I use HAProxy 1.3.26 on my CentOS 5.8 to proxy all requests to a dedicated server. I use HAProxy just to proxy HTTP and HTTPS to a single server, so no load balancing.
My haproxy.cfg is rather simple:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
option dontlognull
option httpclose
option forwardfor
clitimeout 60000
srvtimeout 60000
contimeout 5000
retries 3
option redispatch
listen http 192.168.0.1:80
mode tcp
option tcplog
maxconn 10000
server web01 192.0.1.13:80 maxconn 5000
listen https 192.168.0.1:443
mode tcp
maxconn 10000
server web01 192.0.1.13:443 maxconn 5000
where:
192.168.0.1 - server where HAProxy is installed
192.0.1.13 - server to which HTTP requests are forwarded
I would like to see the clients' IP addresses in my Apache 2.2.3 access logs. This option is usually achieved by adding the HTTP X-Forwarded-For header and then reading it in the web server logs. So, I've added the following lines to httpd.conf:
LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" combined_forwarded
SetEnvIfNoCase X-Forwarded-For "." from_proxy=1
CustomLog logs/access_log combined env=!from_proxy
CustomLog logs/access_log combined_forwarded env=from_proxy
The problem is the only logged IP address is 192.168.0.1 (HAProxy server). I've tried different configurations, read documentation, googled but still can't understand why the clients' IPs are not logged.
I feel like I'm missing something simple, as the configs are very straightforward. Please help to correct the configs if possible.
Thank you for any help.
Best Answer
Please do not forget that this will not work for the https proxy since haproxy will not be able to mangle the contents of an encrypted session. You might also want to check the mod_rpaf module for Apache which makes all this easier.