1 debug #log loghost local0 info maxconn 4096 chroot /usr/share/haproxy daemon #--------------------------------- defaults #--------------------------------- log global option dontlognull retries 3 option redispatch timeout connect 5000ms # 5 seconds timeout client 300000ms # 5 minutes timeout server 1200000ms # 20 minutes #--------------------------------- frontend PROD_thor_webfarm #--------------------------------- bind 10.2.0.101:80 mode http default_backend PROD_http maxconn 4000 #--------------------------------- frontend PROD_webfarm_https #--------------------------------- bind 10.2.0.101:443 mode tcp acl is_port_443 dst_port 443 use_backend PROD_https if is_port_443 default_backend PROD_http maxconn 4000 #--------------------------------- backend PROD_http #--------------------------------- mode http option httplog stats enable stats auth admin:turnh3r3- balance roundrobin stick on src table PROD_https cookie SERVERID insert indirect nocache option httpclose option forwardfor option httpchk /healthcheck.txt server prod4 10.2.0.105:80 cookie prod4 weight 34 check server prod5 10.2.0.106:80 cookie prod5 weight 33 check server prod6 10.5.0.107:80 cookie prod6 weight 33 check #--------------------------------- backend PROD_https #--------------------------------- mode tcp option tcplog balance roundrobin stick-table type ip size 200k expire 30m stick on src server prod4 10.2.0.105:443 server prod5 10.2.0.106:443 server prod6 10.5.0.107:443 So prod4 (10.2.0.105) and prod5 (10.2.0.106) are logging just fine, passing along the source IP as expected, but prod6 (10.5.0.107) is not. LogFormat on all three servers is as follows: LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent I did need to install and configure the rpaf module to get logging to work, so my virtual hosts look like this: <VirtualHost *:80> ServerName www.mysite.com ServerAlias mysite.thdmz.corp DocumentRoot /var/www/hosts/thor/current ServerAdmin it_cont...@smartshoot.com HostNameLookups on UseCanonicalName off RewriteEngine on #RewriteCond %{REMOTE_ADDR} !^172\.1\.0\.46$ RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f RewriteRule . %{DOCUMENT_ROOT}/maintenance.html [L] # Added to allow client IP to pass through HAProxy - AG, 9/13/13 #<IfModule mod_rpaf.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 10.2.0.101 RPAFheader X-Forwarded-For #</IfModule> ErrorLog ${APACHE_LOG_DIR}/prod-thor6-error CustomLog ${APACHE_LOG_DIR}/prod-thor6-access combined </VirtualHost> Why would source IP logging work just fine on prod4 (10.2.0.105) and prod5 (10.2.0.106), but not on prod6 (10.5.0.107)? Aaron it_cont...@smartshoot.com ------------------------------------------------------------------------------------------------------------- If you received this communication by mistake, please don't forward it to anyone else (it may contain confidential or privileged information), please erase all copies of it, including all attachments, and please let the sender know it went to the wrong person. Thank you.