I understand. Is this something that could be taken up for a future version?
Also, what maxconn value do you recommend? Thanks On 5 March 2014 16:11, Lukas Tribus <luky...@hotmail.com> wrote: > Hi, > > >> Thanks Lukas. But why does it say this here for "server" in the man? >> >> Address “0.0.0.0″ or “*” has a special meaning. >> It indicates that the connection will be forwarded to the same IP >> address as the one from the client connection. This is useful in >> transparent proxy architectures where the client’s connection is >> intercepted and haproxy must forward to the original destination >> address. > > You are right and now I understand whats happening. Its not a bug at > all. > > Read carefully: >> It indicates that the connection *will be forwarded to the same IP >> address as the one from the client connection* > > Means, when you browser connects to HAProxy at 10.0.0.1:80 and uses > the * server, a backend connection is created connecting to 10.0.0.1:80 > (because that was the original destination IP). > > This will lead to an infinite connection loop because the backend connects > to the frontend, limited only by maxconn (which in your case is way to high). > > > >> Isn't this exactly what I intend to do? > > No, because the destination IP of the frontend TCP connection is the local > HAProxy IP, not the correct real world IP (you are spoofing DNS records via > /etc/hosts or local resolvers, right?). > > This feature only works when HAProxy is in the forwarding path with TPROXY > redirection, not DNS redirection. > > To do what you need, HAProxy would need to resolve the value of the Host > header and connect to that IP. But HAproxy can only resolve IP address > at startup, its currently not possible to resolve records while proxying: > >> a resolvable hostname is supported, but this name will be resolved >> during start-up. > > > > > Regards, > > Lukas
