I want to forward real client's ip address from haproxy to my backend servers in tcp mode. The configuration of Haproxy is as follows:
frontend main
bind *:80
mode http
option forwardfor
option http-server-close
default_backend app-main
frontend https_main
bind *:443
mode tcp
option tcplog
option tcpka
default_backend app-ssl
backend app-main
balance roundrobin
server web1 192.168.1.22:8080 check fall 3 rise 2
server web2 192.168.1.33:8080 check fall 3 rise 2
backend app-ssl
balance roundrobin
mode tcp
option ssl-hello-chk
server web3 192.168.1.44:443
backend servers for http requests are apache and I have replaced the following line in httpd.conf with log lines, so I can now get the client's ip addreses correctly:
LogFormat "%h %l %u %t \"%r\" %>s %b %{X-Forwarded-For}i" common
My backend server for https uses Nginx as a reverse_proxy for ssl termination and sends the requests to apache backends. My problem is that I don't know how can I get the real client's ip address in nginx logs? I googled a lot and found some solution on serverfault and stackoverflow, but none of them resolved my problem in forwarding client's ip address in tcp mode in haproxy. Any help is appreciated.
Best Answer
You should use
listen 443 ssl proxy_protocol;
on nginx side andsend_proxy
directive on Haproxy side.Using Proxy Protocol with Nginx
Haproxy documentation
Send PROXY protocol header from HAProxy