Re: haproxy - varnish - backend server
Just coming back to update you all on the solution. It was as David suggested just not letting varnish manipulate X-Forwarded-For, allowed haproxy - varnish configuration to work for the app :D Thanks for your help guys.. --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,508289,515997#msg-515997
Re: haproxy - varnish - backend server
Is haproxy adding X-Forwarded-For to the request it sends varnish? If so, just don't have varnish manipulate X-Forwarded-For and your app will use the header added by HAProxy. David On 6/5/12 9:04 PM, hapr...@serverphorums.com wrote: Hi guys Originally we had haproxy in front and connecting to backend server haproxy - backend server and applications and backend server see the real client ip fine without any issues But we decided to try adding Varnish cache in between haproxy - varnish - backend server Problem now is backend server and ips are seeing the client ip of the haproxy server and not real visitor client ips. varnish has the appropriate forwarding of client ips, remove req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; and works if Varnish only in front of backends. So what setting if any in haproxy would I need to add or check for, to get the proper client ip from haproxy through varnish into the backend ? Using haproxy v1.3 here with Varnish 3.0.2. thanks --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,508289,508289#msg-508289
Re: haproxy - varnish - backend server
why not put varnish in front of haproxy like this: haproxy listen on ip public 1 and localhost varnish listen on ip public 2 and forward to localhost so cached traffic is immediately served by varnish without hitting haproxy. and when you don t need to cache the traffic you use ip public 1 (haproxy) in our setup the varnish ip is s.mydomain.com serving image/css/js and haproxy is www.mydomain.com serving dynamic content containing urls in s.mydomain.com. as a bonus no cookie is sent to s.mydomain.com -- Sebastien E. Le 5 juin 2012 à 21:06, David Coulson da...@davidcoulson.net a écrit : Is haproxy adding X-Forwarded-For to the request it sends varnish? If so, just don't have varnish manipulate X-Forwarded-For and your app will use the header added by HAProxy. David On 6/5/12 9:04 PM, hapr...@serverphorums.com wrote: Hi guys Originally we had haproxy in front and connecting to backend server haproxy - backend server and applications and backend server see the real client ip fine without any issues But we decided to try adding Varnish cache in between haproxy - varnish - backend server Problem now is backend server and ips are seeing the client ip of the haproxy server and not real visitor client ips. varnish has the appropriate forwarding of client ips, remove req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; and works if Varnish only in front of backends. So what setting if any in haproxy would I need to add or check for, to get the proper client ip from haproxy through varnish into the backend ? Using haproxy v1.3 here with Varnish 3.0.2. thanks --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,508289,508289#msg-508289
Re: haproxy - varnish - backend server
On Wed, Jun 6, 2012 at 3:50 AM, David Coulson da...@davidcoulson.net wrote: you might also want to look at having varnish prepend the haproxy IP to the X-Forwarded-For line, rather than just pass it along - Most proxies seem to comma delimit a list of IPs of all the devices the request has passed through. Hey David, Having a single line with values separated by commas or having multiple lines, one per value are both ways allowed by RFC to write headers in HTTP. So any HTTP processing tool should make no difference whatever way headers are written. Saying that, it is usually recommended to chain proxies like this: Varnish - HAProxy - server. Now, if you can't and must let Varnish behind HAProxy, it should be not complicated to do the X-Forwarded-For clean up (untill Varnish can understand proxy-protocol). cheers