Hi,
All my backend servers are connected to a private, IPv6-only network.
When I'm trying to use their addresses in "server" directive, HAProxy
fails to connect to them.
Here's some configurations I've tried (fe80::ec4:7aff:fe59:91dd =
backend server, fe80::ec4:7aff:fe6c:4a89 = haproxy):
server
Hi,
I have two backends named "nginx-http" and "nginx-https": the first
one handle HTTP connections, the second one HTTPS connections.
The proxy protocol works successfully on nginx-http backend:
server server1 10.0.80.1:8080 send-proxy check check-send-proxy fall
3 inter 2s weight 10
But the
2015-12-04 13:23 GMT+01:00 Lukas Erlacher :
> Please show the nginx config.
Hi Luke,
Here's the Nginx config :
https://gist.githubusercontent.com/jleroy/ab45c328263731c46ec1/raw/69af9edc154329c113aad588ff5f9501edfd61b1/gistfile1.txt
Thanks,
--
Jonathan Leroy
http://www.inikup.com/
Tel: +33 (0)
2015-12-04 14:14 GMT+01:00 Lukas Tribus :
> I would strongly suggest to avoid link-local addresses for any services
> and applications.
>
> If you need to keep this off the internet, you better assign ULA prefixes
> and use those.
>
>
> Using link-local addresses is asking for trouble, imho.
It wo
2015-12-04 16:27 GMT+01:00 Jonathan Leroy - Inikup :
> Hi Luke,
>
> Here's the Nginx config :
> https://gist.githubusercontent.com/jleroy/ab45c328263731c46ec1/raw/69af9edc154329c113aad588ff5f9501edfd61b1/gistfile1.txt
Now that I use ULA instead of link-local addresses, send-prox
Hi,
2015-12-04 17:02 GMT+01:00 Lukas Tribus :
> Well, you will have to update the first config line in nginx:
> set_real_ip_from fc00::/7
>
> To allow proxy connection from the ULA range.
Already done.
> As to the original problem:
> I don't think you can use both SSL and non-SSL on the same po
2015-12-06 16:14 GMT+01:00 PiBa-NL :
> Hi,
>
> Ive never used nginx and have little experience with proxy_protocol.. But
> could it be an issue that on the same port your both using and not using
> proxy protocol? What happens if you remove the first server definition
> there?
>
> server {
> li
2015-12-06 12:25 GMT+01:00 Lukas Erlacher :
> I can't find an obvious error with this. When I tried combining SSL and
> proxy protocol in Postfix, it didn't work due to a bug in Postfix. Maybe you
> should try to ask an nginx support list instead.
Thanks, I'll try that.
--
Jonathan Leroy
http:/
2015-12-07 13:26 GMT+01:00 Lukas Tribus :
> True, but its always a good idea to simplify the configuration when
> troubleshooting issues like this. For testing purposes therefor, you
> should try with just one server declaration (e.g. what if nginx doesn't
> propagate the proxy_protocol directive c
2016-01-25 15:55 GMT+01:00 Pavlo Zhuk :
> Hi dears,
>
>
> I am looking for a feature which allow me to send traffic of the same client
> to the same backend node, even if the node is in a different backend groups.
>
> I know it might sound wierd, but it has good practical benefit for the a/b
> test
Hi,
I have the current setup: HAProxy with send-proxy -> Nginx with
proxy_protocol directive.
Everything works fine, Nginx retrieve original client IP from HAProxy
using PROXY protocol.
Now, I need to add CloudFlare in front HAProxy.
CloudFlare return a "CF-Connecting-IP" containing client IP add
Hi,
2016-01-27 21:33 GMT+01:00 Aleksandar Lazic :
> I see this possible ways
>
> .) http://nginx.org/en/docs/http/ngx_http_realip_module.html
> .)
> http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#4.2-http-request
> set-src
>
> maybe both
I use TCP mode, so I can't use layer 7 fe
2016-01-28 0:49 GMT+01:00 Lukas Tribus :
>> I use TCP mode, so I can't use layer 7 features.
>
> If you can't use layer 7 features then you can't access the
> CF-Connecting-IP header in nginx.
...HAProxy, not Nginx, no ?
> I would suggest:
> - leave the haproxy configuration as is (using proxy p
2016-01-28 0:49 GMT+01:00 Aleksandar Lazic :
> Well I missed this in your original post.
I haven't told it so... :p
> How about to tell us a little bit more about your setup.
>
> haproxy version
> relevant part of config
> a small ascii art from your setup and protocols ;-)
>
> But still have yo
2016-01-28 10:56 GMT+01:00 Aleksandar Lazic :
> Maybe it would be a nice idea to add something like.
>
> proxy-protocol set-src hdr(CF-Connecting-IP)
>
> Opinions about this?
Something like "proxy-protocol set-src []", yep :)
--
Jonathan Leroy
http://www.inikup.com/
Tel: +33 (0)9 74 77 41 72
2016-01-28 11:47 GMT+01:00 Lukas Tribus :
> Doesn't:
> http-request set-src hdr(CF-Connecting-IP)
>
> in combination with a standard proxy-protocol config
> already do that?
Yes, but it doesn't work with SPDY or HTTP/2 backends.
--
Jonathan Leroy
http://www.inikup.com/
Tel: +33 (0)9 74 77 41 72
2016-02-04 4:57 GMT+01:00 Willy Tarreau :
> No, set-src replaces the client's src as logged by haproxy and as passed
> over the proxy protocol. The only issue is that this action was incompletely
> implemented, it's only in http-request while it should also have been in
> tcp-request. I hoped that
17 matches
Mail list logo
