On Thu, 11 Jun 2015 09:06:43 +0000 Thibault LABRUT <t.lab...@pickup-services.com> wrote:
> Hello, > > I’m going to install HA Proxy. > > My architecture is as folows : > - 2 servers in DMZ => reverse proxy (RP) > - 2 servers in LAN => Load balancing (LB) > > Several applications contact RP with different IP adress but with always de > same port. > > With the settings as below the connection is up : > > RP settings > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > default_backend test > > # Backend > backend test > server srv_ test test.maycompany.local:42 check > > LB settings > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > default_backend test > > # Backend > backend test > balance roundrobin > server test01 xx.xx.xx.xx:42 check > server test02 xx.xx.xx.xx:42 check > > But in this case the connection is down : > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL > acl acl_test src 12.34.56.78 (IP client) > use_backend test if acl_test > > # Backend > backend test > server srv_ test test.maycompany.local:42 check > > LB settings > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL > acl acl_test src 12.34.56.78 > use_backend test if acl_test > > # Backend > backend test > balance roundrobin > server test01 xx.xx.xx.xx:42 check > server test02 xx.xx.xx.xx:42 check > > Can you say me what is the problem with my settings? > Hi, If I understand, you have two HAProxy chained, RP is in front and LB is in back. In this case, the connexions received by the LB load balancer cannot known the original IP source, because the connexions are established by the LB load balancer with its own IP. You can use the header "x-forwarded-for" for string the original ip source. The directive is "option forwardfor". On the LB HAProxy, you can use a sample taht returns the content of the header x-forwarded-for, like this: acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 best regards Thierry > Best Regards, > > Thibault Labrut.
