All, I have everything working perfectly. However I cannot get any SSL traffic which goes through the proxy to reveal it's true IP rather than the proxy IP. I tried mod_rpaf and then moved over to mod_remoteip and I get the same thing so I'm assuming it's something other than apache possibly?
So Using HTTP Traffic it comes in correctly but with with any HTTPS traffic I get the proxy IP of 10.10.10.10. The logs were modfied to replace %h with %{X-Forwarded-For}i here are my configs: HAPROXY.CFG: global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend http_proxy bind *:80 option http-server-close option forwardfor acl is_rbc-com hdr_dom(host) -i robcluett.com acl is_rbc-net hdr_dom(host) -i robcluett.net acl is_iom-com hdr_dom(host) -i iomerge.com acl is_blog-rbc-com hdr_dom(host) -i blog.robcluett.com use_backend cluster1 if is_rbc-com use_backend cluster2 if is_rbc-net use_backend cluster3 if is_iom-com use_backend cluster1 if is_blog-rbc-com backend cluster1 server web2 10.10.10.51:80 backend cluster2 server web3 10.10.10.52:80 backend cluster3 server web4 10.10.10.53:80 STUNNEL.CONF cert = /usr/local/etc/stunnel/stunnel.pem sslVersion = SSLv3 chroot = /usr/local/var/lib/stunnel/ setuid = root setgid = root pid = /stunnel.pid fips=no socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel.log [https] accept = 10.10.10.10:443 connect = 10.10.10.10:80 TIMEOUTclose = 0 HTTPD.CONF # Remote IP RemoteIPHeader X-Forwarded-For
smime.p7s
Description: S/MIME cryptographic signature
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org