I'm trying to figure out one thing about HAproxy logging. Basically, we have Pound running in front of HAproxy on the same host doing SSL termination and then passing the requests to HAproxy. What I'm trying to figure out is how to log CLIENT's IP to HAproxy logs. At the moment no matter what I do I'm getting the following logged into HAproxy logs:
Feb 27 19:37:00 localhost.localdomain haproxy[17365]: 127.0.0.1:44880 [27/Feb/2013:19:36:59.786] ssl_application ssl_application/app01 0/0/0/385/386 200 3470 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"
I know that 127.0.0.1 is the IP of Pound proxying requests to HAproxy, but I'm wondering if there is any way how to get the actual client IP logged into HAproxy logs.
Pound config looks like this:
User "www-data"
Group "www-data"
LogLevel 3
LogFacility local2
TimeOut 60
# poundctl control socket
Control "/var/run/pound/poundctl.socket"
ListenHTTPS
Address 0.0.0.0
Port 443
Cert "/etc/pound/ssl/certificate.pem"
# Allow PUT and DELETE also (by default only GET, POST and HEAD)?:
xHTTP 1
Service
BackEnd
Address 127.0.0.1
Port 8080
End
End
End
HA proxy config looks like this:
global
log 127.0.0.1 local0 info
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
stats socket /var/run/haproxy.sock
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
option httpclose
option forwardfor
# Set up application listeners here.
listen application 0.0.0.0:80
acl health_check path_beg /health_check
block if health_check
option httpchk HEAD /health_check HTTP/1.1\r\nHost:\ staging.example.com
balance roundrobin
server app01 10.178.64.113:8000 weight 1 maxconn 100 check
listen ssl_application 0.0.0.0:8080
acl health_check path_beg /health_check
block if health_check
option httpchk HEAD /health_check HTTP/1.1\r\nHost:\ staging.example.com
balance roundrobin
server app01 10.178.64.113:4430 weight 1 maxconn 100 check
listen admin 0.0.0.0:22002
mode http
stats uri /
Any advice would be greatly appreciated! Client's IP must be hiding there somewhere because it's being logged into Nginx which is behind HAproxy. It's just a matter of figuring out how to get it logged into HAproxy logs.
Best Answer
CMIIW, i never using Pound, but if you're sure Pound able to pass http header x-forwarded-for, you just add "capture request header x-forwarded-for len 15" on the HAproxy listen section (http://code.google.com/p/haproxy-docs/wiki/capture_request_header) and make sure "option httplog" also included.