Thanks. I found another very useful way. Since 1.7 version, set-var can be in process scope. In this way, I can set and transfer variables from one front-end to another front-end.
JWD From: Aleksandar Lazic Date: 2017-11-19 18:35 To: JWD; haproxy Subject: Re: Is it possible to transfer client ip (src) from ssl:443 to https:8443? Ho JWD ------ Originalnachricht ------ Von: "JWD" <j...@163.com> An: "haproxy" <haproxy@formilux.org> Gesendet: 19.11.2017 04:51:05 Betreff: Is it possible to transfer client ip (src) from ssl:443 to https:8443? >client access ssl:443. >https:8443 as backend of ssl:443. > >Is it possible to transfer client ip (src) from ssl:443 to https:8443? >Or transfer a true/false variable, so https:8443 can decide accept or >deny? > >Example: > >frontend https > bind *:8443 ssl crt /etc/haproxy/certs/default >backend https-backend > acl acl-allow-ip src -f /etc/haproxy/acl-allow-ip.txt > acl acl-mydir path_beg -i /mydir > http-request deny if !acl-allow-ip acl-mydir > server 172.31.1.1:8080 > >frontend ssl > bind *:443 >backend ssl-backend > server 127.0.0.1:8443 source 0.0.0.0 > I suggest to use the proxy protocol http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.2-send-proxy-v2-ssl-cn http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.1-accept-proxy ``` frontend ssl ... server ssl-backend 127.0.0.1:8443 ... send-proxy-v2-ssl-cn backend ssl-backend bind 127.0.0.1:8443 ... accept-proxy ``` > >JWD Regards Aleks
