Hello, I have also not used it in a project yet. But this document might be helpful: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
The HAProxy will use this protocol to convey the original IP information from its side to the Kamailio behind it. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com<https://gilawa.com/> From: Joey Golan <[email protected]> Sent: Saturday, November 14, 2020 7:35 AM To: Kamailio (SER) - Users Mailing List <[email protected]>; Henning Westerholt <[email protected]> Subject: RE: [SR-Users] Kamailio behind HAProxy Hi Henning, I understand the idea behind this but still don’t understand how to use it. Any ideas? On 11 Nov 2020, 15:24 +0200, Henning Westerholt <[email protected]<mailto:[email protected]>>, wrote: Hello, bascially this allows Kamailio to understand the HAProxy protocol to be used behind this particular proxy. Some discussion can be found at the list and also at https://github.com/kamailio/kamailio/pull/1765 Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com<https://gilawa.com/> From: sr-users <[email protected]<mailto:[email protected]>> On Behalf Of Joey Golan Sent: Wednesday, November 11, 2020 1:47 PM To: Kamailio (SER) - Users Mailing List <[email protected]<mailto:[email protected]>> Subject: Re: [SR-Users] Kamailio behind HAProxy Thanks Sergey. Can anyone please explain how and why to use tcp_accept_haproxy? On 11 Nov 2020, 10:39 +0200, Sergey Safarov <[email protected]<mailto:[email protected]>>, wrote: Now I not use pike. On Wed, Nov 11, 2020 at 10:21 AM Joey Golan <[email protected]<mailto:[email protected]>> wrote: So on your AWS deployment are you working without ANTIFLOOD(pike)? I still don’t understand how and why to use tcp_accept_haproxy. On 9 Nov 2020, 11:49 +0200, Sergey Safarov <[email protected]<mailto:[email protected]>>, wrote: In AWS I now use the network load balancer without enabled HAproxy protocol. On EC2 instances used two ENI. First for traffic via NLB for Inbound traffic. And second ENI for outbound traffic. This works but, maybe complex to implement. Now I looking to: 1) enable TCP + HAproxy protocol support in Kamailio; 2) add UDP + HAproxy protocol feature support; 3) add connection support "with" and "without" HAproxy protocol. But I am not a developer and cannot say when it implemented. If your usage case, is business requirements and need extended HAproxy implementation in Kamailio, then your company can hire devs from the community. On Mon, Nov 9, 2020 at 11:22 AM Joey Golan <[email protected]<mailto:[email protected]>> wrote: Maybe I miss understood you. For local installations you mean HAProxy with transparent mode? I have a functioning setup without proxy protocol enabled but without anitflood enabled because all traffic comes from same HAProxy address. I’m not sure I understand the purpose of tcp_accept_haproxy. When and how this parameter should be used? Thanks, Joey. On 9 Nov 2020, 0:27 +0200, Sergey Safarov <[email protected]<mailto:[email protected]>>, wrote: Why you cannot use this in the local installation? On AWS I have multiple kamailio servers behind ELB. Why you do not use a network load-balancer? NLB also offers HAproxy protocol support (TCP and UDP). In AWS installation you can use dedicated Kamailio groups for inbound connections and SIP clients with registration. And use other Kamailio group for outbound connections like carriers. Sergey On Sun, Nov 8, 2020 at 9:07 PM Joey Golan <[email protected]<mailto:[email protected]>> wrote: It doesn’t make much sense to me. On local installations (on-premise) I have 1 HAProxy and multiple kamailio servers. On AWS I have multiple kamailio servers behind ELB. On 8 Nov 2020, 19:45 +0200, Sergey Safarov <[email protected]<mailto:[email protected]>>, wrote: you can try place haproxy + NAT on your own Linux router. In this case inbound connections with be delivered via HAproxy. Outbound connections will be NAT-ed on the same host, to the same IP. On Sun, Nov 8, 2020 at 6:31 PM Joey Golan <[email protected]<mailto:[email protected]>> wrote: Hello, I have a kamailio server running behind HAProxy with proxy protocol v2 enabled. In Kamailio I have set the parameter tcp_accept_haproxy=yes and loaded tcpops module. UEs are registered using TLS and kamailio sees that the message has received from their real ip address + port and not HAProxy ip + port. When UE A calls UE B, kamailio is trying to reach UE B using his real ip address and port instead of HAProxy IP address + port. I know I can get the tcp ip and port of HAProxy using $tcp(c_si) and $tcp(c_sp) but I can’t make it work. What is the right way to do this? How should I use these variables properly in order to establish the call successfully? Thanks, Joey. _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
