> so it is not possible to let haproxy answer backend packets to client ips?
I don't know what this question is supposed to mean, I don't get it.
You can use the source ip of your syslog clients to connect to your backend
by using plain old tproxy, this has been done for years and works fine.
On 20.05.2015 14:02, Lukas Tribus wrote:
>> Hi,
>>
>> my current traffic flow with "source 0.0.0.0 usesrc clientip" and with
>> "source publichaproxyip usesrc clientip":
>>
>> haproxy receives a SYN from the client and does a normal tcp handshake
>> which works fine. Additionally haproxy forwards
> Hi,
>
> my current traffic flow with "source 0.0.0.0 usesrc clientip" and with
> "source publichaproxyip usesrc clientip":
>
> haproxy receives a SYN from the client and does a normal tcp handshake
> which works fine. Additionally haproxy forwards the SYN to the backend
> with the client ip as so
Hi,
my current traffic flow with "source 0.0.0.0 usesrc clientip" and with
"source publichaproxyip usesrc clientip":
haproxy receives a SYN from the client and does a normal tcp handshake
which works fine. Additionally haproxy forwards the SYN to the backend
with the client ip as source ip, backe
On 19.05.2015 21:20, Lukas Tribus wrote:
>> Mmh, I'm not sure. Try:
>> source usesrc clientip Where is the real IP from HAproxy.
>
> Just realized that the config is still messed up.
> This should have been:
>
> source haproxyip usesrc clientip
thanks for the awesome hint, I've never seen this
> Mmh, I'm not sure. Try:
> source usesrc clientip Where is the real IP from HAproxy.
Just realized that the config is still messed up.
This should have been:
source haproxyip usesrc clientip
where haproxyip is the real IP from HAproxy.
> in my opinion I do not need a transparent proxy. my rsyslog nodes
> directly connect to an ip address which is configured on the haproxy
> server. So I don't need non_local_bind and no tproxy?
(previous mail got messed up, sorry about that)
Mmh, I'm not sure. Try:
source usesrc clientip Where
> in my opinion I do not need a transparent proxy. my rsyslog nodes
> directly connect to an ip address which is configured on the haproxy
> server. So I don't need non_local_bind and no tproxy?
Mmh, I'm not sure. Try:
source usesrc clientip
Where is the real IP from HAproxy. That way tproxy4
in my opinion I do not need a transparent proxy. my rsyslog nodes
directly connect to an ip address which is configured on the haproxy
server. So I don't need non_local_bind and no tproxy?
On 19.05.2015 18:42, Lukas Tribus wrote:
>> listen logstash01
>> bind 10.111.2.249:514 ssl ca-file /etc/hapro
> listen logstash01
> bind 10.111.2.249:514 ssl ca-file /etc/haproxy/ca.pem crt
> /etc/haproxy/logstash.pem verify required crl-file /etc/haproxy/crl.pem
> ciphers
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!a
Hey guys,
I've got multiple nodes with rsyslog, sending tls encrypted logs to my
haproxy maschine, behind that are two logstash servers to process the
data. the haproxy config:
global
chroot /var/lib/haproxy
daemon
group root
log 127.0.0.1 local0
maxconn 4000
nbproc 8
pidfile
11 matches
Mail list logo