2016-02-04 4:57 GMT+01:00 Willy Tarreau :
> No, set-src replaces the client's src as logged by haproxy and as passed
> over the proxy protocol. The only issue is that this action was incompletely
> implemented, it's only in http-request while it should also have been in
> tcp-request.
On Thu, Jan 28, 2016 at 12:25:05PM +0100, Aleksandar Lazic wrote:
>
>
> Am 28-01-2016 12:01, schrieb Jonathan Leroy - Inikup:
> >2016-01-28 11:47 GMT+01:00 Lukas Tribus :
> >>Doesn't:
> >>http-request set-src hdr(CF-Connecting-IP)
> >>
> >>in combination with a standard
>> If you can't use layer 7 features then you can't access the
>> CF-Connecting-IP header in nginx.
>
> ...HAProxy, not Nginx, no ?
Yes, I mixed that up, haproxy was what I meant.
> Otherwise that would be nice to be able pass client IP address as an
> argument to send-proxy directive.
>
2016-01-28 11:47 GMT+01:00 Lukas Tribus :
> Doesn't:
> http-request set-src hdr(CF-Connecting-IP)
>
> in combination with a standard proxy-protocol config
> already do that?
Yes, but it doesn't work with SPDY or HTTP/2 backends.
--
Jonathan Leroy
http://www.inikup.com/
Tel:
Am 28-01-2016 12:01, schrieb Jonathan Leroy - Inikup:
2016-01-28 11:47 GMT+01:00 Lukas Tribus :
Doesn't:
http-request set-src hdr(CF-Connecting-IP)
in combination with a standard proxy-protocol config
already do that?
Yes, but it doesn't work with SPDY or HTTP/2
2016-01-28 10:56 GMT+01:00 Aleksandar Lazic :
> Maybe it would be a nice idea to add something like.
>
> proxy-protocol set-src hdr(CF-Connecting-IP)
>
> Opinions about this?
Something like "proxy-protocol set-src []", yep :)
--
Jonathan Leroy
http://www.inikup.com/
Tel:
> Maybe it would be a nice idea to add something like.
>
> proxy-protocol set-src hdr(CF-Connecting-IP)
>
> Opinions about this?
Doesn't:
http-request set-src hdr(CF-Connecting-IP)
in combination with a standard proxy-protocol config
already do that?
Lukas
Dear Jonathan,
Am 27-01-2016 21:58, schrieb Jonathan Leroy - Inikup:
Hi,
2016-01-27 21:33 GMT+01:00 Aleksandar Lazic :
I see this possible ways
.) http://nginx.org/en/docs/http/ngx_http_realip_module.html
.)
> I use TCP mode, so I can't use layer 7 features.
If you can't use layer 7 features then you can't access the
CF-Connecting-IP header in nginx.
I would suggest:
- leave the haproxy configuration as is (using proxy protocol towards
nginx)
- configure nginx to respect the CF-Connecting-IP
2016-01-28 0:49 GMT+01:00 Lukas Tribus :
>> I use TCP mode, so I can't use layer 7 features.
>
> If you can't use layer 7 features then you can't access the
> CF-Connecting-IP header in nginx.
...HAProxy, not Nginx, no ?
> I would suggest:
> - leave the haproxy
2016-01-28 0:49 GMT+01:00 Aleksandar Lazic :
> Well I missed this in your original post.
I haven't told it so... :p
> How about to tell us a little bit more about your setup.
>
> haproxy version
> relevant part of config
> a small ascii art from your setup and protocols ;-)
Hi.
Am 27-01-2016 21:18, schrieb Jonathan Leroy - Inikup:
Hi,
[snip]
Now, I need to add CloudFlare in front HAProxy.
CloudFlare return a "CF-Connecting-IP" containing client IP address. I
know how to retrieve this header value, but not how to force it to be
sent as client ip in the PROXY
Hi,
2016-01-27 21:33 GMT+01:00 Aleksandar Lazic :
> I see this possible ways
>
> .) http://nginx.org/en/docs/http/ngx_http_realip_module.html
> .)
> http://cbonte.github.io/haproxy-dconv/configuration-1.6.html#4.2-http-request
> set-src
>
> maybe both
I use TCP mode, so I
13 matches
Mail list logo