Ho JWD
------ Originalnachricht ------
Von: "JWD" <[email protected]>
An: "haproxy" <[email protected]>
Gesendet: 19.11.2017 04:51:05
Betreff: Is it possible to transfer client ip (src) from ssl:443 to
https:8443?
client access ssl:443.
https:8443 as backend of ssl:443.
Is it possible to transfer client ip (src) from ssl:443 to https:8443?
Or transfer a true/false variable, so https:8443 can decide accept or
deny?
Example:
frontend https
bind *:8443 ssl crt /etc/haproxy/certs/default
backend https-backend
acl acl-allow-ip src -f /etc/haproxy/acl-allow-ip.txt
acl acl-mydir path_beg -i /mydir
http-request deny if !acl-allow-ip acl-mydir
server 172.31.1.1:8080
frontend ssl
bind *:443
backend ssl-backend
server 127.0.0.1:8443 source 0.0.0.0
I suggest to use the proxy protocol
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-send-proxy-v2-ssl-cn
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.1-accept-proxy
```
frontend ssl
...
server ssl-backend 127.0.0.1:8443 ... send-proxy-v2-ssl-cn
backend ssl-backend
bind 127.0.0.1:8443 ... accept-proxy
```
JWD
Regards
Aleks
