Or enable the proxy-protocol : http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.5.html#send-proxy http://cbonte.github.io/haproxy-dconv/snapshot/configuration-1.5.html#accept-proxy
Baptiste On Thu, Jun 11, 2015 at 11:56 AM, Thierry FOURNIER <tfourn...@haproxy.com> wrote: > On Thu, 11 Jun 2015 09:06:43 +0000 > Thibault LABRUT <t.lab...@pickup-services.com> wrote: > >> Hello, >> >> I’m going to install HA Proxy. >> >> My architecture is as folows : >> - 2 servers in DMZ => reverse proxy (RP) >> - 2 servers in LAN => Load balancing (LB) >> >> Several applications contact RP with different IP adress but with always de >> same port. >> >> With the settings as below the connection is up : >> >> RP settings >> >> # Frontend >> frontend http_test >> bind xx.xx.xx.xx:42 >> capture request header Host len 200 >> default_backend test >> >> # Backend >> backend test >> server srv_ test test.maycompany.local:42 check >> >> LB settings >> >> # Frontend >> frontend http_test >> bind xx.xx.xx.xx:42 >> capture request header Host len 200 >> default_backend test >> >> # Backend >> backend test >> balance roundrobin >> server test01 xx.xx.xx.xx:42 check >> server test02 xx.xx.xx.xx:42 check >> >> But in this case the connection is down : >> >> # Frontend >> frontend http_test >> bind xx.xx.xx.xx:42 >> capture request header Host len 200 >> >> # ACL >> acl acl_test src 12.34.56.78 (IP client) >> use_backend test if acl_test >> >> # Backend >> backend test >> server srv_ test test.maycompany.local:42 check >> >> LB settings >> >> # Frontend >> frontend http_test >> bind xx.xx.xx.xx:42 >> capture request header Host len 200 >> >> # ACL >> acl acl_test src 12.34.56.78 >> use_backend test if acl_test >> >> # Backend >> backend test >> balance roundrobin >> server test01 xx.xx.xx.xx:42 check >> server test02 xx.xx.xx.xx:42 check >> >> Can you say me what is the problem with my settings? >> > > > Hi, > > If I understand, you have two HAProxy chained, RP is in front and LB is > in back. > > In this case, the connexions received by the LB load balancer cannot > known the original IP source, because the connexions are established by > the LB load balancer with its own IP. > > You can use the header "x-forwarded-for" for string the original ip > source. The directive is "option forwardfor". On the LB HAProxy, you > can use a sample taht returns the content of the header > x-forwarded-for, like this: > > acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 > > best regards > Thierry > > >> Best Regards, >> >> Thibault Labrut. >