Re: Issue while using Proxy protocol in TCP mode

Wed, 14 Jun 2017 08:10:55 -0700 

An important thing I missed to mention that *the load balancer is an EC2
instance in AWS*.
Also, consider 5.6.7.8 as an EIP and the frontend uses private IP to bind.

When I tested proxy protocol with similar local setup, it works as expect
(disregard any version of haproxy).

Its likely, AWS to be the component causing the issue of intermittent
errors.

On Wed, Jun 14, 2017 at 5:46 PM, Christopher Faulet <cfau...@haproxy.com>
wrote:

> Le 14/06/2017 à 13:07, Vijay Bais a écrit :
>
>>
>>
>> On Wed, Jun 14, 2017 at 3:06 PM, Christopher Faulet <cfau...@haproxy.com
>> <mailto:cfau...@haproxy.com>> wrote:
>>
>>     Ok, If the problem is still there with a stable release, be sure to
>>     have the "send-proxy" directive on your server line (the one which
>>     forwards the traffic to haproxy itself). If you have any doubt about
>>     your configuration, please, share it.
>>
>> Below are the snippets on haproxy configuration of reverse proxy and load
>> balancer:
>>
>> *On reverse proxy(1.2.3.4):*
>> <snip>
>> defaults
>>          log global
>>          mode tcp
>>          option tcplog
>>
>> listen revproxy :80
>>          server load-balancer 5.6.7.8:80 <http://5.6.7.8:80> send-proxy
>> </snip>
>>
>> *On load balancer(5.6.7.8):*
>> <snip>
>> defaults
>>          log global
>>          option forwardfor
>>          mode http
>>          option httplog
>>          option httpclose
>>
>> frontend web
>>          bind 5.6.7.8:80 <http://5.6.7.8:80>
>>          acl revproxy src 1.2.3.4/32 <http://1.2.3.4/32>
>>          tcp-request connection expect-proxy layer4 if revproxy
>>          default_backend web-backend
>>
>> backend web-backend
>>          balance leastconn
>>          server node1 11.11.11.11:8080 <http://11.11.11.11:8080> check
>>          server node2 22.22.22.22:8080 <http://22.22.22.22:8080> check
>> </snip>
>>
>>
>> Let me know if anything seems incorrect here.
>>
>>
> Nothing strange here. In your first message, you said that the error is
> intermittent. does it means that some HTTP requests are correctly handled
> and others fail, all coming from 1.2.3.4 through the listener "revproxy" ?
> With this kind of configuration, all connections from 1.2.3.4 to
> 5.6.7.8:80 must use the PROXY protocol.
>
> Could you start your 2 instances of haproxy with the debug mode enabled
> (-d option) to do some requests and provide their outputs and the logs ?
>
> --
> Christopher Faulet
>

Reply via email to